1 /* modrdn.c - ldbm backend modrdn routine */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2004 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright 1999, Juan C. Gomez, All rights reserved.
17 * This software is not subject to any license of Silicon Graphics
18 * Inc. or Purdue University.
20 * Redistribution and use in source and binary forms are permitted
21 * without restriction or fee of any kind as long as this notice
29 #include <ac/string.h>
30 #include <ac/socket.h>
33 #include "back-ldbm.h"
34 #include "proto-back-ldbm.h"
41 AttributeDescription *children = slap_schema.si_ad_children;
42 AttributeDescription *entry = slap_schema.si_ad_entry;
43 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
44 struct berval p_dn, p_ndn;
45 struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
46 struct berval old_ndn = BER_BVNULL;
49 /* LDAP v2 supporting correct attribute handling. */
50 LDAPRDN new_rdn = NULL;
51 LDAPRDN old_rdn = NULL;
55 const char *text = NULL;
56 char textbuf[SLAP_TEXT_BUFLEN];
57 size_t textlen = sizeof textbuf;
58 /* Added to support newSuperior */
59 Entry *np = NULL; /* newSuperior Entry */
60 struct berval *np_ndn = NULL; /* newSuperior ndn */
61 struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
62 /* Used to interface with ldbm_modify_internal() */
63 Modifications *mod = NULL; /* Used to delete old/add new rdn */
64 int manageDSAit = get_manageDSAit( op );
66 Debug( LDAP_DEBUG_TRACE,
67 "==>ldbm_back_modrdn: dn: %s newSuperior=%s\n",
68 op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
69 ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len )
70 ? op->oq_modrdn.rs_newSup->bv_val : "NULL", 0 );
72 /* grab giant lock for writing */
73 ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
75 e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
77 /* get entry with writer lock */
78 /* FIXME: dn2entry() should return non-glue entry */
79 if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
80 if ( matched != NULL ) {
81 rs->sr_matched = strdup( matched->e_dn );
82 rs->sr_ref = is_entry_referral( matched )
83 ? get_entry_referrals( op, matched )
85 cache_return_entry_r( &li->li_cache, matched );
87 BerVarray deref = NULL;
88 if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
90 LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
92 ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
93 ber_bvarray_add( &deref, &tmpbv );
96 deref = default_referral;
98 rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
102 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
104 rs->sr_err = LDAP_REFERRAL;
105 send_ldap_result( op, rs );
107 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
108 free( (char *)rs->sr_matched );
110 rs->sr_matched = NULL;
114 /* check entry for "entry" acl */
115 if ( ! access_allowed( op, e,
116 entry, NULL, ACL_WRITE, NULL ) )
118 Debug( LDAP_DEBUG_TRACE,
119 "<=- ldbm_back_modrdn: no write access to entry\n", 0,
122 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
123 "no write access to entry" );
128 if (!manageDSAit && is_entry_referral( e ) ) {
129 /* parent is a referral, don't allow add */
130 /* parent is an alias, don't allow add */
131 rs->sr_ref = get_entry_referrals( op, e );
133 Debug( LDAP_DEBUG_TRACE, "entry %s is referral\n", e->e_dn,
136 rs->sr_err = LDAP_REFERRAL;
137 rs->sr_matched = e->e_name.bv_val;
138 send_ldap_result( op, rs );
140 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
142 rs->sr_matched = NULL;
146 if ( has_children( op->o_bd, e ) ) {
147 Debug( LDAP_DEBUG_TRACE, "entry %s has children\n", e->e_dn,
150 send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
151 "subtree rename not supported" );
155 if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
156 p_ndn = slap_empty_bv ;
158 dnParent( &e->e_nname, &p_ndn );
161 if ( p_ndn.bv_len != 0 ) {
162 /* Make sure parent entry exist and we can write its
166 if( (p = dn2entry_w( op->o_bd, &p_ndn, NULL )) == NULL) {
167 Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
170 send_ldap_error( op, rs, LDAP_OTHER,
171 "parent entry does not exist" );
176 /* check parent for "children" acl */
