Fix count constraint when using multiple modifications

Constraint overlay doesn't take into account multiple modifications when using
count.

Example: If count for 'description' attribute is set e.g. to 2, the following
results in a constraint violation:

dn: cn=usr2, dc=my-domain,dc=com
add: description
description: d1
description: d2
description: d3-viol

However, this passes:

dn: cn=usr2, dc=my-domain,dc=com
add: description
description: d1
-
add: description
description: d2
-
add: description
description: d3

This patch fixes the behavior in case multiple modifications are used.

Author: Jan Synacek <jsynacek@redhat.com>
Upstream ITS: #7168
Upstream commit: bb8112c382c24db25b175459e340ce248fe25563
Resolves: #742163

---
 servers/slapd/overlays/constraint.c |  117 ++++++++++++++++++++++++-----------
 1 file changed, 80 insertions(+), 37 deletions(-)

diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
index e6a9267..538d383 100644
--- a/servers/slapd/overlays/constraint.c
+++ b/servers/slapd/overlays/constraint.c
@@ -838,6 +838,68 @@ add_violation:
 
 
 static int
+constraint_check_count_violation( Modifications *m, Entry *target_entry, constraint *cp )
+{
+	BerVarray b = NULL;
+	unsigned ce = 0;
+	unsigned ca;
+	int j;
+
+	for ( j = 0; cp->ap[j]; j++ ) {
+		ca = 0;
+
+		/* Get this attribute count */
+		if ( target_entry )
+			ce = constraint_count_attr( target_entry, cp->ap[j] );
+
+		for( ; m; m = m->sml_next ) {
+			if ( cp->ap[j] == m->sml_desc ) {
+				switch ( m->sml_op ) {
+				case LDAP_MOD_DELETE:
+					if (( b = m->sml_values ) == NULL  || b[0].bv_val == NULL ) {
+						ce = 0;
+					}
+					else {
+						/* No need to check for values' validity. Invalid values
+						 * cause the whole transaction to die anyway. */
+						for ( ca = 0; b[ca].bv_val; ++ca );
+						ce -= ca;
+					}
+					break;
+
+				case LDAP_MOD_ADD:
+					if (( b = m->sml_values ) == NULL  || b[0].bv_val == NULL )
+						continue;
+
+					for ( ca = 0; b[ca].bv_val; ++ca );
+					ce += ca;
+					break;
+
+				case LDAP_MOD_REPLACE:
+					if (( b = m->sml_values ) == NULL  || b[0].bv_val == NULL )
+						continue;
+
+					for ( ca = 0; b[ca].bv_val; ++ca );
+					ce = ca;
+					break;
+
+				default:
+					/* impossible! assert? */
+					return 1;
+				}
+
+				Debug(LDAP_DEBUG_TRACE,
+					"==> constraint_check_count_violation ce = %u, "
+					"ca = %u, cp->count = %lu\n",
+					ce, ca, (unsigned long) cp->count);
+			}
+		}
+	}
+
+	return ( ce > cp->count );
+}
+
+static int
 constraint_update( Operation *op, SlapReply *rs )
 {
 	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
@@ -850,6 +912,8 @@ constraint_update( Operation *op, SlapReply *rs )
 	struct berval rsv = BER_BVC("modify breaks constraint");
 	int rc;
 	char *msg = NULL;
+	int is_v;
+	int first = 1;
 
 	if (get_relax(op)) {
 		return SLAP_CB_CONTINUE;
@@ -880,10 +944,12 @@ constraint_update( Operation *op, SlapReply *rs )
 	/* Do we need to count attributes? */
 	for(cp = c; cp; cp = cp->ap_next) {
 		if (cp->count != 0 || cp->set || cp->restrict_lud != 0) {
-			op->o_bd = on->on_info->oi_origdb;
-			rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &target_entry );
-			op->o_bd = be;
-
+			if (first) {
+				op->o_bd = on->on_info->oi_origdb;
+				rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &target_entry );
+				op->o_bd = be;
+				first = 0;
+			}
 			if (rc != 0 || target_entry == NULL) {
 				Debug(LDAP_DEBUG_TRACE, 
 					"==> constraint_update rc = %d DN=\"%s\"%s\n",
@@ -893,7 +959,16 @@ constraint_update( Operation *op, SlapReply *rs )
 					rc = LDAP_CONSTRAINT_VIOLATION;
 				goto mod_violation;
 			}
-			break;
+
+			is_v = constraint_check_count_violation(m, target_entry, cp);
+
+			Debug(LDAP_DEBUG_TRACE,
+				"==> constraint_update is_v: %d\n", is_v, 0, 0);
+
+			if (is_v) {
+				rc = LDAP_CONSTRAINT_VIOLATION;
+				goto mod_violation;
+			}
 		}
 	}
 
@@ -912,10 +987,6 @@ constraint_update( Operation *op, SlapReply *rs )
 		if ((( b = m->sml_values ) == NULL ) || (b[0].bv_val == NULL))
 			continue;
 
-		/* Get this attribute count, if needed */
-		if (target_entry)
-			ce = constraint_count_attr(target_entry, m->sml_desc);
-
 		for(cp = c; cp; cp = cp->ap_next) {
 			int j;
 			for (j = 0; cp->ap[j]; j++) {
@@ -929,34 +1000,6 @@ constraint_update( Operation *op, SlapReply *rs )
 				continue;
 			}
 
-			if (cp->count != 0) {
-				unsigned ca;
-
-				if (m->sml_op == LDAP_MOD_DELETE)
-					ce = 0;
-
-				for (ca = 0; b[ca].bv_val; ++ca);
-
-				Debug(LDAP_DEBUG_TRACE, 
-					"==> constraint_update ce = %u, "
-					"ca = %u, cp->count = %lu\n",
-					ce, ca, (unsigned long) cp->count);
-
-				if (m->sml_op == LDAP_MOD_ADD) {
-					if (ca + ce > cp->count) {
-						rc = LDAP_CONSTRAINT_VIOLATION;
-						goto mod_violation;
-					}
-				}
-				if (m->sml_op == LDAP_MOD_REPLACE) {
-					if (ca > cp->count) {
-						rc = LDAP_CONSTRAINT_VIOLATION;
-						goto mod_violation;
-					}
-					ce = ca;
-				}
-			} 
-
 			/* DELETE are to be ignored beyond this point */
 			if (( m->sml_op & LDAP_MOD_OP ) == LDAP_MOD_DELETE)
 				continue;
-- 
1.7.10.4