1 /* modrdn.c - ldbm backend modrdn routine */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2005 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright 1999, Juan C. Gomez, All rights reserved.
17 * This software is not subject to any license of Silicon Graphics
18 * Inc. or Purdue University.
20 * Redistribution and use in source and binary forms are permitted
21 * without restriction or fee of any kind as long as this notice
29 #include <ac/string.h>
30 #include <ac/socket.h>
33 #include "back-ldbm.h"
34 #include "proto-back-ldbm.h"
41 AttributeDescription *children = slap_schema.si_ad_children;
42 AttributeDescription *entry = slap_schema.si_ad_entry;
43 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
44 struct berval p_dn, p_ndn;
45 struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
46 struct berval old_ndn = BER_BVNULL;
49 /* LDAP v2 supporting correct attribute handling. */
50 LDAPRDN new_rdn = NULL;
51 LDAPRDN old_rdn = NULL;
55 const char *text = NULL;
56 char textbuf[SLAP_TEXT_BUFLEN];
57 size_t textlen = sizeof textbuf;
58 /* Added to support newSuperior */
59 Entry *np = NULL; /* newSuperior Entry */
60 struct berval *np_ndn = NULL; /* newSuperior ndn */
61 struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
62 /* Used to interface with ldbm_modify_internal() */
63 Modifications *mod = NULL; /* Used to delete old/add new rdn */
64 int manageDSAit = get_manageDSAit( op );
66 Debug( LDAP_DEBUG_TRACE,
67 "==>ldbm_back_modrdn: dn: %s newSuperior=%s\n",
68 op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
69 ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len )
70 ? op->oq_modrdn.rs_newSup->bv_val : "NULL", 0 );
72 /* grab giant lock for writing */
73 ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
75 e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
77 /* get entry with writer lock */
78 /* FIXME: dn2entry() should return non-glue entry */
79 if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
80 if ( matched != NULL ) {
81 rs->sr_matched = strdup( matched->e_dn );
82 rs->sr_ref = is_entry_referral( matched )
83 ? get_entry_referrals( op, matched )
85 cache_return_entry_r( &li->li_cache, matched );
87 rs->sr_ref = referral_rewrite( default_referral, NULL,
88 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
91 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
93 rs->sr_err = LDAP_REFERRAL;
94 send_ldap_result( op, rs );
96 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
97 free( (char *)rs->sr_matched );
99 rs->sr_matched = NULL;
103 /* check entry for "entry" acl */
104 if ( ! access_allowed( op, e,
105 entry, NULL, ACL_WRITE, NULL ) )
107 Debug( LDAP_DEBUG_TRACE,
108 "<=- ldbm_back_modrdn: no write access to entry\n", 0,
111 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
112 "no write access to entry" );
117 if (!manageDSAit && is_entry_referral( e ) ) {
118 /* parent is a referral, don't allow add */
119 /* parent is an alias, don't allow add */
120 rs->sr_ref = get_entry_referrals( op, e );
122 Debug( LDAP_DEBUG_TRACE, "entry %s is referral\n", e->e_dn,
125 rs->sr_err = LDAP_REFERRAL;
126 rs->sr_matched = e->e_name.bv_val;
127 send_ldap_result( op, rs );
129 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
131 rs->sr_matched = NULL;
135 if ( has_children( op->o_bd, e ) ) {
136 Debug( LDAP_DEBUG_TRACE, "entry %s has children\n", e->e_dn,
139 send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
140 "subtree rename not supported" );
144 if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
145 p_ndn = slap_empty_bv ;
147 dnParent( &e->e_nname, &p_ndn );
150 if ( p_ndn.bv_len != 0 ) {
151 /* Make sure parent entry exist and we can write its
155 if( (p = dn2entry_w( op->o_bd, &p_ndn, NULL )) == NULL) {
156 Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
159 send_ldap_error( op, rs, LDAP_OTHER,
160 "parent entry does not exist" );
165 /* check parent for "children" acl */
166 if ( ! access_allowed( op, p,
167 children, NULL, ACL_WRITE, NULL ) )
169 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
172 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
