mirror of
https://git.openldap.org/openldap/openldap.git
synced 2026-01-20 22:03:45 -05:00
ITS#3576 use actual backend (not glue instance) for restriction and
update/referral checks
This commit is contained in:
Howard Chu
parent
667ae398cb
commit
f955f17076
5 changed files with 45 additions and 0 deletions
|
|
@ -205,6 +205,7 @@ fe_op_add( Operation *op, SlapReply *rs )
|
|||
Modifications *modlist = op->ora_modlist;
|
||||
Modifications **modtail = &modlist;
|
||||
int rc = 0;
|
||||
BackendDB *op_be;
|
||||
|
||||
manageDSAit = get_manageDSAit( op );
|
||||
|
||||
|
|
@ -236,6 +237,12 @@ fe_op_add( Operation *op, SlapReply *rs )
|
|||
goto done;
|
||||
}
|
||||
|
||||
/* If we've got a glued backend, check the real backend */
|
||||
op_be = op->o_bd;
|
||||
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
|
||||
op->o_bd = select_backend( &e->e_nname, manageDSAit, 0 );
|
||||
}
|
||||
|
||||
/* check restrictions */
|
||||
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
|
||||
send_ldap_result( op, rs );
|
||||
|
|
@ -269,6 +276,8 @@ fe_op_add( Operation *op, SlapReply *rs )
|
|||
size_t textlen = sizeof( textbuf );
|
||||
slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
|
||||
|
||||
op->o_bd = op_be;
|
||||
|
||||
if ( !update ) {
|
||||
rs->sr_err = slap_mods_no_update_check( modlist,
|
||||
&rs->sr_text,
|
||||
|
|
|
|||
|
|
@ -107,6 +107,7 @@ fe_op_delete( Operation *op, SlapReply *rs )
|
|||
{
|
||||
struct berval pdn = BER_BVNULL;
|
||||
int manageDSAit;
|
||||
BackendDB *op_be;
|
||||
|
||||
manageDSAit = get_manageDSAit( op );
|
||||
|
||||
|
|
@ -138,6 +139,12 @@ fe_op_delete( Operation *op, SlapReply *rs )
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
/* If we've got a glued backend, check the real backend */
|
||||
op_be = op->o_bd;
|
||||
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
|
||||
op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
|
||||
}
|
||||
|
||||
/* check restrictions */
|
||||
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
|
||||
send_ldap_result( op, rs );
|
||||
|
|
@ -196,6 +203,8 @@ fe_op_delete( Operation *op, SlapReply *rs )
|
|||
int org_managedsait;
|
||||
slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
|
||||
|
||||
op->o_bd = op_be;
|
||||
|
||||
if ( !repl_user ) {
|
||||
struct berval csn = BER_BVNULL;
|
||||
char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
|
||||
|
|
|
|||
|
|
@ -225,6 +225,7 @@ fe_op_modify( Operation *op, SlapReply *rs )
|
|||
#endif
|
||||
int increment = op->orm_increment;
|
||||
int rc = 0;
|
||||
BackendDB *op_be;
|
||||
|
||||
if( op->o_req_ndn.bv_len == 0 ) {
|
||||
Debug( LDAP_DEBUG_ANY, "do_modify: root dse!\n", 0, 0, 0 );
|
||||
|
|
@ -330,6 +331,12 @@ fe_op_modify( Operation *op, SlapReply *rs )
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
/* If we've got a glued backend, check the real backend */
|
||||
op_be = op->o_bd;
|
||||
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
|
||||
op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
|
||||
}
|
||||
|
||||
/* check restrictions */
|
||||
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
|
||||
send_ldap_result( op, rs );
|
||||
|
|
@ -424,6 +431,7 @@ fe_op_modify( Operation *op, SlapReply *rs )
|
|||
size_t textlen = sizeof( textbuf );
|
||||
slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
|
||||
|
||||
op->o_bd = op_be;
|
||||
|
||||
if ( !update ) {
|
||||
rs->sr_err = slap_mods_no_update_check( modlist,
|
||||
|
|
|
|||
|
|
@ -203,6 +203,7 @@ fe_op_modrdn( Operation *op, SlapReply *rs )
|
|||
Backend *newSuperior_be = NULL;
|
||||
int manageDSAit;
|
||||
struct berval pdn = BER_BVNULL;
|
||||
BackendDB *op_be;
|
||||
|
||||
if( op->o_req_ndn.bv_len == 0 ) {
|
||||
Debug( LDAP_DEBUG_ANY, "do_modrdn: root dse!\n", 0, 0, 0 );
|
||||
|
|
@ -252,6 +253,12 @@ fe_op_modrdn( Operation *op, SlapReply *rs )
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
/* If we've got a glued backend, check the real backend */
|
||||
op_be = op->o_bd;
|
||||
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
|
||||
op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
|
||||
}
|
||||
|
||||
/* check restrictions */
|
||||
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
|
||||
send_ldap_result( op, rs );
|
||||
|
|
@ -320,6 +327,9 @@ fe_op_modrdn( Operation *op, SlapReply *rs )
|
|||
#endif
|
||||
{
|
||||
slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
|
||||
|
||||
op->o_bd = op_be;
|
||||
|
||||
#ifdef SLAPD_MULTIMASTER
|
||||
if ( !op->o_bd->be_update_ndn.bv_len || !repl_user )
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -51,6 +51,7 @@ int passwd_extop(
|
|||
int i, nhash;
|
||||
char **hashes;
|
||||
int rc;
|
||||
BackendDB *op_be;
|
||||
|
||||
cb2.sc_next = &cb;
|
||||
|
||||
|
|
@ -108,6 +109,12 @@ int passwd_extop(
|
|||
goto error_return;
|
||||
}
|
||||
|
||||
/* If we've got a glued backend, check the real backend */
|
||||
op_be = op->o_bd;
|
||||
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
|
||||
op->o_bd = select_backend( &op->o_req_ndn, 0, 0 );
|
||||
}
|
||||
|
||||
if (backend_check_restrictions( op, rs,
|
||||
(struct berval *)&slap_EXOP_MODIFY_PASSWD ) != LDAP_SUCCESS) {
|
||||
rc = rs->sr_err;
|
||||
|
|
@ -159,6 +166,8 @@ int passwd_extop(
|
|||
goto error_return;
|
||||
}
|
||||
|
||||
op->o_bd = op_be;
|
||||
|
||||
/* Give the backend a chance to handle this itself */
|
||||
if ( op->o_bd->be_extended ) {
|
||||
rs->sr_err = op->o_bd->be_extended( op, rs );
|
||||
|
|
|
|||
Loading…
Reference in a new issue