git.sur5r.net Git - openldap/blob - servers/slapd/back-sql/modrdn.c

   1 /* $OpenLDAP$ */
   2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   3  *
   4  * Copyright 1999-2004 The OpenLDAP Foundation.
   5  * Portions Copyright 1999 Dmitry Kovalev.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* ACKNOWLEDGEMENTS:
  17  * This work was initially developed by Dmitry Kovalev for inclusion
  18  * by OpenLDAP Software.
  19  */
  20
  21 #include "portable.h"
  22
  23 #ifdef SLAPD_SQL
  24
  25 #include <stdio.h>
  26 #include <sys/types.h>
  27 #include "ac/string.h"
  28
  29 #include "slap.h"
  30 #include "ldap_pvt.h"
  31 #include "proto-sql.h"
  32
  33 int
  34 backsql_modrdn( Operation *op, SlapReply *rs )
  35 {
  36         backsql_info            *bi = (backsql_info*)op->o_bd->be_private;
  37         SQLHDBC                 dbh;
  38         SQLHSTMT                sth;
  39         RETCODE                 rc;
  40         backsql_entryID         e_id, pe_id, new_pid;
  41         backsql_oc_map_rec      *oc = NULL;
  42         struct berval           p_dn, p_ndn,
  43                                 *new_pdn = NULL, *new_npdn = NULL,
  44                                 new_dn, new_ndn;
  45         LDAPRDN                 new_rdn = NULL;
  46         LDAPRDN                 old_rdn = NULL;
  47         Entry                   e;
  48         Modifications           *mod;
  49         struct berval           *newSuperior = op->oq_modrdn.rs_newSup;
  50
  51         Debug( LDAP_DEBUG_TRACE, "==>backsql_modrdn() renaming entry \"%s\", "
  52                         "newrdn=\"%s\", newSuperior=\"%s\"\n",
  53                         op->o_req_dn.bv_val, op->oq_modrdn.rs_newrdn.bv_val,
  54                         newSuperior ? newSuperior->bv_val : "(NULL)" );
  55         rs->sr_err = backsql_get_db_conn( op, &dbh );
  56         if ( rs->sr_err != LDAP_SUCCESS ) {
  57                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
  58                         "could not get connection handle - exiting\n",
  59                         0, 0, 0 );
  60                 rs->sr_text = ( rs->sr_err == LDAP_OTHER )
  61                         ?  "SQL-backend error" : NULL;
  62                 send_ldap_result( op, rs );
  63                 return 1;
  64         }
  65
  66         rs->sr_err = backsql_dn2id( bi, &e_id, dbh, &op->o_req_ndn );
  67         if ( rs->sr_err != LDAP_SUCCESS ) {
  68                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
  69                         "could not lookup entry id\n", 0, 0, 0 );
  70                 rs->sr_text = ( rs->sr_err == LDAP_OTHER )
  71                         ?  "SQL-backend error" : NULL;
  72                 send_ldap_result( op, rs );
  73                 return 1;
  74         }
  75
  76         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): entry id=%ld\n",
  77                 e_id.id, 0, 0 );
  78
  79         if ( backsql_has_children( bi, dbh, &op->o_req_ndn ) == LDAP_COMPARE_TRUE ) {
  80                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
  81                         "entry \"%s\" has children\n",
  82                         op->o_req_dn.bv_val, 0, 0 );
  83                 rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
  84                 rs->sr_text = "subtree rename not supported";
  85                 send_ldap_result( op, rs );
  86                 return 1;
  87         }
  88
  89         dnParent( &op->o_req_dn, &p_dn );
  90         dnParent( &op->o_req_ndn, &p_ndn );
  91
  92         /*
  93          * namingContext "" is not supported
  94          */
  95         if ( p_dn.bv_len == 0 ) {
  96                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
  97                         "parent is \"\" - aborting\n", 0, 0, 0 );
  98                 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
  99                 rs->sr_text = "not allowed within namingContext";
 100                 send_ldap_result( op, rs );
 101                 goto modrdn_return;
 102         }
 103
 104         /*
 105          * Check for children access to parent
 106          */
 107         e.e_attrs = NULL;
 108         e.e_name = p_dn;
 109         e.e_nname = p_ndn;
 110         if ( !access_allowed( op, &e, slap_schema.si_ad_children,
 111                                 NULL, ACL_WRITE, NULL ) ) {
 112                 Debug( LDAP_DEBUG_TRACE, "   no access to parent\n", 0, 0, 0 );
 113                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 114                 goto modrdn_return;
 115         }
 116
 117         if ( newSuperior ) {
 118                 /*
 119                  * namingContext "" is not supported
 120                  */
 121                 if ( newSuperior->bv_len == 0 ) {
 122                         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 123                                 "newSuperior is \"\" - aborting\n", 0, 0, 0 );
 124                         rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
 125                         rs->sr_text = "not allowed within namingContext";
 126                         send_ldap_result( op, rs );
