]> git.sur5r.net Git - openldap/blob - servers/slapd/modify.c
e6dc759f5c9d69b77e517d3150320e73255c870f
[openldap] / servers / slapd / modify.c
1 /* $OpenLDAP$ */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3  *
4  * Copyright 1998-2007 The OpenLDAP Foundation.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted only as authorized by the OpenLDAP
9  * Public License.
10  *
11  * A copy of this license is available in the file LICENSE in the
12  * top-level directory of the distribution or, alternatively, at
13  * <http://www.OpenLDAP.org/license.html>.
14  */
15 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
16  * All rights reserved.
17  *
18  * Redistribution and use in source and binary forms are permitted
19  * provided that this notice is preserved and that due credit is given
20  * to the University of Michigan at Ann Arbor. The name of the University
21  * may not be used to endorse or promote products derived from this
22  * software without specific prior written permission. This software
23  * is provided ``as is'' without express or implied warranty.
24  */
25
26 #include "portable.h"
27
28 #include <stdio.h>
29
30 #include <ac/socket.h>
31 #include <ac/string.h>
32 #include <ac/time.h>
33
34 #include "slap.h"
35 #include "lutil.h"
36
37
38 int
39 do_modify(
40     Operation   *op,
41     SlapReply   *rs )
42 {
43         struct berval dn = BER_BVNULL;
44         char            *last;
45         ber_tag_t       tag;
46         ber_len_t       len;
47         Modifications   *modlist = NULL;
48         Modifications   **modtail = &modlist;
49         int             increment = 0;
50         char            textbuf[ SLAP_TEXT_BUFLEN ];
51         size_t          textlen = sizeof( textbuf );
52
53         Debug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 );
54
55         /*
56          * Parse the modify request.  It looks like this:
57          *
58          *      ModifyRequest := [APPLICATION 6] SEQUENCE {
59          *              name    DistinguishedName,
60          *              mods    SEQUENCE OF SEQUENCE {
61          *                      operation       ENUMERATED {
62          *                              add     (0),
63          *                              delete  (1),
64          *                              replace (2)
65          *                      },
66          *                      modification    SEQUENCE {
67          *                              type    AttributeType,
68          *                              values  SET OF AttributeValue
69          *                      }
70          *              }
71          *      }
72          */
73
74         if ( ber_scanf( op->o_ber, "{m" /*}*/, &dn ) == LBER_ERROR ) {
75                 Debug( LDAP_DEBUG_ANY, "do_modify: ber_scanf failed\n", 0, 0, 0 );
76
77                 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
78                 return SLAPD_DISCONNECT;
79         }
80
81         Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn.bv_val, 0, 0 );
82
83         /* collect modifications & save for later */
84         for ( tag = ber_first_element( op->o_ber, &len, &last );
85             tag != LBER_DEFAULT;
86             tag = ber_next_element( op->o_ber, &len, last ) )
87         {
88                 ber_int_t mop;
89                 Modifications tmp, *mod;
90
91                 tmp.sml_nvalues = NULL;
92
93                 if ( ber_scanf( op->o_ber, "{e{m[W]}}", &mop,
94                     &tmp.sml_type, &tmp.sml_values ) == LBER_ERROR )
95                 {
96                         send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR,
97                                 "decoding modlist error" );
98                         rs->sr_err = SLAPD_DISCONNECT;
99                         goto cleanup;
100                 }
101
102                 mod = (Modifications *) ch_malloc( sizeof(Modifications) );
103                 mod->sml_op = mop;
104                 mod->sml_flags = 0;
105                 mod->sml_type = tmp.sml_type;
106                 mod->sml_values = tmp.sml_values;
107                 mod->sml_nvalues = NULL;
108                 mod->sml_desc = NULL;
109                 mod->sml_next = NULL;
110                 *modtail = mod;
111
112                 switch( mop ) {
113                 case LDAP_MOD_ADD:
114                         if ( mod->sml_values == NULL ) {
115                                 Debug( LDAP_DEBUG_ANY,
116                                         "do_modify: modify/add operation (%ld) requires values\n",
117                                         (long) mop, 0, 0 );
118
119                                 send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
120                                         "modify/add operation requires values" );
121                                 goto cleanup;
122                         }
123
124                         /* fall through */
125
126                 case LDAP_MOD_DELETE:
127                 case LDAP_MOD_REPLACE:
128                         break;
129
130                 case LDAP_MOD_INCREMENT:
