fix access checking; fix operational attrs addition

servers/slapd/back-sql/add.c

@@ -930,6 +930,9 @@ backsql_add( Operation *op, SlapReply *rs )
 	int			colnum;
 	slap_mask_t		mask;
 
+	char			textbuf[ SLAP_TEXT_BUFLEN ];
+	size_t			textlen = sizeof( textbuf );
+
 #ifdef BACKSQL_SYNCPROV
 	/*
 	 * NOTE: fake successful result to force contextCSN to be bumped up
@@ -954,6 +957,8 @@ backsql_add( Operation *op, SlapReply *rs )
 	Debug( LDAP_DEBUG_TRACE, "==>backsql_add(\"%s\")\n",
 			op->ora_e->e_name.bv_val, 0, 0 );
 
+	slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+
 	/* check schema */
 	if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
 		char		textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
@@ -1050,6 +1055,16 @@ backsql_add( Operation *op, SlapReply *rs )
 		goto done;
 	}
 
+	/* check write access */
+	if ( !access_allowed_mask( op, op->ora_e,
+				slap_schema.si_ad_entry,
+				NULL, ACL_WADD, NULL, &mask ) )
+	{
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		e = op->ora_e;
+		goto done;
+	}
+
 	rs->sr_err = backsql_get_db_conn( op, &dbh );
 	if ( rs->sr_err != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_TRACE, "   backsql_add(\"%s\"): "
@@ -1063,7 +1078,7 @@ backsql_add( Operation *op, SlapReply *rs )
 
 	/*
 	 * Check if entry exists
-	*
+	 *
 	 * NOTE: backsql_api_dn2odbc() is called explicitly because
 	 * we need the mucked DN to pass it to the create procedure.
 	 */
@@ -1135,15 +1150,6 @@ backsql_add( Operation *op, SlapReply *rs )
 		goto done;
 	}
 
-	if ( !access_allowed_mask( op, op->ora_e,
-				slap_schema.si_ad_entry,
-				NULL, ACL_WADD, NULL, &mask ) )
-	{
-		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
-		e = op->ora_e;
-		goto done;
-	}
-
 	/*
 	 * create_proc is executed; if expect_return is set, then
 	 * an output parameter is bound, which should contain