git.sur5r.net Git - openldap/blob - servers/slapd/back-sql/modrdn.c

   1 /* $OpenLDAP$ */
   2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   3  *
   4  * Copyright 1999-2005 The OpenLDAP Foundation.
   5  * Portions Copyright 1999 Dmitry Kovalev.
   6  * Portions Copyright 2002 Pierangelo Masarati.
   7  * All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted only as authorized by the OpenLDAP
  11  * Public License.
  12  *
  13  * A copy of this license is available in the file LICENSE in the
  14  * top-level directory of the distribution or, alternatively, at
  15  * <http://www.OpenLDAP.org/license.html>.
  16  */
  17 /* ACKNOWLEDGEMENTS:
  18  * This work was initially developed by Dmitry Kovalev for inclusion
  19  * by OpenLDAP Software.  Additional significant contributors include
  20  * Pierangelo Masarati.
  21  */
  22
  23 #include "portable.h"
  24
  25 #include <stdio.h>
  26 #include <sys/types.h>
  27 #include "ac/string.h"
  28
  29 #include "slap.h"
  30 #include "proto-sql.h"
  31
  32 int
  33 backsql_modrdn( Operation *op, SlapReply *rs )
  34 {
  35         backsql_info            *bi = (backsql_info*)op->o_bd->be_private;
  36         SQLHDBC                 dbh = SQL_NULL_HDBC;
  37         SQLHSTMT                sth = SQL_NULL_HSTMT;
  38         RETCODE                 rc;
  39         backsql_entryID         e_id = BACKSQL_ENTRYID_INIT,
  40                                 pe_id = BACKSQL_ENTRYID_INIT,
  41                                 new_pe_id = BACKSQL_ENTRYID_INIT;
  42         backsql_oc_map_rec      *oc = NULL;
  43         struct berval           p_dn = BER_BVNULL, p_ndn = BER_BVNULL,
  44                                 *new_pdn = NULL, *new_npdn = NULL,
  45                                 new_dn = BER_BVNULL, new_ndn = BER_BVNULL,
  46                                 realnew_dn = BER_BVNULL;
  47         LDAPRDN                 new_rdn = NULL;
  48         LDAPRDN                 old_rdn = NULL;
  49         Entry                   e = { 0 };
  50         Modifications           *mod = NULL;
  51         struct berval           *newSuperior = op->oq_modrdn.rs_newSup;
  52         char                    *next;
  53
  54         Debug( LDAP_DEBUG_TRACE, "==>backsql_modrdn() renaming entry \"%s\", "
  55                         "newrdn=\"%s\", newSuperior=\"%s\"\n",
  56                         op->o_req_dn.bv_val, op->oq_modrdn.rs_newrdn.bv_val,
  57                         newSuperior ? newSuperior->bv_val : "(NULL)" );
  58         rs->sr_err = backsql_get_db_conn( op, &dbh );
  59         if ( rs->sr_err != LDAP_SUCCESS ) {
  60                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
  61                         "could not get connection handle - exiting\n",
  62                         0, 0, 0 );
  63                 rs->sr_text = ( rs->sr_err == LDAP_OTHER )
  64                         ?  "SQL-backend error" : NULL;
  65                 send_ldap_result( op, rs );
  66                 return 1;
  67         }
  68
  69         rs->sr_err = backsql_dn2id( op, rs, dbh, &op->o_req_ndn, &e_id, 0, 1 );
  70         if ( rs->sr_err != LDAP_SUCCESS ) {
  71                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
  72                         "could not lookup entry id (%d)\n",
  73                         rs->sr_err, 0, 0 );
  74                 rs->sr_text = ( rs->sr_err == LDAP_OTHER )
  75                         ?  "SQL-backend error" : NULL;
  76                 send_ldap_result( op, rs );
  77                 return 1;
  78         }
  79
  80 #ifdef BACKSQL_ARBITRARY_KEY
  81         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): entry id=%s\n",
  82                 e_id.eid_id.bv_val, 0, 0 );
  83 #else /* ! BACKSQL_ARBITRARY_KEY */
  84         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): entry id=%ld\n",
  85                 e_id.eid_id, 0, 0 );
  86 #endif /* ! BACKSQL_ARBITRARY_KEY */
  87
  88         if ( backsql_has_children( bi, dbh, &op->o_req_ndn ) == LDAP_COMPARE_TRUE ) {
  89                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
  90                         "entry \"%s\" has children\n",
  91                         op->o_req_dn.bv_val, 0, 0 );
  92                 rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
  93                 rs->sr_text = "subtree rename not supported";
