]> git.sur5r.net Git - openldap/blob - servers/slapd/modify.c
89a7b4f8cdf3fc4fa9200ebb0834f8a6ea82a34c
[openldap] / servers / slapd / modify.c
1 /* $OpenLDAP$ */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3  *
4  * Copyright 1998-2005 The OpenLDAP Foundation.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted only as authorized by the OpenLDAP
9  * Public License.
10  *
11  * A copy of this license is available in the file LICENSE in the
12  * top-level directory of the distribution or, alternatively, at
13  * <http://www.OpenLDAP.org/license.html>.
14  */
15 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
16  * All rights reserved.
17  *
18  * Redistribution and use in source and binary forms are permitted
19  * provided that this notice is preserved and that due credit is given
20  * to the University of Michigan at Ann Arbor. The name of the University
21  * may not be used to endorse or promote products derived from this
22  * software without specific prior written permission. This software
23  * is provided ``as is'' without express or implied warranty.
24  */
25
26 #include "portable.h"
27
28 #include <stdio.h>
29
30 #include <ac/socket.h>
31 #include <ac/string.h>
32 #include <ac/time.h>
33
34 #include "slap.h"
35 #ifdef LDAP_SLAPI
36 #include "slapi/slapi.h"
37 #endif
38 #include "lutil.h"
39
40
41 int
42 do_modify(
43     Operation   *op,
44     SlapReply   *rs )
45 {
46         struct berval dn = BER_BVNULL;
47         char            *last;
48         ber_tag_t       tag;
49         ber_len_t       len;
50         Modifications   *modlist = NULL;
51         Modifications   **modtail = &modlist;
52         int             increment = 0;
53         char            textbuf[ SLAP_TEXT_BUFLEN ];
54         size_t          textlen = sizeof( textbuf );
55
56         Debug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 );
57
58         /*
59          * Parse the modify request.  It looks like this:
60          *
61          *      ModifyRequest := [APPLICATION 6] SEQUENCE {
62          *              name    DistinguishedName,
63          *              mods    SEQUENCE OF SEQUENCE {
64          *                      operation       ENUMERATED {
65          *                              add     (0),
66          *                              delete  (1),
67          *                              replace (2)
68          *                      },
69          *                      modification    SEQUENCE {
70          *                              type    AttributeType,
71          *                              values  SET OF AttributeValue
72          *                      }
73          *              }
74          *      }
75          */
76
77         if ( ber_scanf( op->o_ber, "{m" /*}*/, &dn ) == LBER_ERROR ) {
78                 Debug( LDAP_DEBUG_ANY, "do_modify: ber_scanf failed\n", 0, 0, 0 );
79
80                 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
81                 return SLAPD_DISCONNECT;
82         }
83
84         Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn.bv_val, 0, 0 );
85
86         /* collect modifications & save for later */
87         for ( tag = ber_first_element( op->o_ber, &len, &last );
88             tag != LBER_DEFAULT;
89             tag = ber_next_element( op->o_ber, &len, last ) )
90         {
91                 ber_int_t mop;
92                 Modifications tmp, *mod;
93
94                 tmp.sml_nvalues = NULL;
95
96                 if ( ber_scanf( op->o_ber, "{i{m[W]}}", &mop,
97                     &tmp.sml_type, &tmp.sml_values ) == LBER_ERROR )
98                 {
99                         send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR,
100                                 "decoding modlist error" );
101                         rs->sr_err = SLAPD_DISCONNECT;
102                         goto cleanup;
103                 }
104
105                 mod = (Modifications *) ch_malloc( sizeof(Modifications) );
106                 mod->sml_op = mop;
107                 mod->sml_flags = 0;
108                 mod->sml_type = tmp.sml_type;
109                 mod->sml_values = tmp.sml_values;
110                 mod->sml_nvalues = NULL;
111                 mod->sml_desc = NULL;
112                 mod->sml_next = NULL;
113                 *modtail = mod;
114
115                 switch( mop ) {
116                 case LDAP_MOD_ADD:
117                         if ( mod->sml_values == NULL ) {
118                                 Debug( LDAP_DEBUG_ANY,
119                                         "do_modify: modify/add operation (%ld) requires values\n",
120                                         (long) mop, 0, 0 );
121
122                                 send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
123                                         "modify/add operation requires values" );
124                                 goto cleanup;
125                         }
126
127                         /* fall through */
128
129                 case LDAP_MOD_DELETE:
130                 case LDAP_MOD_REPLACE:
131                         break;
132
133                 case LDAP_MOD_INCREMENT:
134                         if( op->o_protocol >= LDAP_VERSION3 ) {
135                                 increment++;
136                                 if ( mod->sml_values == NULL ) {
137                                         Debug( LDAP_DEBUG_ANY, "do_modify: "
138                                                 "modify/increment operation (%ld) requires value\n",
139                                                 (long) mop, 0, 0 );
140
141                                         send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
142                                                 "modify/increment operation requires value" );
143                                         goto cleanup;
144                                 }
145
146                                 if( mod->sml_values[1].bv_val ) {
