1 /* modrdn.c - mdb backend modrdn routine */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2000-2016 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
20 #include <ac/string.h>
25 mdb_modrdn( Operation *op, SlapReply *rs )
27 struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
28 AttributeDescription *children = slap_schema.si_ad_children;
29 AttributeDescription *entry = slap_schema.si_ad_entry;
30 struct berval p_dn, p_ndn;
31 struct berval new_dn = {0, NULL}, new_ndn = {0, NULL};
34 /* LDAP v2 supporting correct attribute handling. */
35 char textbuf[SLAP_TEXT_BUFLEN];
36 size_t textlen = sizeof textbuf;
39 struct mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo;
42 Entry *np = NULL; /* newSuperior Entry */
43 struct berval *np_dn = NULL; /* newSuperior dn */
44 struct berval *np_ndn = NULL; /* newSuperior ndn */
45 struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
47 int manageDSAit = get_manageDSAit( op );
50 LDAPControl **preread_ctrl = NULL;
51 LDAPControl **postread_ctrl = NULL;
52 LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
55 int parent_is_glue = 0;
56 int parent_is_leaf = 0;
58 Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(mdb_modrdn) "(%s,%s,%s)\n",
59 op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
60 op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
63 if( op->o_txnSpec && txn_preop( op, rs ))
67 ctrls[num_ctrls] = NULL;
69 /* begin transaction */
70 rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi );
72 if( rs->sr_err != 0 ) {
73 Debug( LDAP_DEBUG_TRACE,
74 LDAP_XSTRING(mdb_modrdn) ": txn_begin failed: "
75 "%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 );
76 rs->sr_err = LDAP_OTHER;
77 rs->sr_text = "internal error";
82 slap_mods_opattrs( op, &op->orr_modlist, 1 );
84 if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
85 #ifdef MDB_MULTIPLE_SUFFIXES
86 /* Allow renaming one suffix entry to another */
87 p_ndn = slap_empty_bv;
89 /* There can only be one suffix entry */
90 rs->sr_err = LDAP_NAMING_VIOLATION;
91 rs->sr_text = "cannot rename suffix entry";
95 dnParent( &op->o_req_ndn, &p_ndn );
98 /* Make sure parent entry exist and we can write its
101 rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mc );
102 if ( rs->sr_err != 0 ) {
103 Debug(LDAP_DEBUG_TRACE,
104 "<=- " LDAP_XSTRING(mdb_modrdn)
105 ": cursor_open failed: %s (%d)\n",
106 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
107 rs->sr_err = LDAP_OTHER;
108 rs->sr_text = "DN cursor_open failed";
111 rs->sr_err = mdb_dn2entry( op, txn, mc, &p_ndn, &p, NULL, 0 );
112 switch( rs->sr_err ) {
114 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn)
115 ": parent does not exist\n", 0, 0, 0);
116 rs->sr_ref = referral_rewrite( default_referral, NULL,
117 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
118 rs->sr_err = LDAP_REFERRAL;
120 send_ldap_result( op, rs );
122 ber_bvarray_free( rs->sr_ref );
127 rs->sr_text = "ldap server busy";
130 rs->sr_err = LDAP_OTHER;
131 rs->sr_text = "internal error";
135 /* check parent for "children" acl */
136 rs->sr_err = access_allowed( op, p,
138 op->oq_modrdn.rs_newSup == NULL ?
