git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/modrdn.c

   1 /* modrdn.c - ldbm backend modrdn routine */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 1998-2006 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* Portions Copyright 1999, Juan C. Gomez, All rights reserved.
  17  * This software is not subject to any license of Silicon Graphics
  18  * Inc. or Purdue University.
  19  *
  20  * Redistribution and use in source and binary forms are permitted
  21  * without restriction or fee of any kind as long as this notice
  22  * is preserved.
  23  */
  24
  25 #include "portable.h"
  26
  27 #include <stdio.h>
  28
  29 #include <ac/string.h>
  30 #include <ac/socket.h>
  31
  32 #include "slap.h"
  33 #include "back-ldbm.h"
  34 #include "proto-back-ldbm.h"
  35
  36 int
  37 ldbm_back_modrdn(
  38     Operation   *op,
  39     SlapReply   *rs )
  40 {
  41         AttributeDescription *children = slap_schema.si_ad_children;
  42         AttributeDescription *entry = slap_schema.si_ad_entry;
  43         struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
  44         struct berval   p_dn, p_ndn;
  45         struct berval   new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
  46         struct berval   old_ndn = BER_BVNULL;
  47         Entry           *e, *p = NULL;
  48         Entry           *matched;
  49         /* LDAP v2 supporting correct attribute handling. */
  50         int             rc_id = 0;
  51         ID              id = NOID;
  52         char            textbuf[SLAP_TEXT_BUFLEN];
  53         size_t          textlen = sizeof textbuf;
  54         /* Added to support newSuperior */
  55         Entry           *np = NULL;     /* newSuperior Entry */
  56         struct berval   *np_ndn = NULL; /* newSuperior ndn */
  57         struct berval   *new_parent_dn = NULL;  /* np_dn, p_dn, or NULL */
  58         /* Used to interface with ldbm_modify_internal() */
  59         int             manageDSAit = get_manageDSAit( op );
  60
  61         Debug( LDAP_DEBUG_TRACE,
  62                 "==>ldbm_back_modrdn: dn: %s newSuperior=%s\n",
  63                 op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
  64                 ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len )
  65                         ? op->oq_modrdn.rs_newSup->bv_val : "NULL", 0 );
  66
  67         if ( !SLAP_SHADOW( op->o_bd ))
  68                 slap_mods_opattrs( op, &op->orr_modlist, 1 );
  69
  70         /* grab giant lock for writing */
  71         ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
  72
  73         e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
  74
  75         /* get entry with writer lock */
  76         /* FIXME: dn2entry() should return non-glue entry */
  77         if (( e == NULL  ) || ( !manageDSAit && e && is_entry_glue( e ))) {
  78                 if ( matched != NULL ) {
  79                         rs->sr_matched = strdup( matched->e_dn );
  80                         rs->sr_ref = is_entry_referral( matched )
  81                                 ? get_entry_referrals( op, matched )
  82                                 : NULL;
  83                         cache_return_entry_r( &li->li_cache, matched );
  84                 } else {
  85                         rs->sr_ref = referral_rewrite( default_referral, NULL,
  86                                                 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
  87                 }
  88
  89                 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
  90
  91                 rs->sr_err = LDAP_REFERRAL;
  92                 send_ldap_result( op, rs );
  93
  94                 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
  95                 free( (char *)rs->sr_matched );
  96                 rs->sr_ref = NULL;
  97                 rs->sr_matched = NULL;
  98                 return rs->sr_err;
  99         }
 100
 101         /* check entry for "entry" acl */
 102         if ( ! access_allowed( op, e, entry, NULL, ACL_WRITE, NULL ) )
 103         {
 104                 Debug( LDAP_DEBUG_TRACE,
 105                         "<=- ldbm_back_modrdn: no write access to entry\n", 0,
 106                         0, 0 );
 107
 108                 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
 109                         "no write access to entry" );
 110
 111                 goto return_results;
 112         }
 113
 114         if (!manageDSAit && is_entry_referral( e ) ) {
 115                 /* parent is a referral, don't allow add */
 116                 /* parent is an alias, don't allow add */
 117                 rs->sr_ref = get_entry_referrals( op, e );
 118
 119                 Debug( LDAP_DEBUG_TRACE, "entry %s is referral\n", e->e_dn,
 120                     0, 0 );
 121
 122                 rs->sr_err = LDAP_REFERRAL;
 123                 rs->sr_matched = e->e_name.bv_val;
 124                 send_ldap_result( op, rs );
 125
 126                 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
