From a8e859a40124ecf94e31837b1963b07fe5a9d4f6 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 10 Jun 2003 04:44:41 +0000 Subject: [PATCH] Add server side assert control support. --- servers/slapd/back-bdb/add.c | 8 ++++++++ servers/slapd/back-bdb/compare.c | 11 +++++++++-- servers/slapd/back-bdb/delete.c | 7 +++++++ servers/slapd/back-bdb/init.c | 9 +++++---- servers/slapd/back-bdb/modify.c | 9 ++++++++- servers/slapd/back-bdb/modrdn.c | 8 +++++++- servers/slapd/back-bdb/search.c | 8 ++++++++ 7 files changed, 52 insertions(+), 8 deletions(-) diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c index 0ccf2db32f..37df7595a8 100644 --- a/servers/slapd/back-bdb/add.c +++ b/servers/slapd/back-bdb/add.c @@ -343,6 +343,14 @@ retry: /* transaction retry */ #endif } + if ( get_assert( op ) && + ( test_filter( op, op->oq_add.rs_e, get_assertion( op )) + != LDAP_COMPARE_TRUE )) + { + rs->sr_err = LDAP_ASSERTION_FAILED; + goto return_results; + } + rs->sr_err = access_allowed( op, op->oq_add.rs_e, entry, NULL, ACL_WRITE, NULL ); diff --git a/servers/slapd/back-bdb/compare.c b/servers/slapd/back-bdb/compare.c index 635208d9f5..d44c26ac6f 100644 --- a/servers/slapd/back-bdb/compare.c +++ b/servers/slapd/back-bdb/compare.c @@ -102,8 +102,15 @@ dn2entry_retry: goto done; } - rs->sr_err = access_allowed( op, e, - op->oq_compare.rs_ava->aa_desc, &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ); + if ( get_assert( op ) && + ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE )) + { + rs->sr_err = LDAP_ASSERTION_FAILED; + goto return_results; + } + + rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc, + &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ); if ( ! rs->sr_err ) { rs->sr_err = LDAP_INSUFFICIENT_ACCESS; goto return_results; diff --git a/servers/slapd/back-bdb/delete.c b/servers/slapd/back-bdb/delete.c index ef8dcd82d8..4a03a0ab6b 100644 --- a/servers/slapd/back-bdb/delete.c +++ b/servers/slapd/back-bdb/delete.c @@ -258,6 +258,13 @@ retry: /* transaction retry */ goto done; } + if ( get_assert( op ) && + ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE )) + { + rs->sr_err = LDAP_ASSERTION_FAILED; + goto return_results; + } + rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL ); diff --git a/servers/slapd/back-bdb/init.c b/servers/slapd/back-bdb/init.c index 41ecef07a0..47e9ac0304 100644 --- a/servers/slapd/back-bdb/init.c +++ b/servers/slapd/back-bdb/init.c @@ -571,18 +571,19 @@ bdb_initialize( ) { static char *controls[] = { + LDAP_CONTROL_ASSERT, +#ifdef LDAP_CLIENT_UPDATE + LDAP_CONTROL_CLIENT_UPDATE, +#endif LDAP_CONTROL_MANAGEDSAIT, LDAP_CONTROL_NOOP, #ifdef LDAP_CONTROL_PAGEDRESULTS LDAP_CONTROL_PAGEDRESULTS, #endif - LDAP_CONTROL_VALUESRETURNFILTER, #ifdef LDAP_CONTROL_SUBENTRIES LDAP_CONTROL_SUBENTRIES, #endif -#ifdef LDAP_CLIENT_UPDATE - LDAP_CONTROL_CLIENT_UPDATE, -#endif + LDAP_CONTROL_VALUESRETURNFILTER, NULL }; diff --git a/servers/slapd/back-bdb/modify.c b/servers/slapd/back-bdb/modify.c index 387f9f5551..d5db616a1f 100644 --- a/servers/slapd/back-bdb/modify.c +++ b/servers/slapd/back-bdb/modify.c @@ -453,6 +453,13 @@ retry: /* transaction retry */ goto done; } + if ( get_assert( op ) && + ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE )) + { + rs->sr_err = LDAP_ASSERTION_FAILED; + goto return_results; + } + #if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC) if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) { LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) { @@ -460,7 +467,7 @@ retry: /* transaction retry */ } } #endif - + /* nested transaction */ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, bdb->bi_db_opflags ); diff --git a/servers/slapd/back-bdb/modrdn.c b/servers/slapd/back-bdb/modrdn.c index 412426f0b2..0a1c70f73a 100644 --- a/servers/slapd/back-bdb/modrdn.c +++ b/servers/slapd/back-bdb/modrdn.c @@ -182,9 +182,15 @@ retry: /* transaction retry */ goto done; } + if ( get_assert( op ) && + ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE )) + { + rs->sr_err = LDAP_ASSERTION_FAILED; + goto return_results; + } + /* check write on old entry */ rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL ); - if ( ! rs->sr_err ) { switch( opinfo.boi_err ) { case DB_LOCK_DEADLOCK: diff --git a/servers/slapd/back-bdb/search.c b/servers/slapd/back-bdb/search.c index 2c4c80e3ae..b2f75748de 100644 --- a/servers/slapd/back-bdb/search.c +++ b/servers/slapd/back-bdb/search.c @@ -615,6 +615,14 @@ dn2entry_retry: return 1; } + if ( get_assert( op ) && + ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE )) + { + rs->sr_err = LDAP_ASSERTION_FAILED; + send_ldap_result( sop, rs ); + return 1; + } + /* if not root, get appropriate limits */ if ( be_isroot( op->o_bd, &sop->o_ndn ) ) { isroot = 1; -- 2.39.5