139 ACL_WRITE : ACL_WDEL,
142 if ( ! rs->sr_err ) {
143 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
144 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
146 rs->sr_text = "no write access to parent's children";
150 Debug( LDAP_DEBUG_TRACE,
151 LDAP_XSTRING(mdb_modrdn) ": wr to children "
152 "of entry %s OK\n", p_ndn.bv_val, 0, 0 );
154 if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
155 p_dn = slap_empty_bv;
157 dnParent( &op->o_req_dn, &p_dn );
160 Debug( LDAP_DEBUG_TRACE,
161 LDAP_XSTRING(mdb_modrdn) ": parent dn=%s\n",
165 rs->sr_err = mdb_dn2entry( op, txn, mc, &op->o_req_ndn, &e, &nsubs, 0 );
166 switch( rs->sr_err ) {
173 rs->sr_text = "ldap server busy";
176 rs->sr_err = LDAP_OTHER;
177 rs->sr_text = "internal error";
181 /* FIXME: dn2entry() should return non-glue entry */
182 if (( rs->sr_err == MDB_NOTFOUND ) ||
183 ( !manageDSAit && e && is_entry_glue( e )))
186 rs->sr_matched = ch_strdup( e->e_dn );
187 if ( is_entry_referral( e )) {
188 BerVarray ref = get_entry_referrals( op, e );
189 rs->sr_ref = referral_rewrite( ref, &e->e_name,
190 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
191 ber_bvarray_free( ref );
195 mdb_entry_return( op, e );
199 rs->sr_ref = referral_rewrite( default_referral, NULL,
200 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
203 rs->sr_err = LDAP_REFERRAL;
204 send_ldap_result( op, rs );
206 ber_bvarray_free( rs->sr_ref );
207 free( (char *)rs->sr_matched );
209 rs->sr_matched = NULL;
214 if ( get_assert( op ) &&
215 ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
217 rs->sr_err = LDAP_ASSERTION_FAILED;
221 /* check write on old entry */
222 rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL );
223 if ( ! rs->sr_err ) {
224 Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
226 rs->sr_text = "no write access to old entry";
227 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
231 if (!manageDSAit && is_entry_referral( e ) ) {
232 /* entry is a referral, don't allow rename */
233 rs->sr_ref = get_entry_referrals( op, e );
235 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn)
236 ": entry %s is referral\n", e->e_dn, 0, 0 );
238 rs->sr_err = LDAP_REFERRAL,
239 rs->sr_matched = e->e_name.bv_val;
240 send_ldap_result( op, rs );
242 ber_bvarray_free( rs->sr_ref );
244 rs->sr_matched = NULL;
248 new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
250 if ( op->oq_modrdn.rs_newSup != NULL ) {
251 Debug( LDAP_DEBUG_TRACE,
252 LDAP_XSTRING(mdb_modrdn)
253 ": new parent \"%s\" requested...\n",
254 op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
256 /* newSuperior == oldParent? */
257 if( dn_match( &p_ndn, op->oq_modrdn.rs_nnewSup ) ) {
258 Debug( LDAP_DEBUG_TRACE, "mdb_back_modrdn: "
259 "new parent \"%s\" same as the old parent \"%s\"\n",
260 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
261 op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
265 /* There's a MDB_MULTIPLE_SUFFIXES case here that this code doesn't
266 * support. E.g., two suffixes dc=foo,dc=com and dc=bar,dc=net.
267 * We do not allow modDN
271 * and we probably should. But since MULTIPLE_SUFFIXES is deprecated
272 * I'm ignoring this problem for now.
274 if ( op->oq_modrdn.rs_newSup != NULL ) {
275 if ( op->oq_modrdn.rs_newSup->bv_len ) {
276 np_dn = op->oq_modrdn.rs_newSup;
277 np_ndn = op->oq_modrdn.rs_nnewSup;
279 /* newSuperior == oldParent? - checked above */
280 /* newSuperior == entry being moved?, if so ==> ERROR */
281 if ( dnIsSuffix( np_ndn, &e->e_nname )) {
282 rs->sr_err = LDAP_NO_SUCH_OBJECT;
283 rs->sr_text = "new superior not found";
286 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
287 rs->sr_err = mdb_dn2entry( op, txn, NULL, np_ndn, &np, NULL, 0 );
289 switch( rs->sr_err ) {
293 Debug( LDAP_DEBUG_TRACE,
294 LDAP_XSTRING(mdb_modrdn)
295 ": newSup(ndn=%s) not here!\n",