147                                         Debug( LDAP_DEBUG_ANY, "do_modify: modify/increment "
148                                                 "operation (%ld) requires single value\n",
149                                                 (long) mop, 0, 0 );
150
151                                         send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
152                                                 "modify/increment operation requires single value" );
153                                         goto cleanup;
154                                 }
155
156                                 break;
157                         }
158                         /* fall thru */
159
160                 default: {
161                                 Debug( LDAP_DEBUG_ANY,
162                                         "do_modify: unrecognized modify operation (%ld)\n",
163                                         (long) mop, 0, 0 );
164
165                                 send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
166                                         "unrecognized modify operation" );
167                                 goto cleanup;
168                         }
169                 }
170
171                 modtail = &mod->sml_next;
172         }
173         *modtail = NULL;
174
175         if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
176                 Debug( LDAP_DEBUG_ANY, "do_modify: get_ctrls failed\n", 0, 0, 0 );
177
178                 goto cleanup;
179         }
180
181         rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn,
182                 op->o_tmpmemctx );
183         if( rs->sr_err != LDAP_SUCCESS ) {
184                 Debug( LDAP_DEBUG_ANY,
185                         "do_modify: invalid dn (%s)\n", dn.bv_val, 0, 0 );
186                 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
187                 goto cleanup;
188         }
189
190         rs->sr_err = slap_mods_check( modlist, &rs->sr_text,
191                 textbuf, textlen, NULL );
192
193         if ( rs->sr_err != LDAP_SUCCESS ) {
194                 send_ldap_result( op, rs );
195                 goto cleanup;
196         }
197
198         /* FIXME: needs review */
199         op->orm_modlist = modlist;
200         op->orm_increment = increment;
201
202         op->o_bd = frontendDB;
203         rs->sr_err = frontendDB->be_modify( op, rs );
204
205 cleanup:
206         slap_graduate_commit_csn( op );
207
208         op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
209         op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
210         if ( op->orm_modlist != NULL ) slap_mods_free( op->orm_modlist );
211
212         return rs->sr_err;
213 }
214
215 int
216 fe_op_modify( Operation *op, SlapReply *rs )
217 {
218 #ifdef LDAP_DEBUG
219         Modifications   *tmp;
220 #endif
221         int             manageDSAit;
222         Modifications   *modlist = op->orm_modlist;
223         Modifications   **modtail = &modlist;
224 #ifdef LDAP_SLAPI
225         LDAPMod         **modv = NULL;
226 #endif
227         int             increment = op->orm_increment;
228         int             rc = 0;
229         BackendDB *op_be;
230         char            textbuf[ SLAP_TEXT_BUFLEN ];
231         size_t          textlen = sizeof( textbuf );
232         
233         if( op->o_req_ndn.bv_len == 0 ) {
234                 Debug( LDAP_DEBUG_ANY, "do_modify: root dse!\n", 0, 0, 0 );
235
236                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
237                         "modify upon the root DSE not supported" );
238                 goto cleanup;
239
240         } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
241                 Debug( LDAP_DEBUG_ANY, "do_modify: subschema subentry!\n", 0, 0, 0 );
242
243                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
244                         "modification of subschema subentry not supported" );
245                 goto cleanup;
246         }
247
248 #ifdef LDAP_DEBUG
249         Debug( LDAP_DEBUG_ARGS, "modifications:\n", 0, 0, 0 );
250
251         for ( tmp = modlist; tmp != NULL; tmp = tmp->sml_next ) {
252                 Debug( LDAP_DEBUG_ARGS, "\t%s: %s\n",
253                         tmp->sml_op == LDAP_MOD_ADD ? "add" :
254                                 (tmp->sml_op == LDAP_MOD_INCREMENT ? "increment" :
255                                 (tmp->sml_op == LDAP_MOD_DELETE ? "delete" :
256                                         "replace")), tmp->sml_type.bv_val, 0 );
257
258                 if ( tmp->sml_values == NULL ) {
259                         Debug( LDAP_DEBUG_ARGS, "%s\n",
260                            "\t\tno values", NULL, NULL );
261                 } else if ( tmp->sml_values[0].bv_val == NULL ) {
262                         Debug( LDAP_DEBUG_ARGS, "%s\n",
263                            "\t\tzero values", NULL, NULL );
264                 } else if ( tmp->sml_values[1].bv_val == NULL ) {
265                         Debug( LDAP_DEBUG_ARGS, "%s, length %ld\n",
266                            "\t\tone value", (long) tmp->sml_values[0].bv_len, NULL );
267                 } else {
268                         Debug( LDAP_DEBUG_ARGS, "%s\n",
269                            "\t\tmultiple values", NULL, NULL );
270                 }
271         }
272
273         if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
274                 char abuf[BUFSIZ/2], *ptr = abuf;
275                 int len = 0;
276
277                 Statslog( LDAP_DEBUG_STATS, "%s MOD dn=\"%s\"\n",
278                         op->o_log_prefix, op->o_req_dn.bv_val, 0, 0, 0 );
279
280                 for ( tmp = modlist; tmp != NULL; tmp = tmp->sml_next ) {
281                         if (len + 1 + tmp->sml_type.bv_len > sizeof(abuf)) {
282                                 Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
283                                     op->o_log_prefix, abuf, 0, 0, 0 );
284
285                                 len = 0;
