X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fmodrdn.c;h=c2ceab26bb8dad4db878e15be7ae7bd192fb5634;hb=54fa643a9bd33e59059b84bda010b5f668cd45bb;hp=de26c6c7a0d5df607ea0b5a747d33022e5f3990b;hpb=47dd8d87327fd5ba219b3fe698b86780a14de697;p=openldap diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c index de26c6c7a0..c2ceab26bb 100644 --- a/servers/slapd/modrdn.c +++ b/servers/slapd/modrdn.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2004 The OpenLDAP Foundation. + * Copyright 1998-2005 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -181,7 +181,6 @@ do_modrdn( rs->sr_err = frontendDB->be_modrdn( op, rs ); cleanup: - slap_graduate_commit_csn( op ); op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx ); @@ -190,8 +189,10 @@ cleanup: op->o_tmpfree( op->orr_newrdn.bv_val, op->o_tmpmemctx ); op->o_tmpfree( op->orr_nnewrdn.bv_val, op->o_tmpmemctx ); - if ( pnewSuperior.bv_val ) op->o_tmpfree( pnewSuperior.bv_val, op->o_tmpmemctx ); - if ( nnewSuperior.bv_val ) op->o_tmpfree( nnewSuperior.bv_val, op->o_tmpmemctx ); + if ( !BER_BVISNULL( &pnewSuperior ) ) + op->o_tmpfree( pnewSuperior.bv_val, op->o_tmpmemctx ); + if ( !BER_BVISNULL( &nnewSuperior ) ) + op->o_tmpfree( nnewSuperior.bv_val, op->o_tmpmemctx ); return rs->sr_err; } @@ -202,6 +203,7 @@ fe_op_modrdn( Operation *op, SlapReply *rs ) Backend *newSuperior_be = NULL; int manageDSAit; struct berval pdn = BER_BVNULL; + BackendDB *op_be; if( op->o_req_ndn.bv_len == 0 ) { Debug( LDAP_DEBUG_ANY, "do_modrdn: root dse!\n", 0, 0, 0 ); @@ -229,7 +231,7 @@ fe_op_modrdn( Operation *op, SlapReply *rs ) * appropriate one, or send a referral to our "referral server" * if we don't hold it. */ - op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 ); + op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 1 ); if ( op->o_bd == NULL ) { rs->sr_ref = referral_rewrite( default_referral, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); @@ -237,16 +239,26 @@ fe_op_modrdn( Operation *op, SlapReply *rs ) if ( rs->sr_ref != NULL ) { rs->sr_err = LDAP_REFERRAL; + op->o_bd = frontendDB; send_ldap_result( op, rs ); + op->o_bd = NULL; if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref ); } else { + op->o_bd = frontendDB; send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, "no global superior knowledge" ); + op->o_bd = NULL; } goto cleanup; } + /* If we've got a glued backend, check the real backend */ + op_be = op->o_bd; + if ( SLAP_GLUE_INSTANCE( op->o_bd )) { + op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 ); + } + /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); @@ -315,6 +327,9 @@ fe_op_modrdn( Operation *op, SlapReply *rs ) #endif { slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; + + op->o_bd = op_be; + #ifdef SLAPD_MULTIMASTER if ( !op->o_bd->be_update_ndn.bv_len || !repl_user ) #endif @@ -435,11 +450,12 @@ slap_modrdn2mods( /* ACL check of newly added attrs */ if ( op->o_bd && !access_allowed( op, e, desc, - &new_rdn[a_cnt]->la_value, ACL_WRITE, NULL ) ) { + &new_rdn[a_cnt]->la_value, ACL_WADD, NULL ) ) { Debug( LDAP_DEBUG_TRACE, "slap_modrdn2modlist: access to attr \"%s\" " "(new) not allowed\n", new_rdn[ a_cnt ]->la_attr.bv_val, 0, 0 ); + rs->sr_text = "access to naming attributes (new) not allowed"; rs->sr_err = LDAP_INSUFFICIENT_ACCESS; goto done; } @@ -464,6 +480,7 @@ slap_modrdn2mods( mod_tmp->sml_nvalues = NULL; } mod_tmp->sml_op = SLAP_MOD_SOFTADD; + mod_tmp->sml_flags = SLAP_MOD_INTERNAL; mod_tmp->sml_next = mod; mod = mod_tmp; } @@ -484,15 +501,16 @@ slap_modrdn2mods( goto done; } - /* ACL check of newly added attrs */ + /* ACL check of old rdn attrs removal */ if ( op->o_bd && !access_allowed( op, e, desc, - &old_rdn[d_cnt]->la_value, ACL_WRITE, + &old_rdn[d_cnt]->la_value, ACL_WDEL, NULL ) ) { Debug( LDAP_DEBUG_TRACE, "slap_modrdn2modlist: access " "to attr \"%s\" (old) not allowed\n", old_rdn[ d_cnt ]->la_attr.bv_val, 0, 0 ); + rs->sr_text = "access to naming attributes (old) not allowed"; rs->sr_err = LDAP_INSUFFICIENT_ACCESS; goto done; } @@ -517,6 +535,7 @@ slap_modrdn2mods( mod_tmp->sml_nvalues = NULL; } mod_tmp->sml_op = LDAP_MOD_DELETE; + mod_tmp->sml_flags = SLAP_MOD_INTERNAL; mod_tmp->sml_next = mod; mod = mod_tmp; } @@ -524,7 +543,7 @@ slap_modrdn2mods( done: - if ( !repl_user ) { + if ( rs->sr_err == LDAP_SUCCESS && !repl_user ) { char textbuf[ SLAP_TEXT_BUFLEN ]; size_t textlen = sizeof textbuf;