git.sur5r.net Git - openldap/blob - servers/slapd/modrdn.c

   1 /* $OpenLDAP$ */
   2 /*
   3  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
   4  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   5  */
   6 /*
   7  * Copyright (c) 1995 Regents of the University of Michigan.
   8  * All rights reserved.
   9  *
  10  * Redistribution and use in source and binary forms are permitted
  11  * provided that this notice is preserved and that due credit is given
  12  * to the University of Michigan at Ann Arbor. The name of the University
  13  * may not be used to endorse or promote products derived from this
  14  * software without specific prior written permission. This software
  15  * is provided ``as is'' without express or implied warranty.
  16  */
  17
  18 /*
  19  * LDAP v3 newSuperior support.
  20  *
  21  * Copyright 1999, Juan C. Gomez, All rights reserved.
  22  * This software is not subject to any license of Silicon Graphics
  23  * Inc. or Purdue University.
  24  *
  25  * Redistribution and use in source and binary forms are permitted
  26  * without restriction or fee of any kind as long as this notice
  27  * is preserved.
  28  *
  29  */
  30
  31 #include "portable.h"
  32
  33 #include <stdio.h>
  34
  35 #include <ac/socket.h>
  36 #include <ac/string.h>
  37
  38 #include "ldap_pvt.h"
  39 #include "slap.h"
  40
  41 int
  42 do_modrdn(
  43     Connection  *conn,
  44     Operation   *op
  45 )
  46 {
  47         struct berval dn = { 0, NULL };
  48         struct berval newrdn = { 0, NULL };
  49         struct berval newSuperior = { 0, NULL };
  50         ber_int_t       deloldrdn;
  51
  52         struct berval *ndn;
  53         char    *nnewSuperior = NULL;
  54
  55         Backend *be;
  56         Backend *newSuperior_be = NULL;
  57         ber_len_t       length;
  58         int rc;
  59         const char *text;
  60         int manageDSAit;
  61
  62 #ifdef NEW_LOGGING
  63         LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY,
  64                 "do_modrdn: begin\n" ));
  65 #else
  66         Debug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 );
  67 #endif
  68
  69
  70         /*
  71          * Parse the modrdn request.  It looks like this:
  72          *
  73          *      ModifyRDNRequest := SEQUENCE {
  74          *              entry   DistinguishedName,
  75          *              newrdn  RelativeDistinguishedName
  76          *              deleteoldrdn    BOOLEAN,
  77          *              newSuperior     [0] LDAPDN OPTIONAL (v3 Only!)
  78          *      }
  79          */
  80
  81         if ( ber_scanf( op->o_ber, "{oob", &dn, &newrdn, &deloldrdn )
  82             == LBER_ERROR )
  83         {
  84 #ifdef NEW_LOGGING
  85                 LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
  86                         "do_modrdn: ber_scanf failed\n" ));
  87 #else
  88                 Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
  89 #endif
  90
  91                 send_ldap_disconnect( conn, op,
  92                         LDAP_PROTOCOL_ERROR, "decoding error" );
  93                 return SLAPD_DISCONNECT;
  94         }
  95
  96         /* Check for newSuperior parameter, if present scan it */
  97
  98         if ( ber_peek_tag( op->o_ber, &length ) == LDAP_TAG_NEWSUPERIOR ) {
  99                 if ( op->o_protocol < LDAP_VERSION3 ) {
 100                         /* Conection record indicates v2 but field
 101                          * newSuperior is present: report error.