286                                 ptr = abuf;
287
288                                 if( 1 + tmp->sml_type.bv_len > sizeof(abuf)) {
289                                         Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
290                                                 op->o_log_prefix, tmp->sml_type.bv_val, 0, 0, 0 );
291                                         continue;
292                                 }
293                         }
294                         if (len) {
295                                 *ptr++ = ' ';
296                                 len++;
297                         }
298                         ptr = lutil_strcopy(ptr, tmp->sml_type.bv_val);
299                         len += tmp->sml_type.bv_len;
300                 }
301                 if (len) {
302                         Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
303                                 op->o_log_prefix, abuf, 0, 0, 0 );
304                 }
305         }
306 #endif  /* LDAP_DEBUG */
307
308         manageDSAit = get_manageDSAit( op );
309
310         /*
311          * We could be serving multiple database backends.  Select the
312          * appropriate one, or send a referral to our "referral server"
313          * if we don't hold it.
314          */
315         op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 1 );
316         if ( op->o_bd == NULL ) {
317                 rs->sr_ref = referral_rewrite( default_referral,
318                         NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
319                 if (!rs->sr_ref) rs->sr_ref = default_referral;
320
321                 if (rs->sr_ref != NULL ) {
322                         rs->sr_err = LDAP_REFERRAL;
323                         op->o_bd = frontendDB;
324                         send_ldap_result( op, rs );
325                         op->o_bd = NULL;
326
327                         if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
328                 } else {
329                         op->o_bd = frontendDB;
330                         send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
331                                 "no global superior knowledge" );
332                         op->o_bd = NULL;
333                 }
334                 goto cleanup;
335         }
336
337         /* If we've got a glued backend, check the real backend */
338         op_be = op->o_bd;
339         if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
340                 op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
341         }
342
343         /* check restrictions */
344         if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
345                 send_ldap_result( op, rs );
346                 goto cleanup;
347         }
348
349         /* check for referrals */
350         if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
351                 goto cleanup;
352         }
353
354         {
355                 rs->sr_err = slap_mods_obsolete_check( op, modlist,
356                         &rs->sr_text, textbuf, textlen );
357                 if ( rs->sr_err != LDAP_SUCCESS ) {
358                         send_ldap_result( op, rs );
359                         goto cleanup;
360                 }
361         }
362
363         /* check for modify/increment support */
364         if( increment && !SLAP_INCREMENT( op->o_bd ) ) {
365                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
366                         "modify/increment not supported in context" );
367         }
368
369 #if defined( LDAP_SLAPI )
370 #define pb      op->o_pb
371         if ( pb ) {
372                 slapi_int_pblock_set_operation( pb, op );
373                 slapi_pblock_set( pb, SLAPI_MODIFY_TARGET, (void *)op->o_req_dn.bv_val );
374                 slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
375                 modv = slapi_int_modifications2ldapmods( &modlist );
376                 slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
377
378                 rs->sr_err = slapi_int_call_plugins( op->o_bd,
379                         SLAPI_PLUGIN_PRE_MODIFY_FN, pb );
380
381                 /*
382                  * It's possible that the preoperation plugin changed the
383                  * modification array, so we need to convert it back to
384                  * a Modification list.
385                  *
386                  * Calling slapi_int_modifications2ldapmods() destroyed modlist so
387                  * we don't need to free it.
388                  */
389                 slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
390                 modlist = slapi_int_ldapmods2modifications( modv );
391
392                 if ( rs->sr_err < 0 ) {
393                         /*
394                          * A preoperation plugin failure will abort the
395                          * entire operation.
396                          */
397                         Debug(LDAP_DEBUG_TRACE,
398                                 "do_modify: modify preoperation plugin failed.\n",
399                                 0, 0, 0);
400                         if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
401                                 (void *)&rs->sr_err ) != 0 ) || rs->sr_err == LDAP_SUCCESS )
402                         {
403                                 rs->sr_err = LDAP_OTHER;
404                         }
405                         slapi_int_free_ldapmods( modv );
406                         modv = NULL;
407                         goto cleanup;
408                 }
409         }
410
411         /*
412          * NB: it is valid for the plugin to return no modifications
413          * (for example, a plugin might store some attributes elsewhere
414          * and remove them from the modification list; if only those
415          * attribute types were included in the modification request,
416          * then slapi_int_ldapmods2modifications() above will return
417          * NULL).
