Add a sample ACL

[openldap] / servers / slapd / schema_check.c

diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c
index 3042817f17fbb4c5d5a733c265f129f7e4cfe332..6f7d993dd6df957bb0a6612c16438816953b08df 100644 (file)
--- a/servers/slapd/schema_check.c
+++ b/servers/slapd/schema_check.c
@@ -33,14 +33,43 @@ entry_schema_check(
        Attribute       *a, *aoc;
        ObjectClass *oc;
        int             i;
-       int             ret;
        AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
        int extensible = 0;
 
-       if( !global_schemacheck ) return LDAP_SUCCESS;
-
        *text = textbuf;
 
+       /* check single-valued attrs for multiple values */
+       for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+               /* there should be at least one value */
+               assert( a->a_vals );
+               assert( a->a_vals[0] != NULL ); 
+
+               /* if single value type, check for multiple values */
+               if( is_at_single_value( a->a_desc->ad_type ) &&
+                       a->a_vals[1] != NULL )
+               {
+                       char *type = a->a_desc->ad_cname->bv_val;
+
+                       snprintf( textbuf, textlen, 
+                               "attribute '%s' cannot have multiple values",
+                               type );
+
+#ifdef NEW_LOGGING
+                       LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
+                               "entry_schema_check: dn=\"%s\" %s\n",
+                               e->e_dn, textbuf ));
+#else
+                       Debug( LDAP_DEBUG_ANY,
+                           "Entry (%s), %s\n",
+                           e->e_dn, textbuf, 0 );
+#endif
+
+                       return LDAP_CONSTRAINT_VIOLATION;
+               }
+       }
+
+       if( !global_schemacheck ) return LDAP_SUCCESS;
+
        /* find the object class attribute - could error out here */
        if ( (aoc = attr_find( e->e_attrs, ad_objectClass )) == NULL ) {
 #ifdef NEW_LOGGING
@@ -106,13 +135,10 @@ entry_schema_check(
                return LDAP_SUCCESS;
        }
 
-       /* optimistic */
-       ret = LDAP_SUCCESS;
-
        /* check that each attr in the entry is allowed by some oc */
        for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
-               ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals );
-               if ( ret != 0 ) {
+               int ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals );
+               if ( ret != LDAP_SUCCESS ) {
                        char *type = a->a_desc->ad_cname->bv_val;
 
                        snprintf( textbuf, textlen, 
@@ -129,40 +155,11 @@ entry_schema_check(
                            e->e_dn, textbuf, 0 );
 #endif
 
-                       break;
-               }
-
-
-               /* there should be at least one value */
-               assert( a->a_vals );
-               assert( a->a_vals[0] != NULL ); 
-
-               /* if single value type, check for multiple values */
-               if( is_at_single_value( a->a_desc->ad_type ) &&
-                       a->a_vals[1] != NULL )
-               {
-                       char *type = a->a_desc->ad_cname->bv_val;
-
-                       snprintf( textbuf, textlen, 
-                               "attribute '%s' cannot have multiple values",
-                               type );
-
-#ifdef NEW_LOGGING
-                       LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-                               "entry_schema_check: dn=\"%s\" %s\n",
-                               e->e_dn, textbuf ));
-#else
-                       Debug( LDAP_DEBUG_ANY,
-                           "Entry (%s), %s\n",
-                           e->e_dn, textbuf, 0 );
-#endif
-
-                       ret = LDAP_CONSTRAINT_VIOLATION;
-                       break;
+                       return ret;
                }
        }
 
-       return( ret );
+       return LDAP_SUCCESS;
 }
 
 static char *