git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/delete.c

   1 /* delete.c - ldbm backend delete routine */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 1998-2005 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16
  17 #include "portable.h"
  18
  19 #include <stdio.h>
  20
  21 #include <ac/string.h>
  22 #include <ac/socket.h>
  23
  24 #include "slap.h"
  25 #include "back-ldbm.h"
  26 #include "proto-back-ldbm.h"
  27
  28 int
  29 ldbm_back_delete(
  30     Operation   *op,
  31     SlapReply   *rs )
  32 {
  33         struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
  34         Entry   *matched;
  35         struct berval   pdn;
  36         Entry   *e, *p = NULL;
  37         int     rc = -1;
  38         int             manageDSAit = get_manageDSAit( op );
  39         AttributeDescription *children = slap_schema.si_ad_children;
  40         AttributeDescription *entry = slap_schema.si_ad_entry;
  41
  42         Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_delete: %s\n", op->o_req_dn.bv_val, 0, 0);
  43
  44         /* grab giant lock for writing */
  45         ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
  46
  47         /* get entry with writer lock */
  48         e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
  49
  50         /* FIXME : dn2entry() should return non-glue entry */
  51         if ( e == NULL || ( !manageDSAit && is_entry_glue( e ))) {
  52                 BerVarray deref = NULL;
  53
  54                 Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: no such object %s\n",
  55                         op->o_req_dn.bv_val, 0, 0);
  56
  57                 if ( matched != NULL ) {
  58                         rs->sr_matched = ch_strdup( matched->e_dn );
  59                         rs->sr_ref = is_entry_referral( matched )
  60                                 ? get_entry_referrals( op, matched )
  61                                 : NULL;
  62                         cache_return_entry_r( &li->li_cache, matched );
  63
  64                 } else {
  65                         if ( op->o_bd->be_syncinfo ) {
  66                                 syncinfo_t *si = op->o_bd->be_syncinfo;
  67                                 {
  68                                         struct berval tmpbv;
  69                                         ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
  70                                         ber_bvarray_add( &deref, &tmpbv );
  71                                 }
  72                         } else {
  73                                 deref = default_referral;
  74                         }
  75                         rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
  76                                                         LDAP_SCOPE_DEFAULT );
  77                 }
  78
  79                 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
  80
  81                 rs->sr_err = LDAP_REFERRAL;
  82                 send_ldap_result( op, rs );
  83
  84                 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
  85                 if ( deref != default_referral ) {
  86                         ber_bvarray_free( deref );
  87                 }
  88                 free( (char *)rs->sr_matched );
  89                 rs->sr_ref = NULL;
  90                 rs->sr_matched = NULL;
  91                 return( -1 );
  92         }
  93
  94         /* check entry for "entry" acl */
  95         if ( ! access_allowed( op, e,
  96                 entry, NULL, ACL_WRITE, NULL ) )
  97         {
  98                 Debug( LDAP_DEBUG_TRACE,
  99                         "<=- ldbm_back_delete: no write access to entry\n", 0,
 100                         0, 0 );
 101
 102                 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
 103                         "no write access to entry" );
 104
 105                 rc = LDAP_INSUFFICIENT_ACCESS;
 106                 goto return_results;
 107         }
 108
 109         if ( !manageDSAit && is_entry_referral( e ) ) {
 110                 /* parent is a referral, don't allow add */
 111                 /* parent is an alias, don't allow add */
 112                 rs->sr_ref = get_entry_referrals( op, e );
 113
 114                 Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
 115                     0, 0 );
 116
 117                 rs->sr_err = LDAP_REFERRAL;
 118                 rs->sr_matched = e->e_name.bv_val;
 119                 send_ldap_result( op, rs );
 120
 121                 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
 122                 rs->sr_ref = NULL;
 123                 rs->sr_matched = NULL;
 124                 rc = LDAP_REFERRAL;
 125                 goto return_results;
 126         }
 127
 128         if ( has_children( op->o_bd, e ) ) {
 129                 Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: non leaf %s\n",