418          *
419          * However, the post-operation plugin should still be 
420          * called.
421          */
422 #endif /* defined( LDAP_SLAPI ) */
423
424         /*
425          * do the modify if 1 && (2 || 3)
426          * 1) there is a modify function implemented in this backend;
427          * 2) this backend is master for what it holds;
428          * 3) it's a replica and the dn supplied is the update_ndn.
429          */
430         if ( op->o_bd->be_modify ) {
431                 /* do the update here */
432                 int repl_user = be_isupdate( op );
433
434                 /* Multimaster slapd does not have to check for replicator dn
435                  * because it accepts each modify request
436                  */
437 #ifndef SLAPD_MULTIMASTER
438                 if ( !SLAP_SHADOW(op->o_bd) || repl_user )
439 #endif
440                 {
441                         int             update = !BER_BVISEMPTY( &op->o_bd->be_update_ndn );
442                         slap_callback   cb = { NULL, slap_replog_cb, NULL, NULL };
443
444                         op->o_bd = op_be;
445
446                         if ( !update ) {
447                                 rs->sr_err = slap_mods_no_user_mod_check( op, modlist,
448                                         &rs->sr_text, textbuf, textlen );
449                                 if ( rs->sr_err != LDAP_SUCCESS ) {
450                                         send_ldap_result( op, rs );
451                                         goto cleanup;
452                                 }
453                         }
454
455                         if ( !repl_user ) {
456                                 for( modtail = &modlist;
457                                         *modtail != NULL;
458                                         modtail = &(*modtail)->sml_next )
459                                 {
460                                         /* empty */
461                                 }
462
463                                 rs->sr_err = slap_mods_opattrs( op, modlist, modtail,
464                                         &rs->sr_text, textbuf, textlen, 1 );
465                                 if( rs->sr_err != LDAP_SUCCESS ) {
466                                         send_ldap_result( op, rs );
467                                         goto cleanup;
468                                 }
469                         }
470
471                         op->orm_modlist = modlist;
472 #ifdef SLAPD_MULTIMASTER
473                         if ( !repl_user )
474 #endif
475                         {
476                                 /* but multimaster slapd logs only the ones 
477                                  * not from a replicator user */
478                                 cb.sc_next = op->o_callback;
479                                 op->o_callback = &cb;
480                         }
481                         op->o_bd->be_modify( op, rs );
482
483 #ifndef SLAPD_MULTIMASTER
484                 /* send a referral */
485                 } else {
486                         BerVarray defref = op->o_bd->be_update_refs
487                                 ? op->o_bd->be_update_refs : default_referral;
488                         if ( defref != NULL ) {
489                                 rs->sr_ref = referral_rewrite( defref,
490                                         NULL, &op->o_req_dn,
491                                         LDAP_SCOPE_DEFAULT );
492                                 if ( rs->sr_ref == NULL ) {
493                                         /* FIXME: must duplicate, because
494                                          * overlays may muck with it */
495                                         rs->sr_ref = defref;
496                                 }
497                                 rs->sr_err = LDAP_REFERRAL;
498                                 send_ldap_result( op, rs );
499                                 if ( rs->sr_ref != defref ) {
500                                         ber_bvarray_free( rs->sr_ref );
501                                 }
502
503                         } else {
504                                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
505                                         "shadow context; no update referral" );
506                         }
507 #endif
508                 }
509         } else {
510                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
511                     "operation not supported within namingContext" );
512         }
513
514 #if defined( LDAP_SLAPI )
515         if ( pb != NULL && slapi_int_call_plugins( op->o_bd,
516                 SLAPI_PLUGIN_POST_MODIFY_FN, pb ) < 0 )
517         {
518                 Debug(LDAP_DEBUG_TRACE,
519                         "do_modify: modify postoperation plugins failed.\n", 0, 0, 0);
520         }
521 #endif /* defined( LDAP_SLAPI ) */
522
523 cleanup:;
524 #if defined( LDAP_SLAPI )
525         if ( modv != NULL ) slapi_int_free_ldapmods( modv );
526 #endif
527
528         return rs->sr_err;
529 }
530
531 /*
532  * Obsolete constraint checking.
