Commit 40cac2e3 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

fix access checking; fix operational attrs addition

parent 4cab386d
......@@ -930,6 +930,9 @@ backsql_add( Operation *op, SlapReply *rs )
int colnum;
slap_mask_t mask;
char textbuf[ SLAP_TEXT_BUFLEN ];
size_t textlen = sizeof( textbuf );
#ifdef BACKSQL_SYNCPROV
/*
* NOTE: fake successful result to force contextCSN to be bumped up
......@@ -954,6 +957,8 @@ backsql_add( Operation *op, SlapReply *rs )
Debug( LDAP_DEBUG_TRACE, "==>backsql_add(\"%s\")\n",
op->ora_e->e_name.bv_val, 0, 0 );
slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
/* check schema */
if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
......@@ -1050,6 +1055,16 @@ backsql_add( Operation *op, SlapReply *rs )
goto done;
}
/* check write access */
if ( !access_allowed_mask( op, op->ora_e,
slap_schema.si_ad_entry,
NULL, ACL_WADD, NULL, &mask ) )
{
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
e = op->ora_e;
goto done;
}
rs->sr_err = backsql_get_db_conn( op, &dbh );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
......@@ -1135,15 +1150,6 @@ backsql_add( Operation *op, SlapReply *rs )
goto done;
}
if ( !access_allowed_mask( op, op->ora_e,
slap_schema.si_ad_entry,
NULL, ACL_WADD, NULL, &mask ) )
{
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
e = op->ora_e;
goto done;
}
/*
* create_proc is executed; if expect_return is set, then
* an output parameter is bound, which should contain
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment