]> git.sur5r.net Git - openldap/blob - servers/slapd/modify.c
happy belated new year
[openldap] / servers / slapd / modify.c
1 /* $OpenLDAP$ */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3  *
4  * Copyright 1998-2010 The OpenLDAP Foundation.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted only as authorized by the OpenLDAP
9  * Public License.
10  *
11  * A copy of this license is available in the file LICENSE in the
12  * top-level directory of the distribution or, alternatively, at
13  * <http://www.OpenLDAP.org/license.html>.
14  */
15 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
16  * All rights reserved.
17  *
18  * Redistribution and use in source and binary forms are permitted
19  * provided that this notice is preserved and that due credit is given
20  * to the University of Michigan at Ann Arbor. The name of the University
21  * may not be used to endorse or promote products derived from this
22  * software without specific prior written permission. This software
23  * is provided ``as is'' without express or implied warranty.
24  */
25
26 #include "portable.h"
27
28 #include <stdio.h>
29
30 #include <ac/socket.h>
31 #include <ac/string.h>
32 #include <ac/time.h>
33
34 #include "slap.h"
35 #include "lutil.h"
36
37
38 int
39 do_modify(
40     Operation   *op,
41     SlapReply   *rs )
42 {
43         struct berval dn = BER_BVNULL;
44         char            textbuf[ SLAP_TEXT_BUFLEN ];
45         size_t          textlen = sizeof( textbuf );
46 #ifdef LDAP_DEBUG
47         Modifications   *tmp;
48 #endif
49
50         Debug( LDAP_DEBUG_TRACE, "%s do_modify\n",
51                 op->o_log_prefix, 0, 0 );
52         /*
53          * Parse the modify request.  It looks like this:
54          *
55          *      ModifyRequest := [APPLICATION 6] SEQUENCE {
56          *              name    DistinguishedName,
57          *              mods    SEQUENCE OF SEQUENCE {
58          *                      operation       ENUMERATED {
59          *                              add     (0),
60          *                              delete  (1),
61          *                              replace (2)
62          *                      },
63          *                      modification    SEQUENCE {
64          *                              type    AttributeType,
65          *                              values  SET OF AttributeValue
66          *                      }
67          *              }
68          *      }
69          */
70
71         if ( ber_scanf( op->o_ber, "{m" /*}*/, &dn ) == LBER_ERROR ) {
72                 Debug( LDAP_DEBUG_ANY, "%s do_modify: ber_scanf failed\n",
73                         op->o_log_prefix, 0, 0 );
74                 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
75                 return SLAPD_DISCONNECT;
76         }
77
78         Debug( LDAP_DEBUG_ARGS, "%s do_modify: dn (%s)\n",
79                 op->o_log_prefix, dn.bv_val, 0 );
80
81         rs->sr_err = slap_parse_modlist( op, rs, op->o_ber, &op->oq_modify );
82         if ( rs->sr_err != LDAP_SUCCESS ) {
83                 Debug( LDAP_DEBUG_ANY, "%s do_modify: slap_parse_modlist failed err=%d msg=%s\n",
84                         op->o_log_prefix, rs->sr_err, rs->sr_text );
85                 goto cleanup;
86         }
87
88         if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
89                 Debug( LDAP_DEBUG_ANY, "%s do_modify: get_ctrls failed\n",
90                         op->o_log_prefix, 0, 0 );
91                 goto cleanup;
92         }
93
94         rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn,
95                 op->o_tmpmemctx );
96         if( rs->sr_err != LDAP_SUCCESS ) {
97                 Debug( LDAP_DEBUG_ANY, "%s do_modify: invalid dn (%s)\n",
98                         op->o_log_prefix, dn.bv_val, 0 );
99                 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
100                 goto cleanup;
101         }
102
103         op->orm_no_opattrs = 0;
104
105 #ifdef LDAP_DEBUG
106         Debug( LDAP_DEBUG_ARGS, "%s modifications:\n",
107                         op->o_log_prefix, 0, 0 );
108
109         for ( tmp = op->orm_modlist; tmp != NULL; tmp = tmp->sml_next ) {
110                 Debug( LDAP_DEBUG_ARGS, "\t%s: %s\n",
111                         tmp->sml_op == LDAP_MOD_ADD ? "add" :
112                                 (tmp->sml_op == LDAP_MOD_INCREMENT ? "increment" :
113                                 (tmp->sml_op == LDAP_MOD_DELETE ? "delete" :
114                                         "replace")), tmp->sml_type.bv_val, 0 );
115
116                 if ( tmp->sml_values == NULL ) {
117                         Debug( LDAP_DEBUG_ARGS, "%s\n",
118                            "\t\tno values", NULL, NULL );
119                 } else if ( BER_BVISNULL( &tmp->sml_values[ 0 ] ) ) {
120                         Debug( LDAP_DEBUG_ARGS, "%s\n",
121                            "\t\tzero values", NULL, NULL );
122                 } else if ( BER_BVISNULL( &tmp->sml_values[ 1 ] ) ) {
123                         Debug( LDAP_DEBUG_ARGS, "%s, length %ld\n",
124                            "\t\tone value", (long) tmp->sml_values[0].bv_len, NULL );
125                 } else {
126                         Debug( LDAP_DEBUG_ARGS, "%s\n",
127                            "\t\tmultiple values", NULL, NULL );
128                 }
129         }
130
131         if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
132                 char abuf[BUFSIZ/2], *ptr = abuf;
133                 int len = 0;
134
135                 Statslog( LDAP_DEBUG_STATS, "%s MOD dn=\"%s\"\n",
136                         op->o_log_prefix, op->o_req_dn.bv_val, 0, 0, 0 );
137
138                 for ( tmp = op->orm_modlist; tmp != NULL; tmp = tmp->sml_next ) {