533  */
534 int
535 slap_mods_obsolete_check(
536         Operation *op,
537         Modifications *ml,
538         const char **text,
539         char *textbuf,
540         size_t textlen )
541 {
542         if( get_manageDIT( op ) ) return LDAP_SUCCESS;
543
544         for ( ; ml != NULL; ml = ml->sml_next ) {
545                 if ( is_at_obsolete( ml->sml_desc->ad_type ) &&
546                         (( ml->sml_op != LDAP_MOD_REPLACE &&
547                                 ml->sml_op != LDAP_MOD_DELETE ) ||
548                                         ml->sml_values != NULL ))
549                 {
550                         /*
551                          * attribute is obsolete,
552                          * only allow replace/delete with no values
553                          */
554                         snprintf( textbuf, textlen,
555                                 "%s: attribute is obsolete",
556                                 ml->sml_type.bv_val );
557                         *text = textbuf;
558                         return LDAP_CONSTRAINT_VIOLATION;
559                 }
560         }
561
562         return LDAP_SUCCESS;
563 }
564
565 /*
566  * No-user-modification constraint checking.
567  */
568 int
569 slap_mods_no_user_mod_check(
570         Operation *op,
571         Modifications *ml,
572         const char **text,
573         char *textbuf,
574         size_t textlen )
575 {
576         for ( ; ml != NULL; ml = ml->sml_next ) {
577                 if ( !is_at_no_user_mod( ml->sml_desc->ad_type ) ) continue;
578
579                 if( get_manageDIT( op )) {
580                         if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_MANAGEABLE ) {
581                                 continue;
582                         }
583
584                         /* attribute not manageable */
585                         snprintf( textbuf, textlen,
586                                 "%s: no-user-modification attribute not manageable",
587                                 ml->sml_type.bv_val );
588
589                 } else {
590                         /* user modification disallowed */
591                         snprintf( textbuf, textlen,
592                                 "%s: no user modification allowed",
593                                 ml->sml_type.bv_val );
594                 }
595
596                 *text = textbuf;
597                 return LDAP_CONSTRAINT_VIOLATION;
598         }
599
600         return LDAP_SUCCESS;
601 }
602
603 /*
604  * Do basic attribute type checking and syntax validation.
605  */
606 int slap_mods_check(
607         Modifications *ml,
608         const char **text,
609         char *textbuf,
610         size_t textlen,
611         void *ctx )
612 {
613         int rc;
614
615         for( ; ml != NULL; ml = ml->sml_next ) {
616                 AttributeDescription *ad = NULL;
617
618                 /* convert to attribute description */
619                 rc = slap_bv2ad( &ml->sml_type, &ml->sml_desc, text );
620
621                 if( rc != LDAP_SUCCESS ) {
622                         snprintf( textbuf, textlen, "%s: %s",
623                                 ml->sml_type.bv_val, *text );
624                         *text = textbuf;
625                         return rc;
626                 }
627
628                 ad = ml->sml_desc;
629
630                 if( slap_syntax_is_binary( ad->ad_type->sat_syntax )
631                         && !slap_ad_is_binary( ad ))
632                 {
633                         /* attribute requires binary transfer */
634                         snprintf( textbuf, textlen,
635                                 "%s: requires ;binary transfer",
636                                 ml->sml_type.bv_val );
637                         *text = textbuf;
638                         return LDAP_UNDEFINED_TYPE;
639                 }
640
641                 if( !slap_syntax_is_binary( ad->ad_type->sat_syntax )
642                         && slap_ad_is_binary( ad ))
643                 {
644                         /* attribute does not require binary transfer */
645                         snprintf( textbuf, textlen,
646                                 "%s: disallows ;binary transfer",
647                                 ml->sml_type.bv_val );
648                         *text = textbuf;
649                         return LDAP_UNDEFINED_TYPE;
650                 }
651
652                 if( slap_ad_is_tag_range( ad )) {
653                         /* attribute requires binary transfer */
654                         snprintf( textbuf, textlen,
655                                 "%s: inappropriate use of tag range option",
656                                 ml->sml_type.bv_val );
657                         *text = textbuf;
658                         return LDAP_UNDEFINED_TYPE;
659                 }
660
661 #if 0
662                 if ( is_at_obsolete( ad->ad_type ) &&
663                         (( ml->sml_op != LDAP_MOD_REPLACE &&
664                                 ml->sml_op != LDAP_MOD_DELETE ) ||
665                                         ml->sml_values != NULL ))
666                 {
667                         /*
668                          * attribute is obsolete,
669                          * only allow replace/delete with no values
670                          */
671                         snprintf( textbuf, textlen,
672                                 "%s: attribute is obsolete",
673                                 ml->sml_type.bv_val );
674                         *text = textbuf;
675                         return LDAP_CONSTRAINT_VIOLATION;
676                 }
677 #endif
678
679                 if ( ml->sml_op == LDAP_MOD_INCREMENT &&
680 #ifdef SLAPD_REAL_SYNTAX
681                         !is_at_syntax( ad->ad_type, SLAPD_REAL_SYNTAX ) &&
682 #endif
683                         !is_at_syntax( ad->ad_type, SLAPD_INTEGER_SYNTAX ) )
684                 {
685                         /*
686                          * attribute values must be INTEGER or REAL
687                          */
688                         snprintf( textbuf, textlen,
