char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
DB_TXN *ltid = NULL;
struct bdb_op_info opinfo;
#ifdef BDB_SUBENTRIES
if( 0 ) {
retry: /* transaction retry */
+ if( p ) {
+ /* free parent and reader lock */
+ bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ p = NULL;
+ }
rc = TXN_ABORT( ltid );
ltid = NULL;
op->o_private = NULL;
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
- /* free parent and reader lock */
- bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
- p = NULL;
goto retry;
}
*/
if ( !be_isroot( be, &op->o_ndn )) {
if ( be_issuffix( be, (struct berval *)&slap_empty_bv )
- || be_isupdate( be, &op->o_ndn ) ) {
+ || be_isupdate( be, &op->o_ndn ) )
+ {
p = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
rc = access_allowed( be, conn, op, p,
children, NULL, ACL_WRITE, NULL );
+
p = NULL;
switch( opinfo.boi_err ) {
#endif
}
+ rc = access_allowed( be, conn, op, e,
+ entry, NULL, ACL_WRITE, NULL );
+
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ if ( ! rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "bdb_add: no write access to entry\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "bdb_add: no write access to entry\n",
+ 0, 0, 0 );
+#endif
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ text = "no write access to entry";
+ goto return_results;;
+ }
+
/* dn2id index */
rc = bdb_dn2id_add( be, ltid, &pdn, e );
if ( rc != 0 ) {
const char *text;
int manageDSAit = get_manageDSAit( op );
AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
DB_TXN *ltid = NULL;
struct bdb_op_info opinfo;
if ( !rc ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
- "<=- bdb_delete: no access to parent\n", 0, 0, 0 );
+ "<=- bdb_delete: no write access to parent\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
- "<=- bdb_delete: no access to parent\n",
+ "<=- bdb_delete: no write access to parent\n",
0, 0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
+ text = "no write access to parent";
goto return_results;
}
/* check parent for "children" acl */
rc = access_allowed( be, conn, op, p,
children, NULL, ACL_WRITE, NULL );
+
p = NULL;
switch( opinfo.boi_err ) {
"to parent\n", 0, 0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
+ text = "no write access to parent";
goto return_results;
}
goto done;
}
+ rc = access_allowed( be, conn, op, e,
+ entry, NULL, ACL_WRITE, NULL );
+
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ if ( !rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "<=- bdb_delete: no write access to entry\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- bdb_delete: no write access to entry\n",
+ 0, 0, 0 );
+#endif
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ text = "no write access to entry";
+ goto return_results;
+ }
+
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow delete */
BerVarray refs = get_entry_referrals( be,
struct berval *gr_ndn,
struct berval *op_ndn,
ObjectClass *group_oc,
- AttributeDescription *group_at
-)
+ AttributeDescription *group_at )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
struct bdb_op_info *boi = NULL;
op_ndn->bv_val, gr_ndn->bv_val, group_oc_name );
#else
Debug( LDAP_DEBUG_ARGS,
- "=> bdb_group: gr dn: \"%s\"\n",
+ "=> bdb_group: group ndn: \"%s\"\n",
gr_ndn->bv_val, 0, 0 );
Debug( LDAP_DEBUG_ARGS,
- "=> bdb_group: op dn: \"%s\"\n",
+ "=> bdb_group: op ndn: \"%s\"\n",
op_ndn->bv_val, 0, 0 );
+
Debug( LDAP_DEBUG_ARGS,
"=> bdb_group: oc: \"%s\" at: \"%s\"\n",
group_oc_name, group_at_name, 0 );
Debug( LDAP_DEBUG_ARGS,
- "=> bdb_group: tr dn: \"%s\"\n",
+ "=> bdb_group: tr ndn: \"%s\"\n",
target->e_ndn, 0, 0 );
#endif
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
struct berval p_dn, p_ndn;
struct berval new_dn = {0, NULL}, new_ndn = {0, NULL};
int isroot = -1;
goto done;
}
+ /* check write on old entry */
+ rc = access_allowed( be, conn, op, e,
+ entry, NULL, ACL_WRITE, NULL );
+
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ if ( ! rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, ERR,
+ "==>bdb_modrdn: no access to entry\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
+ 0, 0 );
+#endif
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
if (!manageDSAit && is_entry_referral( e ) ) {
