/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2012 The OpenLDAP Foundation.
+ * Copyright 2004-2017 The OpenLDAP Foundation.
* Portions Copyright 2004,2006-2007 Symas Corporation.
* All rights reserved.
*
rc = 0;
break;
- case SLAP_CONFIG_ADD: /* fallthrough */
+ case SLAP_CONFIG_ADD: /* fallthru */
case LDAP_MOD_ADD:
if ( legacy ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
return 0;
}
-static int
-unique_open(
- BackendDB *be,
- ConfigReply *cr
-)
-{
- Debug(LDAP_DEBUG_TRACE, "unique_open: overlay initialized\n", 0, 0, 0);
-
- return 0;
-}
-
-
-/*
-** Leave unique_data but wipe out config
-**
-*/
-
-static int
-unique_close(
- BackendDB *be,
- ConfigReply *cr
-)
-{
- slap_overinst *on = (slap_overinst *) be->bd_info;
- unique_data **privatep = (unique_data **) &on->on_bi.bi_private;
- unique_data *private = *privatep;
-
- Debug(LDAP_DEBUG_TRACE, "==> unique_close\n", 0, 0, 0);
-
- if ( private ) {
- unique_domain *domains = private->domains;
- unique_domain *legacy = private->legacy;
-
- unique_free_domain ( domains );
- unique_free_domain ( legacy );
- memset ( private, 0, sizeof ( unique_data ) );
- }
-
- return ( 0 );
-}
-
/*
** search callback
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
- if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED
+ && access_allowed ( op, op->ora_e,
+ slap_schema.si_ad_entry, NULL,
+ ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
unique_domain *domain;
Operation nop = *op;
Modifications *m;
+ Entry *e = NULL;
char *key, *kp;
struct berval bvkey;
int rc = SLAP_CB_CONTINUE;
Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n",
op->o_req_dn.bv_val, 0, 0);
+ if ( !op->orm_modlist ) {
+ Debug(LDAP_DEBUG_TRACE, "unique_modify: got empty modify op\n", 0, 0, 0);
+ return rc;
+ }
+
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
- if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED
+ && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS
+ && e
+ && access_allowed ( op, e,
+ slap_schema.si_ad_entry, NULL,
+ ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0);
+ overlay_entry_release_ov( op, e, 0, on );
return rc;
}
+ if ( e ) {
+ overlay_entry_release_ov( op, e, 0, on );
+ }
for ( domain = legacy ? legacy : domains;
domain;
&& !dnIsSuffix( &op->o_req_ndn, &uri->ndn ))
continue;
- if ( !(m = op->orm_modlist) ) {
- op->o_bd->bd_info = (BackendInfo *) on->on_info;
- send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
- "unique_modify() got null op.orm_modlist");
- rc = rs->sr_err;
- break;
-
- } else
- for ( ; m; m = m->sml_next)
- if ( (m->sml_op & LDAP_MOD_OP)
- != LDAP_MOD_DELETE )
- ks += count_filter_len
- ( domain,
- uri,
- m->sml_desc,
- m->sml_values);
+ for ( m = op->orm_modlist; m; m = m->sml_next)
+ if ( (m->sml_op & LDAP_MOD_OP)
+ != LDAP_MOD_DELETE )
+ ks += count_filter_len
+ ( domain,
+ uri,
+ m->sml_desc,
+ m->sml_values);
/* skip this domain-uri if it isn't involved */
if ( !ks ) continue;
unique_domain *legacy = private->legacy;
unique_domain *domain;
Operation nop = *op;
+ Entry *e = NULL;
char *key, *kp;
struct berval bvkey;
LDAPRDN newrdn;
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
- if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED
+ && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS
+ && e
+ && access_allowed ( op, e,
+ slap_schema.si_ad_entry, NULL,
+ ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0);
+ overlay_entry_release_ov( op, e, 0, on );
return rc;
}
+ if ( e ) {
+ overlay_entry_release_ov( op, e, 0, on );
+ }
for ( domain = legacy ? legacy : domains;
domain;
unique.on_bi.bi_type = "unique";
unique.on_bi.bi_db_init = unique_db_init;
unique.on_bi.bi_db_destroy = unique_db_destroy;
- unique.on_bi.bi_db_open = unique_open;
- unique.on_bi.bi_db_close = unique_close;
unique.on_bi.bi_op_add = unique_add;
unique.on_bi.bi_op_modify = unique_modify;
unique.on_bi.bi_op_modrdn = unique_modrdn;