Don't reeval expression

[openldap] / servers / slapd / back-shell / modify.c

diff --git a/servers/slapd/back-shell/modify.c b/servers/slapd/back-shell/modify.c
index 91d7149eca03354dda942276c916ae4df77407e8..9ea1511a696ed9ab1ae97282a62cc1ecaf1ce936 100644 (file)
--- a/servers/slapd/back-shell/modify.c
+++ b/servers/slapd/back-shell/modify.c
@@ -27,6 +27,8 @@ shell_back_modify(
 {
        Modification *mod;
        struct shellinfo        *si = (struct shellinfo *) be->be_private;
+       AttributeDescription *entry = slap_schema.si_ad_entry;
+       Entry e;
        FILE                    *rfp, *wfp;
        int                     i;
 
@@ -36,16 +38,32 @@ shell_back_modify(
                return( -1 );
        }
 
+       e.e_id = NOID;
+       e.e_name = *dn;
+       e.e_nname = *ndn;
+       e.e_attrs = NULL;
+       e.e_ocflags = 0;
+       e.e_bv.bv_len = 0;
+       e.e_bv.bv_val = NULL;
+       e.e_private = NULL;
+
+       if ( ! access_allowed( be, conn, op, &e,
+               entry, NULL, ACL_WRITE, NULL ) )
+       {
+               send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
+                       NULL, NULL, NULL, NULL );
+               return -1;
+       }
+
        if ( (op->o_private = (void *) forkandexec( si->si_modify, &rfp, &wfp ))
            == (void *) -1 ) {
-               send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
+               send_ldap_result( conn, op, LDAP_OTHER, NULL,
                    "could not fork/exec", NULL, NULL );
                return( -1 );
        }
 
        /* write out the request to the modify process */
        fprintf( wfp, "MODIFY\n" );
-       fprintf( wfp, "opid: %ld/%ld\n", op->o_connid, (long) op->o_msgid );
        fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
        print_suffixes( wfp, be );
        fprintf( wfp, "dn: %s\n", dn->bv_val );