1 /* modrdn.c - ldbm backend modrdn routine */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2005 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright 1999, Juan C. Gomez, All rights reserved.
17 * This software is not subject to any license of Silicon Graphics
18 * Inc. or Purdue University.
20 * Redistribution and use in source and binary forms are permitted
21 * without restriction or fee of any kind as long as this notice
29 #include <ac/string.h>
30 #include <ac/socket.h>
33 #include "back-ldbm.h"
34 #include "proto-back-ldbm.h"
41 AttributeDescription *children = slap_schema.si_ad_children;
42 AttributeDescription *entry = slap_schema.si_ad_entry;
43 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
44 struct berval p_dn, p_ndn;
45 struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
46 struct berval old_ndn = BER_BVNULL;
49 /* LDAP v2 supporting correct attribute handling. */
50 LDAPRDN new_rdn = NULL;
51 LDAPRDN old_rdn = NULL;
55 char textbuf[SLAP_TEXT_BUFLEN];
56 size_t textlen = sizeof textbuf;
57 /* Added to support newSuperior */
58 Entry *np = NULL; /* newSuperior Entry */
59 struct berval *np_ndn = NULL; /* newSuperior ndn */
60 struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
61 /* Used to interface with ldbm_modify_internal() */
62 Modifications *mod = NULL; /* Used to delete old/add new rdn */
63 int manageDSAit = get_manageDSAit( op );
65 Debug( LDAP_DEBUG_TRACE,
66 "==>ldbm_back_modrdn: dn: %s newSuperior=%s\n",
67 op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
68 ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len )
69 ? op->oq_modrdn.rs_newSup->bv_val : "NULL", 0 );
71 /* grab giant lock for writing */
72 ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
74 e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
76 /* get entry with writer lock */
77 /* FIXME: dn2entry() should return non-glue entry */
78 if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
79 if ( matched != NULL ) {
80 rs->sr_matched = strdup( matched->e_dn );
81 rs->sr_ref = is_entry_referral( matched )
82 ? get_entry_referrals( op, matched )
84 cache_return_entry_r( &li->li_cache, matched );
86 rs->sr_ref = referral_rewrite( default_referral, NULL,
87 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
90 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
92 rs->sr_err = LDAP_REFERRAL;
93 send_ldap_result( op, rs );
95 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
96 free( (char *)rs->sr_matched );
98 rs->sr_matched = NULL;
102 /* check entry for "entry" acl */
103 if ( ! access_allowed( op, e, entry, NULL, ACL_WRITE, NULL ) )
105 Debug( LDAP_DEBUG_TRACE,
106 "<=- ldbm_back_modrdn: no write access to entry\n", 0,
109 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
110 "no write access to entry" );
115 if (!manageDSAit && is_entry_referral( e ) ) {
116 /* parent is a referral, don't allow add */
117 /* parent is an alias, don't allow add */
118 rs->sr_ref = get_entry_referrals( op, e );
120 Debug( LDAP_DEBUG_TRACE, "entry %s is referral\n", e->e_dn,
123 rs->sr_err = LDAP_REFERRAL;
124 rs->sr_matched = e->e_name.bv_val;
125 send_ldap_result( op, rs );
127 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
129 rs->sr_matched = NULL;
133 if ( has_children( op->o_bd, e ) ) {
134 Debug( LDAP_DEBUG_TRACE, "entry %s has children\n", e->e_dn,
137 send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
138 "subtree rename not supported" );
142 if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
143 p_ndn = slap_empty_bv ;
145 dnParent( &e->e_nname, &p_ndn );
148 if ( p_ndn.bv_len != 0 ) {
149 /* Make sure parent entry exist and we can write its
153 if( (p = dn2entry_w( op->o_bd, &p_ndn, NULL )) == NULL) {
154 Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
157 send_ldap_error( op, rs, LDAP_OTHER,
158 "parent entry does not exist" );
163 /* check parent for "children" acl */
164 if ( ! access_allowed( op, p, children, NULL,
165 op->oq_modrdn.rs_newSup != NULL ?
166 ACL_WDEL : ACL_WRITE,
169 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
172 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
177 Debug( LDAP_DEBUG_TRACE,
178 "ldbm_back_modrdn: wr to children of entry %s OK\n",
179 p_ndn.bv_val, 0, 0 );
181 if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
182 p_dn = slap_empty_bv;
184 dnParent( &e->e_name, &p_dn );
187 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n",
191 /* no parent, must be root to modify rdn */
192 isroot = be_isroot( op );
194 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
195 || be_shadow_update( op ) ) {
197 p = (Entry *)&slap_entry_root;
199 can_access = access_allowed( op, p,
201 op->oq_modrdn.rs_newSup ?
