1 /* modrdn.c - ldbm backend modrdn routine */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
9 * LDAP v3 newSuperior support. Add new rdn as an attribute.
10 * (Full support for v2 also used software/ideas contributed
11 * by Roy Hooper rhooper@cyberus.ca, thanks to him for his
14 * Copyright 1999, Juan C. Gomez, All rights reserved.
15 * This software is not subject to any license of Silicon Graphics
16 * Inc. or Purdue University.
18 * Redistribution and use in source and binary forms are permitted
19 * without restriction or fee of any kind as long as this notice
28 #include <ac/string.h>
29 #include <ac/socket.h>
32 #include "back-ldbm.h"
33 #include "proto-back-ldbm.h"
40 AttributeDescription *children = slap_schema.si_ad_children;
41 AttributeDescription *entry = slap_schema.si_ad_entry;
42 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
43 struct berval p_dn, p_ndn;
44 struct berval new_dn = { 0, NULL}, new_ndn = { 0, NULL };
47 /* LDAP v2 supporting correct attribute handling. */
48 LDAPRDN new_rdn = NULL;
49 LDAPRDN old_rdn = NULL;
51 #define CAN_ROLLBACK -1
52 #define MUST_DESTROY 1
53 int rc = CAN_ROLLBACK;
56 const char *text = NULL;
57 char textbuf[SLAP_TEXT_BUFLEN];
58 size_t textlen = sizeof textbuf;
59 /* Added to support newSuperior */
60 Entry *np = NULL; /* newSuperior Entry */
61 struct berval *np_ndn = NULL; /* newSuperior ndn */
62 struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
63 /* Used to interface with ldbm_modify_internal() */
64 Modifications *mod = NULL; /* Used to delete old/add new rdn */
65 int manageDSAit = get_manageDSAit( op );
68 LDAP_LOG( BACK_LDBM, ENTRY,
69 "ldbm_back_modrdn: dn: %s newSuperior=%s\n",
70 op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
71 ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len ) ? op->oq_modrdn.rs_newSup->bv_val : "NULL",0 );
73 Debug( LDAP_DEBUG_TRACE,
74 "==>ldbm_back_modrdn: dn: %s newSuperior=%s\n",
75 op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
76 ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len )
77 ? op->oq_modrdn.rs_newSup->bv_val : "NULL", 0 );
80 /* grab giant lock for writing */
81 ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
83 e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
85 /* get entry with writer lock */
86 /* FIXME: dn2entry() should return non-glue entry */
87 if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
88 if ( matched != NULL ) {
89 rs->sr_matched = strdup( matched->e_dn );
90 rs->sr_ref = is_entry_referral( matched )
91 ? get_entry_referrals( op, matched )
93 cache_return_entry_r( &li->li_cache, matched );
95 BerVarray deref = op->o_bd->syncinfo ?
96 op->o_bd->syncinfo->provideruri_bv : default_referral;
97 rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
100 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
102 rs->sr_err = LDAP_REFERRAL;
103 send_ldap_result( op, rs );
105 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
106 free( (char *)rs->sr_matched );
108 rs->sr_matched = NULL;
112 /* check entry for "entry" acl */
113 if ( ! access_allowed( op, e,
114 entry, NULL, ACL_WRITE, NULL ) )
117 LDAP_LOG( BACK_LDBM, ERR,
118 "ldbm_back_modrdn: no write access to entry of (%s)\n",
119 op->o_req_dn.bv_val, 0, 0 );
121 Debug( LDAP_DEBUG_TRACE,
122 "<=- ldbm_back_modrdn: no write access to entry\n", 0,
126 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
127 "no write access to entry" );
132 if (!manageDSAit && is_entry_referral( e ) ) {
133 /* parent is a referral, don't allow add */
134 /* parent is an alias, don't allow add */
135 rs->sr_ref = get_entry_referrals( op, e );
138 LDAP_LOG( BACK_LDBM, INFO,
139 "ldbm_back_modrdn: entry %s is a referral\n", e->e_dn, 0, 0 );
141 Debug( LDAP_DEBUG_TRACE, "entry %s is referral\n", e->e_dn,
