1 /* modrdn.c - mdb backend modrdn routine */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2000-2012 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
20 #include <ac/string.h>
25 mdb_modrdn( Operation *op, SlapReply *rs )
27 struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
28 AttributeDescription *children = slap_schema.si_ad_children;
29 AttributeDescription *entry = slap_schema.si_ad_entry;
30 struct berval p_dn, p_ndn;
31 struct berval new_dn = {0, NULL}, new_ndn = {0, NULL};
34 /* LDAP v2 supporting correct attribute handling. */
35 char textbuf[SLAP_TEXT_BUFLEN];
36 size_t textlen = sizeof textbuf;
39 struct mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo;
42 Entry *np = NULL; /* newSuperior Entry */
43 struct berval *np_dn = NULL; /* newSuperior dn */
44 struct berval *np_ndn = NULL; /* newSuperior ndn */
45 struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
47 int manageDSAit = get_manageDSAit( op );
50 LDAPControl **preread_ctrl = NULL;
51 LDAPControl **postread_ctrl = NULL;
52 LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
55 int parent_is_glue = 0;
56 int parent_is_leaf = 0;
62 Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(mdb_modrdn) "(%s,%s,%s)\n",
63 op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
64 op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
68 /* acquire connection lock */
69 ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
70 if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
71 rs->sr_text = "invalid transaction identifier";
72 rs->sr_err = LDAP_X_TXN_ID_INVALID;
74 } else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
79 if( op->o_conn->c_txn_backend == NULL ) {
80 op->o_conn->c_txn_backend = op->o_bd;
82 } else if( op->o_conn->c_txn_backend != op->o_bd ) {
83 rs->sr_text = "transaction cannot span multiple database contexts";
84 rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
88 /* insert operation into transaction */
90 rs->sr_text = "transaction specified";
91 rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
94 /* release connection lock */
95 ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
98 send_ldap_result( op, rs );
104 ctrls[num_ctrls] = NULL;
106 slap_mods_opattrs( op, &op->orr_modlist, 1 );
108 /* begin transaction */
109 rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi );
111 if( rs->sr_err != 0 ) {
112 Debug( LDAP_DEBUG_TRACE,
113 LDAP_XSTRING(mdb_modrdn) ": txn_begin failed: "
114 "%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 );
115 rs->sr_err = LDAP_OTHER;
116 rs->sr_text = "internal error";
122 if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
123 #ifdef MDB_MULTIPLE_SUFFIXES
124 /* Allow renaming one suffix entry to another */
125 p_ndn = slap_empty_bv;
127 /* There can only be one suffix entry */
128 rs->sr_err = LDAP_NAMING_VIOLATION;
129 rs->sr_text = "cannot rename suffix entry";
133 dnParent( &op->o_req_ndn, &p_ndn );
136 /* Make sure parent entry exist and we can write its
139 rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mc );
140 if ( rs->sr_err != 0 ) {
141 Debug(LDAP_DEBUG_TRACE,
142 "<=- " LDAP_XSTRING(mdb_modrdn)
143 ": cursor_open failed: %s (%d)\n",
144 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
145 rs->sr_err = LDAP_OTHER;
146 rs->sr_text = "DN cursor_open failed";
149 rs->sr_err = mdb_dn2entry( op, txn, mc, &p_ndn, &p, 0 );
150 switch( rs->sr_err ) {
152 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn)
153 ": parent does not exist\n", 0, 0, 0);
154 rs->sr_ref = referral_rewrite( default_referral, NULL,
155 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
156 rs->sr_err = LDAP_REFERRAL;
158 send_ldap_result( op, rs );
160 ber_bvarray_free( rs->sr_ref );
165 rs->sr_text = "ldap server busy";
168 rs->sr_err = LDAP_OTHER;
169 rs->sr_text = "internal error";
173 /* check parent for "children" acl */
174 rs->sr_err = access_allowed( op, p,
176 op->oq_modrdn.rs_newSup == NULL ?
