Add more detailed reporting of schema violations to client.

servers/slapd/back-ldbm/add.c

@@ -31,7 +31,8 @@ ldbm_back_add(
 	int			rc; 
 	const char	*text = NULL;
 	AttributeDescription *children = slap_schema.si_ad_children;
-
+	char textbuf[SLAP_TEXT_BUFLEN];
+	size_t textlen = sizeof textbuf;
 
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,"ldbm_back_add: %s\n",
@@ -51,7 +52,7 @@ ldbm_back_add(
 		return( -1 );
 	}
 
-	rc = entry_schema_check( e, NULL, &text );
+	rc = entry_schema_check( e, NULL, &text, textbuf, textlen );
 
 	if ( rc != LDAP_SUCCESS ) {
 		ldap_pvt_thread_mutex_unlock(&li->li_add_mutex);

servers/slapd/back-ldbm/modify.c

@@ -34,7 +34,9 @@ int ldbm_modify_internal(
     const char	*dn,
     Modifications	*modlist,
     Entry	*e,
-	const char **text 
+	const char **text,
+	char *textbuf,
+	size_t textlen
 )
 {
 	int rc, err;
@@ -200,7 +202,7 @@ int ldbm_modify_internal(
 	ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
 
 	/* check that the entry still obeys the schema */
-	rc = entry_schema_check( e, save_attrs, text );
+	rc = entry_schema_check( e, save_attrs, text, textbuf, textlen );
 	if ( rc != LDAP_SUCCESS ) {
 		attrs_free( e->e_attrs );
 		e->e_attrs = save_attrs;
@@ -254,6 +256,8 @@ ldbm_back_modify(
 	Entry		*e;
 	int		manageDSAit = get_manageDSAit( op );
 	const char *text = NULL;
+	char textbuf[SLAP_TEXT_BUFLEN];
+	size_t textlen = sizeof textbuf;
 
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
@@ -313,7 +317,8 @@ ldbm_back_modify(
 	}
 	
 	/* Modify the entry */
-	rc = ldbm_modify_internal( be, conn, op, ndn, modlist, e, &text );
+	rc = ldbm_modify_internal( be, conn, op, ndn, modlist, e,
+		&text, textbuf, textlen );
 
 	if( rc != LDAP_SUCCESS ) {
 		if( rc != SLAPD_ABANDON ) {

servers/slapd/back-ldbm/modrdn.c

@@ -53,6 +53,8 @@ ldbm_back_modrdn(
 	int			rootlock = 0;
 	int			rc = -1;
 	const char *text = NULL;
+	char textbuf[SLAP_TEXT_BUFLEN];
+	size_t textlen = sizeof textbuf;
 	/* Added to support LDAP v2 correctly (deleteoldrdn thing) */
 	char		*new_rdn_val = NULL;	/* Val of new rdn */
 	char		*new_rdn_type = NULL;	/* Type of new rdn */
@@ -612,7 +614,8 @@ ldbm_back_modrdn(
 	}
 
 	/* modify memory copy of entry */
-	rc = ldbm_modify_internal( be, conn, op, dn, &mod[0], e, &text );
+	rc = ldbm_modify_internal( be, conn, op, dn, &mod[0], e,
+		&text, textbuf, textlen );
 
 	if( rc != LDAP_SUCCESS ) {
 		if( rc != SLAPD_ABANDON ) {

servers/slapd/back-ldbm/passwd.c

@@ -130,6 +130,8 @@ ldbm_back_exop_passwd(
 	{
 		Modifications ml;
 		struct berval *vals[2];
+		char textbuf[SLAP_TEXT_BUFLEN]; /* non-returnable */
+		size_t textlen;
 
 		vals[0] = hash;
 		vals[1] = NULL;
@@ -140,16 +142,19 @@ ldbm_back_exop_passwd(
 		ml.sml_next = NULL;
 
 		rc = ldbm_modify_internal( be,
-			conn, op, op->o_ndn, &ml, e, text );
+			conn, op, op->o_ndn, &ml, e, text, textbuf, textlen );
 
+		if( rc ) {
+			/* cannot return textbuf */
+			*text = "entry modify failed";
+			goto done;
+		}
 	}
 
-	if( rc == LDAP_SUCCESS ) {
-		/* change the entry itself */
-		if( id2entry_add( be, e ) != 0 ) {
-			*text = "entry update failed";
-			rc = LDAP_OTHER;
-		}
+	/* change the entry itself */
+	if( id2entry_add( be, e ) != 0 ) {
+		*text = "entry update failed";
+		rc = LDAP_OTHER;
 	}
 	
 done:

servers/slapd/back-ldbm/proto-back-ldbm.h

@@ -204,7 +204,7 @@ extern int ldbm_back_exop_passwd LDAP_P(( BackendDB *bd,
 int ldbm_modify_internal LDAP_P((Backend *be,
 	Connection *conn, Operation *op,
 	const char *dn, Modifications *mods, Entry *e,
-	const char ** ));
+	const char **text, char *textbuf, size_t textlen ));
 
 /*
  * nextid.c

servers/slapd/proto-slap.h

@@ -671,7 +671,8 @@ int oc_check_allowed(
 	struct berval **oclist );
 LDAP_SLAPD_F (int) entry_schema_check LDAP_P((
 	Entry *e, Attribute *attrs,
-	const char** text ));
+	const char** text,
+	char *textbuf, size_t textlen ));
 