  94                 send_ldap_result( op, rs );
  95                 return 1;
  96         }
  97
  98         /*
  99          * Check for entry access to target
 100          */
 101         e.e_name = op->o_req_dn;
 102         e.e_nname = op->o_req_ndn;
 103         /* FIXME: need the whole entry (ITS#3480) */
 104         if ( !access_allowed( op, &e, slap_schema.si_ad_entry,
 105                                 NULL, ACL_WRITE, NULL ) ) {
 106                 Debug( LDAP_DEBUG_TRACE, "   no access to entry\n", 0, 0, 0 );
 107                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 108                 goto modrdn_return;
 109         }
 110
 111         dnParent( &op->o_req_dn, &p_dn );
 112         dnParent( &op->o_req_ndn, &p_ndn );
 113
 114         /*
 115          * namingContext "" is not supported
 116          */
 117         if ( BER_BVISEMPTY( &p_dn ) ) {
 118                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 119                         "parent is \"\" - aborting\n", 0, 0, 0 );
 120                 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
 121                 rs->sr_text = "not allowed within namingContext";
 122                 send_ldap_result( op, rs );
 123                 goto modrdn_return;
 124         }
 125
 126         /*
 127          * Check for children access to parent
 128          */
 129         e.e_name = p_dn;
 130         e.e_nname = p_ndn;
 131         /* FIXME: need the whole entry (ITS#3480) */
 132         if ( !access_allowed( op, &e, slap_schema.si_ad_children,
 133                                 NULL, ACL_WRITE, NULL ) ) {
 134                 Debug( LDAP_DEBUG_TRACE, "   no access to parent\n", 0, 0, 0 );
 135                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 136                 goto modrdn_return;
 137         }
 138
 139         if ( newSuperior ) {
 140                 /*
 141                  * namingContext "" is not supported
 142                  */
 143                 if ( BER_BVISEMPTY( newSuperior ) ) {
 144                         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 145                                 "newSuperior is \"\" - aborting\n", 0, 0, 0 );
 146                         rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
 147                         rs->sr_text = "not allowed within namingContext";
 148                         send_ldap_result( op, rs );
 149                         goto modrdn_return;
 150                 }
 151
 152                 new_pdn = newSuperior;
 153                 new_npdn = op->oq_modrdn.rs_nnewSup;
 154
 155                 /*
 156                  * Check for children access to new parent
 157                  */
 158                 e.e_name = *new_pdn;
 159                 e.e_nname = *new_npdn;
 160                 /* FIXME: need the whole entry (ITS#3480) */
 161                 if ( !access_allowed( op, &e, slap_schema.si_ad_children,
 162                                         NULL, ACL_WRITE, NULL ) ) {
 163                         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 164                                         "no access to new parent \"%s\"\n",
 165                                         new_pdn->bv_val, 0, 0 );
 166                         rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 167                         goto modrdn_return;
 168                 }
 169
 170         } else {
 171                 new_pdn = &p_dn;
 172                 new_npdn = &p_ndn;
 173         }
 174
 175         if ( newSuperior && dn_match( &p_ndn, new_npdn ) ) {
 176                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 177                         "newSuperior is equal to old parent - ignored\n",
 178                         0, 0, 0 );
 179                 newSuperior = NULL;
 180         }
 181
 182         if ( newSuperior && dn_match( &op->o_req_ndn, new_npdn ) ) {
 183                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 184                         "newSuperior is equal to entry being moved "
 185                         "- aborting\n", 0, 0, 0 );
 186                 rs->sr_err = LDAP_OTHER;
 187                 rs->sr_text = "newSuperior is equal to old DN";
 188                 send_ldap_result( op, rs );
 189                 goto modrdn_return;
 190         }
 191
