/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2011 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
struct berval pdn;
- Entry *p = NULL;
+ Entry *p = NULL, *oe = op->ora_e;
EntryInfo *ei;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
DB_TXN *ltid = NULL, *lt2;
- struct bdb_op_info opinfo = {0};
+ ID eid = NOID;
+ struct bdb_op_info opinfo = {{{ 0 }}};
int subentry;
- u_int32_t locker = 0;
DB_LOCK lock;
int num_retries = 0;
+ int success;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
#endif
Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_add) ": %s\n",
- op->oq_add.rs_e->e_name.bv_val, 0, 0);
+ op->ora_e->e_name.bv_val, 0, 0);
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
ctrls[num_ctrls] = 0;
- /* add opattrs to shadow as well, only missing attrs will actually
- * be added; helps compatibility with older OL versions */
- slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
-
/* check entry's schema */
- rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
- get_manageDIT(op), &rs->sr_text, textbuf, textlen );
+ rs->sr_err = entry_schema_check( op, op->ora_e, NULL,
+ get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": entry failed schema check: "
goto return_results;
}
- subentry = is_entry_subentry( op->oq_add.rs_e );
-
- /*
- * acquire an ID outside of the operation transaction
- * to avoid serializing adds.
- */
- rs->sr_err = bdb_next_id( op->o_bd, NULL, &op->oq_add.rs_e->e_id );
- if( rs->sr_err != 0 ) {
+ /* add opattrs to shadow as well, only missing attrs will actually
+ * be added; helps compatibility with older OL versions */
+ rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_add) ": next_id failed (%d)\n",
- rs->sr_err, 0, 0 );
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "internal error";
+ LDAP_XSTRING(bdb_add) ": entry failed op attrs add: "
+ "%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
+ if ( get_assert( op ) &&
+ ( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+ goto return_results;
+ }
+
+ subentry = is_entry_subentry( op->ora_e );
+
if( 0 ) {
retry: /* transaction retry */
if( p ) {
/* free parent and reader lock */
- bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ if ( p != (Entry *)&slap_entry_root ) {
+ bdb_unlocked_cache_return_entry_r( bdb, p );
+ }
p = NULL;
}
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
- op->o_private = NULL;
+ LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+ opinfo.boi_oe.oe_key = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
goto return_results;
}
- locker = TXN_ID ( ltid );
-
- opinfo.boi_bdb = op->o_bd;
+ opinfo.boi_oe.oe_key = bdb;
opinfo.boi_txn = ltid;
- opinfo.boi_locker = locker;
opinfo.boi_err = 0;
opinfo.boi_acl_cache = op->o_do_not_cache;
- op->o_private = &opinfo;
-
+ LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
+
/*
* Get the parent dn and see if the corresponding entry exists.
*/
- if ( be_issuffix( op->o_bd, &op->oq_add.rs_e->e_nname ) ) {
+ if ( be_issuffix( op->o_bd, &op->ora_e->e_nname ) ) {
pdn = slap_empty_bv;
} else {
- dnParent( &op->oq_add.rs_e->e_nname, &pdn );
+ dnParent( &op->ora_e->e_nname, &pdn );
}
/* get entry or parent */
rs->sr_err = bdb_dn2entry( op, ltid, &op->ora_e->e_nname, &ei,
- 1, locker, &lock );
+ 1, &lock );
switch( rs->sr_err ) {
case 0:
rs->sr_err = LDAP_ALREADY_EXISTS;
}
p = ei->bei_e;
- if ( p ) {
- if ( !bvmatch( &pdn, &p->e_nname ) ) {
- rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
- op->o_tmpmemctx );
- rs->sr_ref = is_entry_referral( p )
- ? get_entry_referrals( op, p )
- : NULL;
- bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
- p = NULL;
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_add) ": parent "
- "does not exist\n", 0, 0, 0 );
-
- rs->sr_err = LDAP_REFERRAL;
- rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
- goto return_results;
- }
+ if ( !p )
+ p = (Entry *)&slap_entry_root;
+
+ if ( !bvmatch( &pdn, &p->e_nname ) ) {
+ rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
+ op->o_tmpmemctx );
+ rs->sr_ref = is_entry_referral( p )
+ ? get_entry_referrals( op, p )
+ : NULL;
+ if ( p != (Entry *)&slap_entry_root )
+ bdb_unlocked_cache_return_entry_r( bdb, p );
