mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-12 10:54:48 +08:00
fix couple of bugs in recent 'disclose' commits; prepare for sending matchedDN when appropriate; note ITS#3480 access control issues
This commit is contained in:
parent
b803b49e5f
commit
056c5ba7c1
servers/slapd/back-sql
@ -1068,7 +1068,7 @@ backsql_add( Operation *op, SlapReply *rs )
|
||||
goto done;
|
||||
}
|
||||
|
||||
rs->sr_err = backsql_dn2id( op, rs, NULL, dbh, &realdn, 0 );
|
||||
rs->sr_err = backsql_dn2id( op, rs, dbh, &realdn, NULL, 0, 0 );
|
||||
if ( rs->sr_err == LDAP_SUCCESS ) {
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
|
||||
"entry exists\n",
|
||||
@ -1087,7 +1087,7 @@ backsql_add( Operation *op, SlapReply *rs )
|
||||
dnParent( &op->oq_add.rs_e->e_nname, &pdn );
|
||||
}
|
||||
|
||||
rs->sr_err = backsql_dn2id( op, rs, &parent_id, dbh, &pdn, 1 );
|
||||
rs->sr_err = backsql_dn2id( op, rs, dbh, &pdn, &parent_id, 0, 1 );
|
||||
if ( rs->sr_err != LDAP_SUCCESS ) {
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
|
||||
"could not lookup parent entry for new record \"%s\"\n",
|
||||
@ -1121,7 +1121,7 @@ backsql_add( Operation *op, SlapReply *rs )
|
||||
/*
|
||||
* Empty DN ("") defaults to LDAP_SUCCESS
|
||||
*/
|
||||
rs->sr_err = backsql_dn2id( op, rs, NULL, dbh, &pdn, 1 );
|
||||
rs->sr_err = backsql_dn2id( op, rs, dbh, &pdn, NULL, 0, 1 );
|
||||
switch ( rs->sr_err ) {
|
||||
case LDAP_NO_SUCH_OBJECT:
|
||||
if ( !BER_BVISEMPTY( &pdn ) ) {
|
||||
@ -1154,6 +1154,8 @@ backsql_add( Operation *op, SlapReply *rs )
|
||||
p.e_attrs = NULL;
|
||||
p.e_name = pdn;
|
||||
dnParent( &op->oq_add.rs_e->e_nname, &p.e_nname );
|
||||
|
||||
/* FIXME: need the whole entry (ITS#3480) */
|
||||
if ( !access_allowed( op, &p, slap_schema.si_ad_children,
|
||||
NULL, ACL_WRITE, NULL ) ) {
|
||||
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
|
||||
|
@ -498,7 +498,7 @@ typedef struct {
|
||||
#define BACKSQL_IS_BASEOBJECT_ID(id) (bvmatch((id), &backsql_baseObject_bv))
|
||||
#else /* ! BACKSQL_ARBITRARY_KEY */
|
||||
#define BACKSQL_BASEOBJECT_ID 0
|
||||
#define BACKSQL_BASEOBJECT_IDSTR "0"
|
||||
#define BACKSQL_BASEOBJECT_IDSTR LDAP_XSTRING(BACKSQL_BASEOBJECT_ID)
|
||||
#define BACKSQL_BASEOBJECT_KEYVAL 0
|
||||
#define BACKSQL_IS_BASEOBJECT_ID(id) (*(id) == BACKSQL_BASEOBJECT_ID)
|
||||
#endif /* ! BACKSQL_ARBITRARY_KEY */
|
||||
|
@ -36,12 +36,11 @@ backsql_compare( Operation *op, SlapReply *rs )
|
||||
Attribute *a = NULL;
|
||||
backsql_srch_info bsi;
|
||||
int rc;
|
||||
AttributeName anlist[2];
|
||||
AttributeName anlist[2],
|
||||
*anlistp = NULL;
|
||||
|
||||
user_entry.e_name.bv_val = NULL;
|
||||
user_entry.e_name.bv_len = 0;
|
||||
user_entry.e_nname.bv_val = NULL;
|
||||
user_entry.e_nname.bv_len = 0;
|
||||
BER_BVZERO( &user_entry.e_name );
|
||||
BER_BVZERO( &user_entry.e_nname );
|
||||
user_entry.e_attrs = NULL;
|
||||
|
||||
Debug( LDAP_DEBUG_TRACE, "==>backsql_compare()\n", 0, 0, 0 );
|
||||
@ -64,12 +63,43 @@ backsql_compare( Operation *op, SlapReply *rs )
|
||||
/*
|
||||
* Try to get attr as dynamic operational
|
||||
*/
|
||||
if ( !is_at_operational( op->oq_compare.rs_ava->aa_desc->ad_type ) ) {
|
||||
anlistp = anlist;
|
||||
}
|
||||
|
||||
|
||||
rc = backsql_init_search( &bsi, &op->o_req_ndn,
|
||||
LDAP_SCOPE_BASE,
|
||||
SLAP_NO_LIMIT, SLAP_NO_LIMIT,
|
||||
(time_t)(-1), NULL, dbh, op, rs, anlistp,
|
||||
BACKSQL_ISF_GET_ID );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
|
||||
"could not retrieve compareDN ID - no such entry\n",
|
||||
0, 0, 0 );
|
||||
rs->sr_err = LDAP_NO_SUCH_OBJECT;
|
||||
goto return_results;
|
||||
|
||||
} else {
|
||||
Entry e = { 0 };
|
||||
|
||||
e.e_name = bsi.bsi_base_id.eid_dn;
|
||||
e.e_nname = bsi.bsi_base_id.eid_ndn;
|
||||
|
||||
/* FIXME: need the whole entry (ITS#3480) */
|
||||
if ( ! access_allowed( op, &e, slap_schema.si_ad_entry, NULL,
|
||||
ACL_DISCLOSE, NULL ) ) {
|
||||
rs->sr_err = LDAP_NO_SUCH_OBJECT;
|
||||
goto return_results;
|
||||
}
|
||||
}
|
||||
|
||||
if ( is_at_operational( op->oq_compare.rs_ava->aa_desc->ad_type ) ) {
|
||||
SlapReply nrs = { 0 };
|
||||
|
||||
user_entry.e_attrs = NULL;
|
||||
user_entry.e_name = op->o_req_dn;
|
||||
user_entry.e_nname = op->o_req_ndn;
|
||||
user_entry.e_name = bsi.bsi_base_id.eid_dn;
|
||||
user_entry.e_nname = bsi.bsi_base_id.eid_ndn;
|
||||
|
||||
nrs.sr_attrs = anlist;
|
||||
nrs.sr_entry = &user_entry;
|
||||
@ -84,19 +114,6 @@ backsql_compare( Operation *op, SlapReply *rs )
|
||||
user_entry.e_attrs = nrs.sr_operational_attrs;
|
||||
|
||||
} else {
|
||||
rc = backsql_init_search( &bsi, &op->o_req_ndn,
|
||||
LDAP_SCOPE_BASE,
|
||||
SLAP_NO_LIMIT, SLAP_NO_LIMIT,
|
||||
(time_t)(-1), NULL, dbh, op, rs, anlist,
|
||||
BACKSQL_ISF_GET_ID );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
|
||||
"could not retrieve compareDN ID - no such entry\n",
|
||||
0, 0, 0 );
|
||||
rs->sr_err = LDAP_NO_SUCH_OBJECT;
|
||||
goto return_results;
|
||||
}
|
||||
|
||||
bsi.bsi_e = &user_entry;
|
||||
rc = backsql_id2entry( &bsi, &bsi.bsi_base_id );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
@ -109,12 +126,7 @@ backsql_compare( Operation *op, SlapReply *rs )
|
||||
}
|
||||
e = &user_entry;
|
||||
|
||||
if ( ! access_allowed( op, e, slap_schema.si_ad_entry, NULL,
|
||||
ACL_DISCLOSE, NULL ) ) {
|
||||
rs->sr_err = LDAP_NO_SUCH_OBJECT;
|
||||
goto return_results;
|
||||
}
|
||||
|
||||
/* FIXME: need the whole entry (ITS#3480) */
|
||||
if ( ! access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
|
||||
&op->oq_compare.rs_ava->aa_value,
|
||||
ACL_COMPARE, NULL ) ) {
|
||||
@ -125,7 +137,7 @@ backsql_compare( Operation *op, SlapReply *rs )
|
||||
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
|
||||
for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
|
||||
a != NULL;
|
||||
a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ))
|
||||
a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
|
||||
{
|
||||
rs->sr_err = LDAP_COMPARE_FALSE;
|
||||
if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
|
||||
|
@ -101,6 +101,7 @@ backsql_delete( Operation *op, SlapReply *rs )