139                         if (len + 1 + tmp->sml_type.bv_len > sizeof(abuf)) {
140                                 Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
141                                     op->o_log_prefix, abuf, 0, 0, 0 );
142
143                                 len = 0;
144                                 ptr = abuf;
145
146                                 if( 1 + tmp->sml_type.bv_len > sizeof(abuf)) {
147                                         Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
148                                                 op->o_log_prefix, tmp->sml_type.bv_val, 0, 0, 0 );
149                                         continue;
150                                 }
151                         }
152                         if (len) {
153                                 *ptr++ = ' ';
154                                 len++;
155                         }
156                         ptr = lutil_strcopy(ptr, tmp->sml_type.bv_val);
157                         len += tmp->sml_type.bv_len;
158                 }
159                 if (len) {
160                         Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
161                                 op->o_log_prefix, abuf, 0, 0, 0 );
162                 }
163         }
164 #endif  /* LDAP_DEBUG */
165
166         rs->sr_err = slap_mods_check( op, op->orm_modlist,
167                 &rs->sr_text, textbuf, textlen, NULL );
168
169         if ( rs->sr_err != LDAP_SUCCESS ) {
170                 send_ldap_result( op, rs );
171                 goto cleanup;
172         }
173
174         op->o_bd = frontendDB;
175         rs->sr_err = frontendDB->be_modify( op, rs );
176
177 #ifdef LDAP_X_TXN
178         if( rs->sr_err == LDAP_X_TXN_SPECIFY_OKAY ) {
179                 /* skip cleanup */
180                 return rs->sr_err;
181         }
182 #endif
183
184 cleanup:
185         op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
186         op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
187         if ( op->orm_modlist != NULL ) slap_mods_free( op->orm_modlist, 1 );
188
189         return rs->sr_err;
190 }
191
192 int
193 fe_op_modify( Operation *op, SlapReply *rs )
194 {
195         BackendDB       *op_be, *bd = op->o_bd;
196         char            textbuf[ SLAP_TEXT_BUFLEN ];
197         size_t          textlen = sizeof( textbuf );
198         
199         if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
200                 Debug( LDAP_DEBUG_ANY, "%s do_modify: root dse!\n",
201                         op->o_log_prefix, 0, 0 );
202                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
203                         "modify upon the root DSE not supported" );
204                 goto cleanup;
205
206         } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
207                 Debug( LDAP_DEBUG_ANY, "%s do_modify: subschema subentry!\n",
208                         op->o_log_prefix, 0, 0 );
209                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
210                         "modification of subschema subentry not supported" );
211                 goto cleanup;
212         }
213
214         /*
215          * We could be serving multiple database backends.  Select the
216          * appropriate one, or send a referral to our "referral server"
217          * if we don't hold it.
218          */
219         op->o_bd = select_backend( &op->o_req_ndn, 1 );
220         if ( op->o_bd == NULL ) {
221                 op->o_bd = bd;
222                 rs->sr_ref = referral_rewrite( default_referral,
223                         NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
224                 if ( !rs->sr_ref ) {
225                         rs->sr_ref = default_referral;
226                 }
227
228                 if ( rs->sr_ref != NULL ) {
229                         rs->sr_err = LDAP_REFERRAL;
230                         send_ldap_result( op, rs );
231
232                         if ( rs->sr_ref != default_referral ) {
233                                 ber_bvarray_free( rs->sr_ref );
234                         }
235
236                 } else {
237                         send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
238                                 "no global superior knowledge" );
239                 }
240                 goto cleanup;
241         }
242
243         /* If we've got a glued backend, check the real backend */
244         op_be = op->o_bd;
245         if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
246                 op->o_bd = select_backend( &op->o_req_ndn, 0 );
247         }
248
249         /* check restrictions */
250         if ( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
251                 send_ldap_result( op, rs );
252                 goto cleanup;
253         }
254
255         /* check for referrals */
256         if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
257                 goto cleanup;
258         }
259
260         rs->sr_err = slap_mods_obsolete_check( op, op->orm_modlist,
261                 &rs->sr_text, textbuf, textlen );
262         if ( rs->sr_err != LDAP_SUCCESS ) {
263                 send_ldap_result( op, rs );
264                 goto cleanup;
265         }
266
267         /* check for modify/increment support */
268         if ( op->orm_increment && !SLAP_INCREMENT( op->o_bd ) ) {
269                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
270                         "modify/increment not supported in context" );
271                 goto cleanup;
272         }
273
274         /*
275          * do the modify if 1 && (2 || 3)
276          * 1) there is a modify function implemented in this backend;
277          * 2) this backend is master for what it holds;
278          * 3) it's a replica and the dn supplied is the update_ndn.
