From: Kurt Zeilenga Date: Sun, 12 Oct 2003 07:19:27 +0000 (+0000) Subject: Tentative fix for last comment (tests still running) X-Git-Tag: OPENLDAP_REL_ENG_2_1_MP~591 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=535c22159982ce00dfbbb8b2a7da57dfd06c09a7;p=openldap Tentative fix for last comment (tests still running) --- diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c index 135cc4668a..636bb3391f 100644 --- a/servers/slapd/back-bdb/add.c +++ b/servers/slapd/back-bdb/add.c @@ -135,8 +135,6 @@ retry: /* transaction retry */ /* * Get the parent dn and see if the corresponding entry exists. - * If the parent does not exist, only allow the "root" user to - * add the entry. */ if ( be_issuffix( op->o_bd, &op->oq_add.rs_e->e_nname ) ) { pdn = slap_empty_bv; @@ -285,40 +283,12 @@ retry: /* transaction retry */ } else { /* * no parent! - * must be adding entry at suffix or with parent "" + * if not attempting to add entry at suffix or with parent "" */ - if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) - || be_isupdate( op->o_bd, &op->o_ndn ) ) + if (( !be_isroot( op->o_bd, &op->o_ndn ) + || !dn_match( &pdn, &slap_empty_bv )) + && !is_entry_glue( op->oq_add.rs_e )) { - p = (Entry *)&slap_entry_root; - - /* check parent for "children" acl */ - rs->sr_err = access_allowed( op, p, - children, NULL, ACL_WRITE, NULL ); - - p = NULL; - - if ( ! rs->sr_err ) { - switch( opinfo.boi_err ) { - case DB_LOCK_DEADLOCK: - case DB_LOCK_NOTGRANTED: - goto retry; - } - -#ifdef NEW_LOGGING - LDAP_LOG ( OPERATION, DETAIL1, - "bdb_add: no write access to parent\n", 0, 0, 0 ); -#else - Debug( LDAP_DEBUG_TRACE, - "bdb_add: no write access to parent\n", - 0, 0, 0 ); -#endif - rs->sr_err = LDAP_INSUFFICIENT_ACCESS; - rs->sr_text = "no write access to parent"; - goto return_results; - } - - } else if ( !is_entry_glue( op->oq_add.rs_e )) { #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, DETAIL1, "bdb_add: %s denied\n", pdn.bv_len == 0 ? "suffix" : "entry at root", 0, 0 ); diff --git a/servers/slapd/back-ldbm/add.c b/servers/slapd/back-ldbm/add.c index c1b9e8a5da..8732b3e4e2 100644 --- a/servers/slapd/back-ldbm/add.c +++ b/servers/slapd/back-ldbm/add.c @@ -99,8 +99,7 @@ ldbm_back_add( dnParent( &op->o_req_ndn, &pdn ); } - if( pdn.bv_len ) - { + if( pdn.bv_len ) { Entry *matched = NULL; /* get parent with writer lock */ @@ -191,7 +190,6 @@ ldbm_back_add( 0, 0 ); #endif - send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM, "parent is an alias" ); @@ -234,39 +232,12 @@ ldbm_back_add( #endif } else { - if( pdn.bv_val != NULL ) { - assert( *pdn.bv_val == '\0' ); - } + assert( pdn.bv_val == NULL || *pdn.bv_val != '\0' ); - /* no parent */ - if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || - be_isupdate( op->o_bd, &op->o_ndn ) ) + if (( !be_isroot( op->o_bd, &op->o_ndn ) + || !dn_match( &pdn, &slap_empty_bv )) + && !is_entry_glue( op->oq_add.rs_e )) { - p = (Entry *)&slap_entry_root; - - rs->sr_err = access_allowed( op, p, - children, NULL, ACL_WRITE, NULL ); - p = NULL; - - if ( ! rs->sr_err ) { - ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); - -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDBM, ERR, - "ldbm_back_add: No write " - "access to parent (\"\").\n", 0, 0, 0 ); -#else - Debug( LDAP_DEBUG_TRACE, - "no write access to parent\n", 0, 0, 0 ); -#endif - - send_ldap_error( op, rs, - LDAP_INSUFFICIENT_ACCESS, - "no write access to parent" ); - - return LDAP_INSUFFICIENT_ACCESS; - } - } else if ( !is_entry_glue( op->oq_add.rs_e )) { ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); #ifdef NEW_LOGGING