X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Foverlays%2Funique.c;h=cd9eb2e0e19cfda79cd53f434b791b7a9d921722;hb=9b5972dc9e14e1f7a7bef755bfd0dc61bcf1ffb3;hp=e134dab4400efc5d751994e6e558020abd56b415;hpb=d7def7b711b7aa93eb4eba5d2c95da3fe5fd8849;p=openldap diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c index e134dab440..cd9eb2e0e1 100644 --- a/servers/slapd/overlays/unique.c +++ b/servers/slapd/overlays/unique.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2004-2013 The OpenLDAP Foundation. + * Copyright 2004-2016 The OpenLDAP Foundation. * Portions Copyright 2004,2006-2007 Symas Corporation. * All rights reserved. * @@ -823,47 +823,6 @@ unique_db_destroy( return 0; } -static int -unique_open( - BackendDB *be, - ConfigReply *cr -) -{ - Debug(LDAP_DEBUG_TRACE, "unique_open: overlay initialized\n", 0, 0, 0); - - return 0; -} - - -/* -** Leave unique_data but wipe out config -** -*/ - -static int -unique_close( - BackendDB *be, - ConfigReply *cr -) -{ - slap_overinst *on = (slap_overinst *) be->bd_info; - unique_data **privatep = (unique_data **) &on->on_bi.bi_private; - unique_data *private = *privatep; - - Debug(LDAP_DEBUG_TRACE, "==> unique_close\n", 0, 0, 0); - - if ( private ) { - unique_domain *domains = private->domains; - unique_domain *legacy = private->legacy; - - unique_free_domain ( domains ); - unique_free_domain ( legacy ); - memset ( private, 0, sizeof ( unique_data ) ); - } - - return ( 0 ); -} - /* ** search callback @@ -1081,7 +1040,10 @@ unique_add( /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && access_allowed ( op, op->ora_e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0); return rc; } @@ -1200,6 +1162,7 @@ unique_modify( unique_domain *domain; Operation nop = *op; Modifications *m; + Entry *e = NULL; char *key, *kp; struct berval bvkey; int rc = SLAP_CB_CONTINUE; @@ -1209,10 +1172,19 @@ unique_modify( /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS + && e + && access_allowed ( op, e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0); + overlay_entry_release_ov( op, e, 0, on ); return rc; } + if ( e ) { + overlay_entry_release_ov( op, e, 0, on ); + } for ( domain = legacy ? legacy : domains; domain; @@ -1319,6 +1291,7 @@ unique_modrdn( unique_domain *legacy = private->legacy; unique_domain *domain; Operation nop = *op; + Entry *e = NULL; char *key, *kp; struct berval bvkey; LDAPRDN newrdn; @@ -1330,10 +1303,19 @@ unique_modrdn( /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS + && e + && access_allowed ( op, e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0); + overlay_entry_release_ov( op, e, 0, on ); return rc; } + if ( e ) { + overlay_entry_release_ov( op, e, 0, on ); + } for ( domain = legacy ? legacy : domains; domain; @@ -1465,8 +1447,6 @@ unique_initialize() unique.on_bi.bi_type = "unique"; unique.on_bi.bi_db_init = unique_db_init; unique.on_bi.bi_db_destroy = unique_db_destroy; - unique.on_bi.bi_db_open = unique_open; - unique.on_bi.bi_db_close = unique_close; unique.on_bi.bi_op_add = unique_add; unique.on_bi.bi_op_modify = unique_modify; unique.on_bi.bi_op_modrdn = unique_modrdn;