1 /* modify.c - mdb backend modify routine */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2000-2014 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
20 #include <ac/string.h>
25 static struct berval scbva[] = {
33 AttributeDescription *desc,
41 /* check if modified attribute was indexed
42 * but not in case of NOOP... */
43 ai = mdb_index_mask( op->o_bd, desc, &ix_at );
49 ap = attr_find( oldattrs, desc );
50 if ( ap ) ap->a_flags |= SLAP_ATTR_IXDEL;
52 /* Find all other attrs that index to same slot */
53 for ( ap = newattrs; ap; ap = ap->a_next ) {
54 ai = mdb_index_mask( op->o_bd, ap->a_desc, &ix2 );
55 if ( ai && ix2.bv_val == ix_at.bv_val )
56 ap->a_flags |= SLAP_ATTR_IXADD;
62 ap = attr_find( newattrs, desc );
63 if ( ap ) ap->a_flags |= SLAP_ATTR_IXADD;
68 int mdb_modify_internal(
71 Modifications *modlist,
80 Attribute *save_attrs;
82 int glue_attr_delete = 0;
85 Debug( LDAP_DEBUG_TRACE, "mdb_modify_internal: 0x%08lx: %s\n",
88 if ( !acl_check_modlist( op, e, modlist )) {
89 return LDAP_INSUFFICIENT_ACCESS;
92 /* save_attrs will be disposed of by caller */
93 save_attrs = e->e_attrs;
94 e->e_attrs = attrs_dup( e->e_attrs );
96 for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
99 switch( mod->sm_op ) {
101 case LDAP_MOD_REPLACE:
102 if ( mod->sm_desc == slap_schema.si_ad_structuralObjectClass ) {
103 value_match( &match, slap_schema.si_ad_structuralObjectClass,
104 slap_schema.si_ad_structuralObjectClass->
105 ad_type->sat_equality,
106 SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
107 &mod->sm_values[0], &scbva[0], text );
108 if ( !match ) glue_attr_delete = 1;
111 if ( glue_attr_delete )
115 if ( glue_attr_delete ) {
116 Attribute **app = &e->e_attrs;
117 while ( *app != NULL ) {
118 if ( !is_at_operational( (*app)->a_desc->ad_type )) {
119 Attribute *save = *app;
120 *app = (*app)->a_next;
124 app = &(*app)->a_next;
128 for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
132 switch ( mod->sm_op ) {
134 Debug(LDAP_DEBUG_ARGS,
135 "mdb_modify_internal: add %s\n",
136 mod->sm_desc->ad_cname.bv_val, 0, 0);
137 err = modify_add_values( e, mod, get_permissiveModify(op),
138 text, textbuf, textlen );
139 if( err != LDAP_SUCCESS ) {
140 Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
145 case LDAP_MOD_DELETE:
146 if ( glue_attr_delete ) {
151 Debug(LDAP_DEBUG_ARGS,
152 "mdb_modify_internal: delete %s\n",
153 mod->sm_desc->ad_cname.bv_val, 0, 0);
154 err = modify_delete_values( e, mod, get_permissiveModify(op),
155 text, textbuf, textlen );
156 if( err != LDAP_SUCCESS ) {
157 Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
164 case LDAP_MOD_REPLACE:
165 Debug(LDAP_DEBUG_ARGS,
166 "mdb_modify_internal: replace %s\n",
167 mod->sm_desc->ad_cname.bv_val, 0, 0);
168 err = modify_replace_values( e, mod, get_permissiveModify(op),
169 text, textbuf, textlen );
170 if( err != LDAP_SUCCESS ) {
171 Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
178 case LDAP_MOD_INCREMENT:
179 Debug(LDAP_DEBUG_ARGS,
180 "mdb_modify_internal: increment %s\n",
181 mod->sm_desc->ad_cname.bv_val, 0, 0);
182 err = modify_increment_values( e, mod, get_permissiveModify(op),
183 text, textbuf, textlen );
184 if( err != LDAP_SUCCESS ) {
185 Debug(LDAP_DEBUG_ARGS,
186 "mdb_modify_internal: %d %s\n",
193 case SLAP_MOD_SOFTADD:
194 Debug(LDAP_DEBUG_ARGS,
195 "mdb_modify_internal: softadd %s\n",
196 mod->sm_desc->ad_cname.bv_val, 0, 0);
197 /* Avoid problems in index_add_mods()
198 * We need to add index if necessary.