 127                         goto modrdn_return;
 128                 }
 129
 130                 new_pdn = newSuperior;
 131                 new_npdn = op->oq_modrdn.rs_nnewSup;
 132
 133                 e.e_name = *new_pdn;
 134                 e.e_nname = *new_npdn;
 135
 136                 /*
 137                  * Check for children access to new parent
 138                  */
 139                 if ( !access_allowed( op, &e, slap_schema.si_ad_children,
 140                                         NULL, ACL_WRITE, NULL ) ) {
 141                         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 142                                         "no access to new parent \"%s\"\n",
 143                                         new_pdn->bv_val, 0, 0 );
 144                         rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 145                         goto modrdn_return;
 146                 }
 147
 148         } else {
 149                 new_pdn = &p_dn;
 150                 new_npdn = &p_ndn;
 151         }
 152
 153         if ( newSuperior && dn_match( &p_ndn, new_npdn ) ) {
 154                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 155                         "newSuperior is equal to old parent - ignored\n",
 156                         0, 0, 0 );
 157                 newSuperior = NULL;
 158         }
 159
 160         if ( newSuperior && dn_match( &op->o_req_ndn, new_npdn ) ) {
 161                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 162                         "newSuperior is equal to entry being moved "
 163                         "- aborting\n", 0, 0, 0 );
 164                 rs->sr_err = LDAP_OTHER;
 165                 rs->sr_text = "newSuperior is equal to old DN";
 166                 send_ldap_result( op, rs );
 167                 goto modrdn_return;
 168         }
 169
 170         build_new_dn( &new_dn, new_pdn, &op->oq_modrdn.rs_newrdn, NULL );
 171         rs->sr_err = dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn,
 172                 op->o_tmpmemctx );
 173         if ( rs->sr_err != LDAP_SUCCESS ) {
 174                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 175                         "new dn is invalid (\"%s\") - aborting\n",
 176                         new_dn.bv_val, 0, 0 );
 177                 rs->sr_text = "unable to build new DN";
 178                 send_ldap_result( op, rs );
 179                 goto modrdn_return;
 180         }
 181
 182         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): new entry dn is \"%s\"\n",
 183                         new_dn.bv_val, 0, 0 );
 184
 185         rs->sr_err = backsql_dn2id( bi, &pe_id, dbh, &p_ndn );
 186         if ( rs->sr_err != LDAP_SUCCESS ) {
 187                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 188                         "could not lookup old parent entry id\n", 0, 0, 0 );
 189                 rs->sr_text = ( rs->sr_err == LDAP_OTHER )
 190                         ? "SQL-backend error" : NULL;
 191                 send_ldap_result( op, rs );
 192                 goto modrdn_return;
 193         }
 194
 195         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 196                 "old parent entry id is %ld\n", pe_id.id, 0, 0 );
 197
 198         rs->sr_err = backsql_dn2id( bi, &new_pid, dbh, new_npdn );
 199         if ( rs->sr_err != LDAP_SUCCESS ) {
 200                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 201                         "could not lookup new parent entry id\n", 0, 0, 0 );
 202                 rs->sr_text = ( rs->sr_err == LDAP_OTHER )
 203                         ? "SQL-backend error" : NULL;
 204                 send_ldap_result( op, rs );
 205                 goto modrdn_return;
 206         }
 207
 208         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 209                 "new parent entry id=%ld\n", new_pid.id, 0, 0 );
 210
 211
 212         Debug(  LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 213                 "executing delentry_query\n", 0, 0, 0 );
 214         SQLAllocStmt( dbh, &sth );
 215         SQLBindParameter( sth, 1, SQL_PARAM_INPUT, SQL_C_ULONG, SQL_INTEGER,
 216                         0, 0, &e_id.id, 0, 0 );
 217         rc = SQLExecDirect( sth, bi->delentry_query, SQL_NTS );
 218         if ( rc != SQL_SUCCESS ) {
 219                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 220                         "failed to delete record from ldap_entries\n",
 221                         0, 0, 0 );
 222                 backsql_PrintErrors( bi->db_env, dbh, sth, rc );
 223                 rs->sr_err = LDAP_OTHER;
 224                 rs->sr_text = "SQL-backend error";
 225                 send_ldap_result( op, rs );
 226                 goto modrdn_return;
 227         }
 228
 229         SQLFreeStmt( sth, SQL_RESET_PARAMS );
 230
 231         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 232                 "executing insentry_query\n", 0, 0, 0 );
 233         backsql_BindParamStr( sth, 1, new_dn.bv_val, BACKSQL_MAX_DN_LEN );
 234         SQLBindParameter( sth, 2, SQL_PARAM_INPUT, SQL_C_LONG, SQL_INTEGER,
 235                         0, 0, &e_id.oc_id, 0, 0 );
