1 /* modrdn.c - ldbm backend modrdn routine */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2005 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright 1999, Juan C. Gomez, All rights reserved.
17 * This software is not subject to any license of Silicon Graphics
18 * Inc. or Purdue University.
20 * Redistribution and use in source and binary forms are permitted
21 * without restriction or fee of any kind as long as this notice
29 #include <ac/string.h>
30 #include <ac/socket.h>
33 #include "back-ldbm.h"
34 #include "proto-back-ldbm.h"
41 AttributeDescription *children = slap_schema.si_ad_children;
42 AttributeDescription *entry = slap_schema.si_ad_entry;
43 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
44 struct berval p_dn, p_ndn;
45 struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
46 struct berval old_ndn = BER_BVNULL;
49 /* LDAP v2 supporting correct attribute handling. */
50 LDAPRDN new_rdn = NULL;
51 LDAPRDN old_rdn = NULL;
55 const char *text = NULL;
56 char textbuf[SLAP_TEXT_BUFLEN];
57 size_t textlen = sizeof textbuf;
58 /* Added to support newSuperior */
59 Entry *np = NULL; /* newSuperior Entry */
60 struct berval *np_ndn = NULL; /* newSuperior ndn */
61 struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
62 /* Used to interface with ldbm_modify_internal() */
63 Modifications *mod = NULL; /* Used to delete old/add new rdn */
64 int manageDSAit = get_manageDSAit( op );
66 Debug( LDAP_DEBUG_TRACE,
67 "==>ldbm_back_modrdn: dn: %s newSuperior=%s\n",
68 op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
69 ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len )
70 ? op->oq_modrdn.rs_newSup->bv_val : "NULL", 0 );
72 /* grab giant lock for writing */
73 ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
75 e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
77 /* get entry with writer lock */
78 /* FIXME: dn2entry() should return non-glue entry */
79 if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
80 if ( matched != NULL ) {
81 rs->sr_matched = strdup( matched->e_dn );
82 rs->sr_ref = is_entry_referral( matched )
83 ? get_entry_referrals( op, matched )
85 cache_return_entry_r( &li->li_cache, matched );
87 rs->sr_ref = referral_rewrite( default_referral, NULL,
88 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
91 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
93 rs->sr_err = LDAP_REFERRAL;
94 send_ldap_result( op, rs );
96 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
97 free( (char *)rs->sr_matched );
99 rs->sr_matched = NULL;
103 /* check entry for "entry" acl */
104 if ( ! access_allowed( op, e, entry, NULL, ACL_WRITE, NULL ) )
106 Debug( LDAP_DEBUG_TRACE,
107 "<=- ldbm_back_modrdn: no write access to entry\n", 0,
110 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
111 "no write access to entry" );
116 if (!manageDSAit && is_entry_referral( e ) ) {
117 /* parent is a referral, don't allow add */
118 /* parent is an alias, don't allow add */
119 rs->sr_ref = get_entry_referrals( op, e );
121 Debug( LDAP_DEBUG_TRACE, "entry %s is referral\n", e->e_dn,
124 rs->sr_err = LDAP_REFERRAL;
125 rs->sr_matched = e->e_name.bv_val;
126 send_ldap_result( op, rs );
128 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
130 rs->sr_matched = NULL;
134 if ( has_children( op->o_bd, e ) ) {
135 Debug( LDAP_DEBUG_TRACE, "entry %s has children\n", e->e_dn,
138 send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
139 "subtree rename not supported" );
143 if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
144 p_ndn = slap_empty_bv ;
146 dnParent( &e->e_nname, &p_ndn );
149 if ( p_ndn.bv_len != 0 ) {
150 /* Make sure parent entry exist and we can write its
154 if( (p = dn2entry_w( op->o_bd, &p_ndn, NULL )) == NULL) {
155 Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
158 send_ldap_error( op, rs, LDAP_OTHER,
159 "parent entry does not exist" );
164 /* check parent for "children" acl */
165 if ( ! access_allowed( op, p, children, NULL,
166 op->oq_modrdn.rs_newSup != NULL ?
167 ACL_WDEL : ACL_WRITE,
170 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
173 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
178 Debug( LDAP_DEBUG_TRACE,
179 "ldbm_back_modrdn: wr to children of entry %s OK\n",
180 p_ndn.bv_val, 0, 0 );
182 if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
183 p_dn = slap_empty_bv;
185 dnParent( &e->e_name, &p_dn );
188 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n",
192 /* no parent, must be root to modify rdn */
193 isroot = be_isroot( op );
195 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
196 || be_shadow_update( op ) ) {
198 p = (Entry *)&slap_entry_root;
200 can_access = access_allowed( op, p,
202 op->oq_modrdn.rs_newSup ?