/* parent is a referral, don't allow add */
/* parent is an alias, don't allow add */
new_parent_dn = np_dn;
}
-
+
/* Build target dn and make sure target entry doesn't exist already. */
build_new_dn( &new_dn, new_parent_dn, newrdn );
ID id = NOID;
const char *text = NULL;
AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n", e->e_dn, 0, 0);
#endif
- /* grab giant lock for writing */
- ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
-
- if ( ( rc = dn2id( be, &e->e_nname, &id ) ) || id != NOID ) {
- /* if (rc) something bad happened to ldbm cache */
- ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
- send_ldap_result( conn, op,
- rc ? LDAP_OTHER : LDAP_ALREADY_EXISTS,
- NULL, NULL, NULL, NULL );
- return( -1 );
- }
-
rc = entry_schema_check( be, e, NULL, &text, textbuf, textlen );
-
if ( rc != LDAP_SUCCESS ) {
- ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
-
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_add: entry (%s) failed schema check.\n", e->e_dn, 0, 0 );
return( -1 );
}
+ if ( ! access_allowed( be, conn, op, e,
+ entry, NULL, ACL_WRITE, NULL ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, ERR,
+ "ldbm_back_add: No write access to entry (%s).\n",
+ e->e_dn, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "no write access to entry\n", 0,
+ 0, 0 );
+#endif
+
+ send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
+ NULL, "no write access to entry", NULL, NULL );
+
+ return -1;
+ }
+
+ /* grab giant lock for writing */
+ ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
+
+ if ( ( rc = dn2id( be, &e->e_nname, &id ) ) || id != NOID ) {
+ /* if (rc) something bad happened to ldbm cache */
+ ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+ send_ldap_result( conn, op,
+ rc ? LDAP_OTHER : LDAP_ALREADY_EXISTS,
+ NULL, NULL, NULL, NULL );
+ return( -1 );
+ }
+
/*
* Get the parent dn and see if the corresponding entry exists.
* If the parent does not exist, only allow the "root" user to
int rc = -1;
int manageDSAit = get_manageDSAit( op );
AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_delete: %s\n", dn->bv_val, 0, 0 );
return( -1 );
}
+ /* check entry for "entry" acl */
+ if ( ! access_allowed( be, conn, op, e,
+ entry, NULL, ACL_WRITE, NULL ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, ERR,
+ "ldbm_back_delete: no write access to entry of (%s)\n",
+ dn->bv_val, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_delete: no write access to entry\n", 0,
+ 0, 0 );
+#endif
+
+ send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
+ NULL, "no write access to entry", NULL, NULL );
+
+ rc = 1;
+ goto return_results;
+ }
+
if ( !manageDSAit && is_entry_referral( e ) ) {
/* parent is a referral, don't allow add */
/* parent is an alias, don't allow add */
goto return_results;
}
-
if ( has_children( be, e ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
#endif
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
- NULL, NULL, NULL, NULL );
+ NULL, "no write access to parent", NULL, NULL );
goto return_results;
}
"access to parent\n", 0, 0, 0 );
#endif
- send_ldap_result( conn, op,
- LDAP_INSUFFICIENT_ACCESS,
- NULL, NULL, NULL, NULL );
+ send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
+ NULL, "no write access to parent", NULL, NULL );
goto return_results;
}
)
{
AttributeDescription *children = slap_schema.si_ad_children;
+ AttributeDescription *entry = slap_schema.si_ad_entry;
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct berval p_dn, p_ndn;
struct berval new_dn = { 0, NULL}, new_ndn = { 0, NULL };
return( -1 );
}
+ /* check entry for "entry" acl */
+ if ( ! access_allowed( be, conn, op, e,
+ entry, NULL, ACL_WRITE, NULL ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDBM, ERR,
+ "ldbm_back_modrdn: no write access to entry of (%s)\n",
+ dn->bv_val, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- ldbm_back_modrdn: no write access to entry\n", 0,
+ 0, 0 );
+#endif
+
+ send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
+ NULL, "no write access to entry", NULL, NULL );
+
+ goto return_results;
+ }
+
if (!manageDSAit && is_entry_referral( e ) ) {
/* parent is a referral, don't allow add */
/* parent is an alias, don't allow add */