200 mod->sm_op = LDAP_MOD_ADD;
202 err = modify_add_values( e, mod, get_permissiveModify(op),
203 text, textbuf, textlen );
205 mod->sm_op = SLAP_MOD_SOFTADD;
207 if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) {
211 if( err != LDAP_SUCCESS ) {
212 Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
217 case SLAP_MOD_SOFTDEL:
218 Debug(LDAP_DEBUG_ARGS,
219 "mdb_modify_internal: softdel %s\n",
220 mod->sm_desc->ad_cname.bv_val, 0, 0);
221 /* Avoid problems in index_delete_mods()
222 * We need to add index if necessary.
224 mod->sm_op = LDAP_MOD_DELETE;
226 err = modify_delete_values( e, mod, get_permissiveModify(op),
227 text, textbuf, textlen );
229 mod->sm_op = SLAP_MOD_SOFTDEL;
231 if ( err == LDAP_SUCCESS ) {
233 } else if ( err == LDAP_NO_SUCH_ATTRIBUTE ) {
237 if( err != LDAP_SUCCESS ) {
238 Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
243 case SLAP_MOD_ADD_IF_NOT_PRESENT:
244 if ( attr_find( e->e_attrs, mod->sm_desc ) != NULL ) {
250 Debug(LDAP_DEBUG_ARGS,
251 "mdb_modify_internal: add_if_not_present %s\n",
252 mod->sm_desc->ad_cname.bv_val, 0, 0);
253 /* Avoid problems in index_add_mods()
254 * We need to add index if necessary.
256 mod->sm_op = LDAP_MOD_ADD;
258 err = modify_add_values( e, mod, get_permissiveModify(op),
259 text, textbuf, textlen );
261 mod->sm_op = SLAP_MOD_ADD_IF_NOT_PRESENT;
263 if( err != LDAP_SUCCESS ) {
264 Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
270 Debug(LDAP_DEBUG_ANY, "mdb_modify_internal: invalid op %d\n",
272 *text = "Invalid modify operation";
274 Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
278 if ( err != LDAP_SUCCESS ) {
279 attrs_free( e->e_attrs );
280 e->e_attrs = save_attrs;
281 /* unlock entry, delete from cache */
285 /* If objectClass was modified, reset the flags */
286 if ( mod->sm_desc == slap_schema.si_ad_objectClass ) {
290 if ( glue_attr_delete ) e->e_ocflags = 0;
293 /* check if modified attribute was indexed
294 * but not in case of NOOP... */
296 mdb_modify_idxflags( op, mod->sm_desc, got_delete, e->e_attrs, save_attrs );
300 /* check that the entry still obeys the schema */
302 rc = entry_schema_check( op, e, save_attrs, get_relax(op), 0, &ap,
303 text, textbuf, textlen );
304 if ( rc != LDAP_SUCCESS || op->o_noop ) {
305 attrs_free( e->e_attrs );
306 /* clear the indexing flags */
307 for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
308 ap->a_flags &= ~(SLAP_ATTR_IXADD|SLAP_ATTR_IXDEL);
310 e->e_attrs = save_attrs;
312 if ( rc != LDAP_SUCCESS ) {
313 Debug( LDAP_DEBUG_ANY,
314 "entry failed schema check: %s\n",
318 /* if NOOP then silently revert to saved attrs */
322 /* structuralObjectClass modified! */
324 assert( ap->a_desc == slap_schema.si_ad_structuralObjectClass );
326 mdb_modify_idxflags( op, slap_schema.si_ad_structuralObjectClass,
327 1, e->e_attrs, save_attrs );
331 /* update the indices of the modified attributes */
333 /* start with deleting the old index entries */
334 for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
335 if ( ap->a_flags & SLAP_ATTR_IXDEL ) {
338 ap->a_flags &= ~SLAP_ATTR_IXDEL;
