From: Kurt Zeilenga Date: Fri, 4 Oct 2002 23:42:27 +0000 (+0000) Subject: Fix up last commits X-Git-Tag: NO_SLAP_OP_BLOCKS~925 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=d19db4b7ed0a0b9f14d555cd84814ca476adc447;p=openldap Fix up last commits --- diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c index 76fac90435..e2e4e2afc8 100644 --- a/servers/slapd/back-bdb/add.c +++ b/servers/slapd/back-bdb/add.c @@ -226,7 +226,6 @@ retry: /* transaction retry */ 0, 0, 0 ); #endif rc = LDAP_INSUFFICIENT_ACCESS; - text = "no write access to parent"; goto return_results;; } @@ -327,7 +326,6 @@ retry: /* transaction retry */ 0, 0, 0 ); #endif rc = LDAP_INSUFFICIENT_ACCESS; - text = "no write access to parent"; goto return_results;; } @@ -389,7 +387,6 @@ retry: /* transaction retry */ 0, 0, 0 ); #endif rc = LDAP_INSUFFICIENT_ACCESS; - text = "no write access to entry"; goto return_results;; } diff --git a/servers/slapd/back-bdb/delete.c b/servers/slapd/back-bdb/delete.c index ad5f1fe278..045e5e28bf 100644 --- a/servers/slapd/back-bdb/delete.c +++ b/servers/slapd/back-bdb/delete.c @@ -233,15 +233,6 @@ retry: /* transaction retry */ #endif } - rc = access_allowed( be, conn, op, e, - entry, NULL, ACL_WRITE, NULL ); - - switch( opinfo.boi_err ) { - case DB_LOCK_DEADLOCK: - case DB_LOCK_NOTGRANTED: - goto retry; - } - /* get entry for read/modify/write */ rc = bdb_dn2entry_w( be, ltid, ndn, &e, &matched, DB_RMW, locker, &lock ); @@ -297,6 +288,28 @@ retry: /* transaction retry */ goto done; } + rc = access_allowed( be, conn, op, e, + entry, NULL, ACL_WRITE, NULL ); + + switch( opinfo.boi_err ) { + case DB_LOCK_DEADLOCK: + case DB_LOCK_NOTGRANTED: + goto retry; + } + + if ( !rc ) { +#ifdef NEW_LOGGING + LDAP_LOG ( OPERATION, DETAIL1, + "<=- bdb_delete: no access to entry\n", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_TRACE, + "<=- bdb_delete: no access to entry\n", + 0, 0, 0 ); +#endif + rc = LDAP_INSUFFICIENT_ACCESS; + goto return_results; + } + if ( !manageDSAit && is_entry_referral( e ) ) { /* entry is a referral, don't allow delete */ BerVarray refs = get_entry_referrals( be, diff --git a/servers/slapd/back-bdb/modrdn.c b/servers/slapd/back-bdb/modrdn.c index ba920bc690..6017044122 100644 --- a/servers/slapd/back-bdb/modrdn.c +++ b/servers/slapd/back-bdb/modrdn.c @@ -178,6 +178,28 @@ retry: /* transaction retry */ goto done; } + /* check write on old entry */ + rc = access_allowed( be, conn, op, e, + entry, NULL, ACL_WRITE, NULL ); + + switch( opinfo.boi_err ) { + case DB_LOCK_DEADLOCK: + case DB_LOCK_NOTGRANTED: + goto retry; + } + + if ( ! rc ) { +#ifdef NEW_LOGGING + LDAP_LOG ( OPERATION, ERR, + "==>bdb_modrdn: no access to entry\n", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0, + 0, 0 ); +#endif + rc = LDAP_INSUFFICIENT_ACCESS; + goto return_results; + } + if (!manageDSAit && is_entry_referral( e ) ) { /* parent is a referral, don't allow add */ /* parent is an alias, don't allow add */ @@ -538,30 +560,6 @@ retry: /* transaction retry */ new_parent_dn = np_dn; } - /* check write on old entry */ - rc = access_allowed( be, conn, op, e, - entry, NULL, ACL_WRITE, NULL ); - - switch( opinfo.boi_err ) { - case DB_LOCK_DEADLOCK: - case DB_LOCK_NOTGRANTED: - goto retry; - } - - if ( rc ) { -#ifdef NEW_LOGGING - LDAP_LOG ( OPERATION, ERR, - "==>bdb_modrdn: no access to entry\n", 0, 0, 0 ); -#else - Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0, - 0, 0 ); -#endif - send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, - NULL, NULL, NULL, NULL ); - goto return_results; - } - - /* Build target dn and make sure target entry doesn't exist already. */ build_new_dn( &new_dn, new_parent_dn, newrdn );