|
||||
e.e_attrs = NULL;
|
||||
|
||||
/* check parent for "children" acl */
|
||||
/* FIXME: need the whole entry (ITS#3480) */
|
||||
if ( !access_allowed( op, &e, slap_schema.si_ad_children,
|
||||
NULL, ACL_WRITE, NULL ) ) {
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
|
||||
@ -121,7 +122,7 @@ backsql_delete( Operation *op, SlapReply *rs )
|
||||
goto done;
|
||||
}
|
||||
|
||||
rs->sr_err = backsql_dn2id( op, rs, &e_id, dbh, &op->o_req_ndn, 1 );
|
||||
rs->sr_err = backsql_dn2id( op, rs, dbh, &op->o_req_ndn, &e_id, 0, 1 );
|
||||
if ( rs->sr_err != LDAP_SUCCESS ) {
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
|
||||
"could not lookup entry id\n", 0, 0, 0 );
|
||||
|
@ -81,9 +81,10 @@ int
|
||||
backsql_dn2id(
|
||||
Operation *op,
|
||||
SlapReply *rs,
|
||||
backsql_entryID *id,
|
||||
SQLHDBC dbh,
|
||||
struct berval *ndn,
|
||||
backsql_entryID *id,
|
||||
int matched,
|
||||
int muck )
|
||||
{
|
||||
backsql_info *bi = op->o_bd->be_private;
|
||||
@ -105,13 +106,14 @@ backsql_dn2id(
|
||||
* positive cases, or the most appropriate error
|
||||
*/
|
||||
|
||||
Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(): dn=\"%s\"%s\n",
|
||||
ndn->bv_val, id == NULL ? " (no ID)" : "", 0 );
|
||||
Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(\"%s\")%s%s\n",
|
||||
ndn->bv_val, id == NULL ? " (no ID expected)" : "",
|
||||
matched ? " matched expected" : "" );
|
||||
|
||||
if ( ndn->bv_len > BACKSQL_MAX_DN_LEN ) {
|
||||
Debug( LDAP_DEBUG_TRACE,
|
||||
"backsql_dn2id(): DN \"%s\" (%ld bytes) "
|
||||
"exceeds max DN length (%d):\n",
|
||||
" backsql_dn2id(\"%s\"): DN length=%ld "
|
||||
"exceeds max DN length %d:\n",
|
||||
ndn->bv_val, ndn->bv_len, BACKSQL_MAX_DN_LEN );
|
||||
return LDAP_OTHER;
|
||||
}
|
||||
@ -141,13 +143,15 @@ backsql_dn2id(
|
||||
}
|
||||
|
||||
/* begin TimesTen */
|
||||
Debug( LDAP_DEBUG_TRACE, "id_query \"%s\"\n", bi->sql_id_query, 0, 0 );
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): id_query \"%s\"\n",
|
||||
ndn->bv_val, bi->sql_id_query, 0 );
|
||||
assert( bi->sql_id_query );
|
||||
rc = backsql_Prepare( dbh, &sth, bi->sql_id_query, 0 );
|
||||
if ( rc != SQL_SUCCESS ) {
|
||||
Debug( LDAP_DEBUG_TRACE,
|
||||
"backsql_dn2id(): error preparing SQL:\n%s",
|
||||
bi->sql_id_query, 0, 0);
|
||||
" backsql_dn2id(\"%s\"): "
|
||||
"error preparing SQL:\n %s",
|
||||
ndn->bv_val, bi->sql_id_query, 0 );
|
||||
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
|
||||
res = LDAP_OTHER;
|
||||
goto done;
|
||||
@ -177,8 +181,9 @@ backsql_dn2id(
|
||||
upperdn[ i ] = '\0';
|
||||
ldap_pvt_str2upper( upperdn );
|
||||
|
||||
Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(): upperdn=\"%s\"\n",
|
||||
upperdn, 0, 0 );
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
|
||||
"upperdn=\"%s\"\n",
|
||||
ndn->bv_val, upperdn, 0 );
|
||||
ber_str2bv( upperdn, 0, 0, &tbbDN );
|
||||
|
||||
} else {
|
||||
@ -186,8 +191,9 @@ backsql_dn2id(
|
||||
AC_MEMCPY( upperdn, realndn.bv_val, realndn.bv_len + 1 );
