1 /* modrdn.c - mdb backend modrdn routine */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2000-2013 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
20 #include <ac/string.h>
25 mdb_modrdn( Operation *op, SlapReply *rs )
27 struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
28 AttributeDescription *children = slap_schema.si_ad_children;
29 AttributeDescription *entry = slap_schema.si_ad_entry;
30 struct berval p_dn, p_ndn;
31 struct berval new_dn = {0, NULL}, new_ndn = {0, NULL};
34 /* LDAP v2 supporting correct attribute handling. */
35 char textbuf[SLAP_TEXT_BUFLEN];
36 size_t textlen = sizeof textbuf;
39 struct mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo;
42 Entry *np = NULL; /* newSuperior Entry */
43 struct berval *np_dn = NULL; /* newSuperior dn */
44 struct berval *np_ndn = NULL; /* newSuperior ndn */
45 struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
47 int manageDSAit = get_manageDSAit( op );
50 LDAPControl **preread_ctrl = NULL;
51 LDAPControl **postread_ctrl = NULL;
52 LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
55 int parent_is_glue = 0;
56 int parent_is_leaf = 0;
62 Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(mdb_modrdn) "(%s,%s,%s)\n",
63 op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
64 op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
68 /* acquire connection lock */
69 ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
70 if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
71 rs->sr_text = "invalid transaction identifier";
72 rs->sr_err = LDAP_X_TXN_ID_INVALID;
74 } else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
79 if( op->o_conn->c_txn_backend == NULL ) {
80 op->o_conn->c_txn_backend = op->o_bd;
82 } else if( op->o_conn->c_txn_backend != op->o_bd ) {
83 rs->sr_text = "transaction cannot span multiple database contexts";
84 rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
88 /* insert operation into transaction */
90 rs->sr_text = "transaction specified";
91 rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
94 /* release connection lock */
95 ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
98 send_ldap_result( op, rs );
104 ctrls[num_ctrls] = NULL;
106 /* begin transaction */
107 rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi );
109 if( rs->sr_err != 0 ) {
110 Debug( LDAP_DEBUG_TRACE,
111 LDAP_XSTRING(mdb_modrdn) ": txn_begin failed: "
112 "%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 );
113 rs->sr_err = LDAP_OTHER;
114 rs->sr_text = "internal error";
119 slap_mods_opattrs( op, &op->orr_modlist, 1 );
121 if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
122 #ifdef MDB_MULTIPLE_SUFFIXES
123 /* Allow renaming one suffix entry to another */
124 p_ndn = slap_empty_bv;
126 /* There can only be one suffix entry */
127 rs->sr_err = LDAP_NAMING_VIOLATION;
128 rs->sr_text = "cannot rename suffix entry";
132 dnParent( &op->o_req_ndn, &p_ndn );
135 /* Make sure parent entry exist and we can write its
138 rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mc );
139 if ( rs->sr_err != 0 ) {
140 Debug(LDAP_DEBUG_TRACE,
141 "<=- " LDAP_XSTRING(mdb_modrdn)
142 ": cursor_open failed: %s (%d)\n",
143 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
144 rs->sr_err = LDAP_OTHER;
145 rs->sr_text = "DN cursor_open failed";
148 rs->sr_err = mdb_dn2entry( op, txn, mc, &p_ndn, &p, NULL, 0 );
149 switch( rs->sr_err ) {
151 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn)
152 ": parent does not exist\n", 0, 0, 0);
153 rs->sr_ref = referral_rewrite( default_referral, NULL,
154 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
155 rs->sr_err = LDAP_REFERRAL;
157 send_ldap_result( op, rs );
159 ber_bvarray_free( rs->sr_ref );
164 rs->sr_text = "ldap server busy";
167 rs->sr_err = LDAP_OTHER;
168 rs->sr_text = "internal error";
172 /* check parent for "children" acl */
173 rs->sr_err = access_allowed( op, p,
175 op->oq_modrdn.rs_newSup == NULL ?