177 ACL_WRITE : ACL_WDEL,
180 if ( ! rs->sr_err ) {
181 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
182 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
184 rs->sr_text = "no write access to parent's children";
188 Debug( LDAP_DEBUG_TRACE,
189 LDAP_XSTRING(mdb_modrdn) ": wr to children "
190 "of entry %s OK\n", p_ndn.bv_val, 0, 0 );
192 if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
193 p_dn = slap_empty_bv;
195 dnParent( &op->o_req_dn, &p_dn );
198 Debug( LDAP_DEBUG_TRACE,
199 LDAP_XSTRING(mdb_modrdn) ": parent dn=%s\n",
203 rs->sr_err = mdb_dn2entry( op, txn, mc, &op->o_req_ndn, &e, 0 );
204 switch( rs->sr_err ) {
211 rs->sr_text = "ldap server busy";
214 rs->sr_err = LDAP_OTHER;
215 rs->sr_text = "internal error";
219 /* FIXME: dn2entry() should return non-glue entry */
220 if (( rs->sr_err == MDB_NOTFOUND ) ||
221 ( !manageDSAit && e && is_entry_glue( e )))
224 rs->sr_matched = ch_strdup( e->e_dn );
225 if ( is_entry_referral( e )) {
226 BerVarray ref = get_entry_referrals( op, e );
227 rs->sr_ref = referral_rewrite( ref, &e->e_name,
228 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
229 ber_bvarray_free( ref );
233 mdb_entry_return( op, e );
237 rs->sr_ref = referral_rewrite( default_referral, NULL,
238 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
241 rs->sr_err = LDAP_REFERRAL;
242 send_ldap_result( op, rs );
244 ber_bvarray_free( rs->sr_ref );
245 free( (char *)rs->sr_matched );
247 rs->sr_matched = NULL;
252 if ( get_assert( op ) &&
253 ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
255 rs->sr_err = LDAP_ASSERTION_FAILED;
259 /* check write on old entry */
260 rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL );
261 if ( ! rs->sr_err ) {
262 Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
264 rs->sr_text = "no write access to old entry";
265 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
269 if (!manageDSAit && is_entry_referral( e ) ) {
270 /* entry is a referral, don't allow rename */
271 rs->sr_ref = get_entry_referrals( op, e );
273 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn)
274 ": entry %s is referral\n", e->e_dn, 0, 0 );
276 rs->sr_err = LDAP_REFERRAL,
277 rs->sr_matched = e->e_name.bv_val;
278 send_ldap_result( op, rs );
280 ber_bvarray_free( rs->sr_ref );
282 rs->sr_matched = NULL;
286 new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
288 if ( op->oq_modrdn.rs_newSup != NULL ) {
289 Debug( LDAP_DEBUG_TRACE,
290 LDAP_XSTRING(mdb_modrdn)
291 ": new parent \"%s\" requested...\n",
292 op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
294 /* newSuperior == oldParent? */
295 if( dn_match( &p_ndn, op->oq_modrdn.rs_nnewSup ) ) {
296 Debug( LDAP_DEBUG_TRACE, "mdb_back_modrdn: "
297 "new parent \"%s\" same as the old parent \"%s\"\n",
298 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
299 op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
303 /* There's a MDB_MULTIPLE_SUFFIXES case here that this code doesn't
304 * support. E.g., two suffixes dc=foo,dc=com and dc=bar,dc=net.
305 * We do not allow modDN
309 * and we probably should. But since MULTIPLE_SUFFIXES is deprecated
310 * I'm ignoring this problem for now.
312 if ( op->oq_modrdn.rs_newSup != NULL ) {
313 if ( op->oq_modrdn.rs_newSup->bv_len ) {
314 np_dn = op->oq_modrdn.rs_newSup;
315 np_ndn = op->oq_modrdn.rs_nnewSup;
317 /* newSuperior == oldParent? - checked above */
318 /* newSuperior == entry being moved?, if so ==> ERROR */
319 if ( dnIsSuffix( np_ndn, &e->e_nname )) {
320 rs->sr_err = LDAP_NO_SUCH_OBJECT;
321 rs->sr_text = "new superior not found";
324 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
325 rs->sr_err = mdb_dn2entry( op, txn, NULL, np_ndn, &np, 0 );
327 switch( rs->sr_err ) {
331 Debug( LDAP_DEBUG_TRACE,