 127                 rs->sr_ref = NULL;
 128                 rs->sr_matched = NULL;
 129                 goto return_results;
 130         }
 131
 132         if ( has_children( op->o_bd, e ) ) {
 133                 Debug( LDAP_DEBUG_TRACE, "entry %s has children\n", e->e_dn,
 134                     0, 0 );
 135
 136                 send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
 137                     "subtree rename not supported" );
 138                 goto return_results;
 139         }
 140
 141         if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
 142                 p_ndn = slap_empty_bv ;
 143         } else {
 144                 dnParent( &e->e_nname, &p_ndn );
 145         }
 146
 147         if ( p_ndn.bv_len != 0 ) {
 148                 /* Make sure parent entry exist and we can write its
 149                  * children.
 150                  */
 151
 152                 if( (p = dn2entry_w( op->o_bd, &p_ndn, NULL )) == NULL) {
 153                         Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
 154                                 0, 0, 0);
 155
 156                         send_ldap_error( op, rs, LDAP_OTHER,
 157                                 "parent entry does not exist" );
 158
 159                         goto return_results;
 160                 }
 161         } else {
 162                 p = (Entry *)&slap_entry_root;
 163         }
 164
 165         /* check parent for "children" acl */
 166         rs->sr_err = access_allowed( op, p, children, NULL,
 167                         op->oq_modrdn.rs_newSup != NULL ?
 168                                 ACL_WDEL : ACL_WRITE,
 169                         NULL );
 170
 171         if ( BER_BVISEMPTY( &p_ndn ))
 172                 p = NULL;
 173
 174         if ( !rs->sr_err )
 175         {
 176                 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
 177                         0, 0 );
 178
 179                 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
 180                         NULL );
 181                 goto return_results;
 182         }
 183
 184         Debug( LDAP_DEBUG_TRACE,
 185                    "ldbm_back_modrdn: wr to children of entry %s OK\n",
 186                    p_ndn.bv_val, 0, 0 );
 187
 188         if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
 189                 p_dn = slap_empty_bv;
 190         } else {
 191                 dnParent( &e->e_name, &p_dn );
 192         }
 193
 194         Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n",
 195                    p_dn.bv_val, 0, 0 );
 196
 197         new_parent_dn = &p_dn;  /* New Parent unless newSuperior given */
 198
 199         if ( op->oq_modrdn.rs_newSup != NULL ) {
 200                 Debug( LDAP_DEBUG_TRACE,
 201                         "ldbm_back_modrdn: new parent \"%s\" requested...\n",
 202                         op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
 203
 204                 np_ndn = op->oq_modrdn.rs_nnewSup;
 205
 206                 /* newSuperior == oldParent? */
 207                 if ( dn_match( &p_ndn, np_ndn ) ) {
 208                         Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: "
 209                                 "new parent\"%s\" seems to be the same as the "
 210                                 "old parent \"%s\"\n",
 211                                 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
 212
 213                         op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
 214                 }
 215         }
 216
 217         if ( op->oq_modrdn.rs_newSup != NULL ) {
 218                 /* newSuperior == entry being moved?, if so ==> ERROR */
 219                 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
 220
 221                 if ( op->oq_modrdn.rs_nnewSup->bv_len ) {
 222                         if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) {
 223                                 Debug( LDAP_DEBUG_TRACE,
 224                                     "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
 225                                     np_ndn->bv_val, 0, 0);
 226
 227                                 send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT,
 228                                         "newSuperior not found" );
 229                                 goto return_results;
 230                         }
 231
 232                         Debug( LDAP_DEBUG_TRACE,
 233                                 "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
 234                                 (void *) np, np->e_id, 0 );
 235
 236                         /* check newSuperior for "children" acl */
 237                         if ( !access_allowed( op, np, children, NULL,
 238                                               ACL_WADD, NULL ) )
 239                         {
 240                                 Debug( LDAP_DEBUG_TRACE,
 241                                        "ldbm_back_modrdn: no wr to newSup children\n",
 242                                        0, 0, 0 );