176 ACL_WRITE : ACL_WDEL,
179 if ( ! rs->sr_err ) {
180 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
181 Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
183 rs->sr_text = "no write access to parent's children";
187 Debug( LDAP_DEBUG_TRACE,
188 LDAP_XSTRING(mdb_modrdn) ": wr to children "
189 "of entry %s OK\n", p_ndn.bv_val, 0, 0 );
191 if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
192 p_dn = slap_empty_bv;
194 dnParent( &op->o_req_dn, &p_dn );
197 Debug( LDAP_DEBUG_TRACE,
198 LDAP_XSTRING(mdb_modrdn) ": parent dn=%s\n",
202 rs->sr_err = mdb_dn2entry( op, txn, mc, &op->o_req_ndn, &e, &nsubs, 0 );
203 switch( rs->sr_err ) {
210 rs->sr_text = "ldap server busy";
213 rs->sr_err = LDAP_OTHER;
214 rs->sr_text = "internal error";
218 /* FIXME: dn2entry() should return non-glue entry */
219 if (( rs->sr_err == MDB_NOTFOUND ) ||
220 ( !manageDSAit && e && is_entry_glue( e )))
223 rs->sr_matched = ch_strdup( e->e_dn );
224 if ( is_entry_referral( e )) {
225 BerVarray ref = get_entry_referrals( op, e );
226 rs->sr_ref = referral_rewrite( ref, &e->e_name,
227 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
228 ber_bvarray_free( ref );
232 mdb_entry_return( op, e );
236 rs->sr_ref = referral_rewrite( default_referral, NULL,
237 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
240 rs->sr_err = LDAP_REFERRAL;
241 send_ldap_result( op, rs );
243 ber_bvarray_free( rs->sr_ref );
244 free( (char *)rs->sr_matched );
246 rs->sr_matched = NULL;
251 if ( get_assert( op ) &&
252 ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
254 rs->sr_err = LDAP_ASSERTION_FAILED;
258 /* check write on old entry */
259 rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL );
260 if ( ! rs->sr_err ) {
261 Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
263 rs->sr_text = "no write access to old entry";
264 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
268 if (!manageDSAit && is_entry_referral( e ) ) {
269 /* entry is a referral, don't allow rename */
270 rs->sr_ref = get_entry_referrals( op, e );
272 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn)
273 ": entry %s is referral\n", e->e_dn, 0, 0 );
275 rs->sr_err = LDAP_REFERRAL,
276 rs->sr_matched = e->e_name.bv_val;
277 send_ldap_result( op, rs );
279 ber_bvarray_free( rs->sr_ref );
281 rs->sr_matched = NULL;
285 new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
287 if ( op->oq_modrdn.rs_newSup != NULL ) {
288 Debug( LDAP_DEBUG_TRACE,
289 LDAP_XSTRING(mdb_modrdn)
290 ": new parent \"%s\" requested...\n",
291 op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
293 /* newSuperior == oldParent? */
294 if( dn_match( &p_ndn, op->oq_modrdn.rs_nnewSup ) ) {
295 Debug( LDAP_DEBUG_TRACE, "mdb_back_modrdn: "
296 "new parent \"%s\" same as the old parent \"%s\"\n",
297 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
298 op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
302 /* There's a MDB_MULTIPLE_SUFFIXES case here that this code doesn't
303 * support. E.g., two suffixes dc=foo,dc=com and dc=bar,dc=net.
304 * We do not allow modDN
308 * and we probably should. But since MULTIPLE_SUFFIXES is deprecated
309 * I'm ignoring this problem for now.
311 if ( op->oq_modrdn.rs_newSup != NULL ) {
312 if ( op->oq_modrdn.rs_newSup->bv_len ) {
313 np_dn = op->oq_modrdn.rs_newSup;
314 np_ndn = op->oq_modrdn.rs_nnewSup;
316 /* newSuperior == oldParent? - checked above */
317 /* newSuperior == entry being moved?, if so ==> ERROR */
318 if ( dnIsSuffix( np_ndn, &e->e_nname )) {
