char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
DB_TXN *ltid = NULL;
struct bdb_op_info opinfo;
#ifdef BDB_SUBENTRIES
if( 0 ) {
retry: /* transaction retry */
+ if( p ) {
+ /* free parent and reader lock */
+ bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ p = NULL;
+ }
rc = TXN_ABORT( ltid );
ltid = NULL;
op->o_private = NULL;
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
- /* free parent and reader lock */
- bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
- p = NULL;
goto retry;
}
*/
if ( !be_isroot( be, &op->o_ndn )) {
if ( be_issuffix( be, (struct berval *)&slap_empty_bv )
- || be_isupdate( be, &op->o_ndn ) ) {
+ || be_isupdate( be, &op->o_ndn ) )
+ {
p = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
rc = access_allowed( be, conn, op, p,
children, NULL, ACL_WRITE, NULL );
+
p = NULL;
switch( opinfo.boi_err ) {
#endif
}
+ rc = access_allowed( be, conn, op, e,
+ entry, NULL, ACL_WRITE, NULL );
+
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ if ( ! rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "bdb_add: no write access to entry\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "bdb_add: no write access to entry\n",
+ 0, 0, 0 );
+#endif
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ text = "no write access to entry";
+ goto return_results;;
+ }
+
/* dn2id index */
rc = bdb_dn2id_add( be, ltid, &pdn, e );
if ( rc != 0 ) {
const char *text;
int manageDSAit = get_manageDSAit( op );
AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
DB_TXN *ltid = NULL;
struct bdb_op_info opinfo;
/* check parent for "children" acl */
rc = access_allowed( be, conn, op, p,
children, NULL, ACL_WRITE, NULL );
+
p = NULL;
switch( opinfo.boi_err ) {
#endif
}
+ rc = access_allowed( be, conn, op, e,
+ entry, NULL, ACL_WRITE, NULL );
+
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
/* get entry for read/modify/write */
rc = bdb_dn2entry_w( be, ltid, ndn, &e, &matched, DB_RMW, locker, &lock );
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
struct berval p_dn, p_ndn;
struct berval new_dn = {0, NULL}, new_ndn = {0, NULL};
int isroot = -1;
new_parent_dn = np_dn;
}
-
+
+ /* check write on old entry */
+ rc = access_allowed( be, conn, op, e,
+ entry, NULL, ACL_WRITE, NULL );
+
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, ERR,
+ "==>bdb_modrdn: no access to entry\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
+ 0, 0 );
+#endif
+ send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
+ NULL, NULL, NULL, NULL );
+ goto return_results;
+ }
+
+
/* Build target dn and make sure target entry doesn't exist already. */
build_new_dn( &new_dn, new_parent_dn, newrdn );
projects / openldap / commitdiff