X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbackend.c;h=124ec7c42274eea6f3849fb79cd1eb35bde903c9;hb=886f60f8223d51e6a3b5fe0bf199e335b6eae86e;hp=5d14ba91d4c2e82a2255d7617ded1d5110a7290e;hpb=8a3d02bf6b7d628ae3bfa601294b4403841c07d2;p=openldap

diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index 5d14ba91d4..124ec7c422 100644
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -254,34 +254,32 @@ int backend_startup(Backend *be)
 
 		if ( be->bd_info->bi_open ) {
 			rc = be->bd_info->bi_open( be->bd_info );
-		}
-
-		if(rc != 0) {
+			if ( rc != 0 ) {
 #ifdef NEW_LOGGING
-			LDAP_LOG( BACKEND, CRIT, "backend_startup: bi_open failed!\n", 0, 0, 0 );
+				LDAP_LOG( BACKEND, CRIT, "backend_startup: bi_open failed!\n", 0, 0, 0 );
 #else
-			Debug( LDAP_DEBUG_ANY,
-				"backend_startup: bi_open failed!\n",
-				0, 0, 0 );
+				Debug( LDAP_DEBUG_ANY,
+					"backend_startup: bi_open failed!\n",
+					0, 0, 0 );
 #endif
 
-			return rc;
+				return rc;
+			}
 		}
 
 		if ( be->bd_info->bi_db_open ) {
 			rc = be->bd_info->bi_db_open( be );
-		}
-
-		if(rc != 0) {
+			if ( rc != 0 ) {
 #ifdef NEW_LOGGING
-			LDAP_LOG( BACKEND, CRIT, 
-				"backend_startup: bi_db_open failed! (%d)\n", rc, 0, 0 );
+				LDAP_LOG( BACKEND, CRIT, 
+					"backend_startup: bi_db_open failed! (%d)\n", rc, 0, 0 );
 #else
-			Debug( LDAP_DEBUG_ANY,
-				"backend_startup: bi_db_open failed! (%d)\n",
-				rc, 0, 0 );
+				Debug( LDAP_DEBUG_ANY,
+					"backend_startup: bi_db_open failed! (%d)\n",
+					rc, 0, 0 );
 #endif
-			return rc;
+				return rc;
+			}
 		}
 
 		return rc;
@@ -297,18 +295,17 @@ int backend_startup(Backend *be)
 		if( backendInfo[i].bi_open ) {
 			rc = backendInfo[i].bi_open(
 				&backendInfo[i] );
-		}
-
-		if(rc != 0) {
+			if ( rc != 0 ) {
 #ifdef NEW_LOGGING
-			LDAP_LOG( BACKEND, CRIT, 
-				"backend_startup: bi_open %d failed!\n", i, 0, 0 );
+				LDAP_LOG( BACKEND, CRIT, 
+					"backend_startup: bi_open %d failed!\n", i, 0, 0 );
 #else
-			Debug( LDAP_DEBUG_ANY,
-				"backend_startup: bi_open %d failed!\n",
-				i, 0, 0 );
+				Debug( LDAP_DEBUG_ANY,
+					"backend_startup: bi_open %d failed!\n",
+					i, 0, 0 );
 #endif
-			return rc;
+				return rc;
+			}
 		}
 	}
 
@@ -320,18 +317,17 @@ int backend_startup(Backend *be)
 		if ( backendDB[i].bd_info->bi_db_open ) {
 			rc = backendDB[i].bd_info->bi_db_open(
 				&backendDB[i] );
-		}
-
-		if(rc != 0) {
+			if ( rc != 0 ) {
 #ifdef NEW_LOGGING
-			LDAP_LOG( BACKEND, CRIT, 
-				"backend_startup: bi_db_open(%d) failed! (%d)\n", i, rc, 0 );
+				LDAP_LOG( BACKEND, CRIT, 
+					"backend_startup: bi_db_open(%d) failed! (%d)\n", i, rc, 0 );
 #else
-			Debug( LDAP_DEBUG_ANY,
-				"backend_startup: bi_db_open(%d) failed! (%d)\n",
-				i, rc, 0 );
+				Debug( LDAP_DEBUG_ANY,
+					"backend_startup: bi_db_open(%d) failed! (%d)\n",
+					i, rc, 0 );
 #endif
-			return rc;
+				return rc;
+			}
 		}
 	}
 
@@ -589,7 +585,7 @@ be_issuffix(
 	int	i;
 
 	for ( i = 0; be->be_nsuffix != NULL && be->be_nsuffix[i].bv_val != NULL; i++ ) {
-		if ( ber_bvcmp( &be->be_nsuffix[i], bvsuffix ) == 0 ) {
+		if ( bvmatch( &be->be_nsuffix[i], bvsuffix ) ) {
 			return( 1 );
 		}
 	}
@@ -740,15 +736,13 @@ backend_check_controls(
 	Operation *op,
 	const char **text )
 {
-	LDAPControl **ctrls;
-	ctrls = op->o_ctrls;
-	if( ctrls == NULL ) {
-		return LDAP_SUCCESS;
-	}
+	LDAPControl **ctrls = op->o_ctrls;
+
+	if( ctrls == NULL ) return LDAP_SUCCESS;
 
 	for( ; *ctrls != NULL ; ctrls++ ) {
 		if( (*ctrls)->ldctl_iscritical &&
-			!charray_inlist( be->be_controls, (*ctrls)->ldctl_oid ) )
+			!ldap_charray_inlist( be->be_controls, (*ctrls)->ldctl_oid ) )
 		{
 			*text = "control unavailable in context";
 			return LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
@@ -820,7 +814,7 @@ backend_check_restrictions(
 
