return -1;
}
- for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ )
- {
+ for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ ) {
assert( bi->bi_init );
rc = bi->bi_init( bi );
return 0;
}
+void backend_destroy_one( BackendDB *bd )
+{
+ LDAP_STAILQ_REMOVE(&backendDB, bd, slap_backend_db, be_next );
+
+ if ( bd->be_syncinfo ) {
+ syncinfo_free( bd->be_syncinfo );
+ }
+
+ if ( bd->be_pending_csn_list ) {
+ struct slap_csn_entry *csne;
+ csne = LDAP_TAILQ_FIRST( bd->be_pending_csn_list );
+ while ( csne ) {
+ struct slap_csn_entry *tmp_csne = csne;
+
+ LDAP_TAILQ_REMOVE( bd->be_pending_csn_list, csne, ce_csn_link );
+ ch_free( csne->ce_csn.bv_val );
+ csne = LDAP_TAILQ_NEXT( csne, ce_csn_link );
+ ch_free( tmp_csne );
+ }
+ }
+
+ if ( bd->bd_info->bi_db_destroy ) {
+ bd->bd_info->bi_db_destroy( bd );
+ }
+ ber_bvarray_free( bd->be_suffix );
+ ber_bvarray_free( bd->be_nsuffix );
+ if ( !BER_BVISNULL( &bd->be_rootdn ) ) {
+ free( bd->be_rootdn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootndn ) ) {
+ free( bd->be_rootndn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootpw ) ) {
+ free( bd->be_rootpw.bv_val );
+ }
+ acl_destroy( bd->be_acl, frontendDB->be_acl );
+ free( bd );
+}
+
int backend_destroy(void)
{
int i;
BackendDB *bd;
BackendInfo *bi;
- struct slap_csn_entry *csne;
/* destroy each backend database */
while (( bd = LDAP_STAILQ_FIRST(&backendDB))) {
- LDAP_STAILQ_REMOVE_HEAD(&backendDB, be_next);
-
- if ( bd->be_syncinfo ) {
- syncinfo_free( bd->be_syncinfo );
- }
-
- if ( bd->be_pending_csn_list ) {
- csne = LDAP_TAILQ_FIRST( bd->be_pending_csn_list );
- while ( csne ) {
- struct slap_csn_entry *tmp_csne = csne;
-
- LDAP_TAILQ_REMOVE( bd->be_pending_csn_list, csne, ce_csn_link );
- ch_free( csne->ce_csn.bv_val );
- csne = LDAP_TAILQ_NEXT( csne, ce_csn_link );
- ch_free( tmp_csne );
- }
- }
-
- if ( bd->bd_info->bi_db_destroy ) {
- bd->bd_info->bi_db_destroy( bd );
- }
- ber_bvarray_free( bd->be_suffix );
- ber_bvarray_free( bd->be_nsuffix );
- if ( !BER_BVISNULL( &bd->be_rootdn ) ) {
- free( bd->be_rootdn.bv_val );
- }
- if ( !BER_BVISNULL( &bd->be_rootndn ) ) {
- free( bd->be_rootndn.bv_val );
- }
- if ( !BER_BVISNULL( &bd->be_rootpw ) ) {
- free( bd->be_rootpw.bv_val );
- }
- acl_destroy( bd->be_acl, frontendDB->be_acl );
- free( bd );
+ backend_destroy_one( bd );
}
/* destroy each backend type */
LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
if ( be->be_connection_init ) {
- be->be_connection_init( be, conn);
+ be->be_connection_init( be, conn );
}
}
break;
case LDAP_COMPARE_FALSE:
- if ( !op->o_bd->be_ctrls[ cid ] )
- {
+ if ( !op->o_bd->be_ctrls[cid] && (*ctrls)->ldctl_iscritical ) {
/* Per RFC 2251 (and LDAPBIS discussions), if the control
* is recognized and appropriate for the operation (which
* we've already verified), then the server should make
* use of the control when performing the operation.
*
* Here we find that operation extended by the control
- * is not unavailable in a particular context, hence the
- * return of unwillingToPerform.
+ * is unavailable in a particular context, and the control
+ * is marked Critical, hence the return of
+ * unwillingToPerform.
*/
- rs->sr_text = "control unavailable in context";
+ rs->sr_text = "critical control unavailable in context";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
goto done;
}
default:
/* unreachable */
+ Debug( LDAP_DEBUG_ANY,
+ "backend_check_controls: unable to check control: %s\n",
+ (*ctrls)->ldctl_oid, 0, 0 );
+ assert( 0 );
+
rs->sr_text = "unable to check control";
rs->sr_err = LDAP_OTHER;
goto done;
}
}
+ /* check should be generalized */
+ if( get_manageDIT(op) && !be_isroot(op)) {
+ rs->sr_text = "requires manager authorization";
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ }
+
done:;
return rs->sr_err;
}