1 /* modrdn.c - ldbm backend modrdn routine */
4 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
9 * LDAP v3 newSuperior support. Add new rdn as an attribute.
10 * (Full support for v2 also used software/ideas contributed
11 * by Roy Hooper rhooper@cyberus.ca, thanks to him for his
14 * Copyright 1999, Juan C. Gomez, All rights reserved.
15 * This software is not subject to any license of Silicon Graphics
16 * Inc. or Purdue University.
18 * Redistribution and use in source and binary forms are permitted
19 * without restriction or fee of any kind as long as this notice
28 #include <ac/string.h>
29 #include <ac/socket.h>
32 #include "back-ldbm.h"
33 #include "proto-back-ldbm.h"
44 const char *newSuperior
47 AttributeDescription *children = slap_schema.si_ad_children;
48 struct ldbminfo *li = (struct ldbminfo *) be->be_private;
49 char *p_dn = NULL, *p_ndn = NULL;
50 char *new_dn = NULL, *new_ndn = NULL;
55 #define CAN_ROLLBACK -1
56 #define MUST_DESTROY 1
57 int rc = CAN_ROLLBACK;
60 const char *text = NULL;
61 char textbuf[SLAP_TEXT_BUFLEN];
62 size_t textlen = sizeof textbuf;
63 /* Added to support LDAP v2 correctly (deleteoldrdn thing) */
64 char **new_rdn_vals = NULL; /* Vals of new rdn */
65 char **new_rdn_types = NULL; /* Types of new rdn */
67 char *old_rdn = NULL; /* Old rdn's attr type & val */
68 char **old_rdn_types = NULL; /* Types of old rdn attrs. */
69 char **old_rdn_vals = NULL; /* Old rdn attribute values */
70 /* Added to support newSuperior */
71 Entry *np = NULL; /* newSuperior Entry */
72 char *np_dn = NULL; /* newSuperior dn */
73 char *np_ndn = NULL; /* newSuperior ndn */
74 char *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
75 /* Used to interface with ldbm_modify_internal() */
76 Modifications *mod = NULL; /* Used to delete old/add new rdn */
77 int manageDSAit = get_manageDSAit( op );
79 Debug( LDAP_DEBUG_TRACE, "==>ldbm_back_modrdn(newSuperior=%s)\n",
80 (newSuperior ? newSuperior : "NULL"),
83 /* grab giant lock for writing */
84 ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
86 /* get entry with writer lock */
87 if ( (e = dn2entry_w( be, ndn, &matched )) == NULL ) {
88 char* matched_dn = NULL;
89 struct berval** refs = NULL;
91 if( matched != NULL ) {
92 matched_dn = strdup( matched->e_dn );
93 refs = is_entry_referral( matched )
94 ? get_entry_referrals( be, conn, op, matched )
96 cache_return_entry_r( &li->li_cache, matched );
98 refs = default_referral;
101 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
103 send_ldap_result( conn, op, LDAP_REFERRAL,
104 matched_dn, NULL, refs, NULL );
106 if ( matched != NULL ) {
107 ber_bvecfree( refs );
114 if (!manageDSAit && is_entry_referral( e ) ) {
115 /* parent is a referral, don't allow add */
116 /* parent is an alias, don't allow add */
117 struct berval **refs = get_entry_referrals( be,
120 Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
123 send_ldap_result( conn, op, LDAP_REFERRAL,
124 e->e_dn, NULL, refs, NULL );
126 ber_bvecfree( refs );
130 if ( has_children( be, e ) ) {
131 Debug( LDAP_DEBUG_TRACE, "entry %s referral\n", e->e_dn,
134 send_ldap_result( conn, op, LDAP_NOT_ALLOWED_ON_NONLEAF,
135 NULL, "subtree rename not supported", NULL, NULL );
139 if ( (p_ndn = dn_parent( be, e->e_ndn )) != NULL && p_ndn[0] != '\0' ) {
140 /* Make sure parent entry exist and we can write its
144 if( (p = dn2entry_w( be, p_ndn, NULL )) == NULL) {
145 Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
148 send_ldap_result( conn, op, LDAP_OTHER,
149 NULL, "parent entry does not exist", NULL, NULL );
154 /* check parent for "children" acl */
155 if ( ! access_allowed( be, conn, op, p,
156 children, NULL, ACL_WRITE ) )
158 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
161 send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