131                         if( op->o_protocol >= LDAP_VERSION3 ) {
132                                 increment++;
133                                 if ( mod->sml_values == NULL ) {
134                                         Debug( LDAP_DEBUG_ANY, "do_modify: "
135                                                 "modify/increment operation (%ld) requires value\n",
136                                                 (long) mop, 0, 0 );
137
138                                         send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
139                                                 "modify/increment operation requires value" );
140                                         goto cleanup;
141                                 }
142
143                                 if ( !BER_BVISNULL( &mod->sml_values[ 1 ] ) ) {
144                                         Debug( LDAP_DEBUG_ANY, "do_modify: modify/increment "
145                                                 "operation (%ld) requires single value\n",
146                                                 (long) mop, 0, 0 );
147
148                                         send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
149                                                 "modify/increment operation requires single value" );
150                                         goto cleanup;
151                                 }
152
153                                 break;
154                         }
155                         /* fall thru */
156
157                 default: {
158                                 Debug( LDAP_DEBUG_ANY,
159                                         "do_modify: unrecognized modify operation (%ld)\n",
160                                         (long) mop, 0, 0 );
161
162                                 send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
163                                         "unrecognized modify operation" );
164                                 goto cleanup;
165                         }
166                 }
167
168                 modtail = &mod->sml_next;
169         }
170         *modtail = NULL;
171
172         if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
173                 Debug( LDAP_DEBUG_ANY, "do_modify: get_ctrls failed\n", 0, 0, 0 );
174
175                 goto cleanup;
176         }
177
178         rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn,
179                 op->o_tmpmemctx );
180         if( rs->sr_err != LDAP_SUCCESS ) {
181                 Debug( LDAP_DEBUG_ANY,
182                         "do_modify: invalid dn (%s)\n", dn.bv_val, 0, 0 );
183                 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
184                 goto cleanup;
185         }
186
187         rs->sr_err = slap_mods_check( modlist,
188                 &rs->sr_text, textbuf, textlen, NULL );
189
190         if ( rs->sr_err != LDAP_SUCCESS ) {
191                 send_ldap_result( op, rs );
192                 goto cleanup;
193         }
194
195         /* FIXME: needs review */
196         op->orm_modlist = modlist;
197         op->orm_increment = increment;
198
199         op->o_bd = frontendDB;
200         rs->sr_err = frontendDB->be_modify( op, rs );
201
202 cleanup:
203         op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
204         op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
205         if ( op->orm_modlist != NULL ) slap_mods_free( op->orm_modlist, 1 );
206
207         return rs->sr_err;
208 }
209
210 int
211 fe_op_modify( Operation *op, SlapReply *rs )
212 {
213 #ifdef LDAP_DEBUG
214         Modifications   *tmp;
215 #endif
216         int             manageDSAit;
217         Modifications   *modlist = op->orm_modlist;
218         int             increment = op->orm_increment;
219         BackendDB *op_be, *bd = op->o_bd;
220         char            textbuf[ SLAP_TEXT_BUFLEN ];
221         size_t          textlen = sizeof( textbuf );
222         
223         if( BER_BVISEMPTY( &op->o_req_ndn ) ) {
224                 Debug( LDAP_DEBUG_ANY, "do_modify: root dse!\n", 0, 0, 0 );
225
226                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
227                         "modify upon the root DSE not supported" );
228                 goto cleanup;
229
230         } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
231                 Debug( LDAP_DEBUG_ANY, "do_modify: subschema subentry!\n", 0, 0, 0 );
232
233                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
234                         "modification of subschema subentry not supported" );
235                 goto cleanup;
236         }
237
238 #ifdef LDAP_DEBUG
239         Debug( LDAP_DEBUG_ARGS, "modifications:\n", 0, 0, 0 );
240
241         for ( tmp = modlist; tmp != NULL; tmp = tmp->sml_next ) {
242                 Debug( LDAP_DEBUG_ARGS, "\t%s: %s\n",
243                         tmp->sml_op == LDAP_MOD_ADD ? "add" :
244                                 (tmp->sml_op == LDAP_MOD_INCREMENT ? "increment" :
245                                 (tmp->sml_op == LDAP_MOD_DELETE ? "delete" :