177 if ( ! access_allowed( op, p,
178 children, NULL, ACL_WRITE, NULL ) )
180 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
183 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
188 Debug( LDAP_DEBUG_TRACE,
189 "ldbm_back_modrdn: wr to children of entry %s OK\n",
190 p_ndn.bv_val, 0, 0 );
192 if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
193 p_dn = slap_empty_bv;
195 dnParent( &e->e_name, &p_dn );
198 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n",
202 /* no parent, must be root to modify rdn */
203 isroot = be_isroot( op );
205 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
206 || be_shadow_update( op ) ) {
208 p = (Entry *)&slap_entry_root;
210 can_access = access_allowed( op, p,
211 children, NULL, ACL_WRITE, NULL );
214 /* check parent for "children" acl */
215 if ( ! can_access ) {
216 Debug( LDAP_DEBUG_TRACE,
217 "<=- ldbm_back_modrdn: no "
218 "access to parent\n", 0, 0, 0 );
220 send_ldap_error( op, rs,
221 LDAP_INSUFFICIENT_ACCESS,
227 Debug( LDAP_DEBUG_TRACE,
228 "<=- ldbm_back_modrdn: no parent & "
229 "not root\n", 0, 0, 0);
231 send_ldap_error( op, rs,
232 LDAP_INSUFFICIENT_ACCESS,
238 Debug( LDAP_DEBUG_TRACE,
239 "ldbm_back_modrdn: no parent, locked root\n",
243 new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
245 if ( op->oq_modrdn.rs_newSup != NULL ) {
246 Debug( LDAP_DEBUG_TRACE,
247 "ldbm_back_modrdn: new parent \"%s\" requested...\n",
248 op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
250 np_ndn = op->oq_modrdn.rs_nnewSup;
252 /* newSuperior == oldParent? */
253 if ( dn_match( &p_ndn, np_ndn ) ) {
254 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: "
255 "new parent\"%s\" seems to be the same as the "
256 "old parent \"%s\"\n",
257 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
259 op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
263 if ( op->oq_modrdn.rs_newSup != NULL ) {
264 /* newSuperior == entry being moved?, if so ==> ERROR */
265 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
267 if ( op->oq_modrdn.rs_nnewSup->bv_len ) {
268 if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) {
269 Debug( LDAP_DEBUG_TRACE,
270 "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
271 np_ndn->bv_val, 0, 0);
273 send_ldap_error( op, rs, LDAP_OTHER,
274 "newSuperior not found" );
278 Debug( LDAP_DEBUG_TRACE,
279 "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
280 (void *) np, np->e_id, 0 );
282 /* check newSuperior for "children" acl */
283 if ( !access_allowed( op, np, children, NULL,
286 Debug( LDAP_DEBUG_TRACE,
287 "ldbm_back_modrdn: no wr to newSup children\n",
290 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
294 if ( is_entry_alias( np ) ) {
295 /* parent is an alias, don't allow add */
296 Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
299 send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
300 "newSuperior is an alias" );
305 if ( is_entry_referral( np ) ) {
306 /* parent is a referral, don't allow add */
307 Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n",
310 send_ldap_error( op, rs, LDAP_OTHER,
311 "newSuperior is a referral" );
318 /* no parent, must be root to modify newSuperior */
319 if ( isroot == -1 ) {
320 isroot = be_isroot( op );
324 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
325 || be_shadow_update( op ) ) {
327 np = (Entry *)&slap_entry_root;
329 can_access = access_allowed( op, np,
330 children, NULL, ACL_WRITE, NULL );
333 /* check parent for "children" acl */
334 if ( ! can_access ) {
335 Debug( LDAP_DEBUG_TRACE,
336 "<=- ldbm_back_modrdn: no "
337 "access to new superior\n", 0, 0, 0 );
339 send_ldap_error( op, rs,
340 LDAP_INSUFFICIENT_ACCESS,
346 Debug( LDAP_DEBUG_TRACE,
347 "<=- ldbm_back_modrdn: \"\" "
348 "not allowed as new superior\n",
351 send_ldap_error( op, rs,
352 LDAP_INSUFFICIENT_ACCESS,
359 Debug( LDAP_DEBUG_TRACE,
360 "ldbm_back_modrdn: wr to new parent's children OK\n",
363 new_parent_dn = op->oq_modrdn.rs_newSup;
366 /* Build target dn and make sure target entry doesn't exist already. */
367 build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
368 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