319 rs->sr_err = LDAP_NO_SUCH_OBJECT;
320 rs->sr_text = "new superior not found";
323 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
324 rs->sr_err = mdb_dn2entry( op, txn, NULL, np_ndn, &np, NULL, 0 );
326 switch( rs->sr_err ) {
330 Debug( LDAP_DEBUG_TRACE,
331 LDAP_XSTRING(mdb_modrdn)
332 ": newSup(ndn=%s) not here!\n",
333 np_ndn->bv_val, 0, 0);
334 rs->sr_text = "new superior not found";
335 rs->sr_err = LDAP_NO_SUCH_OBJECT;
338 rs->sr_text = "ldap server busy";
341 rs->sr_err = LDAP_OTHER;
342 rs->sr_text = "internal error";
346 /* check newSuperior for "children" acl */
347 rs->sr_err = access_allowed( op, np, children,
348 NULL, ACL_WADD, NULL );
351 Debug( LDAP_DEBUG_TRACE,
352 LDAP_XSTRING(mdb_modrdn)
353 ": no wr to newSup children\n",
355 rs->sr_text = "no write access to new superior's children";
356 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
360 Debug( LDAP_DEBUG_TRACE,
361 LDAP_XSTRING(mdb_modrdn)
362 ": wr to new parent OK np=%p, id=%ld\n",
363 (void *) np, (long) np->e_id, 0 );
365 if ( is_entry_alias( np ) ) {
366 /* parent is an alias, don't allow add */
367 Debug( LDAP_DEBUG_TRACE,
368 LDAP_XSTRING(mdb_modrdn)
369 ": entry is alias\n",
371 rs->sr_text = "new superior is an alias";
372 rs->sr_err = LDAP_ALIAS_PROBLEM;
376 if ( is_entry_referral( np ) ) {
377 /* parent is a referral, don't allow add */
378 Debug( LDAP_DEBUG_TRACE,
379 LDAP_XSTRING(mdb_modrdn)
380 ": entry is referral\n",
382 rs->sr_text = "new superior is a referral";
383 rs->sr_err = LDAP_OTHER;
386 new_parent_dn = &np->e_name;
391 /* no parent, modrdn entry directly under root */
392 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
393 || be_isupdate( op ) ) {
394 np = (Entry *)&slap_entry_root;
396 /* check parent for "children" acl */
397 rs->sr_err = access_allowed( op, np,
398 children, NULL, ACL_WADD, NULL );
402 if ( ! rs->sr_err ) {
403 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
404 Debug( LDAP_DEBUG_TRACE,
405 "no access to new superior\n",
408 "no write access to new superior's children";
414 Debug( LDAP_DEBUG_TRACE,
415 LDAP_XSTRING(mdb_modrdn)
416 ": wr to new parent's children OK\n",
419 new_parent_dn = np_dn;
422 /* Build target dn and make sure target entry doesn't exist already. */
423 if (!new_dn.bv_val) {
424 build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, op->o_tmpmemctx );
427 if (!new_ndn.bv_val) {
428 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, op->o_tmpmemctx );
431 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn) ": new ndn=%s\n",
432 new_ndn.bv_val, 0, 0 );
434 /* Shortcut the search */
435 rs->sr_err = mdb_dn2id ( op, txn, NULL, &new_ndn, &nid, NULL, NULL, NULL );
436 switch( rs->sr_err ) {
440 /* Allow rename to same DN */
441 if ( nid == e->e_id )
443 rs->sr_err = LDAP_ALREADY_EXISTS;
446 rs->sr_err = LDAP_OTHER;
447 rs->sr_text = "internal error";
451 assert( op->orr_modlist != NULL );
453 if( op->o_preread ) {
454 if( preread_ctrl == NULL ) {
455 preread_ctrl = &ctrls[num_ctrls++];
456 ctrls[num_ctrls] = NULL;
458 if( slap_read_controls( op, rs, e,
459 &slap_pre_read_bv, preread_ctrl ) )
461 Debug( LDAP_DEBUG_TRACE,
462 "<=- " LDAP_XSTRING(mdb_modrdn)
463 ": pre-read failed!\n", 0, 0, 0 );
464 if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
465 /* FIXME: is it correct to abort
466 * operation if control fails? */
473 * If moving to a new parent, must delete current subtree count,
474 * otherwise leave it unchanged since we'll be adding it right back.