689                                 "%s: attribute syntax inappropriate for increment",
690                                 ml->sml_type.bv_val );
691                         *text = textbuf;
692                         return LDAP_CONSTRAINT_VIOLATION;
693                 }
694
695                 /*
696                  * check values
697                  */
698                 if( ml->sml_values != NULL ) {
699                         ber_len_t nvals;
700                         slap_syntax_validate_func *validate =
701                                 ad->ad_type->sat_syntax->ssyn_validate;
702                         slap_syntax_transform_func *pretty =
703                                 ad->ad_type->sat_syntax->ssyn_pretty;
704  
705                         if( !pretty && !validate ) {
706                                 *text = "no validator for syntax";
707                                 snprintf( textbuf, textlen,
708                                         "%s: no validator for syntax %s",
709                                         ml->sml_type.bv_val,
710                                         ad->ad_type->sat_syntax->ssyn_oid );
711                                 *text = textbuf;
712                                 return LDAP_INVALID_SYNTAX;
713                         }
714
715                         /*
716                          * check that each value is valid per syntax
717                          *      and pretty if appropriate
718                          */
719                         for( nvals = 0; ml->sml_values[nvals].bv_val; nvals++ ) {
720                                 struct berval pval;
721                                 if( pretty ) {
722                                         rc = pretty( ad->ad_type->sat_syntax,
723                                                 &ml->sml_values[nvals], &pval, ctx );
724                                 } else {
725                                         rc = validate( ad->ad_type->sat_syntax,
726                                                 &ml->sml_values[nvals] );
727                                 }
728
729                                 if( rc != 0 ) {
730                                         snprintf( textbuf, textlen,
731                                                 "%s: value #%ld invalid per syntax",
732                                                 ml->sml_type.bv_val, (long) nvals );
733                                         *text = textbuf;
734                                         return LDAP_INVALID_SYNTAX;
735                                 }
736
737                                 if( pretty ) {
738                                         ber_memfree_x( ml->sml_values[nvals].bv_val, ctx );
739                                         ml->sml_values[nvals] = pval;
740                                 }
741                         }
742
743                         /*
744                          * a rough single value check... an additional check is needed
745                          * to catch add of single value to existing single valued attribute
746                          */
747                         if ((ml->sml_op == LDAP_MOD_ADD || ml->sml_op == LDAP_MOD_REPLACE)
748                                 && nvals > 1 && is_at_single_value( ad->ad_type ))
749                         {
750                                 snprintf( textbuf, textlen,
751                                         "%s: multiple values provided",
752                                         ml->sml_type.bv_val );
753                                 *text = textbuf;
754                                 return LDAP_CONSTRAINT_VIOLATION;
755                         }
756
757                         /* if the type has a normalizer, generate the
758                          * normalized values. otherwise leave them NULL.
759                          *
760                          * this is different from the rule for attributes
761                          * in an entry - in an attribute list, the normalized
762                          * value is set equal to the non-normalized value
763                          * when there is no normalizer.
764                          */
765                         if( nvals && ad->ad_type->sat_equality &&
766                                 ad->ad_type->sat_equality->smr_normalize )
767                         {
768                                 ml->sml_nvalues = ber_memalloc_x(
769                                         (nvals+1)*sizeof(struct berval), ctx );
770
771                                 for( nvals = 0; ml->sml_values[nvals].bv_val; nvals++ ) {
772                                         rc = ad->ad_type->sat_equality->smr_normalize(
773                                                 SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
774                                                 ad->ad_type->sat_syntax,
775                                                 ad->ad_type->sat_equality,
776                                                 &ml->sml_values[nvals], &ml->sml_nvalues[nvals], ctx );
777                                         if( rc ) {
778                                                 Debug( LDAP_DEBUG_ANY,
779                                                         "<= str2entry NULL (ssyn_normalize %d)\n",
780                                                         rc, 0, 0 );
781                                                 snprintf( textbuf, textlen,
782                                                         "%s: value #%ld normalization failed",
783                                                         ml->sml_type.bv_val, (long) nvals );
784                                                 *text = textbuf;
785                                                 return rc;
786                                         }
787                                 }
788
789                                 ml->sml_nvalues[nvals].bv_val = NULL;
790                                 ml->sml_nvalues[nvals].bv_len = 0;
791                         }
792
793                         /* check for duplicates, but ignore Deletes.