339 a2 = attr_find( e->e_attrs, ap->a_desc );
341 /* need to detect which values were deleted */
343 /* let add know there were deletes */
344 if ( a2->a_flags & SLAP_ATTR_IXADD )
345 a2->a_flags |= SLAP_ATTR_IXDEL;
346 vals = op->o_tmpalloc( (ap->a_numvals + 1) *
347 sizeof(struct berval), op->o_tmpmemctx );
349 for ( i=0; i < ap->a_numvals; i++ ) {
350 rc = attr_valfind( a2, SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
351 &ap->a_nvals[i], NULL, op->o_tmpmemctx );
352 /* Save deleted values */
353 if ( rc == LDAP_NO_SUCH_ATTRIBUTE )
354 vals[j++] = ap->a_nvals[i];
358 /* attribute was completely deleted */
362 if ( !BER_BVISNULL( vals )) {
363 rc = mdb_index_values( op, tid, ap->a_desc,
364 vals, e->e_id, SLAP_INDEX_DELETE_OP );
365 if ( rc != LDAP_SUCCESS ) {
366 Debug( LDAP_DEBUG_ANY,
367 "%s: attribute \"%s\" index delete failure\n",
368 op->o_log_prefix, ap->a_desc->ad_cname.bv_val, 0 );
369 attrs_free( e->e_attrs );
370 e->e_attrs = save_attrs;
373 if ( vals != ap->a_nvals )
374 op->o_tmpfree( vals, op->o_tmpmemctx );
379 /* add the new index entries */
380 for ( ap = e->e_attrs; ap != NULL; ap = ap->a_next ) {
381 if (ap->a_flags & SLAP_ATTR_IXADD) {
382 ap->a_flags &= ~SLAP_ATTR_IXADD;
383 if ( ap->a_flags & SLAP_ATTR_IXDEL ) {
384 /* if any values were deleted, we must readd index
385 * for all remaining values.
387 ap->a_flags &= ~SLAP_ATTR_IXDEL;
388 rc = mdb_index_values( op, tid, ap->a_desc,
390 e->e_id, SLAP_INDEX_ADD_OP );
393 /* if this was only an add, we only need to index
396 for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
398 if ( ml->sml_desc != ap->a_desc || !ml->sml_numvals )
401 switch( ml->sml_op ) {
403 case LDAP_MOD_REPLACE:
404 case LDAP_MOD_INCREMENT:
405 case SLAP_MOD_SOFTADD:
406 case SLAP_MOD_ADD_IF_NOT_PRESENT:
407 if ( ml->sml_op == LDAP_MOD_INCREMENT )
409 else if ( ml->sml_nvalues )
410 vals = ml->sml_nvalues;
412 vals = ml->sml_values;
413 rc = mdb_index_values( op, tid, ap->a_desc,
414 vals, e->e_id, SLAP_INDEX_ADD_OP );
420 /* This attr was affected by a modify of a subtype, so
421 * there was no direct match in the modlist. Just readd
425 rc = mdb_index_values( op, tid, ap->a_desc,
427 e->e_id, SLAP_INDEX_ADD_OP );
430 if ( rc != LDAP_SUCCESS ) {
431 Debug( LDAP_DEBUG_ANY,
432 "%s: attribute \"%s\" index add failure\n",
433 op->o_log_prefix, ap->a_desc->ad_cname.bv_val, 0 );
434 attrs_free( e->e_attrs );
435 e->e_attrs = save_attrs;
446 mdb_modify( Operation *op, SlapReply *rs )
448 struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
450 int manageDSAit = get_manageDSAit( op );
451 char textbuf[SLAP_TEXT_BUFLEN];
452 size_t textlen = sizeof textbuf;
454 mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo;
457 LDAPControl **preread_ctrl = NULL;
458 LDAPControl **postread_ctrl = NULL;
459 LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
466 Debug( LDAP_DEBUG_ARGS, LDAP_XSTRING(mdb_modify) ": %s\n",
467 op->o_req_dn.bv_val, 0, 0 );
470 if( op->o_txnSpec ) {
471 /* acquire connection lock */
472 ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