279          */
280         if ( op->o_bd->be_modify ) {
281                 /* do the update here */
282                 int repl_user = be_isupdate( op );
283
284                 /*
285                  * Multimaster slapd does not have to check for replicator dn
286                  * because it accepts each modify request
287                  */
288                 if ( !SLAP_SINGLE_SHADOW(op->o_bd) || repl_user ) {
289                         int update = !BER_BVISEMPTY( &op->o_bd->be_update_ndn );
290
291                         op->o_bd = op_be;
292
293                         if ( !update ) {
294                                 rs->sr_err = slap_mods_no_user_mod_check( op, op->orm_modlist,
295                                         &rs->sr_text, textbuf, textlen );
296                                 if ( rs->sr_err != LDAP_SUCCESS ) {
297                                         send_ldap_result( op, rs );
298                                         goto cleanup;
299                                 }
300                         }
301                         op->o_bd->be_modify( op, rs );
302
303                 } else { /* send a referral */
304                         BerVarray defref = op->o_bd->be_update_refs
305                                 ? op->o_bd->be_update_refs : default_referral;
306                         if ( defref != NULL ) {
307                                 rs->sr_ref = referral_rewrite( defref,
308                                         NULL, &op->o_req_dn,
309                                         LDAP_SCOPE_DEFAULT );
310                                 if ( rs->sr_ref == NULL ) {
311                                         /* FIXME: must duplicate, because
312                                          * overlays may muck with it */
313                                         rs->sr_ref = defref;
314                                 }
315                                 rs->sr_err = LDAP_REFERRAL;
316                                 send_ldap_result( op, rs );
317                                 if ( rs->sr_ref != defref ) {
318                                         ber_bvarray_free( rs->sr_ref );
319                                 }
320
321                         } else {
322                                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
323                                         "shadow context; no update referral" );
324                         }
325                 }
326
327         } else {
328                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
329                     "operation not supported within namingContext" );
330         }
331
332 cleanup:;
333         op->o_bd = bd;
334         return rs->sr_err;
335 }
336
337 /*
338  * Obsolete constraint checking.
339  */
340 int
341 slap_mods_obsolete_check(
342         Operation *op,
343         Modifications *ml,
344         const char **text,
345         char *textbuf,
346         size_t textlen )
347 {
348         if( get_relax( op ) ) return LDAP_SUCCESS;
349
350         for ( ; ml != NULL; ml = ml->sml_next ) {
351                 if ( is_at_obsolete( ml->sml_desc->ad_type ) &&
352                         (( ml->sml_op != LDAP_MOD_REPLACE &&
353                                 ml->sml_op != LDAP_MOD_DELETE ) ||
354                                         ml->sml_values != NULL ))
355                 {
356                         /*
357                          * attribute is obsolete,
358                          * only allow replace/delete with no values
359                          */
360                         snprintf( textbuf, textlen,
361                                 "%s: attribute is obsolete",
362                                 ml->sml_type.bv_val );
363                         *text = textbuf;
364                         return LDAP_CONSTRAINT_VIOLATION;
365                 }
366         }
367
368         return LDAP_SUCCESS;
369 }
370
371 /*
372  * No-user-modification constraint checking.
373  */
374 int
375 slap_mods_no_user_mod_check(
376         Operation *op,
377         Modifications *ml,
378         const char **text,
379         char *textbuf,
380         size_t textlen )
381 {
382         for ( ; ml != NULL; ml = ml->sml_next ) {
383                 if ( !is_at_no_user_mod( ml->sml_desc->ad_type ) ) {
384                         continue;
385                 }
386
387                 if ( ml->sml_flags & SLAP_MOD_INTERNAL ) {
388                         continue;
389                 }
390
391                 if ( get_relax( op ) ) {
392                         if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_MANAGEABLE ) {
393                                 ml->sml_flags |= SLAP_MOD_MANAGING;
394                                 continue;
395                         }
396
397                         /* attribute not manageable */
398                         snprintf( textbuf, textlen,
399                                 "%s: no-user-modification attribute not manageable",
400                                 ml->sml_type.bv_val );
401
402                 } else {
403                         /* user modification disallowed */
404                         snprintf( textbuf, textlen,
405                                 "%s: no user modification allowed",
406                                 ml->sml_type.bv_val );
407                 }
408
409                 *text = textbuf;
410                 return LDAP_CONSTRAINT_VIOLATION;
411         }
412
413         return LDAP_SUCCESS;
414 }
415
416 int
417 slap_mods_no_repl_user_mod_check(
418         Operation *op,
419         Modifications *ml,
420         const char **text,
421         char *textbuf,
422         size_t textlen )
423 {
424         Modifications *mods;
425         Modifications *modp;
426
427         for ( mods = ml; mods != NULL; mods = mods->sml_next ) {
428                 assert( mods->sml_op == LDAP_MOD_ADD );
429
430                 /* check doesn't already appear */
431                 for ( modp = ml; modp != NULL; modp = modp->sml_next ) {
432                         if ( mods->sml_desc == modp->sml_desc && mods != modp ) {
433                                 snprintf( textbuf, textlen,
434                                         "attribute '%s' provided more than once",
435                                         mods->sml_desc->ad_cname.bv_val );
436                                 *text = textbuf;
437                                 return LDAP_TYPE_OR_VALUE_EXISTS;
438                         }
439                 }
440         }
441
442         return LDAP_SUCCESS;
443 }
444
445 /*
446  * Do basic attribute type checking and syntax validation.