 102                          */
 103 #ifdef NEW_LOGGING
 104                         LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
 105                                 "do_modrdn: (v2) invalid field newSuperior.\n" ));
 106 #else
 107                         Debug( LDAP_DEBUG_ANY,
 108                             "modrdn(v2): invalid field newSuperior!\n",
 109                             0, 0, 0 );
 110 #endif
 111
 112                         send_ldap_disconnect( conn, op,
 113                                 LDAP_PROTOCOL_ERROR, "newSuperior requires LDAPv3" );
 114                         rc = SLAPD_DISCONNECT;
 115                         goto cleanup;
 116                 }
 117
 118                 if ( ber_scanf( op->o_ber, "o", &newSuperior )
 119                      == LBER_ERROR ) {
 120
 121 #ifdef NEW_LOGGING
 122                         LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
 123                                 "do_modrdn: ber_scanf(\"a\") failed\n" ));
 124 #else
 125                         Debug( LDAP_DEBUG_ANY, "ber_scanf(\"a\") failed\n",
 126                                 0, 0, 0 );
 127 #endif
 128
 129                         send_ldap_disconnect( conn, op,
 130                                 LDAP_PROTOCOL_ERROR, "decoding error" );
 131                         rc = SLAPD_DISCONNECT;
 132                         goto cleanup;
 133                 }
 134
 135                 nnewSuperior = ch_strdup( newSuperior.bv_val );
 136
 137                 if( dn_normalize( nnewSuperior ) == NULL ) {
 138 #ifdef NEW_LOGGING
 139                         LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
 140                                 "do_modrdn:  invalid new superior (%s)\n",
 141                                 newSuperior.bv_val ));
 142 #else
 143                         Debug( LDAP_DEBUG_ANY, "do_modrdn: invalid new superior (%s)\n",
 144                                 newSuperior.bv_val, 0, 0 );
 145 #endif
 146
 147                         send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
 148                                 "invalid new superior DN", NULL, NULL );
 149                         goto cleanup;
 150                 }
 151
 152         }
 153
 154 #ifdef NEW_LOGGING
 155         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 156                 "do_modrdn: dn (%s) newrdn (%s) newsuperior(%s)\n",
 157                 dn.bv_val, newrdn.bv_val,
 158                 newSuperior.bv_len ? newSuperior.bv_val : "" ));
 159 #else
 160         Debug( LDAP_DEBUG_ARGS,
 161             "do_modrdn: dn (%s) newrdn (%s) newsuperior (%s)\n",
 162                 dn.bv_val, newrdn.bv_val,
 163                 newSuperior.bv_len ? newSuperior.bv_val : "" );
 164 #endif
 165
 166
 167         if ( ber_scanf( op->o_ber, /*{*/ "}") == LBER_ERROR ) {
 168 #ifdef NEW_LOGGING
 169                 LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
 170                         "do_modrdn: ber_scanf failed\n" ));
 171 #else
 172                 Debug( LDAP_DEBUG_ANY, "do_modrdn: ber_scanf failed\n", 0, 0, 0 );
 173 #endif
 174
 175                 send_ldap_disconnect( conn, op,
 176                         LDAP_PROTOCOL_ERROR, "decoding error" );
 177                 rc = SLAPD_DISCONNECT;
 178                 goto cleanup;
 179         }
 180
 181         if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
 182 #ifdef NEW_LOGGING
 183                 LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
 184                         "do_modrdn: get_ctrls failed\n" ));
 185 #else
 186                 Debug( LDAP_DEBUG_ANY, "do_modrdn: get_ctrls failed\n", 0, 0, 0 );
 187 #endif
 188
 189                 /* get_ctrls has sent results.  Now clean up. */
 190                 goto cleanup;
 191         }
 192
 193         rc = dnNormalize( NULL, &dn, &ndn );
 194
 195         if( rc != LDAP_SUCCESS ) {
 196 #ifdef NEW_LOGGING
 197                 LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
 198                         "do_modrdn: invalid dn (%s)\n", dn.bv_val ));
 199 #else
 200                 Debug( LDAP_DEBUG_ANY, "do_modrdn: invalid dn (%s)\n",
 201                         dn.bv_val, 0, 0 );
 202 #endif
 203
 204                 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
 205                     "invalid DN", NULL, NULL );
 206                 goto cleanup;
 207         }
 208
 209         if( !rdn_validate( newrdn.bv_val ) ) {
 210 #ifdef NEW_LOGGING
 211                 LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
 212                         "do_modrdn: invalid rdn (%s).\n", newrdn.bv_val ));
 213 #else
 214                 Debug( LDAP_DEBUG_ANY, "do_modrdn: invalid rdn (%s)\n",
 215                         newrdn.bv_val, 0, 0 );
 216 #endif
 217
 218                 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
 219                     "invalid RDN", NULL, NULL );
 220                 goto cleanup;
 221         }
 222
 223         if( ndn->bv_len == 0 ) {
 224 #ifdef NEW_LOGGING
 225                 LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
 226                            "do_modrdn:  attempt to modify root DSE.\n" ));
 227 #else
 228                 Debug( LDAP_DEBUG_ANY, "do_modrdn: root dse!\n", 0, 0, 0 );
 229 #endif
 230
 231                 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
 232                         NULL, "cannot rename the root DSE", NULL, NULL );
 233                 goto cleanup;
 234
 235 #ifdef SLAPD_SCHEMA_DN
 236         } else if ( strcasecmp( ndn->bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
 237 #ifdef NEW_LOGGING
 238                 LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
 239                         "do_modrdn: attempt to modify subschema subentry\n" ));
 240 #else
 241                 Debug( LDAP_DEBUG_ANY, "do_modrdn: subschema subentry!\n", 0, 0, 0 );
 242 #endif
 243
 244                 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
 245                         NULL, "cannot rename subschema subentry", NULL, NULL );
 246                 goto cleanup;
 247 #endif
 248         }
 249
 250         Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d MODRDN dn=\"%s\"\n",
 251             op->o_connid, op->o_opid, dn.bv_val, 0, 0 );
 252
 253         manageDSAit = get_manageDSAit( op );
 254
 255         /*
 256          * We could be serving multiple database backends.  Select the
 257          * appropriate one, or send a referral to our "referral server"
 258          * if we don't hold it.