203 ACL_WDEL : ACL_WRITE,
207 /* check parent for "children" acl */
208 if ( ! can_access ) {
209 Debug( LDAP_DEBUG_TRACE,
210 "<=- ldbm_back_modrdn: no "
211 "access to parent\n", 0, 0, 0 );
213 send_ldap_error( op, rs,
214 LDAP_INSUFFICIENT_ACCESS,
220 Debug( LDAP_DEBUG_TRACE,
221 "<=- ldbm_back_modrdn: no parent & "
222 "not root\n", 0, 0, 0);
224 send_ldap_error( op, rs,
225 LDAP_INSUFFICIENT_ACCESS,
231 Debug( LDAP_DEBUG_TRACE,
232 "ldbm_back_modrdn: no parent, locked root\n",
236 new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
238 if ( op->oq_modrdn.rs_newSup != NULL ) {
239 Debug( LDAP_DEBUG_TRACE,
240 "ldbm_back_modrdn: new parent \"%s\" requested...\n",
241 op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
243 np_ndn = op->oq_modrdn.rs_nnewSup;
245 /* newSuperior == oldParent? */
246 if ( dn_match( &p_ndn, np_ndn ) ) {
247 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: "
248 "new parent\"%s\" seems to be the same as the "
249 "old parent \"%s\"\n",
250 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
252 op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
256 if ( op->oq_modrdn.rs_newSup != NULL ) {
257 /* newSuperior == entry being moved?, if so ==> ERROR */
258 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
260 if ( op->oq_modrdn.rs_nnewSup->bv_len ) {
261 if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) {
262 Debug( LDAP_DEBUG_TRACE,
263 "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
264 np_ndn->bv_val, 0, 0);
266 send_ldap_error( op, rs, LDAP_OTHER,
267 "newSuperior not found" );
271 Debug( LDAP_DEBUG_TRACE,
272 "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
273 (void *) np, np->e_id, 0 );
275 /* check newSuperior for "children" acl */
276 if ( !access_allowed( op, np, children, NULL,
279 Debug( LDAP_DEBUG_TRACE,
280 "ldbm_back_modrdn: no wr to newSup children\n",
283 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
287 if ( is_entry_alias( np ) ) {
288 /* parent is an alias, don't allow add */
289 Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
292 send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
293 "newSuperior is an alias" );
298 if ( is_entry_referral( np ) ) {
299 /* parent is a referral, don't allow add */
300 Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n",
303 send_ldap_error( op, rs, LDAP_OTHER,
304 "newSuperior is a referral" );
311 /* no parent, must be root to modify newSuperior */
312 if ( isroot == -1 ) {
313 isroot = be_isroot( op );
317 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
318 || be_shadow_update( op ) ) {
320 np = (Entry *)&slap_entry_root;
322 can_access = access_allowed( op, np,
323 children, NULL, ACL_WADD, NULL );
326 /* check parent for "children" acl */
327 if ( ! can_access ) {
328 Debug( LDAP_DEBUG_TRACE,
329 "<=- ldbm_back_modrdn: no "
330 "access to new superior\n", 0, 0, 0 );
332 send_ldap_error( op, rs,
333 LDAP_INSUFFICIENT_ACCESS,
339 Debug( LDAP_DEBUG_TRACE,
340 "<=- ldbm_back_modrdn: \"\" "
341 "not allowed as new superior\n",
344 send_ldap_error( op, rs,
345 LDAP_INSUFFICIENT_ACCESS,
352 Debug( LDAP_DEBUG_TRACE,
353 "ldbm_back_modrdn: wr to new parent's children OK\n",
356 new_parent_dn = op->oq_modrdn.rs_newSup;
359 /* Build target dn and make sure target entry doesn't exist already. */
360 build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
361 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
363 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
364 new_ndn.bv_val, 0, 0 );
366 /* check for abandon */
367 if ( op->o_abandon ) {
368 rs->sr_err = SLAPD_ABANDON;
372 if ( ( rc_id = dn2id ( op->o_bd, &new_ndn, &id ) ) || id != NOID ) {
373 /* if (rc_id) something bad happened to ldbm cache */
374 rs->sr_err = rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
375 send_ldap_result( op, rs );
379 Debug( LDAP_DEBUG_TRACE,