246                                         "replace")), tmp->sml_type.bv_val, 0 );
247
248                 if ( tmp->sml_values == NULL ) {
249                         Debug( LDAP_DEBUG_ARGS, "%s\n",
250                            "\t\tno values", NULL, NULL );
251                 } else if ( BER_BVISNULL( &tmp->sml_values[ 0 ] ) ) {
252                         Debug( LDAP_DEBUG_ARGS, "%s\n",
253                            "\t\tzero values", NULL, NULL );
254                 } else if ( BER_BVISNULL( &tmp->sml_values[ 1 ] ) ) {
255                         Debug( LDAP_DEBUG_ARGS, "%s, length %ld\n",
256                            "\t\tone value", (long) tmp->sml_values[0].bv_len, NULL );
257                 } else {
258                         Debug( LDAP_DEBUG_ARGS, "%s\n",
259                            "\t\tmultiple values", NULL, NULL );
260                 }
261         }
262
263         if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
264                 char abuf[BUFSIZ/2], *ptr = abuf;
265                 int len = 0;
266
267                 Statslog( LDAP_DEBUG_STATS, "%s MOD dn=\"%s\"\n",
268                         op->o_log_prefix, op->o_req_dn.bv_val, 0, 0, 0 );
269
270                 for ( tmp = modlist; tmp != NULL; tmp = tmp->sml_next ) {
271                         if (len + 1 + tmp->sml_type.bv_len > sizeof(abuf)) {
272                                 Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
273                                     op->o_log_prefix, abuf, 0, 0, 0 );
274
275                                 len = 0;
276                                 ptr = abuf;
277
278                                 if( 1 + tmp->sml_type.bv_len > sizeof(abuf)) {
279                                         Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
280                                                 op->o_log_prefix, tmp->sml_type.bv_val, 0, 0, 0 );
281                                         continue;
282                                 }
283                         }
284                         if (len) {
285                                 *ptr++ = ' ';
286                                 len++;
287                         }
288                         ptr = lutil_strcopy(ptr, tmp->sml_type.bv_val);
289                         len += tmp->sml_type.bv_len;
290                 }
291                 if (len) {
292                         Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
293                                 op->o_log_prefix, abuf, 0, 0, 0 );
294                 }
295         }
296 #endif  /* LDAP_DEBUG */
297
298         manageDSAit = get_manageDSAit( op );
299
300         /*
301          * We could be serving multiple database backends.  Select the
302          * appropriate one, or send a referral to our "referral server"
303          * if we don't hold it.
304          */
305         op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 1 );
306         if ( op->o_bd == NULL ) {
307                 op->o_bd = bd;
308                 rs->sr_ref = referral_rewrite( default_referral,
309                         NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
310                 if (!rs->sr_ref) rs->sr_ref = default_referral;
311
312                 if (rs->sr_ref != NULL ) {
313                         rs->sr_err = LDAP_REFERRAL;
314                         send_ldap_result( op, rs );
315
316                         if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
317                 } else {
318                         send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
319                                 "no global superior knowledge" );
320                 }
321                 goto cleanup;
322         }
323
324         /* If we've got a glued backend, check the real backend */
325         op_be = op->o_bd;
326         if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
327                 op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
328         }
329
330         /* check restrictions */
331         if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
332                 send_ldap_result( op, rs );
333                 goto cleanup;
334         }
335
336         /* check for referrals */
337         if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
338                 goto cleanup;
339         }
340
341         rs->sr_err = slap_mods_obsolete_check( op, modlist,
342                 &rs->sr_text, textbuf, textlen );
343         if ( rs->sr_err != LDAP_SUCCESS ) {
344                 send_ldap_result( op, rs );
345                 goto cleanup;
346         }
347
348         /* check for modify/increment support */
349         if( increment && !SLAP_INCREMENT( op->o_bd ) ) {
350                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
351                         "modify/increment not supported in context" );
352         }
353
354         /*
355          * do the modify if 1 && (2 || 3)
356          * 1) there is a modify function implemented in this backend;
357          * 2) this backend is master for what it holds;
358          * 3) it's a replica and the dn supplied is the update_ndn.