 130                         op->o_req_dn.bv_val, 0, 0);
 131
 132                 send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
 133                         "subtree delete not supported" );
 134                 goto return_results;
 135         }
 136
 137         /* delete from parent's id2children entry */
 138         if( !be_issuffix( op->o_bd, &e->e_nname ) && (dnParent( &e->e_nname, &pdn ),
 139                 pdn.bv_len) ) {
 140                 if( (p = dn2entry_w( op->o_bd, &pdn, NULL )) == NULL) {
 141                         Debug( LDAP_DEBUG_TRACE,
 142                                 "<=- ldbm_back_delete: parent does not exist\n",
 143                                 0, 0, 0);
 144
 145                         send_ldap_error( op, rs, LDAP_OTHER,
 146                                 "could not locate parent of entry" );
 147                         goto return_results;
 148                 }
 149
 150                 /* check parent for "children" acl */
 151                 if ( ! access_allowed( op, p,
 152                         children, NULL, ACL_WRITE, NULL ) )
 153                 {
 154                         Debug( LDAP_DEBUG_TRACE,
 155                                 "<=- ldbm_back_delete: no access to parent\n", 0,
 156                                 0, 0 );
 157
 158                         send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
 159                                 "no write access to parent" );
 160                         goto return_results;
 161                 }
 162
 163         } else {
 164                 /* no parent, must be root to delete */
 165                 if( ! be_isroot( op ) ) {
 166                         if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
 167                                 || be_shadow_update( op ) ) {
 168                                 p = (Entry *)&slap_entry_root;
 169
 170                                 rc = access_allowed( op, p,
 171                                         children, NULL, ACL_WRITE, NULL );
 172                                 p = NULL;
 173
 174                                 /* check parent for "children" acl */
 175                                 if ( ! rc ) {
 176                                         Debug( LDAP_DEBUG_TRACE,
 177                                                 "<=- ldbm_back_delete: no "
 178                                                 "access to parent\n", 0, 0, 0 );
 179
 180                                         send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
 181                                                 "no write access to parent" );
 182                                         goto return_results;
 183                                 }
 184
 185                         } else {
 186                                 Debug( LDAP_DEBUG_TRACE,
 187                                         "<=- ldbm_back_delete: no parent & "
 188                                         "not root\n", 0, 0, 0);
 189
 190                                 send_ldap_error( op, rs,
 191                                         LDAP_INSUFFICIENT_ACCESS,
 192                                         NULL );
 193                                 goto return_results;
 194                         }
 195                 }
 196         }
 197
 198         /* delete from dn2id mapping */
 199         if ( dn2id_delete( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
 200                 Debug(LDAP_DEBUG_ARGS,
 201                         "<=- ldbm_back_delete: operations error %s\n",
 202                         op->o_req_dn.bv_val, 0, 0);
 203
 204                 send_ldap_error( op, rs, LDAP_OTHER,
 205                         "DN index delete failed" );
 206                 goto return_results;
 207         }
 208
 209         /* delete from disk and cache */
 210         if ( id2entry_delete( op->o_bd, e ) != 0 ) {
 211                 Debug(LDAP_DEBUG_ARGS,
 212                         "<=- ldbm_back_delete: operations error %s\n",
 213                         op->o_req_dn.bv_val, 0, 0);
 214
 215                 send_ldap_error( op, rs, LDAP_OTHER,
 216                         "entry delete failed" );
 217                 goto return_results;
 218         }
 219
 220         /* delete attribute indices */
 221         (void) index_entry_del( op, e );
 222
 223         rs->sr_err = LDAP_SUCCESS;
 224         send_ldap_result( op, rs );
 225         rc = LDAP_SUCCESS;
 226
 227 return_results:;
 228         if( p != NULL ) {
 229                 /* free parent and writer lock */
 230                 cache_return_entry_w( &li->li_cache, p );
 231         }
 232
 233         /* free entry and writer lock */
 234         cache_return_entry_w( &li->li_cache, e );
 235
 236         ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
 237
 238         return rc;
 239 }