202 ACL_WDEL : ACL_WRITE,
206 /* check parent for "children" acl */
207 if ( ! can_access ) {
208 Debug( LDAP_DEBUG_TRACE,
209 "<=- ldbm_back_modrdn: no "
210 "access to parent\n", 0, 0, 0 );
212 send_ldap_error( op, rs,
213 LDAP_INSUFFICIENT_ACCESS,
219 Debug( LDAP_DEBUG_TRACE,
220 "<=- ldbm_back_modrdn: no parent & "
221 "not root\n", 0, 0, 0);
223 send_ldap_error( op, rs,
224 LDAP_INSUFFICIENT_ACCESS,
230 Debug( LDAP_DEBUG_TRACE,
231 "ldbm_back_modrdn: no parent, locked root\n",
235 new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
237 if ( op->oq_modrdn.rs_newSup != NULL ) {
238 Debug( LDAP_DEBUG_TRACE,
239 "ldbm_back_modrdn: new parent \"%s\" requested...\n",
240 op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
242 np_ndn = op->oq_modrdn.rs_nnewSup;
244 /* newSuperior == oldParent? */
245 if ( dn_match( &p_ndn, np_ndn ) ) {
246 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: "
247 "new parent\"%s\" seems to be the same as the "
248 "old parent \"%s\"\n",
249 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
251 op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
255 if ( op->oq_modrdn.rs_newSup != NULL ) {
256 /* newSuperior == entry being moved?, if so ==> ERROR */
257 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
259 if ( op->oq_modrdn.rs_nnewSup->bv_len ) {
260 if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) {
261 Debug( LDAP_DEBUG_TRACE,
262 "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
263 np_ndn->bv_val, 0, 0);
265 send_ldap_error( op, rs, LDAP_OTHER,
266 "newSuperior not found" );
270 Debug( LDAP_DEBUG_TRACE,
271 "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
272 (void *) np, np->e_id, 0 );
274 /* check newSuperior for "children" acl */
275 if ( !access_allowed( op, np, children, NULL,
278 Debug( LDAP_DEBUG_TRACE,
279 "ldbm_back_modrdn: no wr to newSup children\n",
282 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
286 if ( is_entry_alias( np ) ) {
287 /* parent is an alias, don't allow add */
288 Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
291 send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
292 "newSuperior is an alias" );
297 if ( is_entry_referral( np ) ) {
298 /* parent is a referral, don't allow add */
299 Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n",
302 send_ldap_error( op, rs, LDAP_OTHER,
303 "newSuperior is a referral" );
310 /* no parent, must be root to modify newSuperior */
311 if ( isroot == -1 ) {
312 isroot = be_isroot( op );
316 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
317 || be_shadow_update( op ) ) {
319 np = (Entry *)&slap_entry_root;
321 can_access = access_allowed( op, np,
322 children, NULL, ACL_WADD, NULL );
325 /* check parent for "children" acl */
326 if ( ! can_access ) {
327 Debug( LDAP_DEBUG_TRACE,
328 "<=- ldbm_back_modrdn: no "
329 "access to new superior\n", 0, 0, 0 );
331 send_ldap_error( op, rs,
332 LDAP_INSUFFICIENT_ACCESS,
338 Debug( LDAP_DEBUG_TRACE,
339 "<=- ldbm_back_modrdn: \"\" "
340 "not allowed as new superior\n",
343 send_ldap_error( op, rs,
344 LDAP_INSUFFICIENT_ACCESS,
351 Debug( LDAP_DEBUG_TRACE,
352 "ldbm_back_modrdn: wr to new parent's children OK\n",
355 new_parent_dn = op->oq_modrdn.rs_newSup;
358 /* Build target dn and make sure target entry doesn't exist already. */
359 build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
360 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
362 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
363 new_ndn.bv_val, 0, 0 );
365 /* check for abandon */
366 if ( op->o_abandon ) {
367 rs->sr_err = SLAPD_ABANDON;
371 if ( ( rc_id = dn2id ( op->o_bd, &new_ndn, &id ) ) || id != NOID ) {
372 /* if (rc_id) something bad happened to ldbm cache */
373 rs->sr_err = rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
374 send_ldap_result( op, rs );
378 Debug( LDAP_DEBUG_TRACE,
