]> git.sur5r.net Git - openldap/blob - servers/slapd/mods.c
Add register_certificate_map_function() native plugin API for registering
[openldap] / servers / slapd / mods.c
1 /* $OpenLDAP$ */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3  *
4  * Copyright 1998-2004 The OpenLDAP Foundation.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted only as authorized by the OpenLDAP
9  * Public License.
10  *
11  * A copy of this license is available in the file LICENSE in the
12  * top-level directory of the distribution or, alternatively, at
13  * <http://www.OpenLDAP.org/license.html>.
14  */
15 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
16  * All rights reserved.
17  *
18  * Redistribution and use in source and binary forms are permitted
19  * provided that this notice is preserved and that due credit is given
20  * to the University of Michigan at Ann Arbor. The name of the University
21  * may not be used to endorse or promote products derived from this
22  * software without specific prior written permission. This software
23  * is provided ``as is'' without express or implied warranty.
24  */
25
26 #include "portable.h"
27
28 #include <ac/string.h>
29
30 #include "slap.h"
31
32 int
33 modify_add_values(
34         Entry           *e,
35         Modification    *mod,
36         int             permissive,
37         const char      **text,
38         char            *textbuf,
39         size_t          textlen )
40 {
41         int             rc;
42         const char      *op;
43         Attribute       *a;
44         Modification    pmod = *mod;
45
46         switch ( mod->sm_op ) {
47         case LDAP_MOD_ADD:
48                 op = "add";
49                 break;
50         case LDAP_MOD_REPLACE:
51                 op = "replace";
52                 break;
53         default:
54                 op = "?";
55                 assert( 0 );
56         }
57
58         /* check if values to add exist in attribute */
59         a = attr_find( e->e_attrs, mod->sm_desc );
60         if ( a != NULL ) {
61                 int             rc, i, j, p;
62                 MatchingRule    *mr;
63
64                 mr = mod->sm_desc->ad_type->sat_equality;
65                 if( mr == NULL || !mr->smr_match ) {
66                         /* do not allow add of additional attribute
67                                 if no equality rule exists */
68                         *text = textbuf;
69                         snprintf( textbuf, textlen,
70                                 "modify/%s: %s: no equality matching rule",
71                                 op, mod->sm_desc->ad_cname.bv_val );
72                         return LDAP_INAPPROPRIATE_MATCHING;
73                 }
74
75                 if ( permissive ) {
76                         for ( i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ ) /* count 'em */;
77                         pmod.sm_values = (BerVarray)ch_malloc( (i + 1)*sizeof( struct berval ) );
78                         if ( pmod.sm_nvalues != NULL ) {
79                                 pmod.sm_nvalues = (BerVarray)ch_malloc(
80                                         (i + 1)*sizeof( struct berval ) );
81                         }
82                 }
83
84                 /* no normalization is done in this routine nor
85                  * in the matching routines called by this routine. 
86                  * values are now normalized once on input to the
87                  * server (whether from LDAP or from the underlying
88                  * database).
89                  */
90                 for ( p = i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ ) {
91                         int     match;
92
93                         assert( a->a_vals[0].bv_val );
94                         for ( j = 0; !BER_BVISNULL( &a->a_vals[j] ); j++ ) {
95                                 if ( mod->sm_nvalues ) {
96                                         rc = value_match( &match, mod->sm_desc, mr,
97                                                 SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ASSERTION_SYNTAX
98                                                         | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
99                                                         | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
100                                                 &a->a_nvals[j], &mod->sm_nvalues[i], text );
101                                 } else {
102                                         rc = value_match( &match, mod->sm_desc, mr,
103                                                 SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
104                                                 &a->a_vals[j], &mod->sm_values[i], text );
105                                 }
106
107                                 if ( rc == LDAP_SUCCESS && match == 0 ) {
108                                         /* value already exists */
109                                         if ( permissive ) break;
110
111                                         *text = textbuf;
112                                         snprintf( textbuf, textlen,
113                                                 "modify/%s: %s: value #%d already exists",
114                                                 op, mod->sm_desc->ad_cname.bv_val, i );
115                                         return LDAP_TYPE_OR_VALUE_EXISTS;
116
117                                 } else if ( rc != LDAP_SUCCESS ) {
118                                         return rc;
119                                 }
120                         }
121
122                         if ( permissive && match != 0 ) {
123                                 if ( pmod.sm_nvalues ) {
124                                         pmod.sm_nvalues[p] = mod->sm_nvalues[i];
125                                 }
126                                 pmod.sm_values[p++] = mod->sm_values[i];
127                         }
128                 }
129
130                 if ( permissive ) {
131                         if ( p == 0 ) {
132                                 /* all new values match exist */
133                                 ch_free( pmod.sm_values );
134                                 if ( pmod.sm_nvalues ) ch_free( pmod.sm_nvalues );
135                                 return LDAP_SUCCESS;
136                         }
137
138                         BER_BVZERO( &pmod.sm_values[p] );
139                         if ( pmod.sm_nvalues ) {
140                                 BER_BVZERO( &pmod.sm_nvalues[p] );
141                         }
142                 }
143         }
144
145         /* no - add them */
146         rc = attr_merge( e, mod->sm_desc, pmod.sm_values, pmod.sm_nvalues );
147
148         if ( a != NULL && permissive ) {
149                 ch_free( pmod.sm_values );
150                 if ( pmod.sm_nvalues ) ch_free( pmod.sm_nvalues );
151         }
152
153         if ( rc != 0 ) {
154                 /* this should return result of attr_merge */
155                 *text = textbuf;
156                 snprintf( textbuf, textlen,
157                         "modify/%s: %s: merge error",
158                         op, mod->sm_desc->ad_cname.bv_val );
159                 return LDAP_OTHER;
160         }
161
162         return LDAP_SUCCESS;
163 }
164
165 int
166 modify_delete_values(
167         Entry   *e,
168         Modification    *mod,
169         int     permissive,
170         const char      **text,
171         char *textbuf, size_t textlen )
172 {
173         int             i, j, k, rc = LDAP_SUCCESS;
174         Attribute       *a;
175         MatchingRule    *mr = mod->sm_desc->ad_type->sat_equality;
176         char            dummy = '\0';
177         int                     match = 0;
178
179         /*
180          * If permissive is set, then the non-existence of an 
181          * attribute is not treated as an error.
