fix pre-allocated entry/attribute handling

[openldap] / servers / slapd / overlays / dds.c

diff --git a/servers/slapd/overlays/dds.c b/servers/slapd/overlays/dds.c
index b701e9e61124fc1eb98ac8f9bf0f55b8faef85f1..369cbd075e0fe851b32cf57f0b62f473e1a7acbd 100644 (file)
--- a/servers/slapd/overlays/dds.c
+++ b/servers/slapd/overlays/dds.c
@@ -357,7 +357,6 @@ dds_op_add( Operation *op, SlapReply *rs )
                        slap_schema.si_oc_dynamicObject, NULL, 0, &e );
                if ( rc == LDAP_SUCCESS && e != NULL ) {
                        if ( !is_dynamicObject ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
                                /* return referral only if "disclose"
                                 * is granted on the object */
                                if ( ! access_allowed( op, e,
@@ -367,9 +366,7 @@ dds_op_add( Operation *op, SlapReply *rs )
                                        rc = rs->sr_err = LDAP_NO_SUCH_OBJECT;
                                        send_ldap_result( op, rs );
 
-                               } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
-                               {
+                               } else {
                                        rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
                                        send_ldap_error( op, rs, rc, "no static subordinate entries allowed for dynamicObject" );
                                }
@@ -580,15 +577,12 @@ dds_op_modify( Operation *op, SlapReply *rs )
                                        if ( BER_BVISEMPTY( &bv_entryTtl ) 
                                                || !bvmatch( &bv_entryTtl, &mod->sml_values[ 0 ] ) )
                                        {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
                                                rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn, 
                                                        slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
                                                if ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) {
                                                        rs->sr_err = LDAP_NO_SUCH_OBJECT;
 
-                                               } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
-                                               {
+                                               } else {
                                                        rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
                                                }
                                                goto done;
@@ -609,15 +603,12 @@ dds_op_modify( Operation *op, SlapReply *rs )
                                assert( BER_BVISNULL( &mod->sml_values[ 1 ] ) );
 
                                if ( !BER_BVISEMPTY( &bv_entryTtl ) ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
                                        rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn, 
                                                slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
                                        if ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) {
                                                rs->sr_err = LDAP_NO_SUCH_OBJECT;
 
-                                       } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
-                                       {
+                                       } else {
                                                rs->sr_text = "attribute 'entryTtl' cannot have multiple values";
                                                rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
                                        }
@@ -649,15 +640,12 @@ dds_op_modify( Operation *op, SlapReply *rs )
 
                        case LDAP_MOD_INCREMENT:
                                if ( BER_BVISEMPTY( &bv_entryTtl ) ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
                                        rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn, 
                                                slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
                                        if ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) {
                                                rs->sr_err = LDAP_NO_SUCH_OBJECT;
 
-                                       } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
-                                       {
+                                       } else {
                                                rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
                                                rs->sr_text = "modify/increment: entryTtl: no such attribute";
                                        }
@@ -678,7 +666,6 @@ dds_op_modify( Operation *op, SlapReply *rs )
                                }
 
                                if ( rs->sr_err != LDAP_SUCCESS ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
                                        rc = backend_attribute( op, NULL, &op->o_req_ndn, 
                                                slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
                                        if ( rc == LDAP_INSUFFICIENT_ACCESS ) {
@@ -686,7 +673,6 @@ dds_op_modify( Operation *op, SlapReply *rs )
                                                rs->sr_err = LDAP_NO_SUCH_OBJECT;
 
                                        }
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
                                        goto done;
                                }
 
@@ -708,7 +694,7 @@ done:;
        if ( rs->sr_err == LDAP_SUCCESS ) {
                int     rc;
 
-               /* FIXME: this could be allowed when manageDIT is used...
+               /* FIXME: this could be allowed when the Relax control is used...
                 * in that case:
                 *
                 * TODO
@@ -727,7 +713,7 @@ done:;
                rc = is_dynamicObject - was_dynamicObject;
                if ( rc ) {
 #if 0 /* fix subordinate issues first */
-                       if ( get_manageDIT( op ) ) {
+                       if ( get_relax( op ) ) {
                                switch ( rc ) {
                                case -1:
                                        /* need to delete entryTtl to have a consistent entry */
@@ -761,7 +747,6 @@ done:;
                                rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
                        }
 
-#ifdef SLAP_ACL_HONOR_DISCLOSE
                        if ( rc != LDAP_SUCCESS ) {
                                rc = backend_attribute( op, NULL, &op->o_req_ndn, 
                                        slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
@@ -770,7 +755,6 @@ done:;
                                        rs->sr_err = LDAP_NO_SUCH_OBJECT;
                                }
                        }
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
                }
        }
 
@@ -850,7 +834,6 @@ dds_op_rename( Operation *op, SlapReply *rs )
                        slap_schema.si_oc_dynamicObject, NULL, 0, &e );
                if ( rc == LDAP_SUCCESS && e != NULL ) {
                        if ( !is_dynamicObject ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
                                /* return referral only if "disclose"
                                 * is granted on the object */
                                if ( ! access_allowed( op, e,
@@ -860,9 +843,7 @@ dds_op_rename( Operation *op, SlapReply *rs )
                                        rs->sr_err = LDAP_NO_SUCH_OBJECT;
                                        send_ldap_result( op, rs );
 
-                               } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
-                               {
+                               } else {
                                        send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION,
                                                "static entry cannot have dynamicObject as newSuperior" );
                                }
@@ -1072,7 +1053,6 @@ dds_op_extended( Operation *op, SlapReply *rs )
                        rs->sr_err = be_entry_get_rw( op, &op->o_req_ndn,
                                NULL, NULL, 0, &e );
                        if ( rs->sr_err == LDAP_SUCCESS && e != NULL ) {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
                                /* return referral only if "disclose"
                                 * is granted on the object */
                                if ( ! access_allowed( op, e,
@@ -1081,9 +1061,7 @@ dds_op_extended( Operation *op, SlapReply *rs )
                                {
                                        rs->sr_err = LDAP_NO_SUCH_OBJECT;
 
-                               } else
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
-                               {
+                               } else {
                                        rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
                                        rs->sr_text = "refresh operation only applies to dynamic objects";
                                }
@@ -1099,7 +1077,7 @@ dds_op_extended( Operation *op, SlapReply *rs )
                }
 
                /* we require manage privileges on the entryTtl,
-                * and fake a manageDIT control */
+                * and fake a Relax control */
                op2.o_tag = LDAP_REQ_MODIFY;
                op2.o_bd = &db;
                db.bd_info = (BackendInfo *)on->on_info;
@@ -1107,7 +1085,7 @@ dds_op_extended( Operation *op, SlapReply *rs )
                sc.sc_response = slap_replog_cb;
                sc.sc_next = &sc2;
                sc2.sc_response = slap_null_cb;
-               op2.o_managedit = SLAP_CONTROL_CRITICAL;
+               op2.o_relax = SLAP_CONTROL_CRITICAL;
                op2.orm_modlist = &ttlmod;
 
                ttlmod.sml_op = LDAP_MOD_REPLACE;
@@ -1976,7 +1954,7 @@ init_module( int argc, char *argv[] )
                        do_not_load_schema = no;
 
                } else {
-                       Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+                       Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
                                "DDS unknown module arg[#%d]=\"%s\".\n",
                                i, argv[ i ] );
                        return 1;