Commit 79a0f035 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

check objectClass inheritance on add (consistent with modify; ITS#5299)

if referential integrity is broken, things could go wrong; don't assert
parent c0ed43cf
......@@ -264,6 +264,7 @@ memberof_saveMember_cb( Operation *op, SlapReply *rs )
if ( rs->sr_type == REP_SEARCH ) {
memberof_cookie_t *mc;
Attribute *a;
BerVarray vals = NULL;
mc = (memberof_cookie_t *)op->o_callback->sc_private;
mc->foundit = 1;
......@@ -272,12 +273,13 @@ memberof_saveMember_cb( Operation *op, SlapReply *rs )
assert( rs->sr_entry->e_attrs != NULL );
a = attr_find( rs->sr_entry->e_attrs, mc->ad );
if ( a != NULL ) {
vals = a->a_nvals;
}
assert( a != NULL );
memberof_saved_member_set( op, mc->key, a->a_nvals );
memberof_saved_member_set( op, mc->key, vals );
if ( attr_find( a->a_next, mc->ad ) != NULL ) {
if ( a && attr_find( a->a_next, mc->ad ) != NULL ) {
Debug( LDAP_DEBUG_ANY,
"%s: memberof_saveMember_cb(\"%s\"): "
"more than one occurrence of \"%s\" "
......@@ -453,6 +455,13 @@ memberof_value_modify(
ml->sml_nvalues[ 0 ] = *new_ndn;
(void)op->o_bd->be_modify( &op2, &rs2 );
if ( rs2.sr_err != LDAP_SUCCESS ) {
char buf[ SLAP_TEXT_BUFLEN ];
snprintf( buf, sizeof( buf ),
"memberof_value_modify %s=\"%s\" failed err=%d",
ad->ad_cname.bv_val, new_dn->bv_val, rs2.sr_err );
Debug( LDAP_DEBUG_ANY, "%s: %s\n", op->o_log_prefix, buf, 0 );
}
assert( op2.orm_modlist == &mod[ 0 ] );
assert( op2.orm_modlist->sml_next == &mod[ 1 ] );
......@@ -473,6 +482,13 @@ memberof_value_modify(
ml->sml_nvalues[ 0 ] = *old_ndn;
(void)op->o_bd->be_modify( &op2, &rs2 );
if ( rs2.sr_err != LDAP_SUCCESS ) {
char buf[ SLAP_TEXT_BUFLEN ];
snprintf( buf, sizeof( buf ),
"memberof_value_modify %s=\"%s\" failed err=%d",
ad->ad_cname.bv_val, old_dn->bv_val, rs2.sr_err );
Debug( LDAP_DEBUG_ANY, "%s: %s\n", op->o_log_prefix, buf, 0 );
}
assert( op2.orm_modlist == &mod[ 0 ] );
assert( op2.orm_modlist->sml_next == &mod[ 1 ] );
......@@ -528,7 +544,7 @@ memberof_op_add( Operation *op, SlapReply *rs )
if ( MEMBEROF_DANGLING_CHECK( mo )
&& !get_relax( op )
&& is_entry_objectclass( op->ora_e, mo->mo_oc_group, 0 ) )
&& is_entry_objectclass_or_sub( op->ora_e, mo->mo_oc_group ) )
{
op->o_dn = op->o_bd->be_rootdn;
op->o_dn = op->o_bd->be_rootndn;
......@@ -545,11 +561,7 @@ memberof_op_add( Operation *op, SlapReply *rs )
assert( a->a_nvals != NULL );
for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ ) {
Entry *e;
/* FIXME: entry_get_rw does not pass
* thru overlays yet; when it does, we
* might need to make a copy of the DN */
Entry *e = NULL;
rc = be_entry_get_rw( op, &a->a_nvals[ i ],
NULL, NULL, 0, &e );
......@@ -1149,7 +1161,7 @@ memberof_res_add( Operation *op, SlapReply *rs )
}
}
if ( is_entry_objectclass( op->ora_e, mo->mo_oc_group, 0 ) ) {
if ( is_entry_objectclass_or_sub( op->ora_e, mo->mo_oc_group ) ) {
Attribute *a;
for ( a = attrs_find( op->ora_e->e_attrs, mo->mo_ad_member );
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment