1 /* modrdn.c - ldbm backend modrdn routine */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2004 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright 1999, Juan C. Gomez, All rights reserved.
17 * This software is not subject to any license of Silicon Graphics
18 * Inc. or Purdue University.
20 * Redistribution and use in source and binary forms are permitted
21 * without restriction or fee of any kind as long as this notice
29 #include <ac/string.h>
30 #include <ac/socket.h>
33 #include "back-ldbm.h"
34 #include "proto-back-ldbm.h"
41 AttributeDescription *children = slap_schema.si_ad_children;
42 AttributeDescription *entry = slap_schema.si_ad_entry;
43 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
44 struct berval p_dn, p_ndn;
45 struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
46 struct berval old_ndn = BER_BVNULL;
49 /* LDAP v2 supporting correct attribute handling. */
50 LDAPRDN new_rdn = NULL;
51 LDAPRDN old_rdn = NULL;
55 const char *text = NULL;
56 char textbuf[SLAP_TEXT_BUFLEN];
57 size_t textlen = sizeof textbuf;
58 /* Added to support newSuperior */
59 Entry *np = NULL; /* newSuperior Entry */
60 struct berval *np_ndn = NULL; /* newSuperior ndn */
61 struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
62 /* Used to interface with ldbm_modify_internal() */
63 Modifications *mod = NULL; /* Used to delete old/add new rdn */
64 int manageDSAit = get_manageDSAit( op );
66 Debug( LDAP_DEBUG_TRACE,
67 "==>ldbm_back_modrdn: dn: %s newSuperior=%s\n",
68 op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
69 ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len )
70 ? op->oq_modrdn.rs_newSup->bv_val : "NULL", 0 );
72 /* grab giant lock for writing */
73 ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
75 e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
77 /* get entry with writer lock */
78 /* FIXME: dn2entry() should return non-glue entry */
79 if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
80 BerVarray deref = NULL;
81 if ( matched != NULL ) {
82 rs->sr_matched = strdup( matched->e_dn );
83 rs->sr_ref = is_entry_referral( matched )
84 ? get_entry_referrals( op, matched )
86 cache_return_entry_r( &li->li_cache, matched );
88 if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
90 LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
92 ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
93 ber_bvarray_add( &deref, &tmpbv );
96 deref = default_referral;
98 rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
102 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
104 rs->sr_err = LDAP_REFERRAL;
105 send_ldap_result( op, rs );
107 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
108 if ( deref != default_referral ) {
109 ber_bvarray_free( deref );
111 free( (char *)rs->sr_matched );
113 rs->sr_matched = NULL;
117 /* check entry for "entry" acl */
118 if ( ! access_allowed( op, e,
119 entry, NULL, ACL_WRITE, NULL ) )
121 Debug( LDAP_DEBUG_TRACE,
122 "<=- ldbm_back_modrdn: no write access to entry\n", 0,
125 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
126 "no write access to entry" );
131 if (!manageDSAit && is_entry_referral( e ) ) {
132 /* parent is a referral, don't allow add */
133 /* parent is an alias, don't allow add */
134 rs->sr_ref = get_entry_referrals( op, e );
136 Debug( LDAP_DEBUG_TRACE, "entry %s is referral\n", e->e_dn,
139 rs->sr_err = LDAP_REFERRAL;
140 rs->sr_matched = e->e_name.bv_val;
141 send_ldap_result( op, rs );
143 if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
145 rs->sr_matched = NULL;
149 if ( has_children( op->o_bd, e ) ) {
150 Debug( LDAP_DEBUG_TRACE, "entry %s has children\n", e->e_dn,
153 send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
154 "subtree rename not supported" );
158 if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
159 p_ndn = slap_empty_bv ;
161 dnParent( &e->e_nname, &p_ndn );
164 if ( p_ndn.bv_len != 0 ) {
165 /* Make sure parent entry exist and we can write its
169 if( (p = dn2entry_w( op->o_bd, &p_ndn, NULL )) == NULL) {
170 Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
173 send_ldap_error( op, rs, LDAP_OTHER,
174 "parent entry does not exist" );
