Commit 40cac2e3 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

fix access checking; fix operational attrs addition

parent 4cab386d
...@@ -930,6 +930,9 @@ backsql_add( Operation *op, SlapReply *rs ) ...@@ -930,6 +930,9 @@ backsql_add( Operation *op, SlapReply *rs )
int colnum; int colnum;
slap_mask_t mask; slap_mask_t mask;
char textbuf[ SLAP_TEXT_BUFLEN ];
size_t textlen = sizeof( textbuf );
#ifdef BACKSQL_SYNCPROV #ifdef BACKSQL_SYNCPROV
/* /*
* NOTE: fake successful result to force contextCSN to be bumped up * NOTE: fake successful result to force contextCSN to be bumped up
...@@ -954,6 +957,8 @@ backsql_add( Operation *op, SlapReply *rs ) ...@@ -954,6 +957,8 @@ backsql_add( Operation *op, SlapReply *rs )
Debug( LDAP_DEBUG_TRACE, "==>backsql_add(\"%s\")\n", Debug( LDAP_DEBUG_TRACE, "==>backsql_add(\"%s\")\n",
op->ora_e->e_name.bv_val, 0, 0 ); op->ora_e->e_name.bv_val, 0, 0 );
slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
/* check schema */ /* check schema */
if ( BACKSQL_CHECK_SCHEMA( bi ) ) { if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' }; char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
...@@ -1050,6 +1055,16 @@ backsql_add( Operation *op, SlapReply *rs ) ...@@ -1050,6 +1055,16 @@ backsql_add( Operation *op, SlapReply *rs )
goto done; goto done;
} }
/* check write access */
if ( !access_allowed_mask( op, op->ora_e,
slap_schema.si_ad_entry,
NULL, ACL_WADD, NULL, &mask ) )
{
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
e = op->ora_e;
goto done;
}
rs->sr_err = backsql_get_db_conn( op, &dbh ); rs->sr_err = backsql_get_db_conn( op, &dbh );
if ( rs->sr_err != LDAP_SUCCESS ) { if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): " Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
...@@ -1063,7 +1078,7 @@ backsql_add( Operation *op, SlapReply *rs ) ...@@ -1063,7 +1078,7 @@ backsql_add( Operation *op, SlapReply *rs )
/* /*
* Check if entry exists * Check if entry exists
* *
* NOTE: backsql_api_dn2odbc() is called explicitly because * NOTE: backsql_api_dn2odbc() is called explicitly because
* we need the mucked DN to pass it to the create procedure. * we need the mucked DN to pass it to the create procedure.
*/ */
...@@ -1135,15 +1150,6 @@ backsql_add( Operation *op, SlapReply *rs ) ...@@ -1135,15 +1150,6 @@ backsql_add( Operation *op, SlapReply *rs )
goto done; goto done;
} }
if ( !access_allowed_mask( op, op->ora_e,
slap_schema.si_ad_entry,
NULL, ACL_WADD, NULL, &mask ) )
{
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
e = op->ora_e;
goto done;
}
/* /*
* create_proc is executed; if expect_return is set, then * create_proc is executed; if expect_return is set, then
* an output parameter is bound, which should contain * an output parameter is bound, which should contain
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment