X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbackend.c;h=3256dd05f09e106feb7d0f70fb1bfcec29881ddb;hb=a17df0e810578d593808c6afeb0cdea55a65633c;hp=97cd302a342428c7a6a8f51d2e40b81f7771b372;hpb=c5b44f36600f533b325fd79a88843c924de7ed2f;p=openldap diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 97cd302a34..3256dd05f0 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2005 The OpenLDAP Foundation. + * Copyright 1998-2006 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -425,6 +425,12 @@ void backend_destroy_one( BackendDB *bd, int dynamic ) if ( bd->be_replogfile ) { ch_free( bd->be_replogfile ); } + if ( bd->be_replica_argsfile ) { + ch_free( bd->be_replica_argsfile ); + } + if ( bd->be_replica_pidfile ) { + ch_free( bd->be_replica_pidfile ); + } destroy_replica_info( bd ); if ( !BER_BVISNULL( &bd->be_update_ndn ) ) { ch_free( bd->be_update_ndn.bv_val ); @@ -480,6 +486,12 @@ int backend_destroy(void) if ( bd->be_replogfile != NULL ) { free( bd->be_replogfile ); } + if ( bd->be_replica_argsfile ) { + ch_free( bd->be_replica_argsfile ); + } + if ( bd->be_replica_pidfile ) { + ch_free( bd->be_replica_pidfile ); + } assert( bd->be_replica == NULL ); } @@ -1220,6 +1232,7 @@ fe_acl_group( AttributeDescription *group_at ) { Entry *e; + void *o_priv = op->o_private, *e_priv = NULL; Attribute *a; int rc; GroupAssertion *g; @@ -1247,7 +1260,10 @@ fe_acl_group( e = target; rc = 0; } else { + op->o_private = NULL; rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e ); + e_priv = op->o_private; + op->o_private = o_priv; } if ( e ) { a = attr_find( e->e_attrs, group_at ); @@ -1263,13 +1279,17 @@ fe_acl_group( struct berval bv, nbase; Filter *filter; Entry *user; + void *user_priv = NULL; Backend *b2 = op->o_bd; if ( target && dn_match( &target->e_nname, op_ndn ) ) { user = target; } else { op->o_bd = select_backend( op_ndn, 0, 0 ); + op->o_private = NULL; rc = be_entry_get_rw(op, op_ndn, NULL, NULL, 0, &user ); + user_priv = op->o_private; + op->o_private = o_priv; } if ( rc == 0 ) { @@ -1311,14 +1331,12 @@ fe_acl_group( goto loopit; } break; -#ifdef LDAP_SCOPE_SUBORDINATE case LDAP_SCOPE_SUBORDINATE: if ( dn_match( &nbase, op_ndn ) || !dnIsSuffix( op_ndn, &nbase ) ) { goto loopit; } -#endif } filter = str2filter_x( op, ludp->lud_filter ); if ( filter ) { @@ -1337,7 +1355,9 @@ loopit: if ( rc == 0 ) break; } if ( user != target ) { + op->o_private = user_priv; be_entry_release_r( op, user ); + op->o_private = o_priv; } } op->o_bd = b2; @@ -1352,8 +1372,10 @@ loopit: } else { rc = LDAP_NO_SUCH_ATTRIBUTE; } - if (e != target ) { + if ( e != target ) { + op->o_private = e_priv; be_entry_release_r( op, e ); + op->o_private = o_priv; } } else { rc = LDAP_NO_SUCH_OBJECT; @@ -1416,6 +1438,7 @@ fe_acl_attribute( slap_access_t access ) { Entry *e = NULL; + void *o_priv = op->o_private, *e_priv = NULL; Attribute *a = NULL; int freeattr = 0, i, j, rc = LDAP_SUCCESS; AccessControlState acl_state = ACL_STATE_INIT; @@ -1427,10 +1450,26 @@ fe_acl_attribute( e = target; } else { + op->o_private = NULL; rc = be_entry_get_rw( op, edn, NULL, entry_at, 0, &e ); + e_priv = op->o_private; + op->o_private = o_priv; } if ( e ) { + if ( entry_at == slap_schema.si_ad_entry || entry_at == slap_schema.si_ad_children ) { + assert( vals == NULL ); + + rc = LDAP_SUCCESS; + if ( op->o_conn && access > ACL_NONE && + access_allowed( op, e, entry_at, NULL, + access, &acl_state ) == 0 ) + { + rc = LDAP_INSUFFICIENT_ACCESS; + } + goto freeit; + } + a = attr_find( e->e_attrs, entry_at ); if ( a == NULL ) { SlapReply rs = { 0 }; @@ -1503,7 +1542,9 @@ fe_acl_attribute( } } freeit: if ( e != target ) { + op->o_private = e_priv; be_entry_release_r( op, e ); + op->o_private = o_priv; } if ( freeattr ) { attr_free( a ); @@ -1551,6 +1592,7 @@ backend_access( slap_mask_t *mask ) { Entry *e = NULL; + void *o_priv = op->o_private, *e_priv = NULL; int rc = LDAP_INSUFFICIENT_ACCESS; Backend *be = op->o_bd; @@ -1566,7 +1608,10 @@ backend_access( e = target; } else { + op->o_private = NULL; rc = be_entry_get_rw( op, edn, NULL, entry_at, 0, &e ); + e_priv = op->o_private; + op->o_private = o_priv; } if ( e ) { @@ -1630,7 +1675,9 @@ backend_access( } } freeit: if ( e != target ) { + op->o_private = e_priv; be_entry_release_r( op, e ); + op->o_private = o_priv; } if ( freeattr ) { attr_free( a );