Do not return pointers into BerElement we do not own

[openldap] / servers / slapd / back-shell / modify.c

diff --git a/servers/slapd/back-shell/modify.c b/servers/slapd/back-shell/modify.c
index 488d8c5da6e7c63897dc357aef6f9dd551e470bc..248a64dc45d8602728c821d1b78558b5f2c1e2a5 100644 (file)
--- a/servers/slapd/back-shell/modify.c
+++ b/servers/slapd/back-shell/modify.c
@@ -1,7 +1,7 @@
 /* modify.c - shell backend modify function */
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -17,37 +17,51 @@
 
 int
 shell_back_modify(
-    Backend    *be,
-    Connection *conn,
     Operation  *op,
-    struct berval *dn,
-    struct berval *ndn,
-    Modifications      *ml
-)
+    SlapReply  *rs )
 {
        Modification *mod;
-       struct shellinfo        *si = (struct shellinfo *) be->be_private;
+       struct shellinfo        *si = (struct shellinfo *) op->o_bd->be_private;
+       AttributeDescription *entry = slap_schema.si_ad_entry;
+       Modifications *ml  = op->oq_modify.rs_modlist;
+       Entry e;
        FILE                    *rfp, *wfp;
        int                     i;
 
        if ( si->si_modify == NULL ) {
-               send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
-                   "modify not implemented", NULL, NULL );
+               send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+                   "modify not implemented" );
                return( -1 );
        }
 
+       e.e_id = NOID;
+       e.e_name = op->o_req_dn;
+       e.e_nname = op->o_req_ndn;
+       e.e_attrs = NULL;
+       e.e_ocflags = 0;
+       e.e_bv.bv_len = 0;
+       e.e_bv.bv_val = NULL;
+       e.e_private = NULL;
+
+       if ( ! access_allowed( op, &e,
+               entry, NULL, ACL_WRITE, NULL ) )
+       {
+               send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+               return -1;
+       }
+
        if ( (op->o_private = (void *) forkandexec( si->si_modify, &rfp, &wfp ))
            == (void *) -1 ) {
-               send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
-                   "could not fork/exec", NULL, NULL );
+               send_ldap_error( op, rs, LDAP_OTHER,
+                   "could not fork/exec" );
                return( -1 );
        }
 
        /* write out the request to the modify process */
        fprintf( wfp, "MODIFY\n" );
        fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
-       print_suffixes( wfp, be );
-       fprintf( wfp, "dn: %s\n", dn->bv_val );
+       print_suffixes( wfp, op->o_bd );
+       fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
        for ( ; ml != NULL; ml = ml->sml_next ) {
                mod = &ml->sml_mod;
 
@@ -68,9 +82,9 @@ shell_back_modify(
                }
 
                if( mod->sm_bvalues != NULL ) {
-                       for ( i = 0; mod->sm_bvalues[i] != NULL; i++ ) {
+                       for ( i = 0; mod->sm_bvalues[i].bv_val != NULL; i++ ) {
                                fprintf( wfp, "%s: %s\n", mod->sm_desc->ad_cname.bv_val,
-                                       mod->sm_bvalues[i]->bv_val /* binary! */ );
+                                       mod->sm_bvalues[i].bv_val /* binary! */ );
                        }
                }
 
@@ -79,7 +93,7 @@ shell_back_modify(
        fclose( wfp );
 
        /* read in the results and send them along */
-       read_and_send_results( be, conn, op, rfp, NULL, 0 );
+       read_and_send_results( op, rs, rfp );
        fclose( rfp );
        return( 0 );
 }