#include "lutil.h"
#include "lber_pvt.h"
-#include "ldap_rq.h"
-
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
return -1;
}
- for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ )
- {
+ for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ ) {
assert( bi->bi_init );
rc = bi->bi_init( bi );
return rc;
}
-#ifdef SLAP_OVERLAY_ACCESS
- if ( bi->bi_access_allowed == NULL ) {
- bi->bi_access_allowed = slap_access_allowed;
- }
-#endif /* SLAP_OVERLAY_ACCESS */
-
LDAP_STAILQ_INSERT_TAIL(&backendInfo, bi, bi_next);
}
return rc;
}
-#ifdef SLAP_OVERLAY_ACCESS
- if ( aBackendInfo->bi_access_allowed == NULL ) {
- aBackendInfo->bi_access_allowed = slap_access_allowed;
- }
-#endif /* SLAP_OVERLAY_ACCESS */
-
(void)backend_init_controls( aBackendInfo );
/* now add the backend type to the Backend Info List */
(void)backend_init_controls( bi );
}
- ldap_pvt_thread_mutex_init( &slapd_rq.rq_mutex );
- LDAP_STAILQ_INIT( &slapd_rq.task_list );
- LDAP_STAILQ_INIT( &slapd_rq.run_list );
-
/* open each backend database */
i = -1;
LDAP_STAILQ_FOREACH(be, &backendDB, be_next) {
i, be->bd_info->bi_type, 0 );
}
/* append global access controls */
- acl_append( &be->be_acl, frontendDB->be_acl );
+ acl_append( &be->be_acl, frontendDB->be_acl, -1 );
rc = backend_startup_one( be );
if ( rc ) return rc;
-
-
- if ( be->be_syncinfo ) {
- syncinfo_t *si;
-
- if ( !( be->be_search && be->be_add &&
- be->be_modify && be->be_delete )) {
- Debug( LDAP_DEBUG_ANY,
- "backend_startup: database(%d) does not support "
- "operations required for syncrepl", i, 0, 0 );
- continue;
- }
-
- {
- si = be->be_syncinfo;
- si->si_be = be;
- init_syncrepl( si );
- ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
- ldap_pvt_runqueue_insert( &slapd_rq,
- si->si_interval, do_syncrepl, (void *) si );
- ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
- }
- }
}
return rc;
break;
case LDAP_COMPARE_FALSE:
- if ( !op->o_bd->be_ctrls[ cid ] )
- {
+ if ( !op->o_bd->be_ctrls[cid] && (*ctrls)->ldctl_iscritical ) {
/* Per RFC 2251 (and LDAPBIS discussions), if the control
* is recognized and appropriate for the operation (which
* we've already verified), then the server should make
* use of the control when performing the operation.
*
* Here we find that operation extended by the control
- * is not unavailable in a particular context, hence the
- * return of unwillingToPerform.
+ * is unavailable in a particular context, and the control
+ * is marked Critical, hence the return of
+ * unwillingToPerform.
*/
- rs->sr_text = "control unavailable in context";
+ rs->sr_text = "critical control unavailable in context";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
goto done;
}
default:
/* unreachable */
+ Debug( LDAP_DEBUG_ANY,
+ "backend_check_controls: unable to check control: %s\n",
+ (*ctrls)->ldctl_oid, 0, 0 );
+ assert( 0 );
+
rs->sr_text = "unable to check control";
rs->sr_err = LDAP_OTHER;
goto done;
}
}
+ /* check should be generalized */
+ if( get_manageDIT(op) && !be_isroot(op)) {
+ rs->sr_text = "requires manager authorization";
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ }
+
done:;
return rs->sr_err;
}
}
if ( rc == 0 ) {
- rc = 1;
+ rc = LDAP_COMPARE_FALSE;
for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
if ( ldap_url_parse( a->a_vals[i].bv_val, &ludp ) !=
LDAP_URL_SUCCESS )
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
a->a_nvals, op_ndn, op->o_tmpmemctx );
+ if ( rc == LDAP_NO_SUCH_ATTRIBUTE )
+ rc = LDAP_COMPARE_FALSE;
}
} else {
rc = LDAP_NO_SUCH_ATTRIBUTE;
if ( a ) {
BerVarray v;
- if ( op->o_conn && access > ACL_NONE && access_allowed( op,
- e, entry_at, NULL, access,
- &acl_state ) == 0 ) {
+ if ( op->o_conn && access > ACL_NONE &&
+ access_allowed( op, e, entry_at, NULL,
+ access, &acl_state ) == 0 )
+ {
rc = LDAP_INSUFFICIENT_ACCESS;
goto freeit;
}
v = op->o_tmpalloc( sizeof(struct berval) * ( i + 1 ),
op->o_tmpmemctx );
- for ( i = 0,j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
+ for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
{
if ( op->o_conn && access > ACL_NONE &&
- access_allowed( op, e,
- entry_at,
+ access_allowed( op, e, entry_at,
&a->a_nvals[i],
access,
&acl_state ) == 0 )