Merge remote-tracking branch 'origin/mdb.master'

[openldap] / servers / slapd / back-ndb / add.cpp

diff --git a/servers/slapd/back-ndb/add.cpp b/servers/slapd/back-ndb/add.cpp
index 8a5ca68fec294a4376cc0a3cde6767e22c8c6fa2..0e2b68e5eab551865ae39d9dd738d3e9aa7b7e19 100644 (file)
--- a/servers/slapd/back-ndb/add.cpp
+++ b/servers/slapd/back-ndb/add.cpp
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2008 The OpenLDAP Foundation.
+ * Copyright 2008-2012 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -51,10 +51,11 @@ ndb_back_add(Operation *op, SlapReply *rs )
                op->oq_add.rs_e->e_name.bv_val, 0, 0);
 
        ctrls[num_ctrls] = 0;
+       NA.txn = NULL;
 
        /* check entry's schema */
        rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
-               get_relax(op), 1, &rs->sr_text, textbuf, textlen );
+               get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
        if ( rs->sr_err != LDAP_SUCCESS ) {
                Debug( LDAP_DEBUG_TRACE,
                        LDAP_XSTRING(ndb_back_add) ": entry failed schema check: "
@@ -223,6 +224,19 @@ is_ref:                    p.e_attrs = NULL;
                goto return_results;;
        }
 
+       /* 
+        * Check ACL for attribute write access
+        */
+       if (!acl_check_modlist(op, op->ora_e, op->ora_modlist)) {
+               Debug( LDAP_DEBUG_TRACE,
+                       LDAP_XSTRING(bdb_add) ": no write access to attribute\n",
+                       0, 0, 0 );
+               rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+               rs->sr_text = "no write access to attribute";
+               goto return_results;;
+       }
+
+
        /* acquire entry ID */
        if ( op->ora_e->e_id == NOID ) {
                rs->sr_err = ndb_next_id( op->o_bd, NA.ndb, &op->ora_e->e_id );