359          */
360         if ( op->o_bd->be_modify ) {
361                 /* do the update here */
362                 int repl_user = be_isupdate( op );
363
364                 /* Multimaster slapd does not have to check for replicator dn
365                  * because it accepts each modify request
366                  */
367 #ifndef SLAPD_MULTIMASTER
368                 if ( !SLAP_SHADOW(op->o_bd) || repl_user )
369 #endif
370                 {
371                         int             update = !BER_BVISEMPTY( &op->o_bd->be_update_ndn );
372                         slap_callback   cb = { NULL, slap_replog_cb, NULL, NULL };
373
374                         op->o_bd = op_be;
375
376                         if ( !update ) {
377                                 rs->sr_err = slap_mods_no_user_mod_check( op, modlist,
378                                         &rs->sr_text, textbuf, textlen );
379                                 if ( rs->sr_err != LDAP_SUCCESS ) {
380                                         send_ldap_result( op, rs );
381                                         goto cleanup;
382                                 }
383                         }
384
385                         op->orm_modlist = modlist;
386 #ifdef SLAPD_MULTIMASTER
387                         if ( !repl_user )
388 #endif
389                         {
390                                 /* but multimaster slapd logs only the ones 
391                                  * not from a replicator user */
392                                 cb.sc_next = op->o_callback;
393                                 op->o_callback = &cb;
394                         }
395                         op->o_bd->be_modify( op, rs );
396
397 #ifndef SLAPD_MULTIMASTER
398                 /* send a referral */
399                 } else {
400                         BerVarray defref = op->o_bd->be_update_refs
401                                 ? op->o_bd->be_update_refs : default_referral;
402                         if ( defref != NULL ) {
403                                 rs->sr_ref = referral_rewrite( defref,
404                                         NULL, &op->o_req_dn,
405                                         LDAP_SCOPE_DEFAULT );
406                                 if ( rs->sr_ref == NULL ) {
407                                         /* FIXME: must duplicate, because
408                                          * overlays may muck with it */
409                                         rs->sr_ref = defref;
410                                 }
411                                 rs->sr_err = LDAP_REFERRAL;
412                                 send_ldap_result( op, rs );
413                                 if ( rs->sr_ref != defref ) {
414                                         ber_bvarray_free( rs->sr_ref );
415                                 }
416
417                         } else {
418                                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
419                                         "shadow context; no update referral" );
420                         }
421 #endif
422                 }
423         } else {
424                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
425                     "operation not supported within namingContext" );
426         }
427
428 cleanup:;
429         op->o_bd = bd;
430         return rs->sr_err;
431 }
432
433 /*
434  * Obsolete constraint checking.
435  */
436 int
437 slap_mods_obsolete_check(
438         Operation *op,
439         Modifications *ml,
440         const char **text,
441         char *textbuf,
442         size_t textlen )
443 {
444         if( get_manageDIT( op ) ) return LDAP_SUCCESS;
445
446         for ( ; ml != NULL; ml = ml->sml_next ) {
447                 if ( is_at_obsolete( ml->sml_desc->ad_type ) &&
448                         (( ml->sml_op != LDAP_MOD_REPLACE &&
449                                 ml->sml_op != LDAP_MOD_DELETE ) ||
450                                         ml->sml_values != NULL ))
451                 {
452                         /*
453                          * attribute is obsolete,
454                          * only allow replace/delete with no values
455                          */
456                         snprintf( textbuf, textlen,
457                                 "%s: attribute is obsolete",
458                                 ml->sml_type.bv_val );
459                         *text = textbuf;
460                         return LDAP_CONSTRAINT_VIOLATION;
461                 }
462         }
463
464         return LDAP_SUCCESS;
465 }
466
467 /*
468  * No-user-modification constraint checking.