|
||||
ldap_pvt_str2upper( upperdn );
|
||||
Debug( LDAP_DEBUG_TRACE,
|
||||
"==>backsql_dn2id(): upperdn=\"%s\"\n",
|
||||
upperdn, 0, 0 );
|
||||
" backsql_dn2id(\"%s\"): "
|
||||
"upperdn=\"%s\"\n",
|
||||
ndn->bv_val, upperdn, 0 );
|
||||
ber_str2bv( upperdn, 0, 0, &tbbDN );
|
||||
|
||||
} else {
|
||||
@ -198,9 +204,9 @@ backsql_dn2id(
|
||||
rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, &tbbDN );
|
||||
if ( rc != SQL_SUCCESS) {
|
||||
/* end TimesTen */
|
||||
Debug( LDAP_DEBUG_TRACE, "backsql_dn2id(): "
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
|
||||
"error binding dn=\"%s\" parameter:\n",
|
||||
tbbDN.bv_val, 0, 0 );
|
||||
ndn->bv_val, tbbDN.bv_val, 0 );
|
||||
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
|
||||
res = LDAP_OTHER;
|
||||
goto done;
|
||||
@ -208,9 +214,9 @@ backsql_dn2id(
|
||||
|
||||
rc = SQLExecute( sth );
|
||||
if ( rc != SQL_SUCCESS ) {
|
||||
Debug( LDAP_DEBUG_TRACE, "backsql_dn2id(): "
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
|
||||
"error executing query (\"%s\", \"%s\"):\n",
|
||||
bi->sql_id_query, tbbDN.bv_val, 0 );
|
||||
ndn->bv_val, bi->sql_id_query, tbbDN.bv_val );
|
||||
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
|
||||
res = LDAP_OTHER;
|
||||
goto done;
|
||||
@ -219,7 +225,7 @@ backsql_dn2id(
|
||||
backsql_BindRowAsStrings( sth, &row );
|
||||
rc = SQLFetch( sth );
|
||||
if ( BACKSQL_SUCCESS( rc ) ) {
|
||||
char buf[BUFSIZ];
|
||||
char buf[ SLAP_TEXT_BUFLEN ];
|
||||
|
||||
#ifdef LDAP_DEBUG
|
||||
snprintf( buf, sizeof(buf),
|
||||
@ -227,7 +233,8 @@ backsql_dn2id(
|
||||
row.cols[ 0 ], row.cols[ 1 ],
|
||||
row.cols[ 2 ], row.cols[ 3 ] );
|
||||
Debug( LDAP_DEBUG_TRACE,
|
||||
"<==backsql_dn2id(): %s\n", buf, 0, 0 );
|
||||
" backsql_dn2id(\"%s\"): %s\n",
|
||||
ndn->bv_val, buf, 0 );
|
||||
#endif /* LDAP_DEBUG */
|
||||
|
||||
res = LDAP_SUCCESS;
|
||||
@ -252,7 +259,7 @@ backsql_dn2id(
|
||||
res = dnPrettyNormal( NULL, &dn, &id->eid_dn, &id->eid_ndn, NULL );
|
||||
if ( res != LDAP_SUCCESS ) {
|
||||
Debug( LDAP_DEBUG_TRACE,
|
||||
"<==backsql_dn2id(\"%s\"): "
|
||||
" backsql_dn2id(\"%s\"): "
|
||||
"dnPrettyNormal failed (%d: %s)\n",
|
||||
realndn.bv_val, res,
|
||||
ldap_err2string( res ) );
|
||||
@ -271,12 +278,13 @@ backsql_dn2id(
|
||||
|
||||
} else {
|
||||
res = LDAP_NO_SUCH_OBJECT;
|
||||
Debug( LDAP_DEBUG_TRACE, "<==backsql_dn2id(): no match\n",
|
||||
0, 0, 0 );
|
||||
}
|
||||
backsql_FreeRow( &row );
|
||||
|
||||
done:;
|
||||
Debug( LDAP_DEBUG_TRACE,
|
||||
"<==backsql_dn2id(\"%s\"): err=%d\n",
|
||||
ndn->bv_val, res, 0 );
|
||||
if ( sth != SQL_NULL_HSTMT ) {
|
||||
SQLFreeStmt( sth, SQL_DROP );
|
||||
}
|
||||
@ -626,7 +634,7 @@ next:;
|
||||
int rc;
|
||||
|
||||
bv[ 0 ] = bsi->bsi_oc->bom_oc->soc_cname;
|
||||
bv[ 1 ].bv_val = NULL;
|
||||
BER_BVZERO( &bv[ 1 ] );
|
||||
|
||||
rc = structural_class( bv, &soc, NULL,
|
||||
&text, textbuf, textlen );
|
||||
|
@ -113,6 +113,7 @@ backsql_modify( Operation *op, SlapReply *rs )