 192         build_new_dn( &new_dn, new_pdn, &op->oq_modrdn.rs_newrdn,
 193                         op->o_tmpmemctx );
 194         rs->sr_err = dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn,
 195                         op->o_tmpmemctx );
 196         if ( rs->sr_err != LDAP_SUCCESS ) {
 197                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 198                         "new dn is invalid (\"%s\") - aborting\n",
 199                         new_dn.bv_val, 0, 0 );
 200                 rs->sr_text = "unable to build new DN";
 201                 send_ldap_result( op, rs );
 202                 goto modrdn_return;
 203         }
 204
 205         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): new entry dn is \"%s\"\n",
 206                         new_dn.bv_val, 0, 0 );
 207
 208         rs->sr_err = backsql_dn2id( op, rs, dbh, &p_ndn, &pe_id, 0, 1 );
 209         if ( rs->sr_err != LDAP_SUCCESS ) {
 210                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 211                         "could not lookup old parent entry id\n", 0, 0, 0 );
 212                 rs->sr_text = ( rs->sr_err == LDAP_OTHER )
 213                         ? "SQL-backend error" : NULL;
 214                 send_ldap_result( op, rs );
 215                 goto modrdn_return;
 216         }
 217
 218 #ifdef BACKSQL_ARBITRARY_KEY
 219         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 220                 "old parent entry id is %s\n", pe_id.eid_id.bv_val, 0, 0 );
 221 #else /* ! BACKSQL_ARBITRARY_KEY */
 222         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 223                 "old parent entry id is %ld\n", pe_id.eid_id, 0, 0 );
 224 #endif /* ! BACKSQL_ARBITRARY_KEY */
 225
 226         (void)backsql_free_entryID( &pe_id, 0 );
 227
 228         rs->sr_err = backsql_dn2id( op, rs, dbh, new_npdn, &new_pe_id, 0, 1 );
 229         if ( rs->sr_err != LDAP_SUCCESS ) {
 230                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 231                         "could not lookup new parent entry id\n", 0, 0, 0 );
 232                 rs->sr_text = ( rs->sr_err == LDAP_OTHER )
 233                         ? "SQL-backend error" : NULL;
 234                 send_ldap_result( op, rs );
 235                 goto modrdn_return;
 236         }
 237
 238 #ifdef BACKSQL_ARBITRARY_KEY
 239         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 240                 "new parent entry id=%s\n", new_pe_id.eid_id.bv_val, 0, 0 );
 241 #else /* ! BACKSQL_ARBITRARY_KEY */
 242         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 243                 "new parent entry id=%ld\n", new_pe_id.eid_id, 0, 0 );
 244 #endif /* ! BACKSQL_ARBITRARY_KEY */
 245
 246
 247         Debug(  LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 248                 "executing delentry_stmt\n", 0, 0, 0 );
 249
 250         rc = backsql_Prepare( dbh, &sth, bi->sql_delentry_stmt, 0 );
 251         if ( rc != SQL_SUCCESS ) {
 252                 Debug( LDAP_DEBUG_TRACE,
 253                         "   backsql_modrdn(): "
 254                         "error preparing delentry_stmt\n", 0, 0, 0 );
 255                 backsql_PrintErrors( bi->sql_db_env, dbh,
 256                                 sth, rc );
 257
 258                 rs->sr_text = "SQL-backend error";
 259                 rs->sr_err = LDAP_OTHER;
 260                 goto done;
 261         }
 262
 263         rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT, &e_id.eid_id );
 264         if ( rc != SQL_SUCCESS ) {
 265                 Debug( LDAP_DEBUG_TRACE,
 266                         "   backsql_delete(): "
 267                         "error binding entry ID parameter "
 268                         "for objectClass %s\n",
 269                         oc->bom_oc->soc_cname.bv_val, 0, 0 );
 270                 backsql_PrintErrors( bi->sql_db_env, dbh,
 271                         sth, rc );
 272                 SQLFreeStmt( sth, SQL_DROP );
 273
 274                 rs->sr_text = "SQL-backend error";
 275                 rs->sr_err = LDAP_OTHER;
 276                 goto done;
 277         }
 278
 279         rc = SQLExecute( sth );
 280         if ( rc != SQL_SUCCESS ) {
 281                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 282                         "failed to delete record from ldap_entries\n",
 283                         0, 0, 0 );