 243
 244                                 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 245                                 goto return_results;
 246                         }
 247
 248                         if ( is_entry_alias( np ) ) {
 249                                 /* parent is an alias, don't allow add */
 250                                 Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
 251
 252
 253                                 send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
 254                                     "newSuperior is an alias" );
 255
 256                                 goto return_results;
 257                         }
 258
 259                         if ( is_entry_referral( np ) ) {
 260                                 /* parent is a referral, don't allow add */
 261                                 Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n",
 262                                         np->e_dn, 0, 0 );
 263
 264                                 send_ldap_error( op, rs, LDAP_OTHER,
 265                                     "newSuperior is a referral" );
 266
 267                                 goto return_results;
 268                         }
 269
 270                 } else {
 271                         if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
 272                                 || be_shadow_update( op ) ) {
 273                                 int     can_access;
 274                                 np = (Entry *)&slap_entry_root;
 275
 276                                 can_access = access_allowed( op, np,
 277                                                 children, NULL, ACL_WADD, NULL );
 278                                 np = NULL;
 279
 280                                 /* check parent for "children" acl */
 281                                 if ( ! can_access ) {
 282                                         Debug( LDAP_DEBUG_TRACE,
 283                                                 "<=- ldbm_back_modrdn: no "
 284                                                 "access to new superior\n", 0, 0, 0 );
 285
 286                                                 send_ldap_error( op, rs,
 287                                                         LDAP_INSUFFICIENT_ACCESS,
 288                                                         NULL );
 289                                                 goto return_results;
 290                                         }
 291
 292                         } else {
 293                                 Debug( LDAP_DEBUG_TRACE,
 294                                         "<=- ldbm_back_modrdn: \"\" "
 295                                         "not allowed as new superior\n",
 296                                         0, 0, 0);
 297
 298                                 send_ldap_error( op, rs,
 299                                         LDAP_INSUFFICIENT_ACCESS,
 300                                         NULL );
 301                                 goto return_results;
 302                         }
 303                 }
 304
 305                 Debug( LDAP_DEBUG_TRACE,
 306                     "ldbm_back_modrdn: wr to new parent's children OK\n",
 307                     0, 0, 0 );
 308
 309                 new_parent_dn = op->oq_modrdn.rs_newSup;
 310         }
 311
 312         /* Build target dn and make sure target entry doesn't exist already. */
 313         build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
 314         dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
 315
 316         Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
 317             new_ndn.bv_val, 0, 0 );
 318
 319         /* check for abandon */
 320         if ( op->o_abandon ) {
 321                 rs->sr_err = SLAPD_ABANDON;
 322                 goto return_results;
 323         }
 324
 325         if ( ( rc_id = dn2id ( op->o_bd, &new_ndn, &id ) ) || id != NOID ) {
 326                 /* if (rc_id) something bad happened to ldbm cache */
 327                 rs->sr_err = rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
 328                 send_ldap_result( op, rs );
 329                 goto return_results;
 330         }
 331
 332         Debug( LDAP_DEBUG_TRACE,
 333             "ldbm_back_modrdn: new ndn=%s does not exist\n",
 334             new_ndn.bv_val, 0, 0 );
 335
 336         Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
 337                0, 0, 0 );
 338
 339         assert( op->orr_modlist != NULL );
 340
 341         /* check for abandon */
 342         if ( op->o_abandon ) {
 343                 rs->sr_err = SLAPD_ABANDON;
 344                 goto return_results;
 345         }
 346
 347         (void) cache_delete_entry( &li->li_cache, e );
 348
 349         free( e->e_dn );
 350         old_ndn = e->e_nname;
 351         e->e_name = new_dn;
 352         e->e_nname = new_ndn;
 353         new_dn.bv_val = NULL;
 354         new_ndn.bv_val = NULL;
 355
 356         /* NOTE: after this you must not free new_dn or new_ndn!