447  */
448 int slap_mods_check(
449         Operation *op,
450         Modifications *ml,
451         const char **text,
452         char *textbuf,
453         size_t textlen,
454         void *ctx )
455 {
456         int rc;
457
458         for( ; ml != NULL; ml = ml->sml_next ) {
459                 AttributeDescription *ad = NULL;
460
461                 /* convert to attribute description */
462                 if ( ml->sml_desc == NULL ) {
463                         rc = slap_bv2ad( &ml->sml_type, &ml->sml_desc, text );
464                         if( rc != LDAP_SUCCESS ) {
465                                 if ( get_no_schema_check( op )) {
466                                         rc = slap_bv2undef_ad( &ml->sml_type, &ml->sml_desc,
467                                                 text, 0 );
468                                 }
469                         }
470                         if( rc != LDAP_SUCCESS ) {
471                                 snprintf( textbuf, textlen, "%s: %s",
472                                         ml->sml_type.bv_val, *text );
473                                 *text = textbuf;
474                                 return rc;
475                         }
476                 }
477
478                 ad = ml->sml_desc;
479
480                 if( slap_syntax_is_binary( ad->ad_type->sat_syntax )
481                         && !slap_ad_is_binary( ad ))
482                 {
483                         /* attribute requires binary transfer */
484                         snprintf( textbuf, textlen,
485                                 "%s: requires ;binary transfer",
486                                 ml->sml_type.bv_val );
487                         *text = textbuf;
488                         return LDAP_UNDEFINED_TYPE;
489                 }
490
491                 if( !slap_syntax_is_binary( ad->ad_type->sat_syntax )
492                         && slap_ad_is_binary( ad ))
493                 {
494                         /* attribute does not require binary transfer */
495                         snprintf( textbuf, textlen,
496                                 "%s: disallows ;binary transfer",
497                                 ml->sml_type.bv_val );
498                         *text = textbuf;
499                         return LDAP_UNDEFINED_TYPE;
500                 }
501
502                 if( slap_ad_is_tag_range( ad )) {
503                         /* attribute requires binary transfer */
504                         snprintf( textbuf, textlen,
505                                 "%s: inappropriate use of tag range option",
506                                 ml->sml_type.bv_val );
507                         *text = textbuf;
508                         return LDAP_UNDEFINED_TYPE;
509                 }
510
511 #if 0
512                 if ( is_at_obsolete( ad->ad_type ) &&
513                         (( ml->sml_op != LDAP_MOD_REPLACE &&
514                                 ml->sml_op != LDAP_MOD_DELETE ) ||
515                                         ml->sml_values != NULL ))
516                 {
517                         /*
518                          * attribute is obsolete,
519                          * only allow replace/delete with no values
520                          */
521                         snprintf( textbuf, textlen,
522                                 "%s: attribute is obsolete",
523                                 ml->sml_type.bv_val );
524                         *text = textbuf;
525                         return LDAP_CONSTRAINT_VIOLATION;
526                 }
527 #endif
528
529                 if ( ml->sml_op == LDAP_MOD_INCREMENT &&
530 #ifdef SLAPD_REAL_SYNTAX
531                         !is_at_syntax( ad->ad_type, SLAPD_REAL_SYNTAX ) &&
532 #endif
533                         !is_at_syntax( ad->ad_type, SLAPD_INTEGER_SYNTAX ) )
534                 {
535                         /*
536                          * attribute values must be INTEGER or REAL
537                          */
538                         snprintf( textbuf, textlen,
539                                 "%s: attribute syntax inappropriate for increment",
540                                 ml->sml_type.bv_val );
541                         *text = textbuf;
542                         return LDAP_CONSTRAINT_VIOLATION;
543                 }
544
545                 /*
546                  * check values
547                  */
548                 if( ml->sml_values != NULL ) {
549                         ber_len_t nvals;
550                         slap_syntax_validate_func *validate =
551                                 ad->ad_type->sat_syntax->ssyn_validate;
552                         slap_syntax_transform_func *pretty =
553                                 ad->ad_type->sat_syntax->ssyn_pretty;
554  
555                         if( !pretty && !validate ) {
556                                 *text = "no validator for syntax";
557                                 snprintf( textbuf, textlen,
558                                         "%s: no validator for syntax %s",
559                                         ml->sml_type.bv_val,
560                                         ad->ad_type->sat_syntax->ssyn_oid );
561                                 *text = textbuf;
562                                 return LDAP_INVALID_SYNTAX;
563                         }
564
565                         /*
566                          * check that each value is valid per syntax
567                          *      and pretty if appropriate
568                          */
569                         for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ ) {
570                                 struct berval pval;
571
572                                 if ( pretty ) {
573                                         rc = ordered_value_pretty( ad,
574                                                 &ml->sml_values[nvals], &pval, ctx );
575                                 } else {
576                                         rc = ordered_value_validate( ad,
577                                                 &ml->sml_values[nvals], ml->sml_op );
578                                 }
579
580                                 if( rc != 0 ) {
581                                         snprintf( textbuf, textlen,
582                                                 "%s: value #%ld invalid per syntax",
583                                                 ml->sml_type.bv_val, (long) nvals );