 
 /*

servers/slapd/schema_check.c

@@ -27,7 +27,8 @@ static char *	oc_check_required(Entry *e, struct berval *ocname);
 
 int
 entry_schema_check( 
-	Entry *e, Attribute *oldattrs, const char** text )
+	Entry *e, Attribute *oldattrs, const char** text,
+	char *textbuf, size_t textlen )
 {
 	Attribute	*a, *aoc;
 	ObjectClass *oc;
@@ -38,6 +39,8 @@ entry_schema_check(
 
 	if( !global_schemacheck ) return LDAP_SUCCESS;
 
+	*text = textbuf;
+
 	/* find the object class attribute - could error out here */
 	if ( (aoc = attr_find( e->e_attrs, ad_objectClass )) == NULL ) {
 #ifdef NEW_LOGGING
@@ -55,34 +58,40 @@ entry_schema_check(
 	/* check that the entry has required attrs for each oc */
 	for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
 		if ( (oc = oc_find( aoc->a_vals[i]->bv_val )) == NULL ) {
+			snprintf( textbuf, textlen, 
+				"unrecognized objectClass '%s'",
+				aoc->a_vals[i]->bv_val );
+
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-				   "entry_schema_check: dn (%s), objectClass \"%s\" not recognized\n",
-				   e->e_dn, aoc->a_vals[i]->bv_val ));
+				"entry_schema_check: dn (%s), %s\n",
+				e->e_dn, textbuf ));
 #else
 			Debug( LDAP_DEBUG_ANY,
-				"entry_check_schema(%s): objectClass \"%s\" not recognized\n",
-				e->e_dn, aoc->a_vals[i]->bv_val, 0 );
+				"entry_check_schema(%s): \"%s\" not recognized\n",
+				e->e_dn, textbuf, 0 );
 #endif
 
-			*text = "unrecognized object class";
 			return LDAP_OBJECT_CLASS_VIOLATION;
 
 		} else {
 			char *s = oc_check_required( e, aoc->a_vals[i] );
 
 			if (s != NULL) {
+				snprintf( textbuf, textlen, 
+					"object class '%s' requires attribute '%s'",
+					aoc->a_vals[i]->bv_val, s );
+
 #ifdef NEW_LOGGING
 				LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-					   "entry_schema_check: dn (%s) oc \"%s\" requires att \"%s\"\n",
-					   e->e_dn, aoc->a_vals[i]->bv_val, s ));
+					"entry_schema_check: dn=\"%s\" %s",
+					e->e_dn, textbuf ));
 #else
 				Debug( LDAP_DEBUG_ANY,
-					"Entry (%s), oc \"%s\" requires attr \"%s\"\n",
-					e->e_dn, aoc->a_vals[i]->bv_val, s );
+					"Entry (%s): %s\n",
+					e->e_dn, textbuf, 0 );
 #endif
 
-				*text = "missing required attribute";
 				return LDAP_OBJECT_CLASS_VIOLATION;
 			}
 
@@ -105,17 +114,21 @@ entry_schema_check(
 		ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals );
 		if ( ret != 0 ) {
 			char *type = a->a_desc->ad_cname->bv_val;
+
+			snprintf( textbuf, textlen, 
+				"attribute '%s' not allowed",
+				type );
+
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-				   "entry_schema_check: Entry (%s) attr \"%s\" not allowed.\n",
-				   e->e_dn, type ));
+				"entry_schema_check: dn=\"%s\" %s\n",
+				e->e_dn, textbuf ));
 #else
 			Debug( LDAP_DEBUG_ANY,
-			    "Entry (%s), attr \"%s\" not allowed\n",
-			    e->e_dn, type, 0 );
+			    "Entry (%s), %s\n",
+			    e->e_dn, textbuf, 0 );
 #endif
 
-			*text = "attribute not allowed";
 			break;
 		}
 	}
@@ -186,7 +199,6 @@ int oc_check_allowed(
 		at->sat_cname, 0, 0 );
 #endif
 
-
 	/* always allow objectClass attribute */
 	if ( strcasecmp( at->sat_cname, "objectClass" ) == 0 ) {
 		return LDAP_SUCCESS;
@@ -221,18 +233,9 @@ int oc_check_allowed(
 				}
 			}
 			/* maybe the next oc allows it */
-
-#ifdef OC_UNDEFINED_IMPLES_EXTENSIBLE
-		/* we don't know about the oc. assume it allows it */
-		} else {
-			if ( t != type )
-				ldap_memfree( t );
-			return LDAP_SUCCESS;
-#endif
 		}
 	}
 
-
 	/* not allowed by any oc */
 	return LDAP_OBJECT_CLASS_VIOLATION;
 }

servers/slapd/tools/slapadd.c

@@ -94,7 +94,12 @@ main( int argc, char **argv )
 		if( global_schemacheck ) {
 			/* check schema */
 			const char *text;
-			if ( entry_schema_check( e, NULL, &text ) != LDAP_SUCCESS ) {
+			char textbuf[SLAP_TEXT_BUFLEN];
+			size_t textlen = sizeof textbuf;
+
+			rc = entry_schema_check( e, NULL, &text, textbuf, textlen );
+
+			if( rc != LDAP_SUCCESS ) {
 				fprintf( stderr, "%s: dn=\"%s\" (line=%d): %s\n",
 					progname, e->e_dn, lineno, text );
 				rc = EXIT_FAILURE;