145 rs->sr_err = LDAP_REFERRAL;
146 rs->sr_matched = e->e_name.bv_val;
147 send_ldap_result( op, rs );
149 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
151 rs->sr_matched = NULL;
155 if ( has_children( op->o_bd, e ) ) {
157 LDAP_LOG( BACK_LDBM, INFO,
158 "ldbm_back_modrdn: entry %s has children\n", e->e_dn, 0, 0 );
160 Debug( LDAP_DEBUG_TRACE, "entry %s has children\n", e->e_dn,
164 send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
165 "subtree rename not supported" );
169 if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
170 p_ndn = slap_empty_bv ;
172 dnParent( &e->e_nname, &p_ndn );
175 if ( p_ndn.bv_len != 0 ) {
176 /* Make sure parent entry exist and we can write its
180 if( (p = dn2entry_w( op->o_bd, &p_ndn, NULL )) == NULL) {
182 LDAP_LOG( BACK_LDBM, INFO,
183 "ldbm_back_modrdn: parent of %s does not exist\n",
186 Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
190 send_ldap_error( op, rs, LDAP_OTHER,
191 "parent entry does not exist" );
196 /* check parent for "children" acl */
197 if ( ! access_allowed( op, p,
198 children, NULL, ACL_WRITE, NULL ) )
201 LDAP_LOG( BACK_LDBM, INFO,
202 "ldbm_back_modrdn: no access to parent of (%s)\n",
205 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
209 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
215 LDAP_LOG( BACK_LDBM, DETAIL1,
216 "ldbm_back_modrdn: wr to children of entry %s OK\n",
217 p_ndn.bv_val, 0, 0 );
219 Debug( LDAP_DEBUG_TRACE,
220 "ldbm_back_modrdn: wr to children of entry %s OK\n",
221 p_ndn.bv_val, 0, 0 );
224 if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
225 p_dn = slap_empty_bv;
227 dnParent( &e->e_name, &p_dn );
231 LDAP_LOG( BACK_LDBM, DETAIL1,
232 "ldbm_back_modrdn: parent dn=%s\n", p_dn.bv_val, 0, 0 );
234 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n",
239 /* no parent, must be root to modify rdn */
240 isroot = be_isroot( op->o_bd, &op->o_ndn );
242 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) {
244 p = (Entry *)&slap_entry_root;
246 can_access = access_allowed( op, p,
247 children, NULL, ACL_WRITE, NULL );
250 /* check parent for "children" acl */
251 if ( ! can_access ) {
253 LDAP_LOG( BACK_LDBM, ERR,
254 "ldbm_back_modrdn: no access to parent \"\"\n", 0,0,0 );
256 Debug( LDAP_DEBUG_TRACE,
257 "<=- ldbm_back_modrdn: no "
258 "access to parent\n", 0, 0, 0 );
261 send_ldap_error( op, rs,
262 LDAP_INSUFFICIENT_ACCESS,
269 LDAP_LOG( BACK_LDBM, ERR,
270 "ldbm_back_modrdn: (%s) has no parent & not a root.\n",
273 Debug( LDAP_DEBUG_TRACE,
274 "<=- ldbm_back_modrdn: no parent & "
275 "not root\n", 0, 0, 0);
278 send_ldap_error( op, rs,
279 LDAP_INSUFFICIENT_ACCESS,
286 LDAP_LOG( BACK_LDBM, INFO,
287 "ldbm_back_modrdn: (%s) no parent, locked root.\n", e->e_dn, 0, 0 );
289 Debug( LDAP_DEBUG_TRACE,
290 "ldbm_back_modrdn: no parent, locked root\n",
295 new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
297 if ( op->oq_modrdn.rs_newSup != NULL ) {
299 LDAP_LOG( BACK_LDBM, DETAIL1,
300 "ldbm_back_modrdn: new parent \"%s\" requested\n",
301 op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
303 Debug( LDAP_DEBUG_TRACE,
304 "ldbm_back_modrdn: new parent \"%s\" requested...\n",
305 op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
308 np_ndn = op->oq_modrdn.rs_nnewSup;
310 /* newSuperior == oldParent? */
311 if ( dn_match( &p_ndn, np_ndn ) ) {
313 LDAP_LOG( BACK_LDBM, INFO, "ldbm_back_modrdn: "
314 "new parent\"%s\" seems to be the same as the "
315 "old parent \"%s\"\n", op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
317 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: "
318 "new parent\"%s\" seems to be the same as the "
319 "old parent \"%s\"\n",
320 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