182          */
183
184         /* delete the entire attribute */
185         if ( mod->sm_values == NULL ) {
186                 rc = attr_delete( &e->e_attrs, mod->sm_desc );
187
188                 if( permissive ) {
189                         rc = LDAP_SUCCESS;
190                 } else if( rc != LDAP_SUCCESS ) {
191                         *text = textbuf;
192                         snprintf( textbuf, textlen,
193                                 "modify/delete: %s: no such attribute",
194                                 mod->sm_desc->ad_cname.bv_val );
195                         rc = LDAP_NO_SUCH_ATTRIBUTE;
196                 }
197                 return rc;
198         }
199
200         if( mr == NULL || !mr->smr_match ) {
201                 /* disallow specific attributes from being deleted if
202                         no equality rule */
203                 *text = textbuf;
204                 snprintf( textbuf, textlen,
205                         "modify/delete: %s: no equality matching rule",
206                         mod->sm_desc->ad_cname.bv_val );
207                 return LDAP_INAPPROPRIATE_MATCHING;
208         }
209
210         /* delete specific values - find the attribute first */
211         if ( (a = attr_find( e->e_attrs, mod->sm_desc )) == NULL ) {
212                 if( permissive ) {
213                         return LDAP_SUCCESS;
214                 }
215                 *text = textbuf;
216                 snprintf( textbuf, textlen,
217                         "modify/delete: %s: no such attribute",
218                         mod->sm_desc->ad_cname.bv_val );
219                 return LDAP_NO_SUCH_ATTRIBUTE;
220         }
221
222         for ( i = 0; mod->sm_values[i].bv_val != NULL; i++ ) {
223                 int     found = 0;
224                 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) {
225
226                         if( mod->sm_nvalues ) {
227                                 assert( a->a_nvals );
228                                 rc = (*mr->smr_match)( &match,
229                                         SLAP_MR_VALUE_OF_ASSERTION_SYNTAX
230                                                 | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
231                                                 | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
232                                         a->a_desc->ad_type->sat_syntax,
233                                         mr, &a->a_nvals[j],
234                                         &mod->sm_nvalues[i] );
235                         } else {
236 #if 0
237                                 assert( a->a_nvals == NULL );
238 #endif
239                                 rc = (*mr->smr_match)( &match,
240                                         SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
241                                         a->a_desc->ad_type->sat_syntax,
242                                         mr, &a->a_vals[j],
243                                         &mod->sm_values[i] );
244                         }
245
246                         if ( rc != LDAP_SUCCESS ) {
247                                 *text = textbuf;
248                                 snprintf( textbuf, textlen,
249                                         "%s: matching rule failed",
250                                         mod->sm_desc->ad_cname.bv_val );
251                                 break;
252                         }
253
254                         if ( match != 0 ) {
255                                 continue;
256                         }
257
258                         found = 1;
259
260                         /* delete value and mark it as dummy */
261                         free( a->a_vals[j].bv_val );
262                         a->a_vals[j].bv_val = &dummy;
263                         if( a->a_nvals != a->a_vals ) {
264                                 free( a->a_nvals[j].bv_val );
265                                 a->a_nvals[j].bv_val = &dummy;
266                         }
267
268                         break;
269                 }
270
271                 if ( found == 0 ) {
272                         *text = textbuf;
273                         snprintf( textbuf, textlen,
274                                 "modify/delete: %s: no such value",
275                                 mod->sm_desc->ad_cname.bv_val );
276                         rc = LDAP_NO_SUCH_ATTRIBUTE;
277                         if ( i > 0 ) {
278                                 break;
279                         } else {
280                                 goto return_results;
281                         }
282                 }
283         }
284
285         /* compact array skipping dummies */