179 /* check parent for "children" acl */
180 if ( ! access_allowed( op, p,
181 children, NULL, ACL_WRITE, NULL ) )
183 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
186 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
191 Debug( LDAP_DEBUG_TRACE,
192 "ldbm_back_modrdn: wr to children of entry %s OK\n",
193 p_ndn.bv_val, 0, 0 );
195 if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
196 p_dn = slap_empty_bv;
198 dnParent( &e->e_name, &p_dn );
201 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n",
205 /* no parent, must be root to modify rdn */
206 isroot = be_isroot( op );
208 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
209 || be_shadow_update( op ) ) {
211 p = (Entry *)&slap_entry_root;
213 can_access = access_allowed( op, p,
214 children, NULL, ACL_WRITE, NULL );
217 /* check parent for "children" acl */
218 if ( ! can_access ) {
219 Debug( LDAP_DEBUG_TRACE,
220 "<=- ldbm_back_modrdn: no "
221 "access to parent\n", 0, 0, 0 );
223 send_ldap_error( op, rs,
224 LDAP_INSUFFICIENT_ACCESS,
230 Debug( LDAP_DEBUG_TRACE,
231 "<=- ldbm_back_modrdn: no parent & "
232 "not root\n", 0, 0, 0);
234 send_ldap_error( op, rs,
235 LDAP_INSUFFICIENT_ACCESS,
241 Debug( LDAP_DEBUG_TRACE,
242 "ldbm_back_modrdn: no parent, locked root\n",
246 new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
248 if ( op->oq_modrdn.rs_newSup != NULL ) {
249 Debug( LDAP_DEBUG_TRACE,
250 "ldbm_back_modrdn: new parent \"%s\" requested...\n",
251 op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
253 np_ndn = op->oq_modrdn.rs_nnewSup;
255 /* newSuperior == oldParent? */
256 if ( dn_match( &p_ndn, np_ndn ) ) {
257 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: "
258 "new parent\"%s\" seems to be the same as the "
259 "old parent \"%s\"\n",
260 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
262 op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
266 if ( op->oq_modrdn.rs_newSup != NULL ) {
267 /* newSuperior == entry being moved?, if so ==> ERROR */
268 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
270 if ( op->oq_modrdn.rs_nnewSup->bv_len ) {
271 if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) {
272 Debug( LDAP_DEBUG_TRACE,
273 "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
274 np_ndn->bv_val, 0, 0);
276 send_ldap_error( op, rs, LDAP_OTHER,
277 "newSuperior not found" );
281 Debug( LDAP_DEBUG_TRACE,
282 "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n",
283 (void *) np, np->e_id, 0 );
285 /* check newSuperior for "children" acl */
286 if ( !access_allowed( op, np, children, NULL,
289 Debug( LDAP_DEBUG_TRACE,
290 "ldbm_back_modrdn: no wr to newSup children\n",
293 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
297 if ( is_entry_alias( np ) ) {
298 /* parent is an alias, don't allow add */
299 Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
302 send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
303 "newSuperior is an alias" );
308 if ( is_entry_referral( np ) ) {
309 /* parent is a referral, don't allow add */
310 Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n",
313 send_ldap_error( op, rs, LDAP_OTHER,
314 "newSuperior is a referral" );
321 /* no parent, must be root to modify newSuperior */
322 if ( isroot == -1 ) {
323 isroot = be_isroot( op );
327 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
328 || be_shadow_update( op ) ) {
330 np = (Entry *)&slap_entry_root;
332 can_access = access_allowed( op, np,
333 children, NULL, ACL_WRITE, NULL );
336 /* check parent for "children" acl */
337 if ( ! can_access ) {
338 Debug( LDAP_DEBUG_TRACE,
339 "<=- ldbm_back_modrdn: no "
340 "access to new superior\n", 0, 0, 0 );
342 send_ldap_error( op, rs,
343 LDAP_INSUFFICIENT_ACCESS,
349 Debug( LDAP_DEBUG_TRACE,
350 "<=- ldbm_back_modrdn: \"\" "
351 "not allowed as new superior\n",
354 send_ldap_error( op, rs,
355 LDAP_INSUFFICIENT_ACCESS,
362 Debug( LDAP_DEBUG_TRACE,
363 "ldbm_back_modrdn: wr to new parent's children OK\n",
366 new_parent_dn = op->oq_modrdn.rs_newSup;
369 /* Build target dn and make sure target entry doesn't exist already. */
370 build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
371 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