 259          */
 260         if ( (be = select_backend( ndn->bv_val, manageDSAit, 0 )) == NULL ) {
 261                 struct berval **ref = referral_rewrite( default_referral,
 262                         NULL, dn.bv_val, LDAP_SCOPE_DEFAULT );
 263
 264                 send_ldap_result( conn, op, rc = LDAP_REFERRAL,
 265                         NULL, NULL, ref ? ref : default_referral, NULL );
 266
 267                 ber_bvecfree( ref );
 268                 goto cleanup;
 269         }
 270
 271         /* check restrictions */
 272         rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
 273         if( rc != LDAP_SUCCESS ) {
 274                 send_ldap_result( conn, op, rc,
 275                         NULL, text, NULL, NULL );
 276                 goto cleanup;
 277         }
 278
 279         /* check for referrals */
 280         rc = backend_check_referrals( be, conn, op, dn.bv_val, ndn->bv_val );
 281         if ( rc != LDAP_SUCCESS ) {
 282                 goto cleanup;
 283         }
 284
 285         /* Make sure that the entry being changed and the newSuperior are in
 286          * the same backend, otherwise we return an error.
 287          */
 288         if( newSuperior.bv_len ) {
 289                 newSuperior_be = select_backend( nnewSuperior, 0, 0 );
 290
 291                 if ( newSuperior_be != be ) {
 292                         /* newSuperior is in same backend */
 293                         rc = LDAP_AFFECTS_MULTIPLE_DSAS;
 294
 295                         send_ldap_result( conn, op, rc,
 296                                 NULL, "cannot rename between DSAa", NULL, NULL );
 297
 298                         goto cleanup;
 299                 }
 300         }
 301
 302         /* deref suffix alias if appropriate */
 303         suffix_alias( be, ndn );
 304
 305         /*
 306          * do the add if 1 && (2 || 3)
 307          * 1) there is an add function implemented in this backend;
 308          * 2) this backend is master for what it holds;
 309          * 3) it's a replica and the dn supplied is the update_ndn.
 310          */
 311         if ( be->be_modrdn ) {
 312                 /* do the update here */
 313                 int repl_user = be_isupdate( be, op->o_ndn.bv_val );
 314 #ifndef SLAPD_MULTIMASTER
 315                 if ( be->be_update_ndn == NULL || repl_user )
 316 #endif
 317                 {
 318                         if ( (*be->be_modrdn)( be, conn, op, dn.bv_val, ndn->bv_val,
 319                                 newrdn.bv_val, deloldrdn, newSuperior.bv_val ) == 0
 320 #ifdef SLAPD_MULTIMASTER
 321                                 && ( be->be_update_ndn == NULL || !repl_user )
 322 #endif
 323                         ) {
 324                                 struct replog_moddn moddn;
 325                                 moddn.newrdn = newrdn.bv_val;
 326                                 moddn.deloldrdn = deloldrdn;
 327                                 moddn.newsup = newSuperior.bv_val;
 328
 329                                 replog( be, op, dn.bv_val, ndn->bv_val, &moddn );
 330                         }
 331 #ifndef SLAPD_MULTIMASTER
 332                 } else {
 333                         struct berval **defref = be->be_update_refs
 334                                 ? be->be_update_refs : default_referral;
 335                         struct berval **ref = referral_rewrite( defref,
 336                                 NULL, dn.bv_val, LDAP_SCOPE_DEFAULT );
 337
 338                         send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL,
 339                                 ref ? ref : defref, NULL );
 340
 341                         ber_bvecfree( ref );
 342 #endif
 343                 }
 344         } else {
 345                 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
 346                         NULL, "operation not supported within namingContext",
 347                         NULL, NULL );
 348         }
 349
 350 cleanup:
 351         free( dn.bv_val );
 352         free( newrdn.bv_val );
 353         free( newSuperior.bv_val );
 354
 355         if( ndn != NULL ) ber_bvfree( ndn );
 356         if ( nnewSuperior != NULL ) free( nnewSuperior );
 357         return rc;
 358 }