 284                 backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
 285                 SQLFreeStmt( sth, SQL_DROP );
 286                 rs->sr_err = LDAP_OTHER;
 287                 rs->sr_text = "SQL-backend error";
 288                 send_ldap_result( op, rs );
 289                 goto done;
 290         }
 291
 292         SQLFreeStmt( sth, SQL_DROP );
 293
 294         Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 295                 "executing insentry_stmt\n", 0, 0, 0 );
 296
 297         rc = backsql_Prepare( dbh, &sth, bi->sql_insentry_stmt, 0 );
 298         if ( rc != SQL_SUCCESS ) {
 299                 Debug( LDAP_DEBUG_TRACE,
 300                         "   backsql_modrdn(): "
 301                         "error preparing insentry_stmt\n", 0, 0, 0 );
 302                 backsql_PrintErrors( bi->sql_db_env, dbh,
 303                                 sth, rc );
 304
 305                 rs->sr_text = "SQL-backend error";
 306                 rs->sr_err = LDAP_OTHER;
 307                 goto done;
 308         }
 309
 310         realnew_dn = new_dn;
 311         if ( backsql_api_dn2odbc( op, rs, &realnew_dn ) ) {
 312                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(\"%s\"): "
 313                         "backsql_api_dn2odbc(\"%s\") failed\n",
 314                         op->o_req_dn.bv_val, realnew_dn.bv_val, 0 );
 315                 SQLFreeStmt( sth, SQL_DROP );
 316
 317                 rs->sr_text = "SQL-backend error";
 318                 rs->sr_err = LDAP_OTHER;
 319                 goto done;
 320         }
 321
 322         rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, &realnew_dn );
 323         if ( rc != SQL_SUCCESS ) {
 324                 Debug( LDAP_DEBUG_TRACE,
 325                         "   backsql_add_attr(): "
 326                         "error binding DN parameter for objectClass %s\n",
 327                         oc->bom_oc->soc_cname.bv_val, 0, 0 );
 328                 backsql_PrintErrors( bi->sql_db_env, dbh,
 329                         sth, rc );
 330                 SQLFreeStmt( sth, SQL_DROP );
 331
 332                 rs->sr_text = "SQL-backend error";
 333                 rs->sr_err = LDAP_OTHER;
 334                 goto done;
 335         }
 336
 337         rc = backsql_BindParamInt( sth, 2, SQL_PARAM_INPUT, &e_id.eid_oc_id );
 338         if ( rc != SQL_SUCCESS ) {
 339                 Debug( LDAP_DEBUG_TRACE,
 340                         "   backsql_add_attr(): "
 341                         "error binding objectClass ID parameter for objectClass %s\n",
 342                         oc->bom_oc->soc_cname.bv_val, 0, 0 );
 343                 backsql_PrintErrors( bi->sql_db_env, dbh,
 344                         sth, rc );
 345                 SQLFreeStmt( sth, SQL_DROP );
 346
 347                 rs->sr_text = "SQL-backend error";
 348                 rs->sr_err = LDAP_OTHER;
 349                 goto done;
 350         }
 351
 352         rc = backsql_BindParamID( sth, 3, SQL_PARAM_INPUT, &new_pe_id.eid_id );
 353         if ( rc != SQL_SUCCESS ) {
 354                 Debug( LDAP_DEBUG_TRACE,
 355                         "   backsql_add_attr(): "
 356                         "error binding parent ID parameter for objectClass %s\n",
 357                         oc->bom_oc->soc_cname.bv_val, 0, 0 );
 358                 backsql_PrintErrors( bi->sql_db_env, dbh,
 359                         sth, rc );
 360                 SQLFreeStmt( sth, SQL_DROP );
 361
 362                 rs->sr_text = "SQL-backend error";
 363                 rs->sr_err = LDAP_OTHER;
 364                 goto done;
 365         }
 366
 367         rc = backsql_BindParamID( sth, 4, SQL_PARAM_INPUT, &e_id.eid_keyval );
 368         if ( rc != SQL_SUCCESS ) {
 369                 Debug( LDAP_DEBUG_TRACE,
 370                         "   backsql_add_attr(): "
 371                         "error binding entry ID parameter for objectClass %s\n",
 372                         oc->bom_oc->soc_cname.bv_val, 0, 0 );
 373                 backsql_PrintErrors( bi->sql_db_env, dbh,
 374                         sth, rc );
 375                 SQLFreeStmt( sth, SQL_DROP );
 376
 377                 rs->sr_text = "SQL-backend error";
 378                 rs->sr_err = LDAP_OTHER;
 379                 goto done;
 380         }
 381
