Don't reeval expression

[openldap] / servers / slapd / back-shell / add.c

diff --git a/servers/slapd/back-shell/add.c b/servers/slapd/back-shell/add.c
index b2c7b80b950775710b98cf40b28310461e24f70c..02a52093808e83789b2eb697dece18e4d67125e7 100644 (file)
--- a/servers/slapd/back-shell/add.c
+++ b/servers/slapd/back-shell/add.c
@@ -1,7 +1,7 @@
 /* add.c - shell backend add function */
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -24,6 +24,7 @@ shell_back_add(
 )
 {
        struct shellinfo        *si = (struct shellinfo *) be->be_private;
+       AttributeDescription *entry = slap_schema.si_ad_entry;
        FILE                    *rfp, *wfp;
        int                     len;
 
@@ -33,8 +34,16 @@ shell_back_add(
                return( -1 );
        }
 
+       if ( ! access_allowed( be, conn, op, e,
+               entry, NULL, ACL_WRITE, NULL ) )
+       {
+               send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
+                       NULL, NULL, NULL, NULL );
+               return -1;
+       }
+
        if ( (op->o_private = (void *) forkandexec( si->si_add, &rfp, &wfp )) == (void *) -1 ) {
-               send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
+               send_ldap_result( conn, op, LDAP_OTHER, NULL,
                    "could not fork/exec", NULL, NULL );
                return( -1 );
        }