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* FIXME: need the whole entry (ITS#3480) */
|
||||
if ( !acl_check_modlist( op, &e, op->oq_modify.rs_modlist ) ) {
|
||||
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
|
||||
|
||||
|
@ -66,7 +66,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
|
||||
return 1;
|
||||
}
|
||||
|
||||
rs->sr_err = backsql_dn2id( op, rs, &e_id, dbh, &op->o_req_ndn, 1 );
|
||||
rs->sr_err = backsql_dn2id( op, rs, dbh, &op->o_req_ndn, &e_id, 0, 1 );
|
||||
if ( rs->sr_err != LDAP_SUCCESS ) {
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
|
||||
"could not lookup entry id (%d)\n",
|
||||
@ -116,6 +116,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
|
||||
e.e_attrs = NULL;
|
||||
e.e_name = p_dn;
|
||||
e.e_nname = p_ndn;
|
||||
/* FIXME: need the whole entry (ITS#3480) */
|
||||
if ( !access_allowed( op, &e, slap_schema.si_ad_children,
|
||||
NULL, ACL_WRITE, NULL ) ) {
|
||||
Debug( LDAP_DEBUG_TRACE, " no access to parent\n", 0, 0, 0 );
|
||||
@ -145,6 +146,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
|
||||
/*
|
||||
* Check for children access to new parent
|
||||
*/
|
||||
/* FIXME: need the whole entry (ITS#3480) */
|
||||
if ( !access_allowed( op, &e, slap_schema.si_ad_children,
|
||||
NULL, ACL_WRITE, NULL ) ) {
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
|
||||
@ -192,7 +194,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): new entry dn is \"%s\"\n",
|
||||
new_dn.bv_val, 0, 0 );
|
||||
|
||||
rs->sr_err = backsql_dn2id( op, rs, &pe_id, dbh, &p_ndn, 1 );
|
||||
rs->sr_err = backsql_dn2id( op, rs, dbh, &p_ndn, &pe_id, 0, 1 );
|
||||
if ( rs->sr_err != LDAP_SUCCESS ) {
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
|
||||
"could not lookup old parent entry id\n", 0, 0, 0 );
|
||||
@ -212,7 +214,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
|
||||
|
||||
(void)backsql_free_entryID( &pe_id, 0 );
|
||||
|
||||
rs->sr_err = backsql_dn2id( op, rs, &new_pe_id, dbh, new_npdn, 1 );
|
||||
rs->sr_err = backsql_dn2id( op, rs, dbh, new_npdn, &new_pe_id, 0, 1 );
|
||||
if ( rs->sr_err != LDAP_SUCCESS ) {
|
||||
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
|
||||
"could not lookup new parent entry id\n", 0, 0, 0 );
|
||||
@ -420,6 +422,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
|
||||
goto modrdn_return;
|
||||
}
|
||||
|
||||
/* FIXME: need the whole entry (ITS#3480) */
|
||||
if ( !acl_check_modlist( op, &e, mod )) {
|
||||
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
|
||||
goto modrdn_return;
|
||||
|
@ -111,8 +111,9 @@ extern struct berval backsql_baseObject_bv;
|
||||
#endif /* BACKSQL_ARBITRARY_KEY */
|
||||
|
||||
/* stores in *id the ID in table ldap_entries corresponding to DN, if any */
|
||||
int backsql_dn2id( Operation *op, SlapReply *rs, backsql_entryID *id,
|
||||
SQLHDBC dbh, struct berval *dn, int muck );
|
||||
int backsql_dn2id( Operation *op, SlapReply *rs, SQLHDBC dbh,
|
||||
struct berval *ndn, backsql_entryID *id,
|
||||
int matched, int muck );
|
||||
|
||||
/* stores in *nchildren the count of children for an entry */