332 LDAP_XSTRING(mdb_modrdn)
333 ": newSup(ndn=%s) not here!\n",
334 np_ndn->bv_val, 0, 0);
335 rs->sr_text = "new superior not found";
336 rs->sr_err = LDAP_NO_SUCH_OBJECT;
339 rs->sr_text = "ldap server busy";
342 rs->sr_err = LDAP_OTHER;
343 rs->sr_text = "internal error";
347 /* check newSuperior for "children" acl */
348 rs->sr_err = access_allowed( op, np, children,
349 NULL, ACL_WADD, NULL );
352 Debug( LDAP_DEBUG_TRACE,
353 LDAP_XSTRING(mdb_modrdn)
354 ": no wr to newSup children\n",
356 rs->sr_text = "no write access to new superior's children";
357 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
361 Debug( LDAP_DEBUG_TRACE,
362 LDAP_XSTRING(mdb_modrdn)
363 ": wr to new parent OK np=%p, id=%ld\n",
364 (void *) np, (long) np->e_id, 0 );
366 if ( is_entry_alias( np ) ) {
367 /* parent is an alias, don't allow add */
368 Debug( LDAP_DEBUG_TRACE,
369 LDAP_XSTRING(mdb_modrdn)
370 ": entry is alias\n",
372 rs->sr_text = "new superior is an alias";
373 rs->sr_err = LDAP_ALIAS_PROBLEM;
377 if ( is_entry_referral( np ) ) {
378 /* parent is a referral, don't allow add */
379 Debug( LDAP_DEBUG_TRACE,
380 LDAP_XSTRING(mdb_modrdn)
381 ": entry is referral\n",
383 rs->sr_text = "new superior is a referral";
384 rs->sr_err = LDAP_OTHER;
387 new_parent_dn = &np->e_name;
392 /* no parent, modrdn entry directly under root */
393 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
394 || be_isupdate( op ) ) {
395 np = (Entry *)&slap_entry_root;
397 /* check parent for "children" acl */
398 rs->sr_err = access_allowed( op, np,
399 children, NULL, ACL_WADD, NULL );
403 if ( ! rs->sr_err ) {
404 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
405 Debug( LDAP_DEBUG_TRACE,
406 "no access to new superior\n",
409 "no write access to new superior's children";
415 Debug( LDAP_DEBUG_TRACE,
416 LDAP_XSTRING(mdb_modrdn)
417 ": wr to new parent's children OK\n",
420 new_parent_dn = np_dn;
423 /* Build target dn and make sure target entry doesn't exist already. */
424 if (!new_dn.bv_val) {
425 build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, op->o_tmpmemctx );
428 if (!new_ndn.bv_val) {
429 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, op->o_tmpmemctx );
432 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn) ": new ndn=%s\n",
433 new_ndn.bv_val, 0, 0 );
435 /* Shortcut the search */
436 rs->sr_err = mdb_dn2id ( op, txn, NULL, &new_ndn, &nid, NULL, NULL );
437 switch( rs->sr_err ) {
441 /* Allow rename to same DN */
442 if ( nid == e->e_id )
444 rs->sr_err = LDAP_ALREADY_EXISTS;
447 rs->sr_err = LDAP_OTHER;
448 rs->sr_text = "internal error";
452 assert( op->orr_modlist != NULL );
454 if( op->o_preread ) {
455 if( preread_ctrl == NULL ) {
456 preread_ctrl = &ctrls[num_ctrls++];
457 ctrls[num_ctrls] = NULL;
459 if( slap_read_controls( op, rs, e,
460 &slap_pre_read_bv, preread_ctrl ) )
462 Debug( LDAP_DEBUG_TRACE,
463 "<=- " LDAP_XSTRING(mdb_modrdn)
464 ": pre-read failed!\n", 0, 0, 0 );
465 if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
466 /* FIXME: is it correct to abort
467 * operation if control fails? */
474 rs->sr_err = mdb_dn2id_delete( op, mc, e->e_id );
475 if ( rs->sr_err != 0 ) {
476 Debug(LDAP_DEBUG_TRACE,
477 "<=- " LDAP_XSTRING(mdb_modrdn)
478 ": dn2id del failed: %s (%d)\n",
479 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
480 rs->sr_err = LDAP_OTHER;
481 rs->sr_text = "DN index delete fail";
485 /* copy the entry, then override some fields */
487 dummy.e_name = new_dn;
488 dummy.e_nname = new_ndn;
489 dummy.e_attrs = NULL;
492 rs->sr_err = mdb_dn2id_add( op, mc, mc, np ? np->e_id : p->e_id, &dummy );
493 if ( rs->sr_err != 0 ) {
494 Debug(LDAP_DEBUG_TRACE,
495 "<=- " LDAP_XSTRING(mdb_modrdn)
496 ": dn2id add failed: %s (%d)\n",