476 rs->sr_err = mdb_dn2id_delete( op, mc, e->e_id, np ? nsubs : 0 );
477 if ( rs->sr_err != 0 ) {
478 Debug(LDAP_DEBUG_TRACE,
479 "<=- " LDAP_XSTRING(mdb_modrdn)
480 ": dn2id del failed: %s (%d)\n",
481 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
482 rs->sr_err = LDAP_OTHER;
483 rs->sr_text = "DN index delete fail";
487 /* copy the entry, then override some fields */
489 dummy.e_name = new_dn;
490 dummy.e_nname = new_ndn;
491 dummy.e_attrs = NULL;
494 rs->sr_err = mdb_dn2id_add( op, mc, mc, np ? np->e_id : p->e_id,
495 nsubs, np != NULL, &dummy );
496 if ( rs->sr_err != 0 ) {
497 Debug(LDAP_DEBUG_TRACE,
498 "<=- " LDAP_XSTRING(mdb_modrdn)
499 ": dn2id add failed: %s (%d)\n",
500 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
501 rs->sr_err = LDAP_OTHER;
502 rs->sr_text = "DN index add failed";
506 dummy.e_attrs = e->e_attrs;
509 rs->sr_err = mdb_modify_internal( op, txn, op->orr_modlist, &dummy,
510 &rs->sr_text, textbuf, textlen );
511 if( rs->sr_err != LDAP_SUCCESS ) {
512 Debug(LDAP_DEBUG_TRACE,
513 "<=- " LDAP_XSTRING(mdb_modrdn)
514 ": modify failed: %s (%d)\n",
515 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
516 if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
521 rs->sr_err = mdb_id2entry_update( op, txn, NULL, &dummy );
522 if ( rs->sr_err != 0 ) {
523 Debug(LDAP_DEBUG_TRACE,
524 "<=- " LDAP_XSTRING(mdb_modrdn)
525 ": id2entry failed: %s (%d)\n",
526 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
527 rs->sr_err = LDAP_OTHER;
528 rs->sr_text = "entry update failed";
532 if ( p_ndn.bv_len != 0 ) {
533 if ((parent_is_glue = is_entry_glue(p))) {
534 rs->sr_err = mdb_dn2id_children( op, txn, p );
535 if ( rs->sr_err != MDB_NOTFOUND ) {
536 switch( rs->sr_err ) {
540 Debug(LDAP_DEBUG_ARGS,
541 "<=- " LDAP_XSTRING(mdb_modrdn)
542 ": has_children failed: %s (%d)\n",
543 mdb_strerror(rs->sr_err), rs->sr_err, 0 );
544 rs->sr_err = LDAP_OTHER;
545 rs->sr_text = "internal error";
552 mdb_entry_return( op, p );
556 if( op->o_postread ) {
557 if( postread_ctrl == NULL ) {
558 postread_ctrl = &ctrls[num_ctrls++];
559 ctrls[num_ctrls] = NULL;
561 if( slap_read_controls( op, rs, &dummy,
562 &slap_post_read_bv, postread_ctrl ) )
564 Debug( LDAP_DEBUG_TRACE,
565 "<=- " LDAP_XSTRING(mdb_modrdn)
566 ": post-read failed!\n", 0, 0, 0 );
567 if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
568 /* FIXME: is it correct to abort
569 * operation if control fails? */
575 if( moi == &opinfo ) {
576 LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
577 opinfo.moi_oe.oe_key = NULL;
579 mdb_txn_abort( txn );
580 rs->sr_err = LDAP_X_NO_OPERATION;
582 /* Only free attrs if they were dup'd. */
583 if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
587 if(( rs->sr_err=mdb_txn_commit( txn )) != 0 ) {
588 rs->sr_text = "txn_commit failed";
590 rs->sr_err = LDAP_SUCCESS;
596 if( rs->sr_err != LDAP_SUCCESS ) {
597 Debug( LDAP_DEBUG_ANY,
598 LDAP_XSTRING(mdb_modrdn) ": %s : %s (%d)\n",
599 rs->sr_text, mdb_strerror(rs->sr_err), rs->sr_err );
600 rs->sr_err = LDAP_OTHER;
605 Debug(LDAP_DEBUG_TRACE,
606 LDAP_XSTRING(mdb_modrdn)
607 ": rdn modified%s id=%08lx dn=\"%s\"\n",
608 op->o_noop ? " (no-op)" : "",
609 dummy.e_id, op->o_req_dn.bv_val );
611 if( num_ctrls ) rs->sr_ctrls = ctrls;
614 if ( dummy.e_attrs ) {
615 attrs_free( dummy.e_attrs );
617 send_ldap_result( op, rs );
620 if( rs->sr_err == LDAP_SUCCESS && mdb->bi_txn_cp_kbyte ) {
621 TXN_CHECKPOINT( mdb->bi_dbenv,
622 mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 );
626 if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
627 op->o_delete_glue_parent = 1;
631 slap_graduate_commit_csn( op );
633 if( new_ndn.bv_val != NULL ) op->o_tmpfree( new_ndn.bv_val, op->o_tmpmemctx );
634 if( new_dn.bv_val != NULL ) op->o_tmpfree( new_dn.bv_val, op->o_tmpmemctx );
636 /* LDAP v3 Support */
638 /* free new parent */
639 mdb_entry_return( op, np );
644 mdb_entry_return( op, p );
649 mdb_entry_return( op, e );
652 if( moi == &opinfo ) {
654 mdb_txn_abort( txn );
656 if ( opinfo.moi_oe.oe_key ) {
657 LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
663 if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
664 slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
665 slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
667 if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
668 slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
669 slap_sl_free( *postread_ctrl, op->o_tmpmemctx );