162 NULL, NULL, NULL, NULL );
166 Debug( LDAP_DEBUG_TRACE,
167 "ldbm_back_modrdn: wr to children of entry %s OK\n",
170 p_dn = dn_parent( be, e->e_dn );
172 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n",
176 /* no parent, must be root to modify rdn */
177 isroot = be_isroot( be, op->o_ndn );
179 if ( be_issuffix( be, "" )
180 || be_isupdate( be, op->o_ndn ) ) {
181 static const Entry rootp = { NOID, "", "", NULL, NULL };
184 rc = access_allowed( be, conn, op, p,
185 children, NULL, ACL_WRITE );
188 /* check parent for "children" acl */
190 Debug( LDAP_DEBUG_TRACE,
191 "<=- ldbm_back_modrdn: no "
192 "access to parent\n", 0, 0, 0 );
194 send_ldap_result( conn, op,
195 LDAP_INSUFFICIENT_ACCESS,
196 NULL, NULL, NULL, NULL );
201 Debug( LDAP_DEBUG_TRACE,
202 "<=- ldbm_back_modrdn: no parent & "
203 "not root\n", 0, 0, 0);
205 send_ldap_result( conn, op,
206 LDAP_INSUFFICIENT_ACCESS,
207 NULL, NULL, NULL, NULL );
212 Debug( LDAP_DEBUG_TRACE,
213 "ldbm_back_modrdn: no parent, locked root\n",
217 new_parent_dn = p_dn; /* New Parent unless newSuperior given */
219 if ( newSuperior != NULL ) {
220 Debug( LDAP_DEBUG_TRACE,
221 "ldbm_back_modrdn: new parent \"%s\" requested...\n",
224 np_dn = ch_strdup( newSuperior );
225 np_ndn = ch_strdup( np_dn );
226 (void) dn_normalize( np_ndn );
228 /* newSuperior == oldParent? */
229 if ( strcmp( p_ndn, np_ndn ) == 0 ) {
230 Debug( LDAP_DEBUG_TRACE,
231 "ldbm_back_modrdn: new parent \"%s\" seems to be the same as old parent \"%s\"...\n",
232 newSuperior, p_dn, 0 );
234 newSuperior = NULL; /* ignore newSuperior */
238 if ( newSuperior != NULL ) {
239 /* newSuperior == entry being moved?, if so ==> ERROR */
240 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
242 if ( newSuperior[ 0 ] != '\0' ) {
244 if( (np = dn2entry_w( be, np_ndn, NULL )) == NULL) {
245 Debug( LDAP_DEBUG_TRACE,
246 "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
249 send_ldap_result( conn, op, LDAP_OTHER,
250 NULL, "newSuperior not found", NULL, NULL );
254 Debug( LDAP_DEBUG_TRACE,
255 "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
258 /* check newSuperior for "children" acl */
259 if ( !access_allowed( be, conn, op, np, children, NULL,
262 Debug( LDAP_DEBUG_TRACE,
263 "ldbm_back_modrdn: no wr to newSup children\n",
266 send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
267 NULL, NULL, NULL, NULL );
271 if ( is_entry_alias( np ) ) {
272 /* parent is an alias, don't allow add */
273 Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
275 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM,
276 NULL, "newSuperior is an alias", NULL, NULL );
281 if ( is_entry_referral( np ) ) {
282 /* parent is a referral, don't allow add */
283 Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n",
286 send_ldap_result( conn, op, LDAP_OTHER,
287 NULL, "newSuperior is a referral", NULL, NULL );
294 /* no parent, must be root to modify newSuperior */
295 if ( isroot == -1 ) {
296 isroot = be_isroot( be, op->o_ndn );
300 if ( be_issuffix( be, "" )
301 || be_isupdate( be, op->o_ndn ) ) {
302 static const Entry rootp = { NOID, "", "", NULL, NULL };
303 np = (Entry *)&rootp;
305 rc = access_allowed( be, conn, op, np,
306 children, NULL, ACL_WRITE );
309 /* check parent for "children" acl */
311 Debug( LDAP_DEBUG_TRACE,
312 "<=- ldbm_back_modrdn: no "
313 "access to new superior\n", 0, 0, 0 );
315 send_ldap_result( conn, op,
316 LDAP_INSUFFICIENT_ACCESS,
317 NULL, NULL, NULL, NULL );
322 Debug( LDAP_DEBUG_TRACE,
323 "<=- ldbm_back_modrdn: \"\" "
324 "not allowed as new superior\n",
327 send_ldap_result( conn, op,
328 LDAP_INSUFFICIENT_ACCESS,
329 NULL, NULL, NULL, NULL );
335 Debug( LDAP_DEBUG_TRACE,
336 "ldbm_back_modrdn: wr to new parent's children OK\n",
339 new_parent_dn = np_dn;