177 Debug( LDAP_DEBUG_TRACE,
178 "ldbm_back_modrdn: wr to children of entry %s OK\n",
179 p_ndn.bv_val, 0, 0 );
181 if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
182 p_dn = slap_empty_bv;
184 dnParent( &e->e_name, &p_dn );
187 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n",
191 /* no parent, must be root to modify rdn */
192 isroot = be_isroot( op );
194 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
195 || be_shadow_update( op ) ) {
197 p = (Entry *)&slap_entry_root;
199 can_access = access_allowed( op, p,
200 children, NULL, ACL_WRITE, NULL );
203 /* check parent for "children" acl */
204 if ( ! can_access ) {
205 Debug( LDAP_DEBUG_TRACE,
206 "<=- ldbm_back_modrdn: no "
207 "access to parent\n", 0, 0, 0 );
209 send_ldap_error( op, rs,
210 LDAP_INSUFFICIENT_ACCESS,
216 Debug( LDAP_DEBUG_TRACE,
217 "<=- ldbm_back_modrdn: no parent & "
218 "not root\n", 0, 0, 0);
220 send_ldap_error( op, rs,
221 LDAP_INSUFFICIENT_ACCESS,
227 Debug( LDAP_DEBUG_TRACE,
228 "ldbm_back_modrdn: no parent, locked root\n",
232 new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
234 if ( op->oq_modrdn.rs_newSup != NULL ) {
235 Debug( LDAP_DEBUG_TRACE,
236 "ldbm_back_modrdn: new parent \"%s\" requested...\n",
237 op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
239 np_ndn = op->oq_modrdn.rs_nnewSup;
241 /* newSuperior == oldParent? */
242 if ( dn_match( &p_ndn, np_ndn ) ) {
243 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: "
244 "new parent\"%s\" seems to be the same as the "
245 "old parent \"%s\"\n",
246 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
248 op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
252 if ( op->oq_modrdn.rs_newSup != NULL ) {
253 /* newSuperior == entry being moved?, if so ==> ERROR */
254 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
256 if ( op->oq_modrdn.rs_nnewSup->bv_len ) {
257 if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) {
258 Debug( LDAP_DEBUG_TRACE,
259 "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
260 np_ndn->bv_val, 0, 0);
262 send_ldap_error( op, rs, LDAP_OTHER,
263 "newSuperior not found" );
267 Debug( LDAP_DEBUG_TRACE,
268 "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
269 (void *) np, np->e_id, 0 );
271 /* check newSuperior for "children" acl */
272 if ( !access_allowed( op, np, children, NULL,
275 Debug( LDAP_DEBUG_TRACE,
276 "ldbm_back_modrdn: no wr to newSup children\n",
279 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
283 if ( is_entry_alias( np ) ) {
284 /* parent is an alias, don't allow add */
285 Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
288 send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
289 "newSuperior is an alias" );
294 if ( is_entry_referral( np ) ) {
295 /* parent is a referral, don't allow add */
296 Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n",
299 send_ldap_error( op, rs, LDAP_OTHER,
300 "newSuperior is a referral" );
307 /* no parent, must be root to modify newSuperior */
308 if ( isroot == -1 ) {
309 isroot = be_isroot( op );
313 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
314 || be_shadow_update( op ) ) {
316 np = (Entry *)&slap_entry_root;
318 can_access = access_allowed( op, np,
319 children, NULL, ACL_WRITE, NULL );
322 /* check parent for "children" acl */
323 if ( ! can_access ) {
324 Debug( LDAP_DEBUG_TRACE,
325 "<=- ldbm_back_modrdn: no "
326 "access to new superior\n", 0, 0, 0 );
328 send_ldap_error( op, rs,
329 LDAP_INSUFFICIENT_ACCESS,
335 Debug( LDAP_DEBUG_TRACE,
336 "<=- ldbm_back_modrdn: \"\" "
337 "not allowed as new superior\n",
340 send_ldap_error( op, rs,
341 LDAP_INSUFFICIENT_ACCESS,
348 Debug( LDAP_DEBUG_TRACE,
349 "ldbm_back_modrdn: wr to new parent's children OK\n",
352 new_parent_dn = op->oq_modrdn.rs_newSup;
355 /* Build target dn and make sure target entry doesn't exist already. */
356 build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
357 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
359 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
360 new_ndn.bv_val, 0, 0 );
362 /* check for abandon */
363 if ( op->o_abandon ) {
