ITS#5572 retrieve main DB's ACL before relevant operations

[openldap] / servers / slapd / overlays / memberof.c

diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c
index 09edce82b7f6f662703849bf90c0132c9c61f8a2..72b29ed8dfeb5e43a1d7761b764dbd04dc12937e 100644 (file)
--- a/servers/slapd/overlays/memberof.c
+++ b/servers/slapd/overlays/memberof.c
@@ -571,7 +571,7 @@ memberof_op_add( Operation *op, SlapReply *rs )
                        && is_entry_objectclass_or_sub( op->ora_e, mo->mo_oc_group ) )
        {
                op->o_dn = op->o_bd->be_rootdn;
-               op->o_dn = op->o_bd->be_rootndn;
+               op->o_ndn = op->o_bd->be_rootndn;
                op->o_bd->bd_info = (BackendInfo *)on->on_info;
 
                for ( ap = &op->ora_e->e_attrs; *ap; ) {
@@ -805,7 +805,7 @@ memberof_op_modify( Operation *op, SlapReply *rs )
                        BerVarray       vals = NULL;
 
                        op->o_dn = op->o_bd->be_rootdn;
-                       op->o_dn = op->o_bd->be_rootndn;
+                       op->o_ndn = op->o_bd->be_rootndn;
                        op->o_bd->bd_info = (BackendInfo *)on->on_info;
                        rc = backend_attribute( op, NULL, &op->o_req_ndn,
                                        mo->mo_ad_member, &vals, ACL_READ );
@@ -820,7 +820,7 @@ memberof_op_modify( Operation *op, SlapReply *rs )
                                && !get_relax( op ) )
                {
                        op->o_dn = op->o_bd->be_rootdn;
-                       op->o_dn = op->o_bd->be_rootndn;
+                       op->o_ndn = op->o_bd->be_rootndn;
                        op->o_bd->bd_info = (BackendInfo *)on->on_info;
                
                        assert( op->orm_modlist != NULL );
@@ -843,6 +843,12 @@ memberof_op_modify( Operation *op, SlapReply *rs )
                                        break;
                
                                case LDAP_MOD_REPLACE:
+                                       /* Handle this just like a delete (see above) */
+                                       if ( !ml->sml_values ) {
+                                               mlp = &ml->sml_next;
+                                               break;
+                                       }
+ 
                                case LDAP_MOD_ADD:
                                        /* NOTE: right now, the attributeType we use
                                         * for member must have a normalized value */
@@ -1038,7 +1044,7 @@ memberof_op_modify( Operation *op, SlapReply *rs )
                                goto done2;
                        }
 
-                       if ( ml->sml_op == LDAP_MOD_DELETE ) {
+                       if ( ml->sml_op == LDAP_MOD_DELETE || !ml->sml_values ) {
                                break;
                        }
                        /* fall thru */
@@ -1305,7 +1311,7 @@ memberof_res_modify( Operation *op, SlapReply *rs )
                                ber_bvarray_free_x( vals, op->o_tmpmemctx );
                        }
 
-                       if ( ml->sml_op == LDAP_MOD_DELETE ) {
+                       if ( ml->sml_op == LDAP_MOD_DELETE || !mml->sml_values ) {
                                break;
                        }
                        /* fall thru */
@@ -1362,7 +1368,7 @@ memberof_res_modify( Operation *op, SlapReply *rs )
                                        ber_bvarray_free_x( vals, op->o_tmpmemctx );
                                }
        
-                               if ( ml->sml_op == LDAP_MOD_DELETE ) {
+                               if ( ml->sml_op == LDAP_MOD_DELETE || !ml->sml_values ) {
                                        break;
                                }
                                /* fall thru */