584                                         *text = textbuf;
585                                         return LDAP_INVALID_SYNTAX;
586                                 }
587
588                                 if( pretty ) {
589                                         ber_memfree_x( ml->sml_values[nvals].bv_val, ctx );
590                                         ml->sml_values[nvals] = pval;
591                                 }
592                         }
593                         ml->sml_values[nvals].bv_len = 0;
594                         ml->sml_numvals = nvals;
595
596                         /*
597                          * a rough single value check... an additional check is needed
598                          * to catch add of single value to existing single valued attribute
599                          */
600                         if ((ml->sml_op == LDAP_MOD_ADD || ml->sml_op == LDAP_MOD_REPLACE)
601                                 && nvals > 1 && is_at_single_value( ad->ad_type ))
602                         {
603                                 snprintf( textbuf, textlen,
604                                         "%s: multiple values provided",
605                                         ml->sml_type.bv_val );
606                                 *text = textbuf;
607                                 return LDAP_CONSTRAINT_VIOLATION;
608                         }
609
610                         /* if the type has a normalizer, generate the
611                          * normalized values. otherwise leave them NULL.
612                          *
613                          * this is different from the rule for attributes
614                          * in an entry - in an attribute list, the normalized
615                          * value is set equal to the non-normalized value
616                          * when there is no normalizer.
617                          */
618                         if( nvals && ad->ad_type->sat_equality &&
619                                 ad->ad_type->sat_equality->smr_normalize )
620                         {
621                                 ml->sml_nvalues = ber_memalloc_x(
622                                         (nvals+1)*sizeof(struct berval), ctx );
623
624                                 for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ ) {
625                                         rc = ordered_value_normalize(
626                                                 SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
627                                                 ad,
628                                                 ad->ad_type->sat_equality,
629                                                 &ml->sml_values[nvals], &ml->sml_nvalues[nvals], ctx );
630                                         if ( rc ) {
631                                                 Debug( LDAP_DEBUG_ANY,
632                                                         "<= str2entry NULL (ssyn_normalize %d)\n",
633                                                         rc, 0, 0 );
634                                                 snprintf( textbuf, textlen,
635                                                         "%s: value #%ld normalization failed",
636                                                         ml->sml_type.bv_val, (long) nvals );
637                                                 *text = textbuf;
638                                                 BER_BVZERO( &ml->sml_nvalues[nvals] );
639                                                 return rc;
640                                         }
641                                 }
642
643                                 BER_BVZERO( &ml->sml_nvalues[nvals] );
644                         }
645
646                         /* check for duplicates, but ignore Deletes.
647                          */
648                         if( nvals > 1 && ml->sml_op != LDAP_MOD_DELETE ) {
649                                 int i;
650                                 rc = slap_sort_vals( ml, text, &i, ctx );
651                                 if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
652                                         /* value exists already */
653                                         snprintf( textbuf, textlen,
654                                                 "%s: value #%d provided more than once",
655                                                 ml->sml_desc->ad_cname.bv_val, i );
656                                         *text = textbuf;
657                                 }
658                                 if ( rc )
659                                         return rc;
660                         }
661                 } else {
662                         ml->sml_numvals = 0;
663                 }
664         }
665
666         return LDAP_SUCCESS;
667 }
668
669 /* Sort a set of values. An (Attribute *) may be used interchangeably here
670  * instead of a (Modifications *) structure.
671  *
672  * Uses Quicksort + Insertion sort for small arrays
673  */
674
675 int
676 slap_sort_vals(
677         Modifications *ml,
678         const char **text,
679         int *dup,
680         void *ctx )
681 {
682         AttributeDescription *ad;
683         MatchingRule *mr;
684         int istack[sizeof(int)*16];
685         int i, j, k, l, ir, jstack, match, *ix, itmp, nvals, rc;
686         int is_norm;
687         struct berval a, *cv;
688
689 #define SMALL   8
690 #define SWAP(a,b,tmp)   tmp=(a);(a)=(b);(b)=tmp
691 #define COMP(a,b)       match=0; rc = ordered_value_match( &match, \
692                                                 ad, mr, SLAP_MR_EQUALITY \
693                                                                 | SLAP_MR_VALUE_OF_ASSERTION_SYNTAX \
694                                                                 | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH \
695                                                                 | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH, \
696                                                                 &(a), &(b), text );
697
698 #define IX(x)   ix[x]
699 #define EXCH(x,y)       SWAP(ix[x],ix[y],itmp)
700 #define SETA(x) itmp = ix[x]; a = cv[itmp]
701 #define GETA(x) ix[x] = itmp;
702 #define SET(x,y)        ix[x] = ix[y]
703
704         ad = ml->sml_desc;
705         nvals = ml->sml_numvals;
706
707         /* For Modifications, sml_nvalues is NULL if normalization wasn't needed.