373 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
374 new_ndn.bv_val, 0, 0 );
376 /* check for abandon */
377 if ( op->o_abandon ) {
381 if ( ( rc_id = dn2id ( op->o_bd, &new_ndn, &id ) ) || id != NOID ) {
382 /* if (rc_id) something bad happened to ldbm cache */
383 rs->sr_err = rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
384 send_ldap_result( op, rs );
388 Debug( LDAP_DEBUG_TRACE,
389 "ldbm_back_modrdn: new ndn=%s does not exist\n",
390 new_ndn.bv_val, 0, 0 );
392 /* Get attribute type and attribute value of our new rdn, we will
393 * need to add that to our new entry
395 if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text,
396 LDAP_DN_FORMAT_LDAP ) )
398 Debug( LDAP_DEBUG_TRACE,
399 "ldbm_back_modrdn: can't figure out "
400 "type(s)/values(s) of newrdn\n",
402 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX,
403 "unknown type(s) used in RDN" );
407 Debug( LDAP_DEBUG_TRACE,
408 "ldbm_back_modrdn: new_rdn_type=\"%s\", "
409 "new_rdn_val=\"%s\"\n",
410 new_rdn[ 0 ]->la_attr.bv_val,
411 new_rdn[ 0 ]->la_value.bv_val, 0 );
413 if ( op->oq_modrdn.rs_deleteoldrdn ) {
414 if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
415 LDAP_DN_FORMAT_LDAP ) )
417 Debug( LDAP_DEBUG_TRACE,
418 "ldbm_back_modrdn: can't figure out "
419 "the old_rdn type(s)/value(s)\n",
421 send_ldap_error( op, rs, LDAP_OTHER,
422 "cannot parse RDN from old DN" );
427 Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
430 if ( slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod ) != LDAP_SUCCESS ) {
431 send_ldap_result( op, rs );
435 /* check for abandon */
436 if ( op->o_abandon ) {
440 (void) cache_delete_entry( &li->li_cache, e );
443 old_ndn = e->e_nname;
445 e->e_nname = new_ndn;
446 new_dn.bv_val = NULL;
447 new_ndn.bv_val = NULL;
449 /* NOTE: after this you must not free new_dn or new_ndn!
450 * They are used by cache.
453 /* modify memory copy of entry */
454 rs->sr_err = ldbm_modify_internal( op, &mod[0], e,
455 &rs->sr_text, textbuf, textlen );
456 switch ( rs->sr_err ) {
461 send_ldap_result( op, rs );
468 * NOTE: the backend MUST delete then add the entry,
469 * otherwise indexing may get hosed
470 * FIXME: if a new ID was used, the add could be done first.
471 * that would be safer.
475 if ( dn2id_delete( op->o_bd, &old_ndn, e->e_id ) != 0 ) {
476 send_ldap_error( op, rs, LDAP_OTHER,
477 "DN index delete fail" );
482 if ( dn2id_add( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
483 /* try to repair old entry - probably hopeless */
484 if( dn2id_add( op->o_bd, &old_ndn, e->e_id) != 0 ) {
485 send_ldap_error( op, rs, LDAP_OTHER,
486 "DN index add and repair failed" );
488 send_ldap_error( op, rs, LDAP_OTHER,
489 "DN index add failed" );
495 if ( id2entry_add( op->o_bd, e ) != 0 ) {
498 rc = dn2id_delete( op->o_bd, &e->e_nname, e->e_id );
499 rc |= dn2id_add( op->o_bd, &old_ndn, e->e_id );
501 send_ldap_error( op, rs, LDAP_OTHER,
502 "entry update and repair failed" );
504 send_ldap_error( op, rs, LDAP_OTHER,
505 "entry update failed" );
510 (void) cache_update_entry( &li->li_cache, e );
512 rs->sr_err = LDAP_SUCCESS;
514 send_ldap_result( op, rs );
515 cache_entry_commit( e );
518 if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
519 if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
520 if( old_ndn.bv_val != NULL ) free( old_ndn.bv_val );
522 /* LDAP v2 supporting correct attribute handling. */
523 if ( new_rdn != NULL ) {
524 ldap_rdnfree( new_rdn );
526 if ( old_rdn != NULL ) {
527 ldap_rdnfree( old_rdn );
531 for (; mod; mod = tmp ) {
532 /* slap_modrdn2mods does things one way,
533 * slap_mods_opattrs does it differently
535 if ( mod->sml_op != SLAP_MOD_SOFTADD &&
536 mod->sml_op != LDAP_MOD_DELETE ) break;
537 if ( mod->sml_nvalues ) free( mod->sml_nvalues[0].bv_val );
541 slap_mods_free( mod );
544 /* LDAP v3 Support */
546 /* free new parent and writer lock */
547 cache_return_entry_w( &li->li_cache, np );
551 /* free parent and writer lock */
552 cache_return_entry_w( &li->li_cache, p );
555 /* free entry and writer lock */
556 cache_return_entry_w( &li->li_cache, e );
557 ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
559 return( rs->sr_err );