473 if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
474 rs->sr_text = "invalid transaction identifier";
475 rs->sr_err = LDAP_X_TXN_ID_INVALID;
477 } else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
482 if( op->o_conn->c_txn_backend == NULL ) {
483 op->o_conn->c_txn_backend = op->o_bd;
485 } else if( op->o_conn->c_txn_backend != op->o_bd ) {
486 rs->sr_text = "transaction cannot span multiple database contexts";
487 rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
491 /* insert operation into transaction */
493 rs->sr_text = "transaction specified";
494 rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
497 /* release connection lock */
498 ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
501 send_ldap_result( op, rs );
507 ctrls[num_ctrls] = NULL;
509 /* begin transaction */
510 rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi );
512 if( rs->sr_err != 0 ) {
513 Debug( LDAP_DEBUG_TRACE,
514 LDAP_XSTRING(mdb_modify) ": txn_begin failed: "
515 "%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 );
516 rs->sr_err = LDAP_OTHER;
517 rs->sr_text = "internal error";
522 /* Don't touch the opattrs, if this is a contextCSN update
523 * initiated from updatedn */
524 if ( !be_isupdate(op) || !op->orm_modlist || op->orm_modlist->sml_next ||
525 op->orm_modlist->sml_desc != slap_schema.si_ad_contextCSN ) {
527 slap_mods_opattrs( op, &op->orm_modlist, 1 );
530 /* get entry or ancestor */
531 rs->sr_err = mdb_dn2entry( op, txn, NULL, &op->o_req_ndn, &e, NULL, 1 );
533 if ( rs->sr_err != 0 ) {
534 Debug( LDAP_DEBUG_TRACE,
535 LDAP_XSTRING(mdb_modify) ": dn2entry failed (%d)\n",
537 switch( rs->sr_err ) {
541 rs->sr_text = "ldap server busy";
544 rs->sr_err = LDAP_OTHER;
545 rs->sr_text = "internal error";
550 /* acquire and lock entry */
551 /* FIXME: dn2entry() should return non-glue entry */
552 if (( rs->sr_err == MDB_NOTFOUND ) ||
553 ( !manageDSAit && e && is_entry_glue( e )))
556 rs->sr_matched = ch_strdup( e->e_dn );
557 if ( is_entry_referral( e )) {
558 BerVarray ref = get_entry_referrals( op, e );
559 rs->sr_ref = referral_rewrite( ref, &e->e_name,
560 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
561 ber_bvarray_free( ref );
565 mdb_entry_return( op, e );
569 rs->sr_ref = referral_rewrite( default_referral, NULL,
570 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
573 rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
574 rs->sr_err = LDAP_REFERRAL;
575 send_ldap_result( op, rs );
579 if ( !manageDSAit && is_entry_referral( e ) ) {
580 /* entry is a referral, don't allow modify */
581 rs->sr_ref = get_entry_referrals( op, e );
583 Debug( LDAP_DEBUG_TRACE,
584 LDAP_XSTRING(mdb_modify) ": entry is referral\n",
587 rs->sr_err = LDAP_REFERRAL;
588 rs->sr_matched = e->e_name.bv_val;
589 rs->sr_flags = REP_REF_MUSTBEFREED;
590 send_ldap_result( op, rs );
591 rs->sr_matched = NULL;
595 if ( get_assert( op ) &&
596 ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
598 rs->sr_err = LDAP_ASSERTION_FAILED;
602 if( op->o_preread ) {
603 if( preread_ctrl == NULL ) {
604 preread_ctrl = &ctrls[num_ctrls++];
605 ctrls[num_ctrls] = NULL;
607 if ( slap_read_controls( op, rs, e,
608 &slap_pre_read_bv, preread_ctrl ) )
610 Debug( LDAP_DEBUG_TRACE,
611 "<=- " LDAP_XSTRING(mdb_modify) ": pre-read "
612 "failed!\n", 0, 0, 0 );
613 if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
614 /* FIXME: is it correct to abort
615 * operation if control fails? */
621 /* Modify the entry */
623 rs->sr_err = mdb_modify_internal( op, txn, op->orm_modlist,
624 &dummy, &rs->sr_text, textbuf, textlen );
626 if( rs->sr_err != LDAP_SUCCESS ) {
627 Debug( LDAP_DEBUG_TRACE,
628 LDAP_XSTRING(mdb_modify) ": modify failed (%d)\n",
630 /* Only free attrs if they were dup'd. */
631 if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
635 /* change the entry itself */
636 rs->sr_err = mdb_id2entry_update( op, txn, NULL, &dummy );
637 if ( rs->sr_err != 0 ) {
638 Debug( LDAP_DEBUG_TRACE,
639 LDAP_XSTRING(mdb_modify) ": id2entry update failed " "(%d)\n",
641 rs->sr_text = "entry update failed";
645 if( op->o_postread ) {
646 if( postread_ctrl == NULL ) {
647 postread_ctrl = &ctrls[num_ctrls++];
648 ctrls[num_ctrls] = NULL;
650 if( slap_read_controls( op, rs, &dummy,
651 &slap_post_read_bv, postread_ctrl ) )
653 Debug( LDAP_DEBUG_TRACE,
654 "<=- " LDAP_XSTRING(mdb_modify)
655 ": post-read failed!\n", 0, 0, 0 );
656 if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
657 /* FIXME: is it correct to abort
658 * operation if control fails? */
664 /* Only free attrs if they were dup'd. */
665 if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
666 if( moi == &opinfo ) {
667 LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
668 opinfo.moi_oe.oe_key = NULL;
670 mdb_txn_abort( txn );
671 rs->sr_err = LDAP_X_NO_OPERATION;
675 rs->sr_err = mdb_txn_commit( txn );
680 if( rs->sr_err != 0 ) {
681 Debug( LDAP_DEBUG_ANY,
682 LDAP_XSTRING(mdb_modify) ": txn_%s failed: %s (%d)\n",
683 op->o_noop ? "abort (no-op)" : "commit",
684 mdb_strerror(rs->sr_err), rs->sr_err );
685 rs->sr_err = LDAP_OTHER;
686 rs->sr_text = "commit failed";
691 Debug( LDAP_DEBUG_TRACE,
692 LDAP_XSTRING(mdb_modify) ": updated%s id=%08lx dn=\"%s\"\n",
693 op->o_noop ? " (no-op)" : "",
694 dummy.e_id, op->o_req_dn.bv_val );
696 rs->sr_err = LDAP_SUCCESS;
698 if( num_ctrls ) rs->sr_ctrls = ctrls;
701 if( dummy.e_attrs ) {
702 attrs_free( dummy.e_attrs );
704 send_ldap_result( op, rs );
707 if( rs->sr_err == LDAP_SUCCESS && mdb->bi_txn_cp_kbyte ) {
708 TXN_CHECKPOINT( mdb->bi_dbenv,
709 mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 );
714 slap_graduate_commit_csn( op );
716 if( moi == &opinfo ) {
718 mdb_txn_abort( txn );
720 if ( opinfo.moi_oe.oe_key ) {
721 LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
728 mdb_entry_return( op, e );
731 if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
732 slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
733 slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
735 if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
736 slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
737 slap_sl_free( *postread_ctrl, op->o_tmpmemctx );