708          * For Attributes, sml_nvalues == sml_values when normalization isn't needed.
709          */
710         if ( ml->sml_nvalues && ml->sml_nvalues != ml->sml_values ) {
711                 cv = ml->sml_nvalues;
712                 is_norm = 1;
713         } else {
714                 cv = ml->sml_values;
715                 is_norm = 0;
716         }
717
718         if ( ad == slap_schema.si_ad_objectClass )
719                 mr = NULL;      /* shortcut matching */
720         else
721                 mr = ad->ad_type->sat_equality;
722
723         /* record indices to preserve input ordering */
724         ix = slap_sl_malloc( nvals * sizeof(int), ctx );
725         for (i=0; i<nvals; i++) ix[i] = i;
726
727         ir = nvals-1;
728         l = 0;
729         jstack = 0;
730
731         for(;;) {
732                 if (ir - l < SMALL) {   /* Insertion sort */
733                         match=1;
734                         for (j=l+1;j<=ir;j++) {
735                                 SETA(j);
736                                 for (i=j-1;i>=0;i--) {
737                                         COMP(cv[IX(i)], a);
738                                         if ( match <= 0 )
739                                                 break;
740                                         SET(i+1,i);
741                                 }
742                                 GETA(i+1);
743                                 if ( match == 0 ) goto done;
744                         }
745                         if ( jstack == 0 ) break;
746                         if ( match == 0 ) break;
747                         ir = istack[jstack--];
748                         l = istack[jstack--];
749                 } else {
750                         k = (l + ir) >> 1;      /* Choose median of left, center, right */
751                         EXCH(k, l+1);
752                         COMP( cv[IX(l)], cv[IX(ir)] );
753                         if ( match > 0 ) {
754                                 EXCH(l, ir);
755                         } else if ( match == 0 ) {
756                                 i = ir;
757                                 break;
758                         }
759                         COMP( cv[IX(l+1)], cv[IX(ir)] );
760                         if ( match > 0 ) {
761                                 EXCH(l+1, ir);
762                         } else if ( match == 0 ) {
763                                 i = ir;
764                                 break;
765                         }
766                         COMP( cv[IX(l)], cv[IX(l+1)] );
767                         if ( match > 0 ) {
768                                 EXCH(l, l+1);
769                         } else if ( match == 0 ) {
770                                 i = l;
771                                 break;
772                         }
773                         i = l+1;
774                         j = ir;
775                         a = cv[IX(i)];
776                         for(;;) {
777                                 do {
778                                         i++;
779                                         COMP( cv[IX(i)], a );
780                                 } while( match < 0 );
781                                 while( match > 0 ) {
782                                         j--;
783                                         COMP( cv[IX(j)], a );
784                                 }
785                                 if (j < i) {
786                                         match = 1;
787                                         break;
788                                 }
789                                 if ( match == 0 ) {
790                                         i = l+1;
791                                         break;
792                                 }
793                                 EXCH(i,j);
794                         }
795                         if ( match == 0 )
796                                 break;
797                         EXCH(l+1,j);
798                         jstack += 2;
799                         if (ir-i+1 >= j) {
800                                 istack[jstack] = ir;
801                                 istack[jstack-1] = i;
802                                 ir = j;
803                         } else {
804                                 istack[jstack] = j;
805                                 istack[jstack-1] = l;
806                                 l = i;
807                         }
808                 }
809         }
810         done:
811         if ( match == 0 && i >= 0 )
812                 *dup = ix[i];
813
814         /* For sorted attributes, put the values in index order */
815         if ( rc == LDAP_SUCCESS && match &&
816                 ( ad->ad_type->sat_flags & SLAP_AT_SORTED_VAL )) {
817                 BerVarray tmpv = slap_sl_malloc( sizeof( struct berval ) * nvals, ctx );
818                 for ( i = 0; i<nvals; i++ )
819                         tmpv[i] = cv[ix[i]];
820                 for ( i = 0; i<nvals; i++ )
821                         cv[i] = tmpv[i];
822                 /* Check if the non-normalized array needs to move too */
823                 if ( is_norm ) {
824                         cv = ml->sml_values;
825                         for ( i = 0; i<nvals; i++ )
826                                 tmpv[i] = cv[ix[i]];
827                         for ( i = 0; i<nvals; i++ )
828                                 cv[i] = tmpv[i];
829                 }
830                 slap_sl_free( tmpv, ctx );
831         }
832
833         slap_sl_free( ix, ctx );
834
835         if ( rc != LDAP_SUCCESS ) {
836                 return rc;
837         } else if ( match == 0 ) {
838                 /* value exists already */
839                 assert( i >= 0 );
840                 assert( i < nvals );
841                 return LDAP_TYPE_OR_VALUE_EXISTS;
842         }
843         return LDAP_SUCCESS;
844 }
845
846 /* Enter with bv->bv_len = sizeof buffer, returns with
847  * actual length of string
848  */
849 void slap_timestamp( time_t *tm, struct berval *bv )
850 {
851         struct tm *ltm;
852 #ifdef HAVE_GMTIME_R
853         struct tm ltm_buf;
854
855         ltm = gmtime_r( tm, &ltm_buf );
856 #else
857         ldap_pvt_thread_mutex_lock( &gmtime_mutex );
858         ltm = gmtime( tm );
859 #endif
860
861         bv->bv_len = lutil_gentime( bv->bv_val, bv->bv_len, ltm );
862
863 #ifndef HAVE_GMTIME_R
864         ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
865 #endif
866 }
867
868 /* Called for all modify and modrdn ops. If the current op was replicated
869  * from elsewhere, all of the attrs should already be present.