364 rs->sr_err = SLAPD_ABANDON;
368 if ( ( rc_id = dn2id ( op->o_bd, &new_ndn, &id ) ) || id != NOID ) {
369 /* if (rc_id) something bad happened to ldbm cache */
370 rs->sr_err = rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
371 send_ldap_result( op, rs );
375 Debug( LDAP_DEBUG_TRACE,
376 "ldbm_back_modrdn: new ndn=%s does not exist\n",
377 new_ndn.bv_val, 0, 0 );
379 /* Get attribute type and attribute value of our new rdn, we will
380 * need to add that to our new entry
382 if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text,
383 LDAP_DN_FORMAT_LDAP ) )
385 Debug( LDAP_DEBUG_TRACE,
386 "ldbm_back_modrdn: can't figure out "
387 "type(s)/values(s) of newrdn\n",
389 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX,
390 "unknown type(s) used in RDN" );
394 Debug( LDAP_DEBUG_TRACE,
395 "ldbm_back_modrdn: new_rdn_type=\"%s\", "
396 "new_rdn_val=\"%s\"\n",
397 new_rdn[ 0 ]->la_attr.bv_val,
398 new_rdn[ 0 ]->la_value.bv_val, 0 );
400 if ( op->oq_modrdn.rs_deleteoldrdn ) {
401 if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
402 LDAP_DN_FORMAT_LDAP ) )
404 Debug( LDAP_DEBUG_TRACE,
405 "ldbm_back_modrdn: can't figure out "
406 "the old_rdn type(s)/value(s)\n",
408 send_ldap_error( op, rs, LDAP_OTHER,
409 "cannot parse RDN from old DN" );
414 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
417 if ( slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod ) != LDAP_SUCCESS ) {
418 send_ldap_result( op, rs );
422 /* check for abandon */
423 if ( op->o_abandon ) {
424 rs->sr_err = SLAPD_ABANDON;
428 (void) cache_delete_entry( &li->li_cache, e );
431 old_ndn = e->e_nname;
433 e->e_nname = new_ndn;
434 new_dn.bv_val = NULL;
435 new_ndn.bv_val = NULL;
437 /* NOTE: after this you must not free new_dn or new_ndn!
438 * They are used by cache.
441 /* modify memory copy of entry */
442 rs->sr_err = ldbm_modify_internal( op, &mod[0], e,
443 &rs->sr_text, textbuf, textlen );
444 switch ( rs->sr_err ) {
449 send_ldap_result( op, rs );
456 * NOTE: the backend MUST delete then add the entry,
457 * otherwise indexing may get hosed
458 * FIXME: if a new ID was used, the add could be done first.
459 * that would be safer.
463 if ( dn2id_delete( op->o_bd, &old_ndn, e->e_id ) != 0 ) {
464 send_ldap_error( op, rs, LDAP_OTHER,
465 "DN index delete fail" );
470 if ( dn2id_add( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
471 /* try to repair old entry - probably hopeless */
472 if( dn2id_add( op->o_bd, &old_ndn, e->e_id) != 0 ) {
473 send_ldap_error( op, rs, LDAP_OTHER,
474 "DN index add and repair failed" );
476 send_ldap_error( op, rs, LDAP_OTHER,
477 "DN index add failed" );
483 if ( id2entry_add( op->o_bd, e ) != 0 ) {
486 rc = dn2id_delete( op->o_bd, &e->e_nname, e->e_id );
487 rc |= dn2id_add( op->o_bd, &old_ndn, e->e_id );
489 send_ldap_error( op, rs, LDAP_OTHER,
490 "entry update and repair failed" );
492 send_ldap_error( op, rs, LDAP_OTHER,
493 "entry update failed" );
498 (void) cache_update_entry( &li->li_cache, e );
500 rs->sr_err = LDAP_SUCCESS;
502 send_ldap_result( op, rs );
503 cache_entry_commit( e );
506 if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
507 if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
508 if( old_ndn.bv_val != NULL ) free( old_ndn.bv_val );
510 /* LDAP v2 supporting correct attribute handling. */
511 if ( new_rdn != NULL ) {
512 ldap_rdnfree( new_rdn );
514 if ( old_rdn != NULL ) {
515 ldap_rdnfree( old_rdn );
519 for (; mod; mod = tmp ) {
520 /* slap_modrdn2mods does things one way,
521 * slap_mods_opattrs does it differently
523 if ( mod->sml_op != SLAP_MOD_SOFTADD &&
524 mod->sml_op != LDAP_MOD_DELETE ) break;
525 if ( mod->sml_nvalues ) free( mod->sml_nvalues[0].bv_val );
529 slap_mods_free( mod );
532 /* LDAP v3 Support */
534 /* free new parent and writer lock */
535 cache_return_entry_w( &li->li_cache, np );
539 /* free parent and writer lock */
540 cache_return_entry_w( &li->li_cache, p );
543 /* free entry and writer lock */
544 cache_return_entry_w( &li->li_cache, e );
545 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
547 return( rs->sr_err );
projects / openldap / blob