 		{
 			struct berval bv = BER_BVC( LDAP_EXOP_START_TLS );
-			if( ber_bvcmp( opdata, &bv ) == 0 ) {
+			if( bvmatch( opdata, &bv ) ) {
 				session++;
 				starttls++;
 				break;
@@ -829,7 +823,7 @@ backend_check_restrictions(
 
 		{
 			struct berval bv = BER_BVC( LDAP_EXOP_X_WHO_AM_I );
-			if( ber_bvcmp( opdata, &bv ) == 0 ) {
+			if( bvmatch( opdata, &bv ) ) {
 				break;
 			}
 		}
@@ -872,6 +866,15 @@ backend_check_restrictions(
 			return LDAP_CONFIDENTIALITY_REQUIRED;
 		}
 
+
+		if( op->o_tag == LDAP_REQ_BIND && opdata == NULL ) {
+			/* simple bind specific check */
+			if( op->o_ssf < ssf->sss_simple_bind ) {
+				*text = "confidentiality required";
+				return LDAP_CONFIDENTIALITY_REQUIRED;
+			}
+		}
+
 		if( op->o_tag != LDAP_REQ_BIND || opdata == NULL ) {
 			/* these checks don't apply to SASL bind */
 
@@ -907,10 +910,20 @@ backend_check_restrictions(
 				return LDAP_CONFIDENTIALITY_REQUIRED;
 			}
 
-			if( op->o_ndn.bv_len == 0 ) {
+			if( !( global_allows & SLAP_ALLOW_UPDATE_ANON ) &&
+				op->o_ndn.bv_len == 0 )
+			{
 				*text = "modifications require authentication";
-				return LDAP_OPERATIONS_ERROR;
+				return LDAP_STRONG_AUTH_REQUIRED;
+			}
+
+#ifdef SLAP_X_LISTENER_MOD
+			if ( ! ( conn->c_listener->sl_perms & S_IWUSR ) ) {
+				/* no "w" mode means readonly */
+				*text = "modifications not allowed on this listener";
+				return LDAP_UNWILLING_TO_PERFORM;
 			}
+#endif /* SLAP_X_LISTENER_MOD */
 		}
 	}
 
@@ -961,6 +974,25 @@ backend_check_restrictions(
 				return LDAP_OPERATIONS_ERROR;
 			}
 		}
+
+#ifdef SLAP_X_LISTENER_MOD
+		if ( !starttls && op->o_dn.bv_len == 0 ) {
+			if ( ! ( conn->c_listener->sl_perms & S_IXUSR ) ) {
+				/* no "x" mode means bind required */
+				*text = "bind required on this listener";
+				return LDAP_STRONG_AUTH_REQUIRED;
+			}
+		}
+
+		if ( !starttls && !updateop ) {
+			if ( ! ( conn->c_listener->sl_perms & S_IRUSR ) ) {
+				/* no "r" mode means no read */
+				*text = "read not allowed on this listener";
+				return LDAP_UNWILLING_TO_PERFORM;
+			}
+		}
+#endif /* SLAP_X_LISTENER_MOD */
+
 	}
 
 	if( restrictops & opflag ) {
@@ -1046,7 +1078,7 @@ backend_group(
 			target, gr_ndn, op_ndn,
 			group_oc, group_at );
 		
-		if (op->o_tag != LDAP_REQ_BIND) {
+		if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) {
 			g = ch_malloc(sizeof(GroupAssertion) + gr_ndn->bv_len);
 			g->ga_be = be;
 			g->ga_oc = group_oc;
@@ -1105,16 +1137,17 @@ Attribute *backend_operational(
 {
 	Attribute *a = NULL, **ap = &a;
 
-#ifdef SLAPD_SCHEMA_DN
-	*ap = slap_operational_subschemaSubentry();
-	ap = &(*ap)->a_next;
-#endif
-
 	/*
 	 * If operational attributes (allegedly) are required, 
 	 * and the backend supports specific operational attributes, 
 	 * add them to the attribute list
 	 */
+	if ( opattrs || ( attrs &&
+		ad_inlist( slap_schema.si_ad_subschemaSubentry, attrs )) ) {
+		*ap = slap_operational_subschemaSubentry( be );
+		ap = &(*ap)->a_next;
+	}
+
 	if ( ( opattrs || attrs ) && be && be->be_operational != NULL ) {
 		( void )be->be_operational( be, conn, op, e, attrs, opattrs, ap );
 	}