870  */
871 void slap_mods_opattrs(
872         Operation *op,
873         Modifications **modsp,
874         int manage_ctxcsn )
875 {
876         struct berval name, timestamp, csn = BER_BVNULL;
877         struct berval nname;
878         char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
879         char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
880         Modifications *mod, **modtail, *modlast;
881         int gotcsn = 0, gotmname = 0, gotmtime = 0;
882
883         if ( SLAP_LASTMOD( op->o_bd ) && !op->orm_no_opattrs ) {
884                 char *ptr;
885                 timestamp.bv_val = timebuf;
886                 for ( modtail = modsp; *modtail; modtail = &(*modtail)->sml_next ) {
887                         if ( (*modtail)->sml_op != LDAP_MOD_ADD &&
888                                 (*modtail)->sml_op != SLAP_MOD_SOFTADD &&
889                                 (*modtail)->sml_op != LDAP_MOD_REPLACE )
890                         {
891                                 continue;
892                         }
893
894                         if ( (*modtail)->sml_desc == slap_schema.si_ad_entryCSN )
895                         {
896                                 csn = (*modtail)->sml_values[0];
897                                 gotcsn = 1;
898
899                         } else if ( (*modtail)->sml_desc == slap_schema.si_ad_modifiersName )
900                         {
901                                 gotmname = 1;
902
903                         } else if ( (*modtail)->sml_desc == slap_schema.si_ad_modifyTimestamp )
904                         {
905                                 gotmtime = 1;
906                         }
907                 }
908
909                 if ( BER_BVISEMPTY( &op->o_csn )) {
910                         if ( !gotcsn ) {
911                                 csn.bv_val = csnbuf;
912                                 csn.bv_len = sizeof( csnbuf );
913                                 slap_get_csn( op, &csn, manage_ctxcsn );
914
915                         } else {
916                                 if ( manage_ctxcsn ) {
917                                         slap_queue_csn( op, &csn );
918                                 }
919                         }
920
921                 } else {
922                         csn = op->o_csn;
923                 }
924
925                 ptr = ber_bvchr( &csn, '#' );
926                 if ( ptr ) {
927                         timestamp.bv_len = STRLENOF("YYYYMMDDHHMMSSZ");
928                         AC_MEMCPY( timebuf, csn.bv_val, timestamp.bv_len );
929                         timebuf[timestamp.bv_len-1] = 'Z';
930                         timebuf[timestamp.bv_len] = '\0';
931
932                 } else {
933                         time_t now = slap_get_time();
934
935                         timestamp.bv_len = sizeof(timebuf);
936
937                         slap_timestamp( &now, &timestamp );
938                 }
939
940                 if ( BER_BVISEMPTY( &op->o_dn ) ) {
941                         BER_BVSTR( &name, SLAPD_ANONYMOUS );
942                         nname = name;
943
944                 } else {
945                         name = op->o_dn;
946                         nname = op->o_ndn;
947                 }
948
949                 if ( !gotcsn ) {
950                         mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
951                         mod->sml_op = LDAP_MOD_REPLACE;
952                         mod->sml_flags = SLAP_MOD_INTERNAL;
953                         mod->sml_next = NULL;
954                         BER_BVZERO( &mod->sml_type );
955                         mod->sml_desc = slap_schema.si_ad_entryCSN;
956                         mod->sml_numvals = 1;
957                         mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
958                         ber_dupbv( &mod->sml_values[0], &csn );
959                         BER_BVZERO( &mod->sml_values[1] );
960                         assert( !BER_BVISNULL( &mod->sml_values[0] ) );
961                         mod->sml_nvalues = NULL;
962                         *modtail = mod;
963                         modlast = mod;
964                         modtail = &mod->sml_next;
965                 }
966
967                 if ( !gotmname ) {
968                         mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
969                         mod->sml_op = LDAP_MOD_REPLACE;
970                         mod->sml_flags = SLAP_MOD_INTERNAL;
971                         mod->sml_next = NULL;
972                         BER_BVZERO( &mod->sml_type );
973                         mod->sml_desc = slap_schema.si_ad_modifiersName;
974                         mod->sml_numvals = 1;
975                         mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
976                         ber_dupbv( &mod->sml_values[0], &name );
977                         BER_BVZERO( &mod->sml_values[1] );
978                         assert( !BER_BVISNULL( &mod->sml_values[0] ) );
979                         mod->sml_nvalues =
980                                 (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