286         for ( k = 0, j = 0; a->a_vals[k].bv_val != NULL; k++ ) {
287                 /* skip dummies */
288                 if( a->a_vals[k].bv_val == &dummy ) {
289                         assert( a->a_nvals == NULL || a->a_nvals[k].bv_val == &dummy );
290                         continue;
291                 }
292                 if ( j != k ) {
293                         a->a_vals[ j ] = a->a_vals[ k ];
294                         if (a->a_nvals != a->a_vals) {
295                                 a->a_nvals[ j ] = a->a_nvals[ k ];
296                         }
297                 }
298
299                 j++;
300         }
301
302         a->a_vals[j].bv_val = NULL;
303         if (a->a_nvals != a->a_vals) a->a_nvals[j].bv_val = NULL;
304
305         /* if no values remain, delete the entire attribute */
306         if ( a->a_vals[0].bv_val == NULL ) {
307                 if ( attr_delete( &e->e_attrs, mod->sm_desc ) ) {
308                         *text = textbuf;
309                         snprintf( textbuf, textlen,
310                                 "modify/delete: %s: no such attribute",
311                                 mod->sm_desc->ad_cname.bv_val );
312                         rc = LDAP_NO_SUCH_ATTRIBUTE;
313                 }
314         }
315
316 return_results:;
317
318         return rc;
319 }
320
321 int
322 modify_replace_values(
323         Entry   *e,
324         Modification    *mod,
325         int             permissive,
326         const char      **text,
327         char *textbuf, size_t textlen )
328 {
329         (void) attr_delete( &e->e_attrs, mod->sm_desc );
330
331         if ( mod->sm_values ) {
332                 return modify_add_values( e, mod, permissive, text, textbuf, textlen );
333         }
334
335         return LDAP_SUCCESS;
336 }
337
338 int
339 modify_increment_values(
340         Entry   *e,
341         Modification    *mod,
342         int     permissive,
343         const char      **text,
344         char *textbuf, size_t textlen )
345 {
346         Attribute *a;
347
348         a = attr_find( e->e_attrs, mod->sm_desc );
349         if( a == NULL ) {
350                 *text = textbuf;
351                 snprintf( textbuf, textlen,
352                         "modify/increment: %s: no such attribute",
353                         mod->sm_desc->ad_cname.bv_val );
354                 return LDAP_NO_SUCH_ATTRIBUTE;
355         }
356
357         if ( !strcmp( a->a_desc->ad_type->sat_syntax_oid, SLAPD_INTEGER_SYNTAX )) {
358                 int i;
359                 char str[sizeof(long)*3 + 2]; /* overly long */
360                 long incr = atol( mod->sm_values[0].bv_val );
361
362                 /* treat zero and errors as a no-op */
363                 if( incr == 0 ) {
364                         return LDAP_SUCCESS;
365                 }
366
367                 for( i=0; a->a_nvals[i].bv_val != NULL; i++ ) {
368                         char *tmp;
369                         long value = atol( a->a_nvals[i].bv_val );
370                         size_t strln = snprintf( str, sizeof(str), "%ld", value+incr );
371
372                         tmp = SLAP_REALLOC( a->a_nvals[i].bv_val, strln+1 );
373                         if( tmp == NULL ) {
374                                 *text = "modify/increment: reallocation error";
375                                 return LDAP_OTHER;;
376                         }
377                         a->a_nvals[i].bv_val = tmp;
378                         a->a_nvals[i].bv_len = strln;
379
380                         AC_MEMCPY( a->a_nvals[i].bv_val, str, strln+1 );
381                 }
382
383         } else {
384                 snprintf( textbuf, textlen,
385                         "modify/increment: %s: increment not supported for value syntax %s",
386                         mod->sm_desc->ad_cname.bv_val,
387                         a->a_desc->ad_type->sat_syntax_oid );
388                 return LDAP_CONSTRAINT_VIOLATION;
389         }
390
391         return LDAP_SUCCESS;
392 }
393
394 void
395 slap_mod_free(
396         Modification    *mod,
397         int                             freeit )
398 {
399         if ( mod->sm_values != NULL ) ber_bvarray_free( mod->sm_values );
400         mod->sm_values = NULL;
401
402         if ( mod->sm_nvalues != NULL ) ber_bvarray_free( mod->sm_nvalues );
403         mod->sm_nvalues = NULL;
404
405         if( freeit ) free( mod );
406 }
407
408 void
409 slap_mods_free(
410     Modifications       *ml )
411 {
412         Modifications *next;
413
414         for ( ; ml != NULL; ml = next ) {
415                 next = ml->sml_next;
416
417                 slap_mod_free( &ml->sml_mod, 0 );
418                 free( ml );
419         }
420 }
421