1 /* modrdn.c - ldbm backend modrdn routine */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2006 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright 1999, Juan C. Gomez, All rights reserved.
17 * This software is not subject to any license of Silicon Graphics
18 * Inc. or Purdue University.
20 * Redistribution and use in source and binary forms are permitted
21 * without restriction or fee of any kind as long as this notice
29 #include <ac/string.h>
30 #include <ac/socket.h>
33 #include "back-ldbm.h"
34 #include "proto-back-ldbm.h"
41 AttributeDescription *children = slap_schema.si_ad_children;
42 AttributeDescription *entry = slap_schema.si_ad_entry;
43 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
44 struct berval p_dn, p_ndn;
45 struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
46 struct berval old_ndn = BER_BVNULL;
49 /* LDAP v2 supporting correct attribute handling. */
50 LDAPRDN new_rdn = NULL;
51 LDAPRDN old_rdn = NULL;
54 char textbuf[SLAP_TEXT_BUFLEN];
55 size_t textlen = sizeof textbuf;
56 /* Added to support newSuperior */
57 Entry *np = NULL; /* newSuperior Entry */
58 struct berval *np_ndn = NULL; /* newSuperior ndn */
59 struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
60 /* Used to interface with ldbm_modify_internal() */
61 Modifications *mod = NULL; /* Used to delete old/add new rdn */
62 int manageDSAit = get_manageDSAit( op );
64 Debug( LDAP_DEBUG_TRACE,
65 "==>ldbm_back_modrdn: dn: %s newSuperior=%s\n",
66 op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
67 ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len )
68 ? op->oq_modrdn.rs_newSup->bv_val : "NULL", 0 );
70 /* grab giant lock for writing */
71 ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
73 e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
75 /* get entry with writer lock */
76 /* FIXME: dn2entry() should return non-glue entry */
77 if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
78 if ( matched != NULL ) {
79 rs->sr_matched = strdup( matched->e_dn );
80 rs->sr_ref = is_entry_referral( matched )
81 ? get_entry_referrals( op, matched )
83 cache_return_entry_r( &li->li_cache, matched );
85 rs->sr_ref = referral_rewrite( default_referral, NULL,
86 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
89 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
91 rs->sr_err = LDAP_REFERRAL;
92 send_ldap_result( op, rs );
94 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
95 free( (char *)rs->sr_matched );
97 rs->sr_matched = NULL;
101 /* check entry for "entry" acl */
102 if ( ! access_allowed( op, e, entry, NULL, ACL_WRITE, NULL ) )
104 Debug( LDAP_DEBUG_TRACE,
105 "<=- ldbm_back_modrdn: no write access to entry\n", 0,
108 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
109 "no write access to entry" );
114 if (!manageDSAit && is_entry_referral( e ) ) {
115 /* parent is a referral, don't allow add */
116 /* parent is an alias, don't allow add */
117 rs->sr_ref = get_entry_referrals( op, e );
119 Debug( LDAP_DEBUG_TRACE, "entry %s is referral\n", e->e_dn,
122 rs->sr_err = LDAP_REFERRAL;
123 rs->sr_matched = e->e_name.bv_val;
124 send_ldap_result( op, rs );
126 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
128 rs->sr_matched = NULL;
132 if ( has_children( op->o_bd, e ) ) {
133 Debug( LDAP_DEBUG_TRACE, "entry %s has children\n", e->e_dn,
136 send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
137 "subtree rename not supported" );
141 if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
142 p_ndn = slap_empty_bv ;
144 dnParent( &e->e_nname, &p_ndn );
147 if ( p_ndn.bv_len != 0 ) {
148 /* Make sure parent entry exist and we can write its
152 if( (p = dn2entry_w( op->o_bd, &p_ndn, NULL )) == NULL) {
153 Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
156 send_ldap_error( op, rs, LDAP_OTHER,
157 "parent entry does not exist" );
162 p = (Entry *)&slap_entry_root;
165 /* check parent for "children" acl */
166 rs->sr_err = access_allowed( op, p, children, NULL,
167 op->oq_modrdn.rs_newSup != NULL ?