380 "ldbm_back_modrdn: new ndn=%s does not exist\n",
381 new_ndn.bv_val, 0, 0 );
383 /* Get attribute type and attribute value of our new rdn, we will
384 * need to add that to our new entry
386 if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text,
387 LDAP_DN_FORMAT_LDAP ) )
389 Debug( LDAP_DEBUG_TRACE,
390 "ldbm_back_modrdn: can't figure out "
391 "type(s)/values(s) of newrdn\n",
393 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX,
394 "unknown type(s) used in RDN" );
398 Debug( LDAP_DEBUG_TRACE,
399 "ldbm_back_modrdn: new_rdn_type=\"%s\", "
400 "new_rdn_val=\"%s\"\n",
401 new_rdn[ 0 ]->la_attr.bv_val,
402 new_rdn[ 0 ]->la_value.bv_val, 0 );
404 if ( op->oq_modrdn.rs_deleteoldrdn ) {
405 if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
406 LDAP_DN_FORMAT_LDAP ) )
408 Debug( LDAP_DEBUG_TRACE,
409 "ldbm_back_modrdn: can't figure out "
410 "the old_rdn type(s)/value(s)\n",
412 send_ldap_error( op, rs, LDAP_OTHER,
413 "cannot parse RDN from old DN" );
418 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
421 if ( slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod ) != LDAP_SUCCESS ) {
422 send_ldap_result( op, rs );
426 /* check for abandon */
427 if ( op->o_abandon ) {
428 rs->sr_err = SLAPD_ABANDON;
432 (void) cache_delete_entry( &li->li_cache, e );
435 old_ndn = e->e_nname;
437 e->e_nname = new_ndn;
438 new_dn.bv_val = NULL;
439 new_ndn.bv_val = NULL;
441 /* NOTE: after this you must not free new_dn or new_ndn!
442 * They are used by cache.
445 /* modify memory copy of entry */
446 rs->sr_err = ldbm_modify_internal( op, &mod[0], e,
447 &rs->sr_text, textbuf, textlen );
448 switch ( rs->sr_err ) {
453 send_ldap_result( op, rs );
460 * NOTE: the backend MUST delete then add the entry,
461 * otherwise indexing may get hosed
462 * FIXME: if a new ID was used, the add could be done first.
463 * that would be safer.
467 if ( dn2id_delete( op->o_bd, &old_ndn, e->e_id ) != 0 ) {
468 send_ldap_error( op, rs, LDAP_OTHER,
469 "DN index delete fail" );
474 if ( dn2id_add( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
475 /* try to repair old entry - probably hopeless */
476 if( dn2id_add( op->o_bd, &old_ndn, e->e_id) != 0 ) {
477 send_ldap_error( op, rs, LDAP_OTHER,
478 "DN index add and repair failed" );
480 send_ldap_error( op, rs, LDAP_OTHER,
481 "DN index add failed" );
487 if ( id2entry_add( op->o_bd, e ) != 0 ) {
490 rc = dn2id_delete( op->o_bd, &e->e_nname, e->e_id );
491 rc |= dn2id_add( op->o_bd, &old_ndn, e->e_id );
493 send_ldap_error( op, rs, LDAP_OTHER,
494 "entry update and repair failed" );
496 send_ldap_error( op, rs, LDAP_OTHER,
497 "entry update failed" );
502 (void) cache_update_entry( &li->li_cache, e );
504 rs->sr_err = LDAP_SUCCESS;
506 send_ldap_result( op, rs );
507 cache_entry_commit( e );
510 if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
511 if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
512 if( old_ndn.bv_val != NULL ) free( old_ndn.bv_val );
514 /* LDAP v2 supporting correct attribute handling. */
515 if ( new_rdn != NULL ) {
516 ldap_rdnfree( new_rdn );
518 if ( old_rdn != NULL ) {
519 ldap_rdnfree( old_rdn );
523 for (; mod; mod = tmp ) {
524 /* slap_modrdn2mods does things one way,
525 * slap_mods_opattrs does it differently
527 if ( mod->sml_op != SLAP_MOD_SOFTADD &&
528 mod->sml_op != LDAP_MOD_DELETE ) break;
529 if ( mod->sml_nvalues ) free( mod->sml_nvalues[0].bv_val );
533 slap_mods_free( mod );
536 /* LDAP v3 Support */
538 /* free new parent and writer lock */
539 cache_return_entry_w( &li->li_cache, np );
543 /* free parent and writer lock */
544 cache_return_entry_w( &li->li_cache, p );
547 /* free entry and writer lock */
548 cache_return_entry_w( &li->li_cache, e );
549 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
551 return( rs->sr_err );
projects / openldap / blob