370 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
371 new_ndn.bv_val, 0, 0 );
373 /* check for abandon */
374 if ( op->o_abandon ) {
378 if ( ( rc_id = dn2id ( op->o_bd, &new_ndn, &id ) ) || id != NOID ) {
379 /* if (rc_id) something bad happened to ldbm cache */
380 rs->sr_err = rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
381 send_ldap_result( op, rs );
385 Debug( LDAP_DEBUG_TRACE,
386 "ldbm_back_modrdn: new ndn=%s does not exist\n",
387 new_ndn.bv_val, 0, 0 );
389 /* Get attribute type and attribute value of our new rdn, we will
390 * need to add that to our new entry
392 if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text,
393 LDAP_DN_FORMAT_LDAP ) )
395 Debug( LDAP_DEBUG_TRACE,
396 "ldbm_back_modrdn: can't figure out "
397 "type(s)/values(s) of newrdn\n",
399 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX,
400 "unknown type(s) used in RDN" );
404 Debug( LDAP_DEBUG_TRACE,
405 "ldbm_back_modrdn: new_rdn_type=\"%s\", "
406 "new_rdn_val=\"%s\"\n",
407 new_rdn[ 0 ]->la_attr.bv_val,
408 new_rdn[ 0 ]->la_value.bv_val, 0 );
410 if ( op->oq_modrdn.rs_deleteoldrdn ) {
411 if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
412 LDAP_DN_FORMAT_LDAP ) )
414 Debug( LDAP_DEBUG_TRACE,
415 "ldbm_back_modrdn: can't figure out "
416 "the old_rdn type(s)/value(s)\n",
418 send_ldap_error( op, rs, LDAP_OTHER,
419 "cannot parse RDN from old DN" );
424 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
427 if ( slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod ) != LDAP_SUCCESS ) {
428 send_ldap_result( op, rs );
432 /* check for abandon */
433 if ( op->o_abandon ) {
437 (void) cache_delete_entry( &li->li_cache, e );
440 old_ndn = e->e_nname;
442 e->e_nname = new_ndn;
443 new_dn.bv_val = NULL;
444 new_ndn.bv_val = NULL;
446 /* NOTE: after this you must not free new_dn or new_ndn!
447 * They are used by cache.
450 /* modify memory copy of entry */
451 rs->sr_err = ldbm_modify_internal( op, &mod[0], e,
452 &rs->sr_text, textbuf, textlen );
453 switch ( rs->sr_err ) {
458 send_ldap_result( op, rs );
465 * NOTE: the backend MUST delete then add the entry,
466 * otherwise indexing may get hosed
467 * FIXME: if a new ID was used, the add could be done first.
468 * that would be safer.
472 if ( dn2id_delete( op->o_bd, &old_ndn, e->e_id ) != 0 ) {
473 send_ldap_error( op, rs, LDAP_OTHER,
474 "DN index delete fail" );
479 if ( dn2id_add( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
480 /* try to repair old entry - probably hopeless */
481 if( dn2id_add( op->o_bd, &old_ndn, e->e_id) != 0 ) {
482 send_ldap_error( op, rs, LDAP_OTHER,
483 "DN index add and repair failed" );
485 send_ldap_error( op, rs, LDAP_OTHER,
486 "DN index add failed" );
492 if ( id2entry_add( op->o_bd, e ) != 0 ) {
495 rc = dn2id_delete( op->o_bd, &e->e_nname, e->e_id );
496 rc |= dn2id_add( op->o_bd, &old_ndn, e->e_id );
498 send_ldap_error( op, rs, LDAP_OTHER,
499 "entry update and repair failed" );
501 send_ldap_error( op, rs, LDAP_OTHER,
502 "entry update failed" );
507 (void) cache_update_entry( &li->li_cache, e );
509 rs->sr_err = LDAP_SUCCESS;
511 send_ldap_result( op, rs );
512 cache_entry_commit( e );
515 if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
516 if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
517 if( old_ndn.bv_val != NULL ) free( old_ndn.bv_val );
519 /* LDAP v2 supporting correct attribute handling. */
520 if ( new_rdn != NULL ) {
521 ldap_rdnfree( new_rdn );
523 if ( old_rdn != NULL ) {
524 ldap_rdnfree( old_rdn );
528 for (; mod; mod = tmp ) {
529 /* slap_modrdn2mods does things one way,
530 * slap_mods_opattrs does it differently
532 if ( mod->sml_op != SLAP_MOD_SOFTADD &&
533 mod->sml_op != LDAP_MOD_DELETE ) break;
534 if ( mod->sml_nvalues ) free( mod->sml_nvalues[0].bv_val );
538 slap_mods_free( mod );
541 /* LDAP v3 Support */
543 /* free new parent and writer lock */
544 cache_return_entry_w( &li->li_cache, np );
548 /* free parent and writer lock */
549 cache_return_entry_w( &li->li_cache, p );
552 /* free entry and writer lock */
553 cache_return_entry_w( &li->li_cache, e );
554 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
556 return( rs->sr_err );
projects / openldap / blob