X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Fback-meta%2Fmodify.c;h=3ca7cf821f8c8a183f63b72152107e265ddaee0a;hb=843e327a39e1ba023001fbbbe89733a431956549;hp=fd54c03fcca7f4b88832cbf321540f020f0eb33e;hpb=e2ed30f7826e63c107b183e3206b6a8c88bea41c;p=openldap diff --git a/servers/slapd/back-meta/modify.c b/servers/slapd/back-meta/modify.c index fd54c03fcc..3ca7cf821f 100644 --- a/servers/slapd/back-meta/modify.c +++ b/servers/slapd/back-meta/modify.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1999-2006 The OpenLDAP Foundation. + * Copyright 1999-2007 The OpenLDAP Foundation. * Portions Copyright 2001-2003 Pierangelo Masarati. * Portions Copyright 1999-2003 Howard Chu. * All rights reserved. @@ -35,6 +35,7 @@ int meta_back_modify( Operation *op, SlapReply *rs ) { metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private; + metatarget_t *mt; metaconn_t *mc; int rc = 0; LDAPMod **modv = NULL; @@ -47,6 +48,7 @@ meta_back_modify( Operation *op, SlapReply *rs ) dncookie dc; int msgid; int do_retry = 1; + LDAPControl **ctrls = NULL; mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR ); if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) { @@ -58,13 +60,14 @@ meta_back_modify( Operation *op, SlapReply *rs ) /* * Rewrite the modify dn, if needed */ - dc.target = &mi->mi_targets[ candidate ]; + mt = mi->mi_targets[ candidate ]; + dc.target = mt; dc.conn = op->o_conn; dc.rs = rs; dc.ctx = "modifyDN"; if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) { - rc = -1; + send_ldap_result( op, rs ); goto cleanup; } @@ -73,14 +76,14 @@ meta_back_modify( Operation *op, SlapReply *rs ) mods = ch_malloc( sizeof( LDAPMod )*i ); if ( mods == NULL ) { - rs->sr_err = LDAP_NO_MEMORY; - rc = -1; + rs->sr_err = LDAP_OTHER; + send_ldap_result( op, rs ); goto cleanup; } modv = ( LDAPMod ** )ch_malloc( ( i + 1 )*sizeof( LDAPMod * ) ); if ( modv == NULL ) { - rs->sr_err = LDAP_NO_MEMORY; - rc = -1; + rs->sr_err = LDAP_OTHER; + send_ldap_result( op, rs ); goto cleanup; } @@ -101,7 +104,7 @@ meta_back_modify( Operation *op, SlapReply *rs ) mapped = ml->sml_desc->ad_cname; } else { - ldap_back_map( &mi->mi_targets[ candidate ].mt_rwmap.rwm_at, + ldap_back_map( &mt->mt_rwmap.rwm_at, &ml->sml_desc->ad_cname, &mapped, BACKLDAP_MAP ); if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) { @@ -128,11 +131,11 @@ meta_back_modify( Operation *op, SlapReply *rs ) for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); ) { struct ldapmapping *mapping; - ldap_back_mapping( &mi->mi_targets[ candidate ].mt_rwmap.rwm_oc, + ldap_back_mapping( &mt->mt_rwmap.rwm_oc, &ml->sml_values[ j ], &mapping, BACKLDAP_MAP ); if ( mapping == NULL ) { - if ( mi->mi_targets[ candidate ].mt_rwmap.rwm_oc.drop_missing ) { + if ( mt->mt_rwmap.rwm_oc.drop_missing ) { continue; } mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ]; @@ -174,57 +177,30 @@ meta_back_modify( Operation *op, SlapReply *rs ) modv[ i ] = 0; retry:; + ctrls = op->o_ctrls; + rc = ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn, + mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ); + if ( rc != LDAP_SUCCESS ) { + send_ldap_result( op, rs ); + goto cleanup; + } + rs->sr_err = ldap_modify_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val, - modv, op->o_ctrls, NULL, &msgid ); + modv, ctrls, NULL, &msgid ); + rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid, + mt->mt_timeout[ SLAP_OP_MODIFY ], LDAP_BACK_SENDRESULT ); if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) { do_retry = 0; - if ( meta_back_retry( op, rs, mc, candidate, LDAP_BACK_SENDERR ) ) { + if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } - - } else if ( rs->sr_err == LDAP_SUCCESS ) { - struct timeval tv, *tvp = NULL; - LDAPMessage *res = NULL; - - if ( mi->mi_targets[ candidate ].mt_timeout[ LDAP_BACK_OP_MODIFY ] != 0 ) { - tv.tv_sec = mi->mi_targets[ candidate ].mt_timeout[ LDAP_BACK_OP_MODIFY ]; - tv.tv_usec = 0; - tvp = &tv; - } - - rs->sr_err = LDAP_OTHER; - rc = ldap_result( mc->mc_conns[ candidate ].msc_ld, - msgid, LDAP_MSG_ALL, tvp, &res ); - switch ( rc ) { - case -1: - rc = -1; - break; - - case 0: - ldap_abandon_ext( mc->mc_conns[ candidate ].msc_ld, - msgid, NULL, NULL ); - rs->sr_err = op->o_protocol >= LDAP_VERSION3 ? - LDAP_ADMINLIMIT_EXCEEDED : LDAP_OPERATIONS_ERROR; - rc = -1; - break; - - case LDAP_RES_MODIFY: - rc = ldap_parse_result( mc->mc_conns[ candidate ].msc_ld, - res, &rs->sr_err, NULL, NULL, NULL, NULL, 1 ); - if ( rc != LDAP_SUCCESS ) { - rs->sr_err = rc; - } - rc = 0; - break; - - default: - rc = -1; - ldap_msgfree( res ); - break; - } } cleanup:; + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); + if ( mdn.bv_val != op->o_req_dn.bv_val ) { free( mdn.bv_val ); BER_BVZERO( &mdn ); @@ -237,16 +213,10 @@ cleanup:; free( mods ); free( modv ); - if ( rc != -1 ) { - rc = meta_back_op_result( mc, op, rs, candidate ); - - } else { - send_ldap_result( op, rs ); - rc = 0; + if ( mc ) { + meta_back_release_conn( mi, mc ); } - meta_back_release_conn( op, mc ); - - return rc; + return rs->sr_err; }