 357          * They are used by cache.
 358          */
 359
 360         /* modify memory copy of entry */
 361         rs->sr_err = ldbm_modify_internal( op, op->orr_modlist, e,
 362                 &rs->sr_text, textbuf, textlen );
 363         switch ( rs->sr_err ) {
 364         case LDAP_SUCCESS:
 365                 break;
 366
 367         default:
 368                 send_ldap_result( op, rs );
 369                 /* FALLTHRU */
 370         case SLAPD_ABANDON:
 371                 goto return_results;
 372         }
 373
 374         /*
 375          * NOTE: the backend MUST delete then add the entry,
 376          *              otherwise indexing may get hosed
 377          * FIXME: if a new ID was used, the add could be done first.
 378          *              that would be safer.
 379          */
 380
 381         /* delete old one */
 382         if ( dn2id_delete( op->o_bd, &old_ndn, e->e_id ) != 0 ) {
 383                 send_ldap_error( op, rs, LDAP_OTHER,
 384                         "DN index delete fail" );
 385                 goto return_results;
 386         }
 387
 388         /* add new one */
 389         if ( dn2id_add( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
 390                 /* try to repair old entry - probably hopeless */
 391         if( dn2id_add( op->o_bd, &old_ndn, e->e_id) != 0 ) {
 392                         send_ldap_error( op, rs, LDAP_OTHER,
 393                                 "DN index add and repair failed" );
 394                 } else {
 395                         send_ldap_error( op, rs, LDAP_OTHER,
 396                                 "DN index add failed" );
 397                 }
 398                 goto return_results;
 399         }
 400
 401         /* id2entry index */
 402         if ( id2entry_add( op->o_bd, e ) != 0 ) {
 403                 /* Try to undo */
 404                 int rc;
 405                 rc = dn2id_delete( op->o_bd, &e->e_nname, e->e_id );
 406                 rc |= dn2id_add( op->o_bd, &old_ndn, e->e_id );
 407                 if( rc ) {
 408                         send_ldap_error( op, rs, LDAP_OTHER,
 409                                 "entry update and repair failed" );
 410                 } else {
 411                         send_ldap_error( op, rs, LDAP_OTHER,
 412                                 "entry update failed" );
 413                 }
 414                 goto return_results;
 415         }
 416
 417         (void) cache_update_entry( &li->li_cache, e );
 418
 419         rs->sr_err = LDAP_SUCCESS;
 420         rs->sr_text = NULL;
 421         send_ldap_result( op, rs );
 422         cache_entry_commit( e );
 423
 424 return_results:
 425         if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
 426         if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
 427         if( old_ndn.bv_val != NULL ) free( old_ndn.bv_val );
 428
 429         /* LDAP v3 Support */
 430         if( np != NULL ) {
 431                 /* free new parent and writer lock */
 432                 cache_return_entry_w( &li->li_cache, np );
 433         }
 434
 435         if( p != NULL ) {
 436                 /* free parent and writer lock */
 437                 cache_return_entry_w( &li->li_cache, p );
 438         }
 439
 440         /* free entry and writer lock */
 441         cache_return_entry_w( &li->li_cache, e );
 442         ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
 443         rs->sr_text = NULL;
 444         return( rs->sr_err );
 445 }