X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fmodrdn.c;h=c2ceab26bb8dad4db878e15be7ae7bd192fb5634;hb=54fa643a9bd33e59059b84bda010b5f668cd45bb;hp=f6157df780be6e913f897da7cc14af7062597bcf;hpb=dc0eacd40b625258355eea866d62188e5aa7ce3b;p=openldap

diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
index f6157df780..c2ceab26bb 100644
--- a/servers/slapd/modrdn.c
+++ b/servers/slapd/modrdn.c
@@ -181,7 +181,6 @@ do_modrdn(
 	rs->sr_err = frontendDB->be_modrdn( op, rs );
 
 cleanup:
-
 	slap_graduate_commit_csn( op );
 
 	op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
@@ -190,8 +189,10 @@ cleanup:
 	op->o_tmpfree( op->orr_newrdn.bv_val, op->o_tmpmemctx );	
 	op->o_tmpfree( op->orr_nnewrdn.bv_val, op->o_tmpmemctx );	
 
-	if ( pnewSuperior.bv_val ) op->o_tmpfree( pnewSuperior.bv_val, op->o_tmpmemctx );
-	if ( nnewSuperior.bv_val ) op->o_tmpfree( nnewSuperior.bv_val, op->o_tmpmemctx );
+	if ( !BER_BVISNULL( &pnewSuperior ) ) 
+		op->o_tmpfree( pnewSuperior.bv_val, op->o_tmpmemctx );
+	if ( !BER_BVISNULL( &nnewSuperior ) )
+		op->o_tmpfree( nnewSuperior.bv_val, op->o_tmpmemctx );
 
 	return rs->sr_err;
 }
@@ -202,6 +203,7 @@ fe_op_modrdn( Operation *op, SlapReply *rs )
 	Backend		*newSuperior_be = NULL;
 	int		manageDSAit;
 	struct berval	pdn = BER_BVNULL;
+	BackendDB *op_be;
 	
 	if( op->o_req_ndn.bv_len == 0 ) {
 		Debug( LDAP_DEBUG_ANY, "do_modrdn: root dse!\n", 0, 0, 0 );
@@ -237,16 +239,26 @@ fe_op_modrdn( Operation *op, SlapReply *rs )
 
 		if ( rs->sr_ref != NULL ) {
 			rs->sr_err = LDAP_REFERRAL;
+			op->o_bd = frontendDB;
 			send_ldap_result( op, rs );
+			op->o_bd = NULL;
 
 			if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
 		} else {
+			op->o_bd = frontendDB;
 			send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 				"no global superior knowledge" );
+			op->o_bd = NULL;
 		}
 		goto cleanup;
 	}
 
+	/* If we've got a glued backend, check the real backend */
+	op_be = op->o_bd;
+	if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
+		op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
+	}
+
 	/* check restrictions */
 	if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
 		send_ldap_result( op, rs );
@@ -315,6 +327,9 @@ fe_op_modrdn( Operation *op, SlapReply *rs )
 #endif
 		{
 			slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
+
+			op->o_bd = op_be;
+
 #ifdef SLAPD_MULTIMASTER
 			if ( !op->o_bd->be_update_ndn.bv_len || !repl_user )
 #endif
@@ -435,7 +450,7 @@ slap_modrdn2mods(
 
 		/* ACL check of newly added attrs */
 		if ( op->o_bd && !access_allowed( op, e, desc,
-			&new_rdn[a_cnt]->la_value, ACL_WRITE, NULL ) ) {
+			&new_rdn[a_cnt]->la_value, ACL_WADD, NULL ) ) {
 			Debug( LDAP_DEBUG_TRACE,
 				"slap_modrdn2modlist: access to attr \"%s\" "
 				"(new) not allowed\n", 
@@ -465,6 +480,7 @@ slap_modrdn2mods(
 			mod_tmp->sml_nvalues = NULL;
 		}
 		mod_tmp->sml_op = SLAP_MOD_SOFTADD;
+		mod_tmp->sml_flags = SLAP_MOD_INTERNAL;
 		mod_tmp->sml_next = mod;
 		mod = mod_tmp;
 	}
@@ -485,9 +501,9 @@ slap_modrdn2mods(
 				goto done;		
 			}
 
-			/* ACL check of newly added attrs */
+			/* ACL check of old rdn attrs removal */
 			if ( op->o_bd && !access_allowed( op, e, desc,
-				&old_rdn[d_cnt]->la_value, ACL_WRITE, 
+				&old_rdn[d_cnt]->la_value, ACL_WDEL, 
 				NULL ) ) {
 				Debug( LDAP_DEBUG_TRACE,
 					"slap_modrdn2modlist: access "
@@ -519,6 +535,7 @@ slap_modrdn2mods(
 				mod_tmp->sml_nvalues = NULL;
 			}
 			mod_tmp->sml_op = LDAP_MOD_DELETE;
+			mod_tmp->sml_flags = SLAP_MOD_INTERNAL;
 			mod_tmp->sml_next = mod;
 			mod = mod_tmp;
 		}