/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2014 The OpenLDAP Foundation.
+ * Copyright 2004-2016 The OpenLDAP Foundation.
* Portions Copyright 2004,2006-2007 Symas Corporation.
* All rights reserved.
*
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
- if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED
+ && access_allowed ( op, op->ora_e,
+ slap_schema.si_ad_entry, NULL,
+ ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
unique_domain *domain;
Operation nop = *op;
Modifications *m;
+ Entry *e = NULL;
char *key, *kp;
struct berval bvkey;
int rc = SLAP_CB_CONTINUE;
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
- if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED
+ && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS
+ && e
+ && access_allowed ( op, e,
+ slap_schema.si_ad_entry, NULL,
+ ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0);
+ overlay_entry_release_ov( op, e, 0, on );
return rc;
}
+ if ( e ) {
+ overlay_entry_release_ov( op, e, 0, on );
+ }
for ( domain = legacy ? legacy : domains;
domain;
unique_domain *legacy = private->legacy;
unique_domain *domain;
Operation nop = *op;
+ Entry *e = NULL;
char *key, *kp;
struct berval bvkey;
LDAPRDN newrdn;
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
- if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED
+ && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS
+ && e
+ && access_allowed ( op, e,
+ slap_schema.si_ad_entry, NULL,
+ ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0);
+ overlay_entry_release_ov( op, e, 0, on );
return rc;
}
+ if ( e ) {
+ overlay_entry_release_ov( op, e, 0, on );
+ }
for ( domain = legacy ? legacy : domains;
domain;