342 /* Build target dn and make sure target entry doesn't exist already. */
343 build_new_dn( &new_dn, e->e_dn, new_parent_dn, newrdn );
345 new_ndn = ch_strdup(new_dn);
346 (void) dn_normalize( new_ndn );
348 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
351 /* check for abandon */
352 ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
353 if ( op->o_abandon ) {
354 ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
358 ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
359 if ( ( rc_id = dn2id ( be, new_ndn, &id ) ) || id != NOID ) {
360 /* if (rc_id) something bad happened to ldbm cache */
361 send_ldap_result( conn, op,
362 rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS,
363 NULL, NULL, NULL, NULL );
367 Debug( LDAP_DEBUG_TRACE,
368 "ldbm_back_modrdn: new ndn=%s does not exist\n",
372 /* Get attribute types and values of our new rdn, we will
373 * need to add that to our new entry
375 if ( rdn_attrs( newrdn, &new_rdn_types, &new_rdn_vals ) ) {
376 Debug( LDAP_DEBUG_TRACE,
377 "ldbm_back_modrdn: can't figure out type(s)/value(s) of newrdn\n",
380 send_ldap_result( conn, op, LDAP_INVALID_DN,
381 NULL, "unable to parse type(s)/value(s) used in RDN", NULL, NULL );
385 Debug( LDAP_DEBUG_TRACE,
386 "ldbm_back_modrdn: new_rdn_val=\"%s\", new_rdn_type=\"%s\"\n",
387 new_rdn_vals[0], new_rdn_types[0], 0 );
389 /* Retrieve the old rdn from the entry's dn */
390 if ( (old_rdn = dn_rdn( be, dn )) == NULL ) {
391 Debug( LDAP_DEBUG_TRACE,
392 "ldbm_back_modrdn: can't figure out old_rdn from dn\n",
395 send_ldap_result( conn, op, LDAP_OTHER,
396 NULL, "could not parse old DN", NULL, NULL );
400 if ( rdn_attrs( old_rdn, &old_rdn_types, &old_rdn_vals ) ) {
401 Debug( LDAP_DEBUG_TRACE,
402 "ldbm_back_modrdn: can't figure out the old_rdn type(s)/value(s)\n",
405 send_ldap_result( conn, op, LDAP_OTHER,
406 NULL, "unable to parse type(s)/value(s) used in RDN from old DN", NULL, NULL );
410 if ( newSuperior == NULL
411 && charray_strcasecmp( (const char **)old_rdn_types, (const char **)new_rdn_types ) != 0 )
413 /* Not a big deal but we may say something */
414 Debug( LDAP_DEBUG_TRACE,
415 "ldbm_back_modrdn: old_rdn_type=%s, new_rdn_type=%s!\n",
416 old_rdn_types[0], new_rdn_types[0], 0 );
419 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
423 for ( a_cnt = 0; new_rdn_types[a_cnt]; a_cnt++ ) {
425 Modifications *mod_tmp;
428 mod_tmp = (Modifications *)ch_malloc( sizeof( Modifications ) );
430 mod_tmp->sml_desc = NULL;
431 rc = slap_str2ad( new_rdn_types[a_cnt],
432 &mod_tmp->sml_desc, &text );
434 if ( rc != LDAP_SUCCESS ) {
435 Debug( LDAP_DEBUG_TRACE,
436 "ldbm_back_modrdn: %s: %s (new)\n",
437 text, new_rdn_types[a_cnt], 0 );
439 send_ldap_result( conn, op, rc,
440 NULL, text, NULL, NULL );
445 val.bv_val = new_rdn_vals[a_cnt];
446 val.bv_len = strlen( val.bv_val );
447 if ( ! access_allowed( be, conn, op, e,
448 mod_tmp->sml_desc, &val, ACL_WRITE ) ) {
449 Debug( LDAP_DEBUG_TRACE,
450 "ldbm_back_modrdn: access not allowed "
451 "to attr \"%s\"\n%s%s",
452 new_rdn_types[a_cnt], "", "" );
453 send_ldap_result( conn, op,
454 LDAP_INSUFFICIENT_ACCESS,
455 NULL, NULL, NULL, NULL );
460 mod_tmp->sml_bvalues = (struct berval **)ch_malloc( 2 * sizeof(struct berval *) );
461 mod_tmp->sml_bvalues[0] = ber_bvstrdup( new_rdn_vals[a_cnt] );
462 mod_tmp->sml_bvalues[1] = NULL;
463 mod_tmp->sml_op = SLAP_MOD_SOFTADD;
464 mod_tmp->sml_next = mod;
468 /* Remove old rdn value if required */
469 if ( deleteoldrdn ) {
470 /* Get value of old rdn */
471 if ( old_rdn_vals == NULL ) {
472 Debug( LDAP_DEBUG_TRACE,
473 "ldbm_back_modrdn: can't figure out oldRDN value(s) from old RDN\n",
476 send_ldap_result( conn, op, LDAP_OTHER,
477 NULL, "could not parse value(s) from old RDN", NULL, NULL );