794                          */
795                         if( nvals > 1 && ml->sml_op != LDAP_MOD_DELETE ) {
796                                 int             i, j, rc, match;
797                                 MatchingRule *mr = ad->ad_type->sat_equality;
798
799                                 for ( i = 1; i < nvals ; i++ ) {
800                                         /* test asserted values against themselves */
801                                         for( j = 0; j < i; j++ ) {
802                                                 rc = ordered_value_match( &match, ml->sml_desc, mr,
803                                                         SLAP_MR_EQUALITY
804                                                                 | SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX
805                                                                 | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
806                                                                 | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
807                                                         ml->sml_nvalues
808                                                                 ? &ml->sml_nvalues[i]
809                                                                 : &ml->sml_values[i],
810                                                         ml->sml_nvalues
811                                                                 ? &ml->sml_nvalues[j]
812                                                                 : &ml->sml_values[j],
813                                                         text );
814                                                 if ( rc == LDAP_SUCCESS && match == 0 ) {
815                                                         /* value exists already */
816                                                         snprintf( textbuf, textlen,
817                                                                 "%s: value #%d provided more than once",
818                                                                 ml->sml_desc->ad_cname.bv_val, j );
819                                                         *text = textbuf;
820                                                         return LDAP_TYPE_OR_VALUE_EXISTS;
821
822                                                 } else if ( rc != LDAP_SUCCESS ) {
823                                                         return rc;
824                                                 }
825                                         }
826                                 }
827                         }
828
829                 }
830         }
831
832         return LDAP_SUCCESS;
833 }
834
835 /* Enter with bv->bv_len = sizeof buffer, returns with
836  * actual length of string
837  */
838 void slap_timestamp( time_t *tm, struct berval *bv )
839 {
840         struct tm *ltm;
841 #ifdef HAVE_GMTIME_R
842         struct tm ltm_buf;
843
844         ltm = gmtime_r( tm, &ltm_buf );
845 #else
846         ldap_pvt_thread_mutex_lock( &gmtime_mutex );
847         ltm = gmtime( tm );
848 #endif
849
850         bv->bv_len = lutil_gentime( bv->bv_val, bv->bv_len, ltm );
851
852 #ifndef HAVE_GMTIME_R
853         ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
854 #endif
855 }
856
857 int slap_mods_opattrs(
858         Operation *op,
859         Modifications *mods,
860         Modifications **modtail,
861         const char **text,
862         char *textbuf, size_t textlen,
863         int manage_ctxcsn )
864 {
865         struct berval name, timestamp, csn;
866         struct berval nname;
867         char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
868         char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
869         Modifications *mod;
870
871         int mop = op->o_tag == LDAP_REQ_ADD
872                 ? LDAP_MOD_ADD : LDAP_MOD_REPLACE;
873
874         assert( modtail != NULL );
875         assert( *modtail == NULL );
876
877         if ( SLAP_LASTMOD( op->o_bd )) {
878                 time_t now = slap_get_time();
879
880                 slap_get_csn( op, csnbuf, sizeof(csnbuf), &csn, manage_ctxcsn );
881
882                 timestamp.bv_val = timebuf;
883                 timestamp.bv_len = sizeof(timebuf);
884
885                 slap_timestamp( &now, &timestamp );
886
887                 if( op->o_dn.bv_len == 0 ) {
888                         BER_BVSTR( &name, SLAPD_ANONYMOUS );
889                         nname = name;
890                 } else {
891                         name = op->o_dn;
892                         nname = op->o_ndn;
893                 }
894         }
895
896         if( op->o_tag == LDAP_REQ_ADD ) {
897                 struct berval tmpval;
898
899                 {
900                         int rc = mods_structural_class( mods, &tmpval,
901                                 text, textbuf, textlen );
902                         if( rc != LDAP_SUCCESS ) return rc;
903
904                         mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
905                         mod->sml_op = mop;
906                         mod->sml_flags = SLAP_MOD_INTERNAL;
907                         mod->sml_type.bv_val = NULL;
908                         mod->sml_desc = slap_schema.si_ad_structuralObjectClass;
909                         mod->sml_values =
910                                 (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
911                         ber_dupbv( &mod->sml_values[0], &tmpval );
912                         mod->sml_values[1].bv_len = 0;
913                         mod->sml_values[1].bv_val = NULL;
914                         assert( mod->sml_values[0].bv_val );
915                         mod->sml_nvalues =
916                                 (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
917                         ber_dupbv( &mod->sml_nvalues[0], &tmpval );
918                         mod->sml_nvalues[1].bv_len = 0;
919                         mod->sml_nvalues[1].bv_val = NULL;
920                         assert( mod->sml_nvalues[0].bv_val );
921                         *modtail = mod;
922                         modtail = &mod->sml_next;
923                 }
924
925                 if ( SLAP_LASTMOD( op->o_bd )) {
926                         char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
927
