]> git.sur5r.net Git - openldap/commitdiff
check objectClass inheritance on add (consistent with modify; ITS#5299)
authorQuanah Gibson-Mount <quanah@openldap.org>
Mon, 11 Feb 2008 22:07:01 +0000 (22:07 +0000)
committerQuanah Gibson-Mount <quanah@openldap.org>
Mon, 11 Feb 2008 22:07:01 +0000 (22:07 +0000)
if referential integrity is broken, things could go wrong; don't assert

servers/slapd/overlays/memberof.c

index 0b0245d5b5862211299f20a352f04c5170028e6d..45c388650d4f8ac67dae28b47df751bd651709f6 100644 (file)
@@ -264,6 +264,7 @@ memberof_saveMember_cb( Operation *op, SlapReply *rs )
        if ( rs->sr_type == REP_SEARCH ) {
                memberof_cookie_t       *mc;
                Attribute               *a;
+               BerVarray               vals = NULL;
 
                mc = (memberof_cookie_t *)op->o_callback->sc_private;
                mc->foundit = 1;
@@ -272,12 +273,13 @@ memberof_saveMember_cb( Operation *op, SlapReply *rs )
                assert( rs->sr_entry->e_attrs != NULL );
 
                a = attr_find( rs->sr_entry->e_attrs, mc->ad );
+               if ( a != NULL ) {
+                       vals = a->a_nvals;
+               }
 
-               assert( a != NULL );
-
-               memberof_saved_member_set( op, mc->key, a->a_nvals );
+               memberof_saved_member_set( op, mc->key, vals );
 
-               if ( attr_find( a->a_next, mc->ad ) != NULL ) {
+               if ( a && attr_find( a->a_next, mc->ad ) != NULL ) {
                        Debug( LDAP_DEBUG_ANY,
                                "%s: memberof_saveMember_cb(\"%s\"): "
                                "more than one occurrence of \"%s\" "
@@ -453,6 +455,13 @@ memberof_value_modify(
                ml->sml_nvalues[ 0 ] = *new_ndn;
 
                (void)op->o_bd->be_modify( &op2, &rs2 );
+               if ( rs2.sr_err != LDAP_SUCCESS ) {
+                       char buf[ SLAP_TEXT_BUFLEN ];
+                       snprintf( buf, sizeof( buf ),
+                               "memberof_value_modify %s=\"%s\" failed err=%d",
+                               ad->ad_cname.bv_val, new_dn->bv_val, rs2.sr_err );
+                       Debug( LDAP_DEBUG_ANY, "%s: %s\n", op->o_log_prefix, buf, 0 );
+               }
 
                assert( op2.orm_modlist == &mod[ 0 ] );
                assert( op2.orm_modlist->sml_next == &mod[ 1 ] );
@@ -473,6 +482,13 @@ memberof_value_modify(
                ml->sml_nvalues[ 0 ] = *old_ndn;
 
                (void)op->o_bd->be_modify( &op2, &rs2 );
+               if ( rs2.sr_err != LDAP_SUCCESS ) {
+                       char buf[ SLAP_TEXT_BUFLEN ];
+                       snprintf( buf, sizeof( buf ),
+                               "memberof_value_modify %s=\"%s\" failed err=%d",
+                               ad->ad_cname.bv_val, old_dn->bv_val, rs2.sr_err );
+                       Debug( LDAP_DEBUG_ANY, "%s: %s\n", op->o_log_prefix, buf, 0 );
+               }
 
                assert( op2.orm_modlist == &mod[ 0 ] );
                assert( op2.orm_modlist->sml_next == &mod[ 1 ] );
@@ -528,7 +544,7 @@ memberof_op_add( Operation *op, SlapReply *rs )
 
        if ( MEMBEROF_DANGLING_CHECK( mo )
                        && !get_relax( op )
-                       && is_entry_objectclass( op->ora_e, mo->mo_oc_group, 0 ) )
+                       && is_entry_objectclass_or_sub( op->ora_e, mo->mo_oc_group ) )
        {
                op->o_dn = op->o_bd->be_rootdn;
                op->o_dn = op->o_bd->be_rootndn;
@@ -545,11 +561,7 @@ memberof_op_add( Operation *op, SlapReply *rs )
                        assert( a->a_nvals != NULL );
 
                        for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ ) {
-                               Entry           *e;
-
-                               /* FIXME: entry_get_rw does not pass
-                                * thru overlays yet; when it does, we
-                                * might need to make a copy of the DN */
+                               Entry           *e = NULL;
 
                                rc = be_entry_get_rw( op, &a->a_nvals[ i ],
                                                NULL, NULL, 0, &e );
@@ -1149,7 +1161,7 @@ memberof_res_add( Operation *op, SlapReply *rs )
                }
        }
 
-       if ( is_entry_objectclass( op->ora_e, mo->mo_oc_group, 0 ) ) {
+       if ( is_entry_objectclass_or_sub( op->ora_e, mo->mo_oc_group ) ) {
                Attribute       *a;
 
                for ( a = attrs_find( op->ora_e->e_attrs, mo->mo_ad_member );