X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Foverlays%2Funique.c;h=37a08a8b5fea835570f48d1b67e4ceca8adfdece;hb=10566c8be384c6435476ec54e842382841cb84b6;hp=7b084af26a9c6c9d6139f7b29358f392fcbe859a;hpb=eb5faf59284a79c1496535e05ac8385f906e2f06;p=openldap diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c index 7b084af26a..37a08a8b5f 100644 --- a/servers/slapd/overlays/unique.c +++ b/servers/slapd/overlays/unique.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2004-2014 The OpenLDAP Foundation. + * Copyright 2004-2017 The OpenLDAP Foundation. * Portions Copyright 2004,2006-2007 Symas Corporation. * All rights reserved. * @@ -746,7 +746,7 @@ unique_cf_uri( ConfigArgs *c ) rc = 0; break; - case SLAP_CONFIG_ADD: /* fallthrough */ + case SLAP_CONFIG_ADD: /* fallthru */ case LDAP_MOD_ADD: if ( legacy ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), @@ -823,47 +823,6 @@ unique_db_destroy( return 0; } -static int -unique_open( - BackendDB *be, - ConfigReply *cr -) -{ - Debug(LDAP_DEBUG_TRACE, "unique_open: overlay initialized\n", 0, 0, 0); - - return 0; -} - - -/* -** Leave unique_data but wipe out config -** -*/ - -static int -unique_close( - BackendDB *be, - ConfigReply *cr -) -{ - slap_overinst *on = (slap_overinst *) be->bd_info; - unique_data **privatep = (unique_data **) &on->on_bi.bi_private; - unique_data *private = *privatep; - - Debug(LDAP_DEBUG_TRACE, "==> unique_close\n", 0, 0, 0); - - if ( private ) { - unique_domain *domains = private->domains; - unique_domain *legacy = private->legacy; - - unique_free_domain ( domains ); - unique_free_domain ( legacy ); - memset ( private, 0, sizeof ( unique_data ) ); - } - - return ( 0 ); -} - /* ** search callback @@ -1081,7 +1040,10 @@ unique_add( /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && access_allowed ( op, op->ora_e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0); return rc; } @@ -1200,6 +1162,7 @@ unique_modify( unique_domain *domain; Operation nop = *op; Modifications *m; + Entry *e = NULL; char *key, *kp; struct berval bvkey; int rc = SLAP_CB_CONTINUE; @@ -1207,12 +1170,26 @@ unique_modify( Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n", op->o_req_dn.bv_val, 0, 0); + if ( !op->orm_modlist ) { + Debug(LDAP_DEBUG_TRACE, "unique_modify: got empty modify op\n", 0, 0, 0); + return rc; + } + /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS + && e + && access_allowed ( op, e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0); + overlay_entry_release_ov( op, e, 0, on ); return rc; } + if ( e ) { + overlay_entry_release_ov( op, e, 0, on ); + } for ( domain = legacy ? legacy : domains; domain; @@ -1231,22 +1208,14 @@ unique_modify( && !dnIsSuffix( &op->o_req_ndn, &uri->ndn )) continue; - if ( !(m = op->orm_modlist) ) { - op->o_bd->bd_info = (BackendInfo *) on->on_info; - send_ldap_error(op, rs, LDAP_INVALID_SYNTAX, - "unique_modify() got null op.orm_modlist"); - rc = rs->sr_err; - break; - - } else - for ( ; m; m = m->sml_next) - if ( (m->sml_op & LDAP_MOD_OP) - != LDAP_MOD_DELETE ) - ks += count_filter_len - ( domain, - uri, - m->sml_desc, - m->sml_values); + for ( m = op->orm_modlist; m; m = m->sml_next) + if ( (m->sml_op & LDAP_MOD_OP) + != LDAP_MOD_DELETE ) + ks += count_filter_len + ( domain, + uri, + m->sml_desc, + m->sml_values); /* skip this domain-uri if it isn't involved */ if ( !ks ) continue; @@ -1319,6 +1288,7 @@ unique_modrdn( unique_domain *legacy = private->legacy; unique_domain *domain; Operation nop = *op; + Entry *e = NULL; char *key, *kp; struct berval bvkey; LDAPRDN newrdn; @@ -1330,10 +1300,19 @@ unique_modrdn( /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS + && e + && access_allowed ( op, e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0); + overlay_entry_release_ov( op, e, 0, on ); return rc; } + if ( e ) { + overlay_entry_release_ov( op, e, 0, on ); + } for ( domain = legacy ? legacy : domains; domain; @@ -1465,8 +1444,6 @@ unique_initialize() unique.on_bi.bi_type = "unique"; unique.on_bi.bi_db_init = unique_db_init; unique.on_bi.bi_db_destroy = unique_db_destroy; - unique.on_bi.bi_db_open = unique_open; - unique.on_bi.bi_db_close = unique_close; unique.on_bi.bi_op_add = unique_add; unique.on_bi.bi_op_modify = unique_modify; unique.on_bi.bi_op_modrdn = unique_modrdn;