296 np_ndn->bv_val, 0, 0);
297 rs->sr_text = "new superior not found";
298 rs->sr_err = LDAP_NO_SUCH_OBJECT;
301 rs->sr_text = "ldap server busy";
304 rs->sr_err = LDAP_OTHER;
305 rs->sr_text = "internal error";
309 /* check newSuperior for "children" acl */
310 rs->sr_err = access_allowed( op, np, children,
311 NULL, ACL_WADD, NULL );
314 Debug( LDAP_DEBUG_TRACE,
315 LDAP_XSTRING(mdb_modrdn)
316 ": no wr to newSup children\n",
318 rs->sr_text = "no write access to new superior's children";
319 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
323 Debug( LDAP_DEBUG_TRACE,
324 LDAP_XSTRING(mdb_modrdn)
325 ": wr to new parent OK np=%p, id=%ld\n",
326 (void *) np, (long) np->e_id, 0 );
328 if ( is_entry_alias( np ) ) {
329 /* parent is an alias, don't allow add */
330 Debug( LDAP_DEBUG_TRACE,
331 LDAP_XSTRING(mdb_modrdn)
332 ": entry is alias\n",
334 rs->sr_text = "new superior is an alias";
335 rs->sr_err = LDAP_ALIAS_PROBLEM;
339 if ( is_entry_referral( np ) ) {
340 /* parent is a referral, don't allow add */
341 Debug( LDAP_DEBUG_TRACE,
342 LDAP_XSTRING(mdb_modrdn)
343 ": entry is referral\n",
345 rs->sr_text = "new superior is a referral";
346 rs->sr_err = LDAP_OTHER;
354 /* no parent, modrdn entry directly under root */
355 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
356 || be_isupdate( op ) ) {
357 np = (Entry *)&slap_entry_root;
359 /* check parent for "children" acl */
360 rs->sr_err = access_allowed( op, np,
361 children, NULL, ACL_WADD, NULL );
365 if ( ! rs->sr_err ) {
366 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
367 Debug( LDAP_DEBUG_TRACE,
368 "no access to new superior\n",
371 "no write access to new superior's children";
377 Debug( LDAP_DEBUG_TRACE,
378 LDAP_XSTRING(mdb_modrdn)
379 ": wr to new parent's children OK\n",
382 new_parent_dn = np_dn;
385 /* Build target dn and make sure target entry doesn't exist already. */
386 if (!new_dn.bv_val) {
387 build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, op->o_tmpmemctx );
390 if (!new_ndn.bv_val) {
391 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, op->o_tmpmemctx );
394 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn) ": new ndn=%s\n",
395 new_ndn.bv_val, 0, 0 );
397 /* Shortcut the search */
398 rs->sr_err = mdb_dn2id ( op, txn, NULL, &new_ndn, &nid, NULL, NULL, NULL );
399 switch( rs->sr_err ) {
403 /* Allow rename to same DN */
404 if ( nid == e->e_id )
406 rs->sr_err = LDAP_ALREADY_EXISTS;
409 rs->sr_err = LDAP_OTHER;
410 rs->sr_text = "internal error";
414 assert( op->orr_modlist != NULL );
416 if( op->o_preread ) {
417 if( preread_ctrl == NULL ) {
418 preread_ctrl = &ctrls[num_ctrls++];
419 ctrls[num_ctrls] = NULL;
421 if( slap_read_controls( op, rs, e,
422 &slap_pre_read_bv, preread_ctrl ) )
424 Debug( LDAP_DEBUG_TRACE,
425 "<=- " LDAP_XSTRING(mdb_modrdn)
426 ": pre-read failed!\n", 0, 0, 0 );
427 if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
428 /* FIXME: is it correct to abort
429 * operation if control fails? */
436 * If moving to a new parent, must delete current subtree count,
437 * otherwise leave it unchanged since we'll be adding it right back.
439 rs->sr_err = mdb_dn2id_delete( op, mc, e->e_id, np ? nsubs : 0 );
440 if ( rs->sr_err != 0 ) {
441 Debug(LDAP_DEBUG_TRACE,
442 "<=- " LDAP_XSTRING(mdb_modrdn)
443 ": dn2id del failed: %s (%d)\n",
444 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
445 rs->sr_err = LDAP_OTHER;
446 rs->sr_text = "DN index delete fail";
450 /* copy the entry, then override some fields */
452 dummy.e_name = new_dn;
453 dummy.e_nname = new_ndn;
454 dummy.e_attrs = NULL;
457 rs->sr_err = mdb_dn2id_add( op, mc, mc, np ? np->e_id : p->e_id,
458 nsubs, np != NULL, &dummy );
459 if ( rs->sr_err != 0 ) {
460 Debug(LDAP_DEBUG_TRACE,
461 "<=- " LDAP_XSTRING(mdb_modrdn)
462 ": dn2id add failed: %s (%d)\n",
