Do not return pointers into BerElement we do not own

[openldap] / servers / slapd / back-shell / modify.c

diff --git a/servers/slapd/back-shell/modify.c b/servers/slapd/back-shell/modify.c
index 0b1719eddd971602a0a176135db8bc3e28862927..248a64dc45d8602728c821d1b78558b5f2c1e2a5 100644 (file)
--- a/servers/slapd/back-shell/modify.c
+++ b/servers/slapd/back-shell/modify.c
@@ -1,7 +1,7 @@
 /* modify.c - shell backend modify function */
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -17,37 +17,51 @@
 
 int
 shell_back_modify(
-    Backend    *be,
-    Connection *conn,
     Operation  *op,
-    struct berval *dn,
-    struct berval *ndn,
-    Modifications      *ml
-)
+    SlapReply  *rs )
 {
        Modification *mod;
-       struct shellinfo        *si = (struct shellinfo *) be->be_private;
+       struct shellinfo        *si = (struct shellinfo *) op->o_bd->be_private;
+       AttributeDescription *entry = slap_schema.si_ad_entry;
+       Modifications *ml  = op->oq_modify.rs_modlist;
+       Entry e;
        FILE                    *rfp, *wfp;
        int                     i;
 
-       if ( IS_NULLCMD( si->si_modify ) ) {
-               send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
-                   "modify not implemented", NULL, NULL );
+       if ( si->si_modify == NULL ) {
+               send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+                   "modify not implemented" );
                return( -1 );
        }
 
+       e.e_id = NOID;
+       e.e_name = op->o_req_dn;
+       e.e_nname = op->o_req_ndn;
+       e.e_attrs = NULL;
+       e.e_ocflags = 0;
+       e.e_bv.bv_len = 0;
+       e.e_bv.bv_val = NULL;
+       e.e_private = NULL;
+
+       if ( ! access_allowed( op, &e,
+               entry, NULL, ACL_WRITE, NULL ) )
+       {
+               send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+               return -1;
+       }
+
        if ( (op->o_private = (void *) forkandexec( si->si_modify, &rfp, &wfp ))
            == (void *) -1 ) {
-               send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
-                   "could not fork/exec", NULL, NULL );
+               send_ldap_error( op, rs, LDAP_OTHER,
+                   "could not fork/exec" );
                return( -1 );
        }
 
        /* write out the request to the modify process */
        fprintf( wfp, "MODIFY\n" );
        fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
-       print_suffixes( wfp, be );
-       fprintf( wfp, "dn: %s\n", dn->bv_val );
+       print_suffixes( wfp, op->o_bd );
+       fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
        for ( ; ml != NULL; ml = ml->sml_next ) {
                mod = &ml->sml_mod;
 
@@ -79,7 +93,7 @@ shell_back_modify(
        fclose( wfp );
 
        /* read in the results and send them along */
-       read_and_send_results( be, conn, op, rfp, NULL, 0 );
+       read_and_send_results( op, rs, rfp );
        fclose( rfp );
        return( 0 );
 }