481 for ( d_cnt = 0; old_rdn_types[d_cnt]; d_cnt++ ) {
483 Modifications *mod_tmp;
486 mod_tmp = (Modifications *)ch_malloc( sizeof( Modifications ) );
488 mod_tmp->sml_desc = NULL;
489 rc = slap_str2ad( old_rdn_types[d_cnt],
490 &mod_tmp->sml_desc, &text );
492 if ( rc != LDAP_SUCCESS ) {
493 Debug( LDAP_DEBUG_TRACE,
494 "ldbm_back_modrdn: %s: %s (old)\n",
495 text, old_rdn_types[d_cnt], 0 );
497 send_ldap_result( conn, op, rc,
498 NULL, text, NULL, NULL );
503 val.bv_val = old_rdn_vals[d_cnt];
504 val.bv_len = strlen( val.bv_val );
505 if ( ! access_allowed( be, conn, op, e,
506 mod_tmp->sml_desc, &val, ACL_WRITE ) ) {
507 Debug( LDAP_DEBUG_TRACE,
508 "ldbm_back_modrdn: access not allowed "
509 "to attr \"%s\"\n%s%s",
510 old_rdn_types[d_cnt], "", "" );
511 send_ldap_result( conn, op,
512 LDAP_INSUFFICIENT_ACCESS,
513 NULL, NULL, NULL, NULL );
518 /* Remove old value of rdn as an attribute. */
519 mod_tmp->sml_bvalues = (struct berval **)ch_malloc( 2 * sizeof(struct berval *) );
520 mod_tmp->sml_bvalues[0] = ber_bvstrdup( old_rdn_vals[d_cnt] );
521 mod_tmp->sml_bvalues[1] = NULL;
522 mod_tmp->sml_op = LDAP_MOD_DELETE;
523 mod_tmp->sml_next = mod;
526 Debug( LDAP_DEBUG_TRACE,
527 "ldbm_back_modrdn: removing old_rdn_val=%s\n",
528 old_rdn_vals[0], 0, 0 );
533 /* check for abandon */
534 ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
535 if ( op->o_abandon ) {
536 ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
539 ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
542 if ( dn2id_delete( be, e->e_ndn, e->e_id ) != 0 ) {
543 send_ldap_result( conn, op, LDAP_OTHER,
544 NULL, "DN index delete fail", NULL, NULL );
548 (void) cache_delete_entry( &li->li_cache, e );
551 /* XXX: there is no going back! */
561 if ( dn2id_add( be, e->e_ndn, e->e_id ) != 0 ) {
562 send_ldap_result( conn, op, LDAP_OTHER,
563 NULL, "DN index add failed", NULL, NULL );
567 /* modify memory copy of entry */
568 rc = ldbm_modify_internal( be, conn, op, dn, &mod[0], e,
569 &text, textbuf, textlen );
571 if( rc != LDAP_SUCCESS ) {
572 if( rc != SLAPD_ABANDON ) {
573 send_ldap_result( conn, op, rc,
574 NULL, text, NULL, NULL );
577 /* here we may try to delete the newly added dn */
578 if ( dn2id_delete( be, e->e_ndn, e->e_id ) != 0 ) {
579 /* we already are in trouble ... */
586 (void) cache_update_entry( &li->li_cache, e );
588 /* NOTE: after this you must not free new_dn or new_ndn!
589 * They are used by cache.
593 if ( id2entry_add( be, e ) != 0 ) {
594 send_ldap_result( conn, op, LDAP_OTHER,
595 NULL, "entry update failed", NULL, NULL );
599 send_ldap_result( conn, op, LDAP_SUCCESS,
600 NULL, NULL, NULL, NULL );
602 cache_entry_commit( e );
605 if( new_dn != NULL ) free( new_dn );
606 if( new_ndn != NULL ) free( new_ndn );
608 if( p_dn != NULL ) free( p_dn );
609 if( p_ndn != NULL ) free( p_ndn );
611 /* LDAP v2 supporting correct attribute handling. */
612 if( new_rdn_types != NULL ) charray_free( new_rdn_types );
613 if( new_rdn_vals != NULL ) charray_free( new_rdn_vals );
614 if( old_rdn != NULL ) free(old_rdn);
615 if( old_rdn_types != NULL ) charray_free( old_rdn_types );
616 if( old_rdn_vals != NULL ) charray_free( old_rdn_vals );
619 slap_mods_free( mod );
622 /* LDAP v3 Support */
623 if ( np_dn != NULL ) free( np_dn );
624 if ( np_ndn != NULL ) free( np_ndn );
627 /* free new parent and writer lock */
628 cache_return_entry_w( &li->li_cache, np );
632 /* free parent and writer lock */
633 cache_return_entry_w( &li->li_cache, p );
636 /* free entry and writer lock */
637 cache_return_entry_w( &li->li_cache, e );
638 if ( rc == MUST_DESTROY ) {
639 /* if rc == MUST_DESTROY the entry is uncached
640 * and its private data is destroyed;
641 * the entry must be freed */
644 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
projects / openldap / blob