return LDAP_CONFIDENTIALITY_REQUIRED;
}
+
+ if( op->o_tag == LDAP_REQ_BIND && opdata == NULL ) {
+ /* simple bind specific check */
+ if( op->o_ssf < ssf->sss_simple_bind ) {
+ *text = "confidentiality required";
+ return LDAP_CONFIDENTIALITY_REQUIRED;
+ }
+ }
+
if( op->o_tag != LDAP_REQ_BIND || opdata == NULL ) {
/* these checks don't apply to SASL bind */
return LDAP_CONFIDENTIALITY_REQUIRED;
}
- if( op->o_ndn.bv_len == 0 ) {
+ if( !( global_allows & SLAP_ALLOW_UPDATE_ANON ) &&
+ op->o_ndn.bv_len == 0 )
+ {
*text = "modifications require authentication";
return LDAP_STRONG_AUTH_REQUIRED;
}
+
+#ifdef SLAP_X_LISTENER_MOD
+ if ( ! ( conn->c_listener->sl_perms & S_IWUSR ) ) {
+ /* no "w" mode means readonly */
+ *text = "modifications not allowed on this listener";
+ return LDAP_UNWILLING_TO_PERFORM;
+ }
+#endif /* SLAP_X_LISTENER_MOD */
}
}
return LDAP_OPERATIONS_ERROR;
}
}
+
+#ifdef SLAP_X_LISTENER_MOD
+ if ( !starttls && op->o_dn.bv_len == 0 ) {
+ if ( ! ( conn->c_listener->sl_perms & S_IXUSR ) ) {
+ /* no "x" mode means bind required */
+ *text = "bind required on this listener";
+ return LDAP_STRONG_AUTH_REQUIRED;
+ }
+ }
+
+ if ( !starttls && !updateop ) {
+ if ( ! ( conn->c_listener->sl_perms & S_IRUSR ) ) {
+ /* no "r" mode means no read */
+ *text = "read not allowed on this listener";
+ return LDAP_UNWILLING_TO_PERFORM;
+ }
+ }
+#endif /* SLAP_X_LISTENER_MOD */
+
}
if( restrictops & opflag ) {
* and the backend supports specific operational attributes,
* add them to the attribute list
*/
-#ifdef SLAPD_SCHEMA_DN
if ( opattrs || ( attrs &&
ad_inlist( slap_schema.si_ad_subschemaSubentry, attrs )) ) {
*ap = slap_operational_subschemaSubentry( be );
ap = &(*ap)->a_next;
}
-#endif
+
if ( ( opattrs || attrs ) && be && be->be_operational != NULL ) {
( void )be->be_operational( be, conn, op, e, attrs, opattrs, ap );
}