From f955f17076dc185a589d90baa2acd33afc4c1448 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Thu, 17 Mar 2005 04:29:31 +0000 Subject: [PATCH] ITS#3576 use actual backend (not glue instance) for restriction and update/referral checks --- servers/slapd/add.c | 9 +++++++++ servers/slapd/delete.c | 9 +++++++++ servers/slapd/modify.c | 8 ++++++++ servers/slapd/modrdn.c | 10 ++++++++++ servers/slapd/passwd.c | 9 +++++++++ 5 files changed, 45 insertions(+) diff --git a/servers/slapd/add.c b/servers/slapd/add.c index 92f6759aea..d15fb7f3fc 100644 --- a/servers/slapd/add.c +++ b/servers/slapd/add.c @@ -205,6 +205,7 @@ fe_op_add( Operation *op, SlapReply *rs ) Modifications *modlist = op->ora_modlist; Modifications **modtail = &modlist; int rc = 0; + BackendDB *op_be; manageDSAit = get_manageDSAit( op ); @@ -236,6 +237,12 @@ fe_op_add( Operation *op, SlapReply *rs ) goto done; } + /* If we've got a glued backend, check the real backend */ + op_be = op->o_bd; + if ( SLAP_GLUE_INSTANCE( op->o_bd )) { + op->o_bd = select_backend( &e->e_nname, manageDSAit, 0 ); + } + /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); @@ -269,6 +276,8 @@ fe_op_add( Operation *op, SlapReply *rs ) size_t textlen = sizeof( textbuf ); slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; + op->o_bd = op_be; + if ( !update ) { rs->sr_err = slap_mods_no_update_check( modlist, &rs->sr_text, diff --git a/servers/slapd/delete.c b/servers/slapd/delete.c index 6762093c4a..40a87c07f3 100644 --- a/servers/slapd/delete.c +++ b/servers/slapd/delete.c @@ -107,6 +107,7 @@ fe_op_delete( Operation *op, SlapReply *rs ) { struct berval pdn = BER_BVNULL; int manageDSAit; + BackendDB *op_be; manageDSAit = get_manageDSAit( op ); @@ -138,6 +139,12 @@ fe_op_delete( Operation *op, SlapReply *rs ) goto cleanup; } + /* If we've got a glued backend, check the real backend */ + op_be = op->o_bd; + if ( SLAP_GLUE_INSTANCE( op->o_bd )) { + op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 ); + } + /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); @@ -196,6 +203,8 @@ fe_op_delete( Operation *op, SlapReply *rs ) int org_managedsait; slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; + op->o_bd = op_be; + if ( !repl_user ) { struct berval csn = BER_BVNULL; char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE]; diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index ea961ef57f..5f7199f4f1 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -225,6 +225,7 @@ fe_op_modify( Operation *op, SlapReply *rs ) #endif int increment = op->orm_increment; int rc = 0; + BackendDB *op_be; if( op->o_req_ndn.bv_len == 0 ) { Debug( LDAP_DEBUG_ANY, "do_modify: root dse!\n", 0, 0, 0 ); @@ -330,6 +331,12 @@ fe_op_modify( Operation *op, SlapReply *rs ) goto cleanup; } + /* If we've got a glued backend, check the real backend */ + op_be = op->o_bd; + if ( SLAP_GLUE_INSTANCE( op->o_bd )) { + op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 ); + } + /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); @@ -424,6 +431,7 @@ fe_op_modify( Operation *op, SlapReply *rs ) size_t textlen = sizeof( textbuf ); slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; + op->o_bd = op_be; if ( !update ) { rs->sr_err = slap_mods_no_update_check( modlist, diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c index c9e6c02dac..c9171d709b 100644 --- a/servers/slapd/modrdn.c +++ b/servers/slapd/modrdn.c @@ -203,6 +203,7 @@ fe_op_modrdn( Operation *op, SlapReply *rs ) Backend *newSuperior_be = NULL; int manageDSAit; struct berval pdn = BER_BVNULL; + BackendDB *op_be; if( op->o_req_ndn.bv_len == 0 ) { Debug( LDAP_DEBUG_ANY, "do_modrdn: root dse!\n", 0, 0, 0 ); @@ -252,6 +253,12 @@ fe_op_modrdn( Operation *op, SlapReply *rs ) goto cleanup; } + /* If we've got a glued backend, check the real backend */ + op_be = op->o_bd; + if ( SLAP_GLUE_INSTANCE( op->o_bd )) { + op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 ); + } + /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); @@ -320,6 +327,9 @@ fe_op_modrdn( Operation *op, SlapReply *rs ) #endif { slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; + + op->o_bd = op_be; + #ifdef SLAPD_MULTIMASTER if ( !op->o_bd->be_update_ndn.bv_len || !repl_user ) #endif diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index e056a83604..a262a9911a 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -51,6 +51,7 @@ int passwd_extop( int i, nhash; char **hashes; int rc; + BackendDB *op_be; cb2.sc_next = &cb; @@ -108,6 +109,12 @@ int passwd_extop( goto error_return; } + /* If we've got a glued backend, check the real backend */ + op_be = op->o_bd; + if ( SLAP_GLUE_INSTANCE( op->o_bd )) { + op->o_bd = select_backend( &op->o_req_ndn, 0, 0 ); + } + if (backend_check_restrictions( op, rs, (struct berval *)&slap_EXOP_MODIFY_PASSWD ) != LDAP_SUCCESS) { rc = rs->sr_err; @@ -159,6 +166,8 @@ int passwd_extop( goto error_return; } + op->o_bd = op_be; + /* Give the backend a chance to handle this itself */ if ( op->o_bd->be_extended ) { rs->sr_err = op->o_bd->be_extended( op, rs ); -- 2.39.5