469  */
470 int
471 slap_mods_no_user_mod_check(
472         Operation *op,
473         Modifications *ml,
474         const char **text,
475         char *textbuf,
476         size_t textlen )
477 {
478         for ( ; ml != NULL; ml = ml->sml_next ) {
479                 if ( !is_at_no_user_mod( ml->sml_desc->ad_type ) ) continue;
480
481                 if ( get_manageDIT( op ) ) {
482                         if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_MANAGEABLE ) {
483                                 ml->sml_flags |= SLAP_MOD_MANAGING;
484                                 continue;
485                         }
486
487                         /* attribute not manageable */
488                         snprintf( textbuf, textlen,
489                                 "%s: no-user-modification attribute not manageable",
490                                 ml->sml_type.bv_val );
491
492                 } else {
493                         /* user modification disallowed */
494                         snprintf( textbuf, textlen,
495                                 "%s: no user modification allowed",
496                                 ml->sml_type.bv_val );
497                 }
498
499                 *text = textbuf;
500                 return LDAP_CONSTRAINT_VIOLATION;
501         }
502
503         return LDAP_SUCCESS;
504 }
505
506 int
507 slap_mods_no_repl_user_mod_check(
508         Operation *op,
509         Modifications *ml,
510         const char **text,
511         char *textbuf,
512         size_t textlen )
513 {
514         Modifications *mods;
515         Modifications *modp;
516
517         for ( mods = ml; mods != NULL; mods = mods->sml_next ) {
518                 assert( mods->sml_op == LDAP_MOD_ADD );
519
520                 /* check doesn't already appear */
521                 for ( modp = ml; modp != NULL; modp = modp->sml_next ) {
522                         if ( mods->sml_desc == modp->sml_desc && mods != modp ) {
523                                 snprintf( textbuf, textlen,
524                                         "attribute '%s' provided more than once",
525                                         mods->sml_desc->ad_cname.bv_val );
526                                 *text = textbuf;
527                                 return LDAP_TYPE_OR_VALUE_EXISTS;
528                         }
529                 }
530         }
531
532         return LDAP_SUCCESS;
533 }
534
535 /*
536  * Do basic attribute type checking and syntax validation.
537  */
538 int slap_mods_check(
539         Modifications *ml,
540         const char **text,
541         char *textbuf,
542         size_t textlen,
543         void *ctx )
544 {
545         int rc;
546
547         for( ; ml != NULL; ml = ml->sml_next ) {
548                 AttributeDescription *ad = NULL;
549
550                 /* convert to attribute description */
551                 if ( ml->sml_desc == NULL ) {
552                         rc = slap_bv2ad( &ml->sml_type, &ml->sml_desc, text );
553                         if( rc != LDAP_SUCCESS ) {
554                                 snprintf( textbuf, textlen, "%s: %s",
555                                         ml->sml_type.bv_val, *text );
556                                 *text = textbuf;
557                                 return rc;
558                         }
559                 }
560
561                 ad = ml->sml_desc;
562
563                 if( slap_syntax_is_binary( ad->ad_type->sat_syntax )
564                         && !slap_ad_is_binary( ad ))
565                 {
566                         /* attribute requires binary transfer */
567                         snprintf( textbuf, textlen,
568                                 "%s: requires ;binary transfer",
569                                 ml->sml_type.bv_val );
570                         *text = textbuf;
571                         return LDAP_UNDEFINED_TYPE;
572                 }
573
574                 if( !slap_syntax_is_binary( ad->ad_type->sat_syntax )
575                         && slap_ad_is_binary( ad ))
576                 {
577                         /* attribute does not require binary transfer */
578                         snprintf( textbuf, textlen,
579                                 "%s: disallows ;binary transfer",
580                                 ml->sml_type.bv_val );
581                         *text = textbuf;
582                         return LDAP_UNDEFINED_TYPE;
583                 }
584
585                 if( slap_ad_is_tag_range( ad )) {
586                         /* attribute requires binary transfer */
587                         snprintf( textbuf, textlen,
588                                 "%s: inappropriate use of tag range option",
589                                 ml->sml_type.bv_val );
590                         *text = textbuf;
591                         return LDAP_UNDEFINED_TYPE;
592                 }
593
594 #if 0
595                 if ( is_at_obsolete( ad->ad_type ) &&
596                         (( ml->sml_op != LDAP_MOD_REPLACE &&
597                                 ml->sml_op != LDAP_MOD_DELETE ) ||
598                                         ml->sml_values != NULL ))
599                 {
600                         /*
601                          * attribute is obsolete,
602                          * only allow replace/delete with no values
603                          */
604                         snprintf( textbuf, textlen,
