static int
constraint_violation( constraint *c, struct berval *bv, Operation *op, SlapReply *rs)
{
- if ((!c) || (!bv)) return 0;
+ if ((!c) || (!bv)) return LDAP_SUCCESS;
if ((c->re) &&
(regexec(c->re, bv->bv_val, 0, NULL, 0) == REG_NOMATCH))
- return 1; /* regular expression violation */
+ return LDAP_CONSTRAINT_VIOLATION; /* regular expression violation */
if ((c->size) && (bv->bv_len > c->size))
- return 1; /* size violation */
+ return LDAP_CONSTRAINT_VIOLATION; /* size violation */
if (c->lud) {
Operation nop = *op;
nop.o_req_dn = dn;
nop.o_req_ndn = dn;
nop.o_bd = select_backend(&nop.o_req_ndn, 1 );
- if (!nop.o_bd || !nop.o_bd->be_search) {
- return 1; /* unexpected error */
+ if (!nop.o_bd) {
+ return LDAP_NO_SUCH_OBJECT; /* unexpected error */
+ }
+ if (!nop.o_bd->be_search) {
+ return LDAP_OTHER; /* unexpected error */
}
} else {
nop.o_req_dn = nop.o_bd->be_nsuffix[0];
*ptr++ = ')';
*ptr++ = '\0';
- Debug(LDAP_DEBUG_TRACE,
- "==> constraint_violation uri filter = %s\n",
- filterstr.bv_val, 0, 0);
-
nop.ors_filterstr = filterstr;
nop.ors_filter = str2filter_x(&nop, filterstr.bv_val);
+ if ( nop.ors_filter == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s constraint_violation uri filter=\"%s\" invalid\n",
+ op->o_log_prefix, filterstr.bv_val, 0 );
+
+ } else {
+ Debug(LDAP_DEBUG_TRACE,
+ "==> constraint_violation uri filter = %s\n",
+ filterstr.bv_val, 0, 0);
- rc = nop.o_bd->be_search( &nop, &nrs );
+ rc = nop.o_bd->be_search( &nop, &nrs );
+ Debug(LDAP_DEBUG_TRACE,
+ "==> constraint_violation uri rc = %d, found = %d\n",
+ rc, found, 0);
+ }
op->o_tmpfree(filterstr.bv_val, op->o_tmpmemctx);
- Debug(LDAP_DEBUG_TRACE,
- "==> constraint_violation uri rc = %d, found = %d\n",
- rc, found, 0);
if((rc != LDAP_SUCCESS) && (rc != LDAP_NO_SUCH_OBJECT)) {
- send_ldap_error(op, rs, rc,
- "constraint_violation uri search failed");
- return 1; /* unexpected error */
+ return rc; /* unexpected error */
}
if (!found)
- return 1; /* constraint violation */
+ return LDAP_CONSTRAINT_VIOLATION; /* constraint violation */
}
- return 0;
+ return LDAP_SUCCESS;
}
static char *
BerVarray b = NULL;
int i;
struct berval rsv = BER_BVC("add breaks constraint");
- char *msg;
+ int rc;
+ char *msg = NULL;
if ((a = op->ora_e->e_attrs) == NULL) {
op->o_bd->bd_info = (BackendInfo *)(on->on_info);
send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
- "constraint_add() got null op.ora_e.e_attrs");
+ "constraint_add: no attrs");
return(rs->sr_err);
}
"a->a_numvals = %d, cp->count = %d\n",
a->a_numvals, cp->count, 0);
- if ((cp->count != 0) && (a->a_numvals > cp->count))
+ if ((cp->count != 0) && (a->a_numvals > cp->count)) {
+ rc = LDAP_CONSTRAINT_VIOLATION;
goto add_violation;
+ }
- for(i=0; b[i].bv_val; i++)
- if (constraint_violation( cp, &b[i], op, rs))
+ for ( i = 0; b[i].bv_val; i++ ) {
+ rc = constraint_violation( cp, &b[i], op, rs );
+ if ( rc ) {
goto add_violation;
+ }
+ }
}
}
/* Default is to just fall through to the normal processing */
add_violation:
op->o_bd->bd_info = (BackendInfo *)(on->on_info);
- msg = print_message( &rsv, a->a_desc );
- send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, msg );
+ if (rc == LDAP_CONSTRAINT_VIOLATION ) {
+ msg = print_message( &rsv, a->a_desc );
+ }
+ send_ldap_error(op, rs, rc, msg );
ch_free(msg);
return (rs->sr_err);
}
BerVarray b = NULL;
int i;
struct berval rsv = BER_BVC("modify breaks constraint");
- char *msg;
+ int rc;
+ char *msg = NULL;
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "constraint_modify()", 0,0,0);
if ((m = op->orm_modlist) == NULL) {
/* Do we need to count attributes? */
for(cp = c; cp; cp = cp->ap_next) {
if (cp->count != 0) {
- int rc;
op->o_bd = on->on_info->oi_origdb;
rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &target_entry );
if (rc != 0 || target_entry == NULL) {
Debug(LDAP_DEBUG_TRACE,
- "==> constraint_modify rc = %d\n",
- rc, 0, 0);
+ "==> constraint_modify rc = %d DN=\"%s\"%s\n",
+ rc, op->o_req_ndn.bv_val,
+ target_entry ? "" : " not found" );
+ if ( rc == 0 )
+ rc = LDAP_CONSTRAINT_VIOLATION;
goto mod_violation;
}
break;
}
}
-
+
+ rc = LDAP_CONSTRAINT_VIOLATION;
for(;m; m = m->sml_next) {
int ce = 0;
"ca = %d, cp->count = %d\n",
ce, ca, cp->count);
- if (m->sml_op == LDAP_MOD_ADD)
- if (ca + ce > cp->count)
+ if (m->sml_op == LDAP_MOD_ADD) {
+ if (ca + ce > cp->count) {
+ rc = LDAP_CONSTRAINT_VIOLATION;
goto mod_violation;
+ }
+ }
if (m->sml_op == LDAP_MOD_REPLACE) {
- if (ca > cp->count)
+ if (ca > cp->count) {
+ rc = LDAP_CONSTRAINT_VIOLATION;
goto mod_violation;
+ }
ce = ca;
}
}
if (( m->sml_op & LDAP_MOD_OP ) == LDAP_MOD_DELETE)
continue;
- for(i=0; b[i].bv_val; i++)
- if (constraint_violation( cp, &b[i], op, rs))
+ for ( i = 0; b[i].bv_val; i++ ) {
+ rc = constraint_violation( cp, &b[i], op, rs );
+ if ( rc ) {
goto mod_violation;
+ }
+ }
}
}
op->o_bd = be;
}
return SLAP_CB_CONTINUE;
+
mod_violation:
/* violation */
if (target_entry) {
op->o_bd = be;
}
op->o_bd->bd_info = (BackendInfo *)(on->on_info);
- msg = print_message( &rsv, m->sml_desc );
- send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, msg );
+ if ( rc == LDAP_CONSTRAINT_VIOLATION ) {
+ msg = print_message( &rsv, m->sml_desc );
+ }
+ send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION, msg );
ch_free(msg);
return (rs->sr_err);
}