323 op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
327 if ( op->oq_modrdn.rs_newSup != NULL ) {
328 /* newSuperior == entry being moved?, if so ==> ERROR */
329 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
331 if ( op->oq_modrdn.rs_nnewSup->bv_len ) {
332 if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) {
334 LDAP_LOG( BACK_LDBM, ERR,
335 "ldbm_back_modrdn: newSup(ndn=%s) not found.\n",
336 np_ndn->bv_val, 0, 0 );
338 Debug( LDAP_DEBUG_TRACE,
339 "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
340 np_ndn->bv_val, 0, 0);
343 send_ldap_error( op, rs, LDAP_OTHER,
344 "newSuperior not found" );
349 LDAP_LOG( BACK_LDBM, DETAIL1,
350 "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
351 (void *) np, np->e_id, 0 );
353 Debug( LDAP_DEBUG_TRACE,
354 "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
355 (void *) np, np->e_id, 0 );
358 /* check newSuperior for "children" acl */
359 if ( !access_allowed( op, np, children, NULL,
363 LDAP_LOG( BACK_LDBM, INFO,
364 "ldbm_back_modrdn: no wr to newSup children.\n", 0, 0, 0 );
366 Debug( LDAP_DEBUG_TRACE,
367 "ldbm_back_modrdn: no wr to newSup children\n",
371 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
375 if ( is_entry_alias( np ) ) {
376 /* parent is an alias, don't allow add */
378 LDAP_LOG( BACK_LDBM, INFO,
379 "ldbm_back_modrdn: entry (%s) is an alias.\n", np->e_dn,0,0);
381 Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
385 send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
386 "newSuperior is an alias" );
391 if ( is_entry_referral( np ) ) {
392 /* parent is a referral, don't allow add */
394 LDAP_LOG( BACK_LDBM, INFO,
395 "ldbm_back_modrdn: entry (%s) is a referral\n",
398 Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n",
402 send_ldap_error( op, rs, LDAP_OTHER,
403 "newSuperior is a referral" );
410 /* no parent, must be root to modify newSuperior */
411 if ( isroot == -1 ) {
412 isroot = be_isroot( op->o_bd, &op->o_ndn );
416 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) {
418 np = (Entry *)&slap_entry_root;
420 can_access = access_allowed( op, np,
421 children, NULL, ACL_WRITE, NULL );
424 /* check parent for "children" acl */
425 if ( ! can_access ) {
427 LDAP_LOG( BACK_LDBM, ERR,
428 "ldbm_back_modrdn: no access "
429 "to new superior \"\"\n", 0, 0, 0 );
431 Debug( LDAP_DEBUG_TRACE,
432 "<=- ldbm_back_modrdn: no "
433 "access to new superior\n", 0, 0, 0 );
436 send_ldap_error( op, rs,
437 LDAP_INSUFFICIENT_ACCESS,
444 LDAP_LOG( BACK_LDBM, ERR,
445 "ldbm_back_modrdn: \"\" not allowed as new superior\n",
448 Debug( LDAP_DEBUG_TRACE,
449 "<=- ldbm_back_modrdn: \"\" "
450 "not allowed as new superior\n",
454 send_ldap_error( op, rs,
455 LDAP_INSUFFICIENT_ACCESS,
463 LDAP_LOG( BACK_LDBM, DETAIL1,
464 "ldbm_back_modrdn: wr to new parent's children OK.\n", 0, 0, 0 );
466 Debug( LDAP_DEBUG_TRACE,
467 "ldbm_back_modrdn: wr to new parent's children OK\n",
471 new_parent_dn = op->oq_modrdn.rs_newSup;
474 /* Build target dn and make sure target entry doesn't exist already. */
475 build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
476 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
479 LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_back_modrdn: new ndn=%s\n",
480 new_ndn.bv_val, 0, 0 );
482 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
483 new_ndn.bv_val, 0, 0 );
486 /* check for abandon */
487 if ( op->o_abandon ) {
491 if ( ( rc_id = dn2id ( op->o_bd, &new_ndn, &id ) ) || id != NOID ) {
492 /* if (rc_id) something bad happened to ldbm cache */
493 rs->sr_err = rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
494 send_ldap_result( op, rs );
499 LDAP_LOG( BACK_LDBM, INFO, "ldbm_back_modrdn: new ndn (%s) does not exist\n",
500 new_ndn.bv_val, 0, 0 );
502 Debug( LDAP_DEBUG_TRACE,