605                                 "%s: attribute is obsolete",
606                                 ml->sml_type.bv_val );
607                         *text = textbuf;
608                         return LDAP_CONSTRAINT_VIOLATION;
609                 }
610 #endif
611
612                 if ( ml->sml_op == LDAP_MOD_INCREMENT &&
613 #ifdef SLAPD_REAL_SYNTAX
614                         !is_at_syntax( ad->ad_type, SLAPD_REAL_SYNTAX ) &&
615 #endif
616                         !is_at_syntax( ad->ad_type, SLAPD_INTEGER_SYNTAX ) )
617                 {
618                         /*
619                          * attribute values must be INTEGER or REAL
620                          */
621                         snprintf( textbuf, textlen,
622                                 "%s: attribute syntax inappropriate for increment",
623                                 ml->sml_type.bv_val );
624                         *text = textbuf;
625                         return LDAP_CONSTRAINT_VIOLATION;
626                 }
627
628                 /*
629                  * check values
630                  */
631                 if( ml->sml_values != NULL ) {
632                         ber_len_t nvals;
633                         slap_syntax_validate_func *validate =
634                                 ad->ad_type->sat_syntax->ssyn_validate;
635                         slap_syntax_transform_func *pretty =
636                                 ad->ad_type->sat_syntax->ssyn_pretty;
637  
638                         if( !pretty && !validate ) {
639                                 *text = "no validator for syntax";
640                                 snprintf( textbuf, textlen,
641                                         "%s: no validator for syntax %s",
642                                         ml->sml_type.bv_val,
643                                         ad->ad_type->sat_syntax->ssyn_oid );
644                                 *text = textbuf;
645                                 return LDAP_INVALID_SYNTAX;
646                         }
647
648                         /*
649                          * check that each value is valid per syntax
650                          *      and pretty if appropriate
651                          */
652                         for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ ) {
653                                 struct berval pval;
654
655                                 if ( pretty ) {
656 #ifdef SLAP_ORDERED_PRETTYNORM
657                                         rc = ordered_value_pretty( ad,
658                                                 &ml->sml_values[nvals], &pval, ctx );
659 #else /* ! SLAP_ORDERED_PRETTYNORM */
660                                         rc = pretty( ad->ad_type->sat_syntax,
661                                                 &ml->sml_values[nvals], &pval, ctx );
662 #endif /* ! SLAP_ORDERED_PRETTYNORM */
663                                 } else {
664 #ifdef SLAP_ORDERED_PRETTYNORM
665                                         rc = ordered_value_validate( ad,
666                                                 &ml->sml_values[nvals], ml->sml_op );
667 #else /* ! SLAP_ORDERED_PRETTYNORM */
668                                         rc = validate( ad->ad_type->sat_syntax,
669                                                 &ml->sml_values[nvals] );
670 #endif /* ! SLAP_ORDERED_PRETTYNORM */
671                                 }
672
673                                 if( rc != 0 ) {
674                                         snprintf( textbuf, textlen,
675                                                 "%s: value #%ld invalid per syntax",
676                                                 ml->sml_type.bv_val, (long) nvals );
677                                         *text = textbuf;
678                                         return LDAP_INVALID_SYNTAX;
679                                 }
680
681                                 if( pretty ) {
682                                         ber_memfree_x( ml->sml_values[nvals].bv_val, ctx );
683                                         ml->sml_values[nvals] = pval;
684                                 }
685                         }
686
687                         /*
688                          * a rough single value check... an additional check is needed
689                          * to catch add of single value to existing single valued attribute
690                          */
691                         if ((ml->sml_op == LDAP_MOD_ADD || ml->sml_op == LDAP_MOD_REPLACE)
692                                 && nvals > 1 && is_at_single_value( ad->ad_type ))
693                         {
694                                 snprintf( textbuf, textlen,
695                                         "%s: multiple values provided",
696                                         ml->sml_type.bv_val );
697                                 *text = textbuf;
698                                 return LDAP_CONSTRAINT_VIOLATION;
699                         }
700
701                         /* if the type has a normalizer, generate the
702                          * normalized values. otherwise leave them NULL.
703                          *
704                          * this is different from the rule for attributes
705                          * in an entry - in an attribute list, the normalized
706                          * value is set equal to the non-normalized value
707                          * when there is no normalizer.