168 ACL_WDEL : ACL_WRITE,
171 if ( BER_BVISEMPTY( &p_ndn ))
176 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
179 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
184 Debug( LDAP_DEBUG_TRACE,
185 "ldbm_back_modrdn: wr to children of entry %s OK\n",
186 p_ndn.bv_val, 0, 0 );
188 if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
189 p_dn = slap_empty_bv;
191 dnParent( &e->e_name, &p_dn );
194 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n",
197 new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
199 if ( op->oq_modrdn.rs_newSup != NULL ) {
200 Debug( LDAP_DEBUG_TRACE,
201 "ldbm_back_modrdn: new parent \"%s\" requested...\n",
202 op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
204 np_ndn = op->oq_modrdn.rs_nnewSup;
206 /* newSuperior == oldParent? */
207 if ( dn_match( &p_ndn, np_ndn ) ) {
208 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: "
209 "new parent\"%s\" seems to be the same as the "
210 "old parent \"%s\"\n",
211 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
213 op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
217 if ( op->oq_modrdn.rs_newSup != NULL ) {
218 /* newSuperior == entry being moved?, if so ==> ERROR */
219 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
221 if ( op->oq_modrdn.rs_nnewSup->bv_len ) {
222 if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) {
223 Debug( LDAP_DEBUG_TRACE,
224 "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
225 np_ndn->bv_val, 0, 0);
227 send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT,
228 "newSuperior not found" );
232 Debug( LDAP_DEBUG_TRACE,
233 "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
234 (void *) np, np->e_id, 0 );
236 /* check newSuperior for "children" acl */
237 if ( !access_allowed( op, np, children, NULL,
240 Debug( LDAP_DEBUG_TRACE,
241 "ldbm_back_modrdn: no wr to newSup children\n",
244 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
248 if ( is_entry_alias( np ) ) {
249 /* parent is an alias, don't allow add */
250 Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
253 send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
254 "newSuperior is an alias" );
259 if ( is_entry_referral( np ) ) {
260 /* parent is a referral, don't allow add */
261 Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n",
264 send_ldap_error( op, rs, LDAP_OTHER,
265 "newSuperior is a referral" );
271 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
272 || be_shadow_update( op ) ) {
274 np = (Entry *)&slap_entry_root;
276 can_access = access_allowed( op, np,
277 children, NULL, ACL_WADD, NULL );
280 /* check parent for "children" acl */
281 if ( ! can_access ) {
282 Debug( LDAP_DEBUG_TRACE,
283 "<=- ldbm_back_modrdn: no "
284 "access to new superior\n", 0, 0, 0 );
286 send_ldap_error( op, rs,
287 LDAP_INSUFFICIENT_ACCESS,
293 Debug( LDAP_DEBUG_TRACE,
294 "<=- ldbm_back_modrdn: \"\" "
295 "not allowed as new superior\n",
298 send_ldap_error( op, rs,
299 LDAP_INSUFFICIENT_ACCESS,
305 Debug( LDAP_DEBUG_TRACE,
306 "ldbm_back_modrdn: wr to new parent's children OK\n",
309 new_parent_dn = op->oq_modrdn.rs_newSup;
312 /* Build target dn and make sure target entry doesn't exist already. */
313 build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
314 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
316 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
317 new_ndn.bv_val, 0, 0 );
319 /* check for abandon */
320 if ( op->o_abandon ) {
321 rs->sr_err = SLAPD_ABANDON;
325 if ( ( rc_id = dn2id ( op->o_bd, &new_ndn, &id ) ) || id != NOID ) {
326 /* if (rc_id) something bad happened to ldbm cache */
327 rs->sr_err = rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
328 send_ldap_result( op, rs );
332 Debug( LDAP_DEBUG_TRACE,
333 "ldbm_back_modrdn: new ndn=%s does not exist\n",