503 "ldbm_back_modrdn: new ndn=%s does not exist\n",
504 new_ndn.bv_val, 0, 0 );
507 /* Get attribute type and attribute value of our new rdn, we will
508 * need to add that to our new entry
510 if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text,
511 LDAP_DN_FORMAT_LDAP ) )
514 LDAP_LOG ( OPERATION, ERR,
515 "ldbm_back_modrdn: can't figure out "
516 "type(s)/values(s) of newrdn\n",
519 Debug( LDAP_DEBUG_TRACE,
520 "ldbm_back_modrdn: can't figure out "
521 "type(s)/values(s) of newrdn\n",
528 LDAP_LOG ( OPERATION, RESULTS,
529 "ldbm_back_modrdn: new_rdn_type=\"%s\", "
530 "new_rdn_val=\"%s\"\n",
531 new_rdn[ 0 ]->la_attr.bv_val,
532 new_rdn[ 0 ]->la_value.bv_val, 0 );
534 Debug( LDAP_DEBUG_TRACE,
535 "ldbm_back_modrdn: new_rdn_type=\"%s\", "
536 "new_rdn_val=\"%s\"\n",
537 new_rdn[ 0 ]->la_attr.bv_val,
538 new_rdn[ 0 ]->la_value.bv_val, 0 );
541 if ( op->oq_modrdn.rs_deleteoldrdn ) {
542 if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
543 LDAP_DN_FORMAT_LDAP ) )
546 LDAP_LOG ( OPERATION, ERR,
547 "ldbm_back_modrdn: can't figure out "
548 "type(s)/values(s) of old_rdn\n",
551 Debug( LDAP_DEBUG_TRACE,
552 "ldbm_back_modrdn: can't figure out "
553 "the old_rdn type(s)/value(s)\n",
561 LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_back_modrdn: DN_X500\n", 0, 0, 0 );
563 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
567 if ( slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod ) != LDAP_SUCCESS ) {
572 /* check for abandon */
573 if ( op->o_abandon ) {
578 if ( dn2id_delete( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
579 send_ldap_error( op, rs, LDAP_OTHER,
580 "DN index delete fail" );
584 (void) cache_delete_entry( &li->li_cache, e );
587 /* XXX: there is no going back! */
592 e->e_nname = new_ndn;
593 new_dn.bv_val = NULL;
594 new_ndn.bv_val = NULL;
596 /* NOTE: after this you must not free new_dn or new_ndn!
597 * They are used by cache.
601 if ( dn2id_add( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
602 send_ldap_error( op, rs, LDAP_OTHER,
603 "DN index add failed" );
607 /* modify memory copy of entry */
608 rc_id = ldbm_modify_internal( op, &mod[0], e,
609 &rs->sr_text, textbuf, textlen );
617 send_ldap_result( op, rs );
621 /* here we may try to delete the newly added dn */
622 if ( dn2id_delete( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
623 /* we already are in trouble ... */
629 (void) cache_update_entry( &li->li_cache, e );
632 if ( id2entry_add( op->o_bd, e ) != 0 ) {
633 send_ldap_error( op, rs, LDAP_OTHER,
634 "entry update failed" );
638 rs->sr_err = LDAP_SUCCESS;
640 send_ldap_result( op, rs );
642 cache_entry_commit( e );
645 if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
646 if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
648 /* LDAP v2 supporting correct attribute handling. */
649 if ( new_rdn != NULL ) {
650 ldap_rdnfree( new_rdn );
652 if ( old_rdn != NULL ) {
653 ldap_rdnfree( old_rdn );
657 for (; mod; mod = tmp ) {
658 /* slap_modrdn2mods does things one way,
659 * slap_mods_opattrs does it differently
661 if ( mod->sml_op != SLAP_MOD_SOFTADD &&
662 mod->sml_op != LDAP_MOD_DELETE ) break;
663 if ( mod->sml_nvalues ) free( mod->sml_nvalues[0].bv_val );
667 slap_mods_free( mod );
670 /* LDAP v3 Support */
672 /* free new parent and writer lock */
673 cache_return_entry_w( &li->li_cache, np );
677 /* free parent and writer lock */
678 cache_return_entry_w( &li->li_cache, p );
681 /* free entry and writer lock */
682 cache_return_entry_w( &li->li_cache, e );
683 if ( rc == MUST_DESTROY ) {
684 /* if rc == MUST_DESTROY the entry is uncached
685 * and its private data is destroyed;
686 * the entry must be freed */
689 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
projects / openldap / blob