|
||||
int backsql_count_children( backsql_info *bi, SQLHDBC dbh,
|
||||
@ -163,6 +164,11 @@ int backsql_destroy_schema_map( backsql_info *si );
|
||||
|
||||
/* the function must collect the entry associated to nbase */
|
||||
#define BACKSQL_ISF_GET_ID 0x1U
|
||||
#define BACKSQL_ISF_MATCHED 0x2U
|
||||
#define BACKSQL_IS_GET_ID(f) \
|
||||
( ( (f) & BACKSQL_ISF_GET_ID ) == BACKSQL_ISF_GET_ID )
|
||||
#define BACKSQL_IS_MATCHED(f) \
|
||||
( ( (f) & BACKSQL_ISF_MATCHED ) == BACKSQL_ISF_MATCHED )
|
||||
int backsql_init_search( backsql_srch_info *bsi,
|
||||
struct berval *nbase, int scope, int slimit, int tlimit,
|
||||
time_t stoptime, Filter *filter, SQLHDBC dbh,
|
||||
|
@ -195,10 +195,11 @@ backsql_init_search(
|
||||
bsi->bsi_flt_where.bb_len = 0;
|
||||
bsi->bsi_filter_oc = NULL;
|
||||
|
||||
if ( flags & BACKSQL_ISF_GET_ID ) {
|
||||
if ( BACKSQL_IS_GET_ID( flags ) ) {
|
||||
assert( op->o_bd->be_private );
|
||||
|
||||
rc = backsql_dn2id( op, rs, &bsi->bsi_base_id, dbh, nbase, 1 );
|
||||
rc = backsql_dn2id( op, rs, dbh, nbase, &bsi->bsi_base_id,
|
||||
BACKSQL_IS_MATCHED( flags ), 1 );
|
||||
}
|
||||
|
||||
return ( bsi->bsi_status = rc );
|
||||
@ -686,8 +687,7 @@ backsql_process_filter( backsql_srch_info *bsi, Filter *f )
|
||||
#ifdef BACKSQL_SYNCPROV
|
||||
} else if ( ad == slap_schema.si_ad_entryCSN ) {
|
||||
/*
|
||||
* TODO: introduce appropriate entryCSN filtering
|
||||
* to support syncrepl as producer...
|
||||
* support for syncrepl as producer...
|
||||
*/
|
||||
if ( !bsi->bsi_op->o_sync ) {
|
||||
/* unsupported at present... */
|
||||
@ -1716,13 +1716,20 @@ backsql_search( Operation *op, SlapReply *rs )
|
||||
if ( rs->sr_err != LDAP_SUCCESS ) {
|
||||
send_ldap_result( op, rs );
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ( ! access_allowed( op, bsi.bsi_e, slap_schema.si_ad_entry, NULL,
|
||||
ACL_DISCLOSE, NULL ) ) {
|
||||
rs->sr_err = LDAP_NO_SUCH_OBJECT;
|
||||
send_ldap_result( op, rs );
|
||||
goto done;
|
||||
} else {
|
||||
Entry e = { 0 };
|
||||
|
||||
e.e_name = bsi.bsi_base_id.eid_dn;
|
||||
e.e_nname = bsi.bsi_base_id.eid_ndn;
|
||||
/* FIXME: need the whole entry (ITS#3480) */
|
||||
if ( ! access_allowed( op, &e, slap_schema.si_ad_entry,
|
||||
NULL, ACL_DISCLOSE, NULL ) )
|
||||
{
|
||||
rs->sr_err = LDAP_NO_SUCH_OBJECT;
|
||||
send_ldap_result( op, rs );
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
bsi.bsi_n_candidates =
|
||||
@ -1911,7 +1918,7 @@ backsql_search( Operation *op, SlapReply *rs )
|
||||
}
|
||||
|
||||
if ( !rs->sr_ref ) {
|
||||
rs->sr_text = "bad_referral object";
|
||||
rs->sr_text = "bad referral object";
|
||||
}
|
||||
|
||||
rs->sr_entry = e;
|
||||
@ -1995,6 +2002,7 @@ backsql_search( Operation *op, SlapReply *rs )
|
||||
if ( e == &user_entry ) {
|
||||
rs->sr_flags = REP_ENTRY_MODIFIABLE;
|
||||
}
|
||||
/* FIXME: need the whole entry (ITS#3480) */
|
||||
sres = send_search_entry( op, rs );
|
||||
rs->sr_entry = NULL;
|
||||
rs->sr_attrs = NULL;
|
||||
|
Loading…
Reference in New Issue
Block a user