708                          */
709                         if( nvals && ad->ad_type->sat_equality &&
710                                 ad->ad_type->sat_equality->smr_normalize )
711                         {
712                                 ml->sml_nvalues = ber_memalloc_x(
713                                         (nvals+1)*sizeof(struct berval), ctx );
714
715                                 for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ ) {
716 #ifdef SLAP_ORDERED_PRETTYNORM
717                                         rc = ordered_value_normalize(
718                                                 SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
719                                                 ad,
720                                                 ad->ad_type->sat_equality,
721                                                 &ml->sml_values[nvals], &ml->sml_nvalues[nvals], ctx );
722 #else /* ! SLAP_ORDERED_PRETTYNORM */
723                                         rc = ad->ad_type->sat_equality->smr_normalize(
724                                                 SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
725                                                 ad->ad_type->sat_syntax,
726                                                 ad->ad_type->sat_equality,
727                                                 &ml->sml_values[nvals], &ml->sml_nvalues[nvals], ctx );
728 #endif /* ! SLAP_ORDERED_PRETTYNORM */
729                                         if ( rc ) {
730                                                 Debug( LDAP_DEBUG_ANY,
731                                                         "<= str2entry NULL (ssyn_normalize %d)\n",
732                                                         rc, 0, 0 );
733                                                 snprintf( textbuf, textlen,
734                                                         "%s: value #%ld normalization failed",
735                                                         ml->sml_type.bv_val, (long) nvals );
736                                                 *text = textbuf;
737                                                 return rc;
738                                         }
739                                 }
740
741                                 BER_BVZERO( &ml->sml_nvalues[nvals] );
742                         }
743
744                         /* check for duplicates, but ignore Deletes.
745                          */
746                         if( nvals > 1 && ml->sml_op != LDAP_MOD_DELETE ) {
747                                 int             i, j, rc, match;
748                                 MatchingRule *mr = ad->ad_type->sat_equality;
749
750                                 for ( i = 1; i < nvals ; i++ ) {
751                                         /* test asserted values against themselves */
752                                         for( j = 0; j < i; j++ ) {
753                                                 rc = ordered_value_match( &match, ml->sml_desc, mr,
754                                                         SLAP_MR_EQUALITY
755                                                                 | SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX
756                                                                 | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
757                                                                 | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
758                                                         ml->sml_nvalues
759                                                                 ? &ml->sml_nvalues[i]
760                                                                 : &ml->sml_values[i],
761                                                         ml->sml_nvalues
762                                                                 ? &ml->sml_nvalues[j]
763                                                                 : &ml->sml_values[j],
764                                                         text );
765                                                 if ( rc == LDAP_SUCCESS && match == 0 ) {
766                                                         /* value exists already */
767                                                         snprintf( textbuf, textlen,
768                                                                 "%s: value #%d provided more than once",
769                                                                 ml->sml_desc->ad_cname.bv_val, j );
770                                                         *text = textbuf;
771                                                         return LDAP_TYPE_OR_VALUE_EXISTS;
772
773                                                 } else if ( rc != LDAP_SUCCESS ) {
774                                                         return rc;
775                                                 }
776                                         }
777                                 }
778                         }
779
780                 }
781         }
782
783         return LDAP_SUCCESS;
784 }
785
786 /* Enter with bv->bv_len = sizeof buffer, returns with
787  * actual length of string
788  */
789 void slap_timestamp( time_t *tm, struct berval *bv )
790 {
791         struct tm *ltm;
792 #ifdef HAVE_GMTIME_R
793         struct tm ltm_buf;
794
795         ltm = gmtime_r( tm, &ltm_buf );
796 #else
797         ldap_pvt_thread_mutex_lock( &gmtime_mutex );
798         ltm = gmtime( tm );
799 #endif
800
801         bv->bv_len = lutil_gentime( bv->bv_val, bv->bv_len, ltm );
802
803 #ifndef HAVE_GMTIME_R
804         ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
805 #endif
806 }
807
808 /* Called for all modify and modrdn ops. If the current op was replicated
809  * from elsewhere, all of the attrs should already be present.