928                         tmpval.bv_len = lutil_uuidstr( uuidbuf, sizeof( uuidbuf ) );
929                         tmpval.bv_val = uuidbuf;
930                 
931                         mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
932                         mod->sml_op = mop;
933                         mod->sml_flags = SLAP_MOD_INTERNAL;
934                         mod->sml_type.bv_val = NULL;
935                         mod->sml_desc = slap_schema.si_ad_entryUUID;
936                         mod->sml_values =
937                                 (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
938                         ber_dupbv( &mod->sml_values[0], &tmpval );
939                         mod->sml_values[1].bv_len = 0;
940                         mod->sml_values[1].bv_val = NULL;
941                         assert( mod->sml_values[0].bv_val );
942                         mod->sml_nvalues =
943                                 (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
944                         (*mod->sml_desc->ad_type->sat_equality->smr_normalize)(
945                                         SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
946                                         mod->sml_desc->ad_type->sat_syntax,
947                                         mod->sml_desc->ad_type->sat_equality,
948                                         mod->sml_values, mod->sml_nvalues, NULL );
949                         mod->sml_nvalues[1].bv_len = 0;
950                         mod->sml_nvalues[1].bv_val = NULL;
951                         *modtail = mod;
952                         modtail = &mod->sml_next;
953
954                         mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
955                         mod->sml_op = mop;
956                         mod->sml_flags = SLAP_MOD_INTERNAL;
957                         mod->sml_type.bv_val = NULL;
958                         mod->sml_desc = slap_schema.si_ad_creatorsName;
959                         mod->sml_values =
960                                 (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
961                         ber_dupbv( &mod->sml_values[0], &name );
962                         mod->sml_values[1].bv_len = 0;
963                         mod->sml_values[1].bv_val = NULL;
964                         assert( mod->sml_values[0].bv_val );
965                         mod->sml_nvalues =
966                                 (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
967                         ber_dupbv( &mod->sml_nvalues[0], &nname );
968                         mod->sml_nvalues[1].bv_len = 0;
969                         mod->sml_nvalues[1].bv_val = NULL;
970                         assert( mod->sml_nvalues[0].bv_val );
971                         *modtail = mod;
972                         modtail = &mod->sml_next;
973
974                         mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
975                         mod->sml_op = mop;
976                         mod->sml_flags = SLAP_MOD_INTERNAL;
977                         mod->sml_type.bv_val = NULL;
978                         mod->sml_desc = slap_schema.si_ad_createTimestamp;
979                         mod->sml_values =
980                                 (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
981                         ber_dupbv( &mod->sml_values[0], &timestamp );
982                         mod->sml_values[1].bv_len = 0;
983                         mod->sml_values[1].bv_val = NULL;
984                         assert( mod->sml_values[0].bv_val );
985                         mod->sml_nvalues = NULL;
986                         *modtail = mod;
987                         modtail = &mod->sml_next;
988                 }
989         }
990
991         if ( SLAP_LASTMOD( op->o_bd )) {
992                 mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
993                 mod->sml_op = mop;
994                 mod->sml_flags = SLAP_MOD_INTERNAL;
995                 mod->sml_type.bv_val = NULL;
996                 mod->sml_desc = slap_schema.si_ad_entryCSN;
997                 mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
998                 ber_dupbv( &mod->sml_values[0], &csn );
999                 mod->sml_values[1].bv_len = 0;
1000                 mod->sml_values[1].bv_val = NULL;
1001                 assert( mod->sml_values[0].bv_val );
1002                 mod->sml_nvalues = NULL;
1003                 *modtail = mod;
1004                 modtail = &mod->sml_next;
1005
1006                 mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
1007                 mod->sml_op = mop;
1008                 mod->sml_flags = SLAP_MOD_INTERNAL;
1009                 mod->sml_type.bv_val = NULL;
1010                 mod->sml_desc = slap_schema.si_ad_modifiersName;
1011                 mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
1012                 ber_dupbv( &mod->sml_values[0], &name );
1013                 mod->sml_values[1].bv_len = 0;
1014                 mod->sml_values[1].bv_val = NULL;
1015                 assert( mod->sml_values[0].bv_val );
1016                 mod->sml_nvalues =
1017                         (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
1018                 ber_dupbv( &mod->sml_nvalues[0], &nname );
1019                 mod->sml_nvalues[1].bv_len = 0;
1020                 mod->sml_nvalues[1].bv_val = NULL;
1021                 assert( mod->sml_nvalues[0].bv_val );
1022                 *modtail = mod;
1023                 modtail = &mod->sml_next;
1024
1025                 mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
1026                 mod->sml_op = mop;
1027                 mod->sml_flags = SLAP_MOD_INTERNAL;
1028                 mod->sml_type.bv_val = NULL;
1029                 mod->sml_desc = slap_schema.si_ad_modifyTimestamp;
1030                 mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
1031                 ber_dupbv( &mod->sml_values[0], &timestamp );
1032                 mod->sml_values[1].bv_len = 0;
1033                 mod->sml_values[1].bv_val = NULL;
1034                 assert( mod->sml_values[0].bv_val );
1035                 mod->sml_nvalues = NULL;
1036                 *modtail = mod;
1037                 modtail = &mod->sml_next;
1038         }
1039
1040         *modtail = NULL;
1041         return LDAP_SUCCESS;
1042 }
1043