 382         rc = SQLExecute( sth );
 383         if ( rc != SQL_SUCCESS ) {
 384                 Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
 385                         "could not insert ldap_entries record\n", 0, 0, 0 );
 386                 backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
 387                 SQLFreeStmt( sth, SQL_DROP );
 388                 rs->sr_err = LDAP_OTHER;
 389                 rs->sr_text = "SQL-backend error";
 390                 send_ldap_result( op, rs );
 391                 goto done;
 392         }
 393         SQLFreeStmt( sth, SQL_DROP );
 394
 395         /*
 396          * Get attribute type and attribute value of our new rdn,
 397          * we will need to add that to our new entry
 398          */
 399         if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, &next,
 400                                 LDAP_DN_FORMAT_LDAP ) )
 401         {
 402                 Debug( LDAP_DEBUG_TRACE,
 403                         "   backsql_modrdn: can't figure out "
 404                         "type(s)/values(s) of newrdn\n",
 405                         0, 0, 0 );
 406                 rs->sr_err = LDAP_INVALID_DN_SYNTAX;
 407                 goto done;
 408         }
 409
 410         Debug( LDAP_DEBUG_TRACE,
 411                 "   backsql_modrdn: new_rdn_type=\"%s\", "
 412                 "new_rdn_val=\"%s\"\n",
 413                 new_rdn[ 0 ]->la_attr.bv_val,
 414                 new_rdn[ 0 ]->la_value.bv_val, 0 );
 415
 416         if ( op->oq_modrdn.rs_deleteoldrdn ) {
 417                 if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, &next,
 418                                         LDAP_DN_FORMAT_LDAP ) )
 419                 {
 420                         Debug( LDAP_DEBUG_TRACE,
 421                                 "   backsql_modrdn: can't figure out "
 422                                 "the old_rdn type(s)/value(s)\n",
 423                                 0, 0, 0 );
 424                         rs->sr_err = LDAP_OTHER;
 425                         goto done;
 426                 }
 427         }
 428
 429         e.e_name = new_dn;
 430         e.e_nname = new_ndn;
 431         rs->sr_err = slap_modrdn2mods( op, rs, &e, old_rdn, new_rdn, &mod );
 432         if ( rs->sr_err != LDAP_SUCCESS ) {
 433                 goto modrdn_return;
 434         }
 435
 436         /* FIXME: need the whole entry (ITS#3480) */
 437         if ( !acl_check_modlist( op, &e, mod )) {
 438                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 439                 goto modrdn_return;
 440         }
 441
 442         oc = backsql_id2oc( bi, e_id.eid_oc_id );
 443         rs->sr_err = backsql_modify_internal( op, rs, dbh, oc, &e_id, mod );
 444
 445 done:;
 446         /*
 447          * Commit only if all operations succeed
 448          */
 449         if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
 450                 SQLTransact( SQL_NULL_HENV, dbh, SQL_COMMIT );
 451
 452         } else {
 453                 SQLTransact( SQL_NULL_HENV, dbh, SQL_ROLLBACK );
 454         }
 455
 456 modrdn_return:;
 457         if ( !BER_BVISNULL( &realnew_dn ) && realnew_dn.bv_val != new_dn.bv_val ) {
 458                 ch_free( realnew_dn.bv_val );
 459         }
 460
 461         if ( !BER_BVISNULL( &new_dn ) ) {
 462                 slap_sl_free( new_dn.bv_val, op->o_tmpmemctx );
 463         }
 464
 465         if ( !BER_BVISNULL( &new_ndn ) ) {
 466                 slap_sl_free( new_ndn.bv_val, op->o_tmpmemctx );
 467         }
 468
 469         /* LDAP v2 supporting correct attribute handling. */
 470         if ( new_rdn != NULL ) {
 471                 ldap_rdnfree( new_rdn );
 472         }
 473         if ( old_rdn != NULL ) {
 474                 ldap_rdnfree( old_rdn );
 475         }
 476         if ( mod != NULL ) {
 477                 Modifications *tmp;
 478                 for (; mod; mod = tmp ) {
 479                         tmp = mod->sml_next;
 480                         free( mod );
 481                 }
 482         }
 483
 484         if ( !BER_BVISNULL( &new_pe_id.eid_ndn ) ) {
 485                 (void)backsql_free_entryID( &new_pe_id, 0 );
 486         }
 487
 488         send_ldap_result( op, rs );
 489
 490         Debug( LDAP_DEBUG_TRACE, "<==backsql_modrdn()\n", 0, 0, 0 );
 491         return op->o_noop;
 492 }
 493