 236         SQLBindParameter( sth, 3, SQL_PARAM_INPUT, SQL_C_LONG, SQL_INTEGER,
 237                         0, 0, &new_pid.id, 0, 0 );
 238         SQLBindParameter( sth, 4, SQL_PARAM_INPUT, SQL_C_LONG, SQL_INTEGER,
 239                         0, 0, &e_id.keyval, 0, 0 );
 240         rc = SQLExecDirect( sth, bi->insentry_query, SQL_NTS );
 241         if ( rc != SQL_SUCCESS ) {
 242                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 243                         "could not insert ldap_entries record\n", 0, 0, 0 );
 244                 backsql_PrintErrors( bi->db_env, dbh, sth, rc );
 245                 rs->sr_err = LDAP_OTHER;
 246                 rs->sr_text = "SQL-backend error";
 247                 send_ldap_result( op, rs );
 248                 goto modrdn_return;
 249         }
 250
 251         /*
 252          * Get attribute type and attribute value of our new rdn,
 253          * we will need to add that to our new entry
 254          */
 255         if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn,
 256                                 (char **)&rs->sr_text,
 257                                 LDAP_DN_FORMAT_LDAP ) ) {
 258 #ifdef NEW_LOGGING
 259                 LDAP_LOG ( OPERATION, ERR,
 260                         "   backsql_modrdn: can't figure out "
 261                         "type(s)/values(s) of newrdn\n",
 262                         0, 0, 0 );
 263 #else
 264                 Debug( LDAP_DEBUG_TRACE,
 265                         "   backsql_modrdn: can't figure out "
 266                         "type(s)/values(s) of newrdn\n",
 267                         0, 0, 0 );
 268 #endif
 269                 rs->sr_err = LDAP_INVALID_DN_SYNTAX;
 270                 goto modrdn_return;
 271         }
 272
 273 #ifdef NEW_LOGGING
 274         LDAP_LOG ( OPERATION, RESULTS,
 275                 "   backsql_modrdn: new_rdn_type=\"%s\", "
 276                 "new_rdn_val=\"%s\"\n",
 277                 new_rdn[ 0 ]->la_attr.bv_val,
 278                 new_rdn[ 0 ]->la_value.bv_val, 0 );
 279 #else
 280         Debug( LDAP_DEBUG_TRACE,
 281                 "   backsql_modrdn: new_rdn_type=\"%s\", "
 282                 "new_rdn_val=\"%s\"\n",
 283                 new_rdn[ 0 ]->la_attr.bv_val,
 284                 new_rdn[ 0 ]->la_value.bv_val, 0 );
 285 #endif
 286
 287         if ( op->oq_modrdn.rs_deleteoldrdn ) {
 288                 if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn,
 289                                         (char **)&rs->sr_text,
 290                                         LDAP_DN_FORMAT_LDAP ) ) {
 291 #ifdef NEW_LOGGING
 292                         LDAP_LOG ( OPERATION, ERR,
 293                                 "   backsql_modrdn: can't figure out "
 294                                 "type(s)/values(s) of old_rdn\n",
 295                                 0, 0, 0 );
 296 #else
 297                         Debug( LDAP_DEBUG_TRACE,
 298                                 "   backsql_modrdn: can't figure out "
 299                                 "the old_rdn type(s)/value(s)\n",
 300                                 0, 0, 0 );
 301 #endif
 302                         rs->sr_err = LDAP_OTHER;
 303                         goto modrdn_return;
 304                 }
 305         }
 306
 307         e.e_name = new_dn;
 308         e.e_nname = new_ndn;
 309         rs->sr_err = slap_modrdn2mods( op, rs, &e, old_rdn, new_rdn, &mod );
 310         if ( rs->sr_err != LDAP_SUCCESS ) {
 311                 goto modrdn_return;
 312         }
 313
 314         if ( !acl_check_modlist( op, &e, mod )) {
 315                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 316                 goto modrdn_return;
 317         }
 318
 319         oc = backsql_id2oc( bi, e_id.oc_id );
 320         rs->sr_err = backsql_modify_internal( op, rs, dbh, oc, &e_id, mod );
 321
 322         if ( rs->sr_err == LDAP_SUCCESS ) {
 323
 324                 /*
 325                  * Commit only if all operations succeed
 326                  */
 327                 SQLTransact( SQL_NULL_HENV, dbh,
 328                                 op->o_noop ? SQL_ROLLBACK : SQL_COMMIT );
 329         }
 330
 331 modrdn_return:
 332         SQLFreeStmt( sth, SQL_DROP );
 333
 334         if ( new_dn.bv_val ) {
 335                 ch_free( new_dn.bv_val );
 336         }
 337
 338         if ( new_ndn.bv_val ) {
 339                 ch_free( new_ndn.bv_val );
 340         }
 341
 342         /* LDAP v2 supporting correct attribute handling. */
 343         if ( new_rdn != NULL ) {
 344                 ldap_rdnfree( new_rdn );
 345         }
 346         if ( old_rdn != NULL ) {
 347                 ldap_rdnfree( old_rdn );
 348         }
 349         if( mod != NULL ) {
 350                 Modifications *tmp;
 351                 for (; mod; mod=tmp ) {
 352                         tmp = mod->sml_next;
 353                         free( mod );
 354                 }
 355         }
 356
 357         send_ldap_result( op, rs );
 358
 359         Debug( LDAP_DEBUG_TRACE, "<==backsql_modrdn()\n", 0, 0, 0 );
 360         return op->o_noop;
 361 }
 362
 363 #endif /* SLAPD_SQL */
 364