463 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
464 rs->sr_err = LDAP_OTHER;
465 rs->sr_text = "DN index add failed";
469 dummy.e_attrs = e->e_attrs;
472 rs->sr_err = mdb_modify_internal( op, txn, op->orr_modlist, &dummy,
473 &rs->sr_text, textbuf, textlen );
474 if( rs->sr_err != LDAP_SUCCESS ) {
475 Debug(LDAP_DEBUG_TRACE,
476 "<=- " LDAP_XSTRING(mdb_modrdn)
477 ": modify failed: %s (%d)\n",
478 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
479 if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
484 rs->sr_err = mdb_id2entry_update( op, txn, NULL, &dummy );
485 if ( rs->sr_err != 0 ) {
486 Debug(LDAP_DEBUG_TRACE,
487 "<=- " LDAP_XSTRING(mdb_modrdn)
488 ": id2entry failed: %s (%d)\n",
489 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
490 if ( rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED ) {
491 rs->sr_text = "entry too big";
493 rs->sr_err = LDAP_OTHER;
494 rs->sr_text = "entry update failed";
499 if ( p_ndn.bv_len != 0 ) {
500 if ((parent_is_glue = is_entry_glue(p))) {
501 rs->sr_err = mdb_dn2id_children( op, txn, p );
502 if ( rs->sr_err != MDB_NOTFOUND ) {
503 switch( rs->sr_err ) {
507 Debug(LDAP_DEBUG_ARGS,
508 "<=- " LDAP_XSTRING(mdb_modrdn)
509 ": has_children failed: %s (%d)\n",
510 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
511 rs->sr_err = LDAP_OTHER;
512 rs->sr_text = "internal error";
519 mdb_entry_return( op, p );
523 if( op->o_postread ) {
524 if( postread_ctrl == NULL ) {
525 postread_ctrl = &ctrls[num_ctrls++];
526 ctrls[num_ctrls] = NULL;
528 if( slap_read_controls( op, rs, &dummy,
529 &slap_post_read_bv, postread_ctrl ) )
531 Debug( LDAP_DEBUG_TRACE,
532 "<=- " LDAP_XSTRING(mdb_modrdn)
533 ": post-read failed!\n", 0, 0, 0 );
534 if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
535 /* FIXME: is it correct to abort
536 * operation if control fails? */
542 if( moi == &opinfo ) {
543 LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
544 opinfo.moi_oe.oe_key = NULL;
546 mdb_txn_abort( txn );
547 rs->sr_err = LDAP_X_NO_OPERATION;
549 /* Only free attrs if they were dup'd. */
550 if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
554 if(( rs->sr_err=mdb_txn_commit( txn )) != 0 ) {
555 rs->sr_text = "txn_commit failed";
557 rs->sr_err = LDAP_SUCCESS;
563 if( rs->sr_err != LDAP_SUCCESS ) {
564 Debug( LDAP_DEBUG_ANY,
565 LDAP_XSTRING(mdb_modrdn) ": %s : %s (%d)\n",
566 rs->sr_text, mdb_strerror(rs->sr_err), rs->sr_err );
567 rs->sr_err = LDAP_OTHER;
572 Debug(LDAP_DEBUG_TRACE,
573 LDAP_XSTRING(mdb_modrdn)
574 ": rdn modified%s id=%08lx dn=\"%s\"\n",
575 op->o_noop ? " (no-op)" : "",
576 dummy.e_id, op->o_req_dn.bv_val );
578 if( num_ctrls ) rs->sr_ctrls = ctrls;
581 if ( dummy.e_attrs ) {
582 attrs_free( dummy.e_attrs );
584 send_ldap_result( op, rs );
587 if( rs->sr_err == LDAP_SUCCESS && mdb->bi_txn_cp_kbyte ) {
588 TXN_CHECKPOINT( mdb->bi_dbenv,
589 mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 );
593 if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
594 op->o_delete_glue_parent = 1;
598 slap_graduate_commit_csn( op );
600 if( new_ndn.bv_val != NULL ) op->o_tmpfree( new_ndn.bv_val, op->o_tmpmemctx );
601 if( new_dn.bv_val != NULL ) op->o_tmpfree( new_dn.bv_val, op->o_tmpmemctx );
603 /* LDAP v3 Support */
605 /* free new parent */
606 mdb_entry_return( op, np );
611 mdb_entry_return( op, p );
616 mdb_entry_return( op, e );
619 if( moi == &opinfo ) {
621 mdb_txn_abort( txn );
623 if ( opinfo.moi_oe.oe_key ) {
624 LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
630 if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
631 slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
632 slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
634 if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
635 slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
636 slap_sl_free( *postread_ctrl, op->o_tmpmemctx );