/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2014 The OpenLDAP Foundation.
+ * Copyright 2004-2017 The OpenLDAP Foundation.
* Portions Copyright 2004,2006-2007 Symas Corporation.
* All rights reserved.
*
rc = 0;
break;
- case SLAP_CONFIG_ADD: /* fallthrough */
+ case SLAP_CONFIG_ADD: /* fallthru */
case LDAP_MOD_ADD:
if ( legacy ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
- if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED
+ && access_allowed ( op, op->ora_e,
+ slap_schema.si_ad_entry, NULL,
+ ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
unique_domain *domain;
Operation nop = *op;
Modifications *m;
+ Entry *e = NULL;
char *key, *kp;
struct berval bvkey;
int rc = SLAP_CB_CONTINUE;
Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n",
op->o_req_dn.bv_val, 0, 0);
+ if ( !op->orm_modlist ) {
+ Debug(LDAP_DEBUG_TRACE, "unique_modify: got empty modify op\n", 0, 0, 0);
+ return rc;
+ }
+
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
- if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED
+ && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS
+ && e
+ && access_allowed ( op, e,
+ slap_schema.si_ad_entry, NULL,
+ ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0);
+ overlay_entry_release_ov( op, e, 0, on );
return rc;
}
+ if ( e ) {
+ overlay_entry_release_ov( op, e, 0, on );
+ }
for ( domain = legacy ? legacy : domains;
domain;
&& !dnIsSuffix( &op->o_req_ndn, &uri->ndn ))
continue;
- if ( !(m = op->orm_modlist) ) {
- op->o_bd->bd_info = (BackendInfo *) on->on_info;
- send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
- "unique_modify() got null op.orm_modlist");
- rc = rs->sr_err;
- break;
-
- } else
- for ( ; m; m = m->sml_next)
- if ( (m->sml_op & LDAP_MOD_OP)
- != LDAP_MOD_DELETE )
- ks += count_filter_len
- ( domain,
- uri,
- m->sml_desc,
- m->sml_values);
+ for ( m = op->orm_modlist; m; m = m->sml_next)
+ if ( (m->sml_op & LDAP_MOD_OP)
+ != LDAP_MOD_DELETE )
+ ks += count_filter_len
+ ( domain,
+ uri,
+ m->sml_desc,
+ m->sml_values);
/* skip this domain-uri if it isn't involved */
if ( !ks ) continue;
unique_domain *legacy = private->legacy;
unique_domain *domain;
Operation nop = *op;
+ Entry *e = NULL;
char *key, *kp;
struct berval bvkey;
LDAPRDN newrdn;
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
- if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED
+ && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS
+ && e
+ && access_allowed ( op, e,
+ slap_schema.si_ad_entry, NULL,
+ ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0);
+ overlay_entry_release_ov( op, e, 0, on );
return rc;
}
+ if ( e ) {
+ overlay_entry_release_ov( op, e, 0, on );
+ }
for ( domain = legacy ? legacy : domains;
domain;