379 "ldbm_back_modrdn: new ndn=%s does not exist\n",
380 new_ndn.bv_val, 0, 0 );
382 /* Get attribute type and attribute value of our new rdn, we will
383 * need to add that to our new entry
385 if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text,
386 LDAP_DN_FORMAT_LDAP ) )
388 Debug( LDAP_DEBUG_TRACE,
389 "ldbm_back_modrdn: can't figure out "
390 "type(s)/values(s) of newrdn\n",
392 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX,
393 "unknown type(s) used in RDN" );
397 Debug( LDAP_DEBUG_TRACE,
398 "ldbm_back_modrdn: new_rdn_type=\"%s\", "
399 "new_rdn_val=\"%s\"\n",
400 new_rdn[ 0 ]->la_attr.bv_val,
401 new_rdn[ 0 ]->la_value.bv_val, 0 );
403 if ( op->oq_modrdn.rs_deleteoldrdn ) {
404 if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
405 LDAP_DN_FORMAT_LDAP ) )
407 Debug( LDAP_DEBUG_TRACE,
408 "ldbm_back_modrdn: can't figure out "
409 "the old_rdn type(s)/value(s)\n",
411 send_ldap_error( op, rs, LDAP_OTHER,
412 "cannot parse RDN from old DN" );
417 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
420 if ( slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod ) != LDAP_SUCCESS ) {
421 send_ldap_result( op, rs );
425 /* check for abandon */
426 if ( op->o_abandon ) {
427 rs->sr_err = SLAPD_ABANDON;
431 (void) cache_delete_entry( &li->li_cache, e );
434 old_ndn = e->e_nname;
436 e->e_nname = new_ndn;
437 new_dn.bv_val = NULL;
438 new_ndn.bv_val = NULL;
440 /* NOTE: after this you must not free new_dn or new_ndn!
441 * They are used by cache.
444 /* modify memory copy of entry */
445 rs->sr_err = ldbm_modify_internal( op, &mod[0], e,
446 &rs->sr_text, textbuf, textlen );
447 switch ( rs->sr_err ) {
452 send_ldap_result( op, rs );
459 * NOTE: the backend MUST delete then add the entry,
460 * otherwise indexing may get hosed
461 * FIXME: if a new ID was used, the add could be done first.
462 * that would be safer.
466 if ( dn2id_delete( op->o_bd, &old_ndn, e->e_id ) != 0 ) {
467 send_ldap_error( op, rs, LDAP_OTHER,
468 "DN index delete fail" );
473 if ( dn2id_add( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
474 /* try to repair old entry - probably hopeless */
475 if( dn2id_add( op->o_bd, &old_ndn, e->e_id) != 0 ) {
476 send_ldap_error( op, rs, LDAP_OTHER,
477 "DN index add and repair failed" );
479 send_ldap_error( op, rs, LDAP_OTHER,
480 "DN index add failed" );
486 if ( id2entry_add( op->o_bd, e ) != 0 ) {
489 rc = dn2id_delete( op->o_bd, &e->e_nname, e->e_id );
490 rc |= dn2id_add( op->o_bd, &old_ndn, e->e_id );
492 send_ldap_error( op, rs, LDAP_OTHER,
493 "entry update and repair failed" );
495 send_ldap_error( op, rs, LDAP_OTHER,
496 "entry update failed" );
501 (void) cache_update_entry( &li->li_cache, e );
503 rs->sr_err = LDAP_SUCCESS;
505 send_ldap_result( op, rs );
506 cache_entry_commit( e );
509 if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
510 if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
511 if( old_ndn.bv_val != NULL ) free( old_ndn.bv_val );
513 /* LDAP v2 supporting correct attribute handling. */
514 if ( new_rdn != NULL ) {
515 ldap_rdnfree( new_rdn );
517 if ( old_rdn != NULL ) {
518 ldap_rdnfree( old_rdn );
522 for (; mod; mod = tmp ) {
523 /* slap_modrdn2mods does things one way,
524 * slap_mods_opattrs does it differently
526 if ( mod->sml_op != SLAP_MOD_SOFTADD &&
527 mod->sml_op != LDAP_MOD_DELETE ) break;
528 if ( mod->sml_nvalues ) free( mod->sml_nvalues[0].bv_val );
532 slap_mods_free( mod, 1 );
535 /* LDAP v3 Support */
537 /* free new parent and writer lock */
538 cache_return_entry_w( &li->li_cache, np );
542 /* free parent and writer lock */
543 cache_return_entry_w( &li->li_cache, p );
546 /* free entry and writer lock */
547 cache_return_entry_w( &li->li_cache, e );
548 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
550 return( rs->sr_err );
projects / openldap / blob