From dfcd7328133d2c25049aae4a2944d6e8ca9dffd1 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Sun, 12 Oct 2003 06:32:44 +0000 Subject: [PATCH] ITS#2757: fix parent-less add bug --- servers/slapd/back-bdb/add.c | 71 +++++++++++++-------------------- servers/slapd/back-ldbm/add.c | 75 ++++++++++++----------------------- 2 files changed, 53 insertions(+), 93 deletions(-) diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c index 551a8813c1..135cc4668a 100644 --- a/servers/slapd/back-bdb/add.c +++ b/servers/slapd/back-bdb/add.c @@ -287,66 +287,49 @@ retry: /* transaction retry */ * no parent! * must be adding entry at suffix or with parent "" */ - if ( !be_isroot( op->o_bd, &op->o_ndn )) { - if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) - || be_isupdate( op->o_bd, &op->o_ndn ) ) - { - p = (Entry *)&slap_entry_root; - - /* check parent for "children" acl */ - rs->sr_err = access_allowed( op, p, - children, NULL, ACL_WRITE, NULL ); + if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) + || be_isupdate( op->o_bd, &op->o_ndn ) ) + { + p = (Entry *)&slap_entry_root; - p = NULL; + /* check parent for "children" acl */ + rs->sr_err = access_allowed( op, p, + children, NULL, ACL_WRITE, NULL ); - if ( ! rs->sr_err ) { - switch( opinfo.boi_err ) { - case DB_LOCK_DEADLOCK: - case DB_LOCK_NOTGRANTED: - goto retry; - } + p = NULL; -#ifdef NEW_LOGGING - LDAP_LOG ( OPERATION, DETAIL1, - "bdb_add: no write access to parent\n", 0, 0, 0 ); -#else - Debug( LDAP_DEBUG_TRACE, - "bdb_add: no write access to parent\n", - 0, 0, 0 ); -#endif - rs->sr_err = LDAP_INSUFFICIENT_ACCESS; - rs->sr_text = "no write access to parent"; - goto return_results; + if ( ! rs->sr_err ) { + switch( opinfo.boi_err ) { + case DB_LOCK_DEADLOCK: + case DB_LOCK_NOTGRANTED: + goto retry; } - } else if ( !is_entry_glue( op->oq_add.rs_e )) { + #ifdef NEW_LOGGING - LDAP_LOG ( OPERATION, DETAIL1, "bdb_add: %s denied\n", - pdn.bv_len == 0 ? "suffix" : "entry at root", 0, 0 ); + LDAP_LOG ( OPERATION, DETAIL1, + "bdb_add: no write access to parent\n", 0, 0, 0 ); #else - Debug( LDAP_DEBUG_TRACE, "bdb_add: %s denied\n", - pdn.bv_len == 0 ? "suffix" : "entry at root", - 0, 0 ); + Debug( LDAP_DEBUG_TRACE, + "bdb_add: no write access to parent\n", + 0, 0, 0 ); #endif - rs->sr_err = LDAP_NO_SUCH_OBJECT; + rs->sr_err = LDAP_INSUFFICIENT_ACCESS; + rs->sr_text = "no write access to parent"; goto return_results; } - } -#ifdef BDB_SUBENTRIES - if( subentry ) { + } else if ( !is_entry_glue( op->oq_add.rs_e )) { #ifdef NEW_LOGGING - LDAP_LOG ( OPERATION, DETAIL1, - "bdb_add: no parent, cannot add subentry\n", 0, 0, 0 ); + LDAP_LOG ( OPERATION, DETAIL1, "bdb_add: %s denied\n", + pdn.bv_len == 0 ? "suffix" : "entry at root", 0, 0 ); #else - Debug( LDAP_DEBUG_TRACE, - "bdb_add: no parent, cannot add subentry\n", - 0, 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "bdb_add: %s denied\n", + pdn.bv_len == 0 ? "suffix" : "entry at root", + 0, 0 ); #endif rs->sr_err = LDAP_NO_SUCH_OBJECT; - rs->sr_text = "no parent, cannot add subentry"; goto return_results; } -#endif } if ( get_assert( op ) && diff --git a/servers/slapd/back-ldbm/add.c b/servers/slapd/back-ldbm/add.c index e4a5130b77..c1b9e8a5da 100644 --- a/servers/slapd/back-ldbm/add.c +++ b/servers/slapd/back-ldbm/add.c @@ -234,76 +234,53 @@ ldbm_back_add( #endif } else { - if( pdn.bv_val != NULL ) - { + if( pdn.bv_val != NULL ) { assert( *pdn.bv_val == '\0' ); } - /* no parent, must be adding entry to root */ - if ( !be_isroot( op->o_bd, &op->o_ndn ) ) + /* no parent */ + if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || + be_isupdate( op->o_bd, &op->o_ndn ) ) { - if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) { - p = (Entry *)&slap_entry_root; + p = (Entry *)&slap_entry_root; - rs->sr_err = access_allowed( op, p, - children, NULL, ACL_WRITE, NULL ); - p = NULL; + rs->sr_err = access_allowed( op, p, + children, NULL, ACL_WRITE, NULL ); + p = NULL; - if ( ! rs->sr_err ) { - ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); - -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDBM, ERR, - "ldbm_back_add: No write " - "access to parent (\"\").\n", 0, 0, 0 ); -#else - Debug( LDAP_DEBUG_TRACE, - "no write access to parent\n", - 0, 0, 0 ); -#endif - - send_ldap_error( op, rs, - LDAP_INSUFFICIENT_ACCESS, - "no write access to parent" ); - - return LDAP_INSUFFICIENT_ACCESS; - } - } else if ( !is_entry_glue( op->oq_add.rs_e )) { + if ( ! rs->sr_err ) { ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); #ifdef NEW_LOGGING LDAP_LOG( BACK_LDBM, ERR, - "ldbm_back_add: %s add denied.\n", - pdn.bv_val == NULL ? "suffix" - : "entry at root", 0, 0 ); + "ldbm_back_add: No write " + "access to parent (\"\").\n", 0, 0, 0 ); #else - Debug( LDAP_DEBUG_TRACE, "%s add denied\n", - pdn.bv_val == NULL ? "suffix" - : "entry at root", 0, 0 ); + Debug( LDAP_DEBUG_TRACE, + "no write access to parent\n", 0, 0, 0 ); #endif send_ldap_error( op, rs, - LDAP_NO_SUCH_OBJECT, NULL ); + LDAP_INSUFFICIENT_ACCESS, + "no write access to parent" ); - return LDAP_NO_SUCH_OBJECT; + return LDAP_INSUFFICIENT_ACCESS; } - } + } else if ( !is_entry_glue( op->oq_add.rs_e )) { + ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); -#ifdef LDBM_SUBENTRIES - if( subentry ) { #ifdef NEW_LOGGING - LDAP_LOG ( OPERATION, DETAIL1, - "bdb_add: no parent, cannot add subentry\n", 0, 0, 0 ); + LDAP_LOG( BACK_LDBM, ERR, + "ldbm_back_add: %s add denied.\n", + pdn.bv_val == NULL ? "suffix" : "entry at root", 0, 0 ); #else - Debug( LDAP_DEBUG_TRACE, - "bdb_add: no parent, cannot add subentry\n", 0, 0, 0 ); -#endif - rs->sr_err = LDAP_NO_SUCH_OBJECT; - rs->sr_text = "no parent, cannot add subentry"; - goto return_results; - } + Debug( LDAP_DEBUG_TRACE, "%s add denied\n", + pdn.bv_val == NULL ? "suffix" : "entry at root", 0, 0 ); #endif + send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT, NULL ); + return LDAP_NO_SUCH_OBJECT; + } } if ( next_id( op->o_bd, &op->oq_add.rs_e->e_id ) ) { -- 2.39.5