334 new_ndn.bv_val, 0, 0 );
336 /* Get attribute type and attribute value of our new rdn, we will
337 * need to add that to our new entry
339 if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text,
340 LDAP_DN_FORMAT_LDAP ) )
342 Debug( LDAP_DEBUG_TRACE,
343 "ldbm_back_modrdn: can't figure out "
344 "type(s)/values(s) of newrdn\n",
346 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX,
347 "unknown type(s) used in RDN" );
351 Debug( LDAP_DEBUG_TRACE,
352 "ldbm_back_modrdn: new_rdn_type=\"%s\", "
353 "new_rdn_val=\"%s\"\n",
354 new_rdn[ 0 ]->la_attr.bv_val,
355 new_rdn[ 0 ]->la_value.bv_val, 0 );
357 if ( op->oq_modrdn.rs_deleteoldrdn ) {
358 if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
359 LDAP_DN_FORMAT_LDAP ) )
361 Debug( LDAP_DEBUG_TRACE,
362 "ldbm_back_modrdn: can't figure out "
363 "the old_rdn type(s)/value(s)\n",
365 send_ldap_error( op, rs, LDAP_OTHER,
366 "cannot parse RDN from old DN" );
371 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
374 if ( slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod ) != LDAP_SUCCESS ) {
375 send_ldap_result( op, rs );
379 /* check for abandon */
380 if ( op->o_abandon ) {
381 rs->sr_err = SLAPD_ABANDON;
385 (void) cache_delete_entry( &li->li_cache, e );
388 old_ndn = e->e_nname;
390 e->e_nname = new_ndn;
391 new_dn.bv_val = NULL;
392 new_ndn.bv_val = NULL;
394 /* NOTE: after this you must not free new_dn or new_ndn!
395 * They are used by cache.
398 /* modify memory copy of entry */
399 rs->sr_err = ldbm_modify_internal( op, &mod[0], e,
400 &rs->sr_text, textbuf, textlen );
401 switch ( rs->sr_err ) {
406 send_ldap_result( op, rs );
413 * NOTE: the backend MUST delete then add the entry,
414 * otherwise indexing may get hosed
415 * FIXME: if a new ID was used, the add could be done first.
416 * that would be safer.
420 if ( dn2id_delete( op->o_bd, &old_ndn, e->e_id ) != 0 ) {
421 send_ldap_error( op, rs, LDAP_OTHER,
422 "DN index delete fail" );
427 if ( dn2id_add( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
428 /* try to repair old entry - probably hopeless */
429 if( dn2id_add( op->o_bd, &old_ndn, e->e_id) != 0 ) {
430 send_ldap_error( op, rs, LDAP_OTHER,
431 "DN index add and repair failed" );
433 send_ldap_error( op, rs, LDAP_OTHER,
434 "DN index add failed" );
440 if ( id2entry_add( op->o_bd, e ) != 0 ) {
443 rc = dn2id_delete( op->o_bd, &e->e_nname, e->e_id );
444 rc |= dn2id_add( op->o_bd, &old_ndn, e->e_id );
446 send_ldap_error( op, rs, LDAP_OTHER,
447 "entry update and repair failed" );
449 send_ldap_error( op, rs, LDAP_OTHER,
450 "entry update failed" );
455 (void) cache_update_entry( &li->li_cache, e );
457 rs->sr_err = LDAP_SUCCESS;
459 send_ldap_result( op, rs );
460 cache_entry_commit( e );
463 slap_graduate_commit_csn( op );
464 if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
465 if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
466 if( old_ndn.bv_val != NULL ) free( old_ndn.bv_val );
468 /* LDAP v2 supporting correct attribute handling. */
469 if ( new_rdn != NULL ) {
470 ldap_rdnfree( new_rdn );
472 if ( old_rdn != NULL ) {
473 ldap_rdnfree( old_rdn );
477 for (; mod; mod = tmp ) {
478 /* slap_modrdn2mods does things one way,
479 * slap_mods_opattrs does it differently
481 if ( mod->sml_op != SLAP_MOD_SOFTADD &&
482 mod->sml_op != LDAP_MOD_DELETE ) break;
483 if ( mod->sml_nvalues ) free( mod->sml_nvalues[0].bv_val );
487 slap_mods_free( mod, 1 );
490 /* LDAP v3 Support */
492 /* free new parent and writer lock */
493 cache_return_entry_w( &li->li_cache, np );
497 /* free parent and writer lock */
498 cache_return_entry_w( &li->li_cache, p );
501 /* free entry and writer lock */
502 cache_return_entry_w( &li->li_cache, e );
503 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
505 return( rs->sr_err );
projects / openldap / blob