From: Pierangelo Masarati Date: Sun, 6 Nov 2005 23:32:52 +0000 (+0000) Subject: fix access checking; fix operational attrs addition X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~79 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=40cac2e37a45cbe2ce5fb69e902ad602baf65284;p=openldap fix access checking; fix operational attrs addition --- diff --git a/servers/slapd/back-sql/add.c b/servers/slapd/back-sql/add.c index 6656b774f3..e82eae5bed 100644 --- a/servers/slapd/back-sql/add.c +++ b/servers/slapd/back-sql/add.c @@ -930,6 +930,9 @@ backsql_add( Operation *op, SlapReply *rs ) int colnum; slap_mask_t mask; + char textbuf[ SLAP_TEXT_BUFLEN ]; + size_t textlen = sizeof( textbuf ); + #ifdef BACKSQL_SYNCPROV /* * NOTE: fake successful result to force contextCSN to be bumped up @@ -954,6 +957,8 @@ backsql_add( Operation *op, SlapReply *rs ) Debug( LDAP_DEBUG_TRACE, "==>backsql_add(\"%s\")\n", op->ora_e->e_name.bv_val, 0, 0 ); + slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 ); + /* check schema */ if ( BACKSQL_CHECK_SCHEMA( bi ) ) { char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' }; @@ -1050,6 +1055,16 @@ backsql_add( Operation *op, SlapReply *rs ) goto done; } + /* check write access */ + if ( !access_allowed_mask( op, op->ora_e, + slap_schema.si_ad_entry, + NULL, ACL_WADD, NULL, &mask ) ) + { + rs->sr_err = LDAP_INSUFFICIENT_ACCESS; + e = op->ora_e; + goto done; + } + rs->sr_err = backsql_get_db_conn( op, &dbh ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): " @@ -1063,7 +1078,7 @@ backsql_add( Operation *op, SlapReply *rs ) /* * Check if entry exists - * + * * NOTE: backsql_api_dn2odbc() is called explicitly because * we need the mucked DN to pass it to the create procedure. */ @@ -1135,15 +1150,6 @@ backsql_add( Operation *op, SlapReply *rs ) goto done; } - if ( !access_allowed_mask( op, op->ora_e, - slap_schema.si_ad_entry, - NULL, ACL_WADD, NULL, &mask ) ) - { - rs->sr_err = LDAP_INSUFFICIENT_ACCESS; - e = op->ora_e; - goto done; - } - /* * create_proc is executed; if expect_return is set, then * an output parameter is bound, which should contain