981                         ber_dupbv( &mod->sml_nvalues[0], &nname );
982                         BER_BVZERO( &mod->sml_nvalues[1] );
983                         assert( !BER_BVISNULL( &mod->sml_nvalues[0] ) );
984                         *modtail = mod;
985                         modtail = &mod->sml_next;
986                 }
987
988                 if ( !gotmtime ) {
989                         mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
990                         mod->sml_op = LDAP_MOD_REPLACE;
991                         mod->sml_flags = SLAP_MOD_INTERNAL;
992                         mod->sml_next = NULL;
993                         BER_BVZERO( &mod->sml_type );
994                         mod->sml_desc = slap_schema.si_ad_modifyTimestamp;
995                         mod->sml_numvals = 1;
996                         mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
997                         ber_dupbv( &mod->sml_values[0], &timestamp );
998                         BER_BVZERO( &mod->sml_values[1] );
999                         assert( !BER_BVISNULL( &mod->sml_values[0] ) );
1000                         mod->sml_nvalues = NULL;
1001                         *modtail = mod;
1002                         modtail = &mod->sml_next;
1003                 }
1004         }
1005 }
1006
1007 int
1008 slap_parse_modlist(
1009         Operation *op,
1010         SlapReply *rs,
1011         BerElement *ber,
1012         req_modify_s *ms )
1013 {
1014         ber_tag_t       tag;
1015         ber_len_t       len;
1016         char            *last;
1017         Modifications   **modtail = &ms->rs_mods.rs_modlist;
1018
1019         ms->rs_mods.rs_modlist = NULL;
1020         ms->rs_increment = 0;
1021
1022         rs->sr_err = LDAP_SUCCESS;
1023
1024         /* collect modifications & save for later */
1025         for ( tag = ber_first_element( ber, &len, &last );
1026                 tag != LBER_DEFAULT;
1027                 tag = ber_next_element( ber, &len, last ) )
1028         {
1029                 ber_int_t mop;
1030                 Modifications tmp, *mod;
1031
1032                 tmp.sml_nvalues = NULL;
1033
1034                 if ( ber_scanf( ber, "{e{m[W]}}", &mop,
1035                     &tmp.sml_type, &tmp.sml_values ) == LBER_ERROR )
1036                 {
1037                         rs->sr_text = "decoding modlist error";
1038                         rs->sr_err = LDAP_PROTOCOL_ERROR;
1039                         goto done;
1040                 }
1041
1042                 mod = (Modifications *) ch_malloc( sizeof(Modifications) );
1043                 mod->sml_op = mop;
1044                 mod->sml_flags = 0;
1045                 mod->sml_type = tmp.sml_type;
1046                 mod->sml_values = tmp.sml_values;
1047                 mod->sml_nvalues = NULL;
1048                 mod->sml_desc = NULL;
1049                 mod->sml_next = NULL;
1050                 *modtail = mod;
1051
1052                 switch( mop ) {
1053                 case LDAP_MOD_ADD:
1054                         if ( mod->sml_values == NULL ) {
1055                                 rs->sr_text = "modify/add operation requires values";
1056                                 rs->sr_err = LDAP_PROTOCOL_ERROR;
1057                                 goto done;
1058                         }
1059
1060                         /* fall through */
1061
1062                 case LDAP_MOD_DELETE:
1063                 case LDAP_MOD_REPLACE:
1064                         break;
1065
1066                 case LDAP_MOD_INCREMENT:
1067                         if( op->o_protocol >= LDAP_VERSION3 ) {
1068                                 ms->rs_increment++;
1069                                 if ( mod->sml_values == NULL ) {
1070                                         rs->sr_text = "modify/increment operation requires value";
1071                                         rs->sr_err = LDAP_PROTOCOL_ERROR;
1072                                         goto done;
1073                                 }
1074
1075                                 if ( !BER_BVISNULL( &mod->sml_values[ 1 ] ) ) {
1076                                         rs->sr_text = "modify/increment operation requires single value";
1077                                         rs->sr_err = LDAP_PROTOCOL_ERROR;
1078                                         goto done;
1079                                 }
1080
1081                                 break;
1082                         }
1083                         /* fall thru */
1084
1085                 default:
1086                         rs->sr_text = "unrecognized modify operation";
1087                         rs->sr_err = LDAP_PROTOCOL_ERROR;
1088                         goto done;
1089                 }
1090
1091                 modtail = &mod->sml_next;
1092         }
1093         *modtail = NULL;
1094
1095 done:
1096         if ( rs->sr_err != LDAP_SUCCESS ) {
1097                 slap_mods_free( ms->rs_mods.rs_modlist, 1 );
1098                 ms->rs_mods.rs_modlist = NULL;
1099                 ms->rs_increment = 0;
1100         }
1101
1102         return rs->sr_err;
1103 }
1104