Fix: obey be->be_readonly. Also add & obey global_readonly.

servers/slapd/add.c

@@ -145,6 +145,15 @@ do_add( Connection *conn, Operation *op )
 		return rc;
 	}
 
+	if ( global_readonly || be->be_readonly ) {
+		Debug( LDAP_DEBUG_ANY, "do_add: database is read-only\n",
+		       0, 0, 0 );
+		entry_free( e );
+		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
+		                  NULL, "database is read-only", NULL, NULL );
+		return LDAP_UNWILLING_TO_PERFORM;
+	}
+
 	/*
 	 * do the add if 1 && (2 || 3)
 	 * 1) there is an add function implemented in this backend;

servers/slapd/config.c

@@ -28,6 +28,7 @@ int		defsize = SLAPD_DEFAULT_SIZELIMIT;
 int		deftime = SLAPD_DEFAULT_TIMELIMIT;
 AccessControl	*global_acl = NULL;
 int		global_default_access = ACL_READ;
+int		global_readonly = 0;
 char		*replogfile;
 int		global_lastmod = ON;
 int		global_idletimeout = 0;
@@ -366,9 +367,7 @@ read_config( const char *fname )
 				return( 1 );
 			}
 			if ( be == NULL ) {
-				Debug( LDAP_DEBUG_ANY,
-"%s: line %d: readonly line must appear inside a database definition (ignored)\n",
-				    fname, lineno, 0 );
+				global_readonly = (strcasecmp( cargv[1], "on" ) == 0);
 			} else {
 				if ( strcasecmp( cargv[1], "on" ) == 0 ) {
 					be->be_readonly = 1;

servers/slapd/delete.c

@@ -85,6 +85,15 @@ do_delete(
 		return rc;
 	}
 
+	if ( global_readonly || be->be_readonly ) {
+		Debug( LDAP_DEBUG_ANY, "do_delete: database is read-only\n",
+		       0, 0, 0 );
+		free( ndn );
+		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
+		                  NULL, "database is read-only", NULL, NULL );
+		return LDAP_UNWILLING_TO_PERFORM;
+	}
+
 	/* deref suffix alias if appropriate */
 	ndn = suffix_alias( be, ndn );
 

servers/slapd/modify.c

@@ -178,6 +178,14 @@ do_modify(
 		return rc;
 	}
 
+	if ( global_readonly || be->be_readonly ) {
+		Debug( LDAP_DEBUG_ANY, "do_modify: database is read-only\n",
+		       0, 0, 0 );
+		send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
+		                  NULL, "database is read-only", NULL, NULL );
+		goto done;
+	}
+
 	/* deref suffix alias if appropriate */
 	ndn = suffix_alias( be, ndn );
 
@@ -235,6 +243,7 @@ do_modify(
 		    NULL, "Function not implemented", NULL, NULL );
 	}
 
+done:
 	free( ndn );
 	modlist_free( modlist );
 	return rc;

servers/slapd/modrdn.c

@@ -181,6 +181,14 @@ do_modrdn(
 		return rc;
 	}
 
+	if ( global_readonly || be->be_readonly ) {
+		Debug( LDAP_DEBUG_ANY, "do_modrdn: database is read-only\n",
+		       0, 0, 0 );
+		send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
+		                  NULL, "database is read-only", NULL, NULL );
+		goto done;
+	}
+
 	/* Make sure that the entry being changed and the newSuperior are in 
 	 * the same backend, otherwise we return an error.
 	 */
@@ -247,6 +255,7 @@ do_modrdn(
 			NULL, "Function not implemented", NULL, NULL );
 	}
 
+done:
 	free( ndn );
 	free( newrdn );	
 	free( newSuperior );

servers/slapd/proto-slap.h

@@ -432,6 +432,7 @@ extern int		defsize;
 extern int		deftime;
 extern int		g_argc;
 extern int		global_default_access;
+extern int		global_readonly;
 extern int		global_lastmod;
 extern int		global_idletimeout;
 extern int		global_schemacheck;