497 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
498 rs->sr_err = LDAP_OTHER;
499 rs->sr_text = "DN index add failed";
503 dummy.e_attrs = e->e_attrs;
506 rs->sr_err = mdb_modify_internal( op, txn, op->orr_modlist, &dummy,
507 &rs->sr_text, textbuf, textlen );
508 if( rs->sr_err != LDAP_SUCCESS ) {
509 Debug(LDAP_DEBUG_TRACE,
510 "<=- " LDAP_XSTRING(mdb_modrdn)
511 ": modify failed: %s (%d)\n",
512 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
513 if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
518 rs->sr_err = mdb_id2entry_update( op, txn, NULL, &dummy );
519 if ( rs->sr_err != 0 ) {
520 Debug(LDAP_DEBUG_TRACE,
521 "<=- " LDAP_XSTRING(mdb_modrdn)
522 ": id2entry failed: %s (%d)\n",
523 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
524 rs->sr_err = LDAP_OTHER;
525 rs->sr_text = "entry update failed";
529 if ( p_ndn.bv_len != 0 ) {
530 parent_is_glue = is_entry_glue(p);
531 rs->sr_err = mdb_dn2id_children( op, txn, p );
532 if ( rs->sr_err != MDB_NOTFOUND ) {
533 switch( rs->sr_err ) {
537 Debug(LDAP_DEBUG_ARGS,
538 "<=- " LDAP_XSTRING(mdb_modrdn)
539 ": has_children failed: %s (%d)\n",
540 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
541 rs->sr_err = LDAP_OTHER;
542 rs->sr_text = "internal error";
548 mdb_entry_return( op, p );
552 if( op->o_postread ) {
553 if( postread_ctrl == NULL ) {
554 postread_ctrl = &ctrls[num_ctrls++];
555 ctrls[num_ctrls] = NULL;
557 if( slap_read_controls( op, rs, &dummy,
558 &slap_post_read_bv, postread_ctrl ) )
560 Debug( LDAP_DEBUG_TRACE,
561 "<=- " LDAP_XSTRING(mdb_modrdn)
562 ": post-read failed!\n", 0, 0, 0 );
563 if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
564 /* FIXME: is it correct to abort
565 * operation if control fails? */
571 if( moi == &opinfo ) {
572 LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
573 opinfo.moi_oe.oe_key = NULL;
575 mdb_txn_abort( txn );
576 rs->sr_err = LDAP_X_NO_OPERATION;
578 /* Only free attrs if they were dup'd. */
579 if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
583 if(( rs->sr_err=mdb_txn_commit( txn )) != 0 ) {
584 rs->sr_text = "txn_commit failed";
586 rs->sr_err = LDAP_SUCCESS;
592 if( rs->sr_err != LDAP_SUCCESS ) {
593 Debug( LDAP_DEBUG_TRACE,
594 LDAP_XSTRING(mdb_modrdn) ": %s : %s (%d)\n",
595 rs->sr_text, mdb_strerror(rs->sr_err), rs->sr_err );
596 rs->sr_err = LDAP_OTHER;
601 Debug(LDAP_DEBUG_TRACE,
602 LDAP_XSTRING(mdb_modrdn)
603 ": rdn modified%s id=%08lx dn=\"%s\"\n",
604 op->o_noop ? " (no-op)" : "",
605 dummy.e_id, op->o_req_dn.bv_val );
607 if( num_ctrls ) rs->sr_ctrls = ctrls;
610 if ( dummy.e_attrs ) {
611 attrs_free( dummy.e_attrs );
613 send_ldap_result( op, rs );
616 if( rs->sr_err == LDAP_SUCCESS && mdb->bi_txn_cp_kbyte ) {
617 TXN_CHECKPOINT( mdb->bi_dbenv,
618 mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 );
622 if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
623 op->o_delete_glue_parent = 1;
627 slap_graduate_commit_csn( op );
629 if( new_ndn.bv_val != NULL ) op->o_tmpfree( new_ndn.bv_val, op->o_tmpmemctx );
630 if( new_dn.bv_val != NULL ) op->o_tmpfree( new_dn.bv_val, op->o_tmpmemctx );
632 /* LDAP v3 Support */
634 /* free new parent */
635 mdb_entry_return( op, np );
640 mdb_entry_return( op, p );
645 mdb_entry_return( op, e );
648 if( moi == &opinfo ) {
650 mdb_txn_abort( txn );
652 if ( opinfo.moi_oe.oe_key ) {
653 LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
657 if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
658 slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
659 slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
661 if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
662 slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
663 slap_sl_free( *postread_ctrl, op->o_tmpmemctx );