810  */
811 void slap_mods_opattrs(
812         Operation *op,
813         Modifications **modsp,
814         int manage_ctxcsn )
815 {
816         struct berval name, timestamp, csn = BER_BVNULL;
817         struct berval nname;
818         char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
819         char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
820         Modifications *mod, **modtail, *modlast;
821         int gotcsn = 0, gotmname = 0, gotmtime = 0;
822
823         if ( SLAP_LASTMOD( op->o_bd ) ) {
824                 char *ptr;
825                 timestamp.bv_val = timebuf;
826                 for ( modtail = modsp; *modtail; modtail = &(*modtail)->sml_next ) {
827                         if ( (*modtail)->sml_op != LDAP_MOD_ADD &&
828                                 (*modtail)->sml_op != LDAP_MOD_REPLACE ) continue;
829                         if ( (*modtail)->sml_desc == slap_schema.si_ad_entryCSN ) {
830                                 csn = (*modtail)->sml_values[0];
831                                 gotcsn = 1;
832                         } else
833                         if ( (*modtail)->sml_desc == slap_schema.si_ad_modifiersName ) {
834                                 gotmname = 1;
835                         } else
836                         if ( (*modtail)->sml_desc == slap_schema.si_ad_modifyTimestamp ) {
837                                 gotmtime = 1;
838                         }
839                 }
840                 if ( BER_BVISEMPTY( &op->o_csn )) {
841                         if ( !gotcsn ) {
842                                 csn.bv_val = csnbuf;
843                                 csn.bv_len = sizeof( csnbuf );
844                                 slap_get_csn( op, &csn, manage_ctxcsn );
845                         } else {
846                                 if ( manage_ctxcsn )
847                                         slap_queue_csn( op, &csn );
848                         }
849                 } else {
850                         csn = op->o_csn;
851                 }
852                 ptr = ber_bvchr( &csn, '#' );
853                 if ( ptr && ptr < &csn.bv_val[csn.bv_len] ) {
854                         timestamp.bv_len = ptr - csn.bv_val;
855                         if ( timestamp.bv_len >= sizeof( timebuf ))
856                                 timestamp.bv_len = sizeof( timebuf ) - 1;
857                         strncpy( timebuf, csn.bv_val, timestamp.bv_len );
858                         timebuf[timestamp.bv_len] = '\0';
859                 } else {
860                         time_t now = slap_get_time();
861
862                         timestamp.bv_len = sizeof(timebuf);
863
864                         slap_timestamp( &now, &timestamp );
865                 }
866
867                 if ( BER_BVISEMPTY( &op->o_dn ) ) {
868                         BER_BVSTR( &name, SLAPD_ANONYMOUS );
869                         nname = name;
870                 } else {
871                         name = op->o_dn;
872                         nname = op->o_ndn;
873                 }
874
875                 if ( !gotcsn ) {
876                         mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
877                         mod->sml_op = LDAP_MOD_REPLACE;
878                         mod->sml_flags = SLAP_MOD_INTERNAL;
879                         mod->sml_next = NULL;
880                         BER_BVZERO( &mod->sml_type );
881                         mod->sml_desc = slap_schema.si_ad_entryCSN;
882                         mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
883                         ber_dupbv( &mod->sml_values[0], &csn );
884                         BER_BVZERO( &mod->sml_values[1] );
885                         assert( !BER_BVISNULL( &mod->sml_values[0] ) );
886                         mod->sml_nvalues = NULL;
887                         *modtail = mod;
888                         modlast = mod;
889                         modtail = &mod->sml_next;
890                 }
891
892                 if ( !gotmname ) {
893                         mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
894                         mod->sml_op = LDAP_MOD_REPLACE;
895                         mod->sml_flags = SLAP_MOD_INTERNAL;
896                         mod->sml_next = NULL;
897                         BER_BVZERO( &mod->sml_type );
898                         mod->sml_desc = slap_schema.si_ad_modifiersName;
899                         mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
900                         ber_dupbv( &mod->sml_values[0], &name );
901                         BER_BVZERO( &mod->sml_values[1] );
902                         assert( !BER_BVISNULL( &mod->sml_values[0] ) );
903                         mod->sml_nvalues =
904                                 (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
905                         ber_dupbv( &mod->sml_nvalues[0], &nname );
906                         BER_BVZERO( &mod->sml_nvalues[1] );
907                         assert( !BER_BVISNULL( &mod->sml_nvalues[0] ) );
908                         *modtail = mod;
909                         modtail = &mod->sml_next;
910                 }
911
912                 if ( !gotmtime ) {
913                         mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
914                         mod->sml_op = LDAP_MOD_REPLACE;
915                         mod->sml_flags = SLAP_MOD_INTERNAL;
916                         mod->sml_next = NULL;
917                         BER_BVZERO( &mod->sml_type );
918                         mod->sml_desc = slap_schema.si_ad_modifyTimestamp;
919                         mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
920                         ber_dupbv( &mod->sml_values[0], &timestamp );
921                         BER_BVZERO( &mod->sml_values[1] );
922                         assert( !BER_BVISNULL( &mod->sml_values[0] ) );
923                         mod->sml_nvalues = NULL;
924                         *modtail = mod;
925                         modtail = &mod->sml_next;
926                 }
927         }
928 }
929