X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_check.c;h=87ba819c1d35e1a44a2d361067fe720855245234;hb=0f30fb0d8f0adbbb7b41fd455c57aa56d64c9853;hp=28dfcfb337fe58c27ba115e688f177438227fb8c;hpb=adae86a7dba0df958a4e633ef94ec218228cd0c4;p=openldap diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c index 28dfcfb337..87ba819c1d 100644 --- a/servers/slapd/schema_check.c +++ b/servers/slapd/schema_check.c @@ -33,14 +33,43 @@ entry_schema_check( Attribute *a, *aoc; ObjectClass *oc; int i; - int ret; AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; int extensible = 0; - if( !global_schemacheck ) return LDAP_SUCCESS; - *text = textbuf; + /* check single-valued attrs for multiple values */ + for ( a = e->e_attrs; a != NULL; a = a->a_next ) { + /* there should be at least one value */ + assert( a->a_vals ); + assert( a->a_vals[0] != NULL ); + + /* if single value type, check for multiple values */ + if( is_at_single_value( a->a_desc->ad_type ) && + a->a_vals[1] != NULL ) + { + char *type = a->a_desc->ad_cname.bv_val; + + snprintf( textbuf, textlen, + "attribute '%s' cannot have multiple values", + type ); + +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_INFO, + "entry_schema_check: dn=\"%s\" %s\n", + e->e_dn, textbuf )); +#else + Debug( LDAP_DEBUG_ANY, + "Entry (%s), %s\n", + e->e_dn, textbuf, 0 ); +#endif + + return LDAP_CONSTRAINT_VIOLATION; + } + } + + if( !global_schemacheck ) return LDAP_SUCCESS; + /* find the object class attribute - could error out here */ if ( (aoc = attr_find( e->e_attrs, ad_objectClass )) == NULL ) { #ifdef NEW_LOGGING @@ -106,14 +135,11 @@ entry_schema_check( return LDAP_SUCCESS; } - /* optimistic */ - ret = LDAP_SUCCESS; - /* check that each attr in the entry is allowed by some oc */ for ( a = e->e_attrs; a != NULL; a = a->a_next ) { - ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals ); - if ( ret != 0 ) { - char *type = a->a_desc->ad_cname->bv_val; + int ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals ); + if ( ret != LDAP_SUCCESS ) { + char *type = a->a_desc->ad_cname.bv_val; snprintf( textbuf, textlen, "attribute '%s' not allowed", @@ -129,11 +155,11 @@ entry_schema_check( e->e_dn, textbuf, 0 ); #endif - break; + return ret; } } - return( ret ); + return LDAP_SUCCESS; } static char * @@ -176,7 +202,7 @@ oc_check_required( Entry *e, struct berval *ocname ) } /* not there => schema violation */ if ( a == NULL ) { - return at->sat_cname; + return at->sat_cname.bv_val; } } @@ -192,19 +218,18 @@ int oc_check_allowed( #ifdef NEW_LOGGING LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "oc_check_allowed: type \"%s\"\n", at->sat_cname )); + "oc_check_allowed: type \"%s\"\n", at->sat_cname.bv_val )); #else Debug( LDAP_DEBUG_TRACE, "oc_check_allowed type \"%s\"\n", - at->sat_cname, 0, 0 ); + at->sat_cname.bv_val, 0, 0 ); #endif /* always allow objectClass attribute */ - if ( strcasecmp( at->sat_cname, "objectClass" ) == 0 ) { + if ( strcasecmp( at->sat_cname.bv_val, "objectClass" ) == 0 ) { return LDAP_SUCCESS; } - /* * All operational attributions are allowed by schema rules. */