+ p = NULL;
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": parent "
+ "does not exist\n", 0, 0, 0 );
- rs->sr_err = access_allowed( op, p,
- children, NULL, ACL_WADD, NULL );
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
+ goto return_results;
+ }
- if ( ! rs->sr_err ) {
- switch( opinfo.boi_err ) {
- case DB_LOCK_DEADLOCK:
- case DB_LOCK_NOTGRANTED:
- goto retry;
- }
+ rs->sr_err = access_allowed( op, p,
+ children, NULL, ACL_WADD, NULL );
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_add) ": no write access to parent\n",
- 0, 0, 0 );
- rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
- rs->sr_text = "no write access to parent";
- goto return_results;;
+ if ( ! rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
}
+ if ( p != (Entry *)&slap_entry_root )
+ bdb_unlocked_cache_return_entry_r( bdb, p );
+ p = NULL;
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": no write access to parent\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no write access to parent";
+ goto return_results;;
+ }
+
+ if ( p != (Entry *)&slap_entry_root ) {
if ( is_entry_subentry( p ) ) {
+ bdb_unlocked_cache_return_entry_r( bdb, p );
+ p = NULL;
/* parent is a subentry, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is subentry\n",
rs->sr_text = "parent is a subentry";
goto return_results;;
}
+
if ( is_entry_alias( p ) ) {
+ bdb_unlocked_cache_return_entry_r( bdb, p );
+ p = NULL;
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is alias\n",
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = get_entry_referrals( op, p );
- bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is referral\n",
goto return_results;
}
- if ( subentry ) {
- /* FIXME: */
- /* parent must be an administrative point of the required kind */
- }
+ }
- /* free parent and reader lock */
- bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
- p = NULL;
+ if ( subentry ) {
+ /* FIXME: */
+ /* parent must be an administrative point of the required kind */
+ }
- } else {
- /*
- * no parent!
- * if not attempting to add entry at suffix or with parent ""
- */
- if ((( !be_isroot( op ) && !be_shadow_update(op) )
- || pdn.bv_len > 0 ) && !is_entry_glue( op->oq_add.rs_e ))
- {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_add) ": %s denied\n",
- pdn.bv_len == 0 ? "suffix" : "entry at root",
- 0, 0 );
- rs->sr_err = LDAP_NO_SUCH_OBJECT;
- goto return_results;
+ /* free parent and reader lock */
+ if ( p != (Entry *)&slap_entry_root ) {
+ if ( p->e_nname.bv_len ) {
+ struct berval ppdn;
+
+ /* ITS#5326: use parent's DN if differs from provided one */
+ dnParent( &op->ora_e->e_name, &ppdn );
+ if ( !dn_match( &p->e_name, &ppdn ) ) {
+ struct berval rdn;
+ struct berval newdn;
+
+ dnRdn( &op->ora_e->e_name, &rdn );
+
+ build_new_dn( &newdn, &p->e_name, &rdn, NULL );
+ if ( op->ora_e->e_name.bv_val != op->o_req_dn.bv_val )
+ ber_memfree( op->ora_e->e_name.bv_val );
+ op->ora_e->e_name = newdn;
+
+ /* FIXME: should check whether
+ * dnNormalize(newdn) == e->e_nname ... */
+ }
}
+
+ bdb_unlocked_cache_return_entry_r( bdb, p );
}
+ p = NULL;
- rs->sr_err = access_allowed( op, op->oq_add.rs_e,
+ rs->sr_err = access_allowed( op, op->ora_e,
entry, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
goto return_results;;
}
+ /*
+ * Check ACL for attribute write access
+ */
+ if (!acl_check_modlist(op, oe, op->ora_modlist)) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": no write access to attribute\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ rs->sr_text = "no write access to attribute";
+ goto return_results;;
+ }
+
+ if ( eid == NOID ) {
+ rs->sr_err = bdb_next_id( op->o_bd, &eid );
+ if( rs->sr_err != 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_add) ": next_id failed (%d)\n",
+ rs->sr_err, 0, 0 );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "internal error";
+ goto return_results;
+ }
+ op->ora_e->e_id = eid;
+ }
+
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
bdb->bi_db_opflags );
}
/* dn2id index */
- rs->sr_err = bdb_dn2id_add( op, lt2, ei, op->oq_add.rs_e );
+ rs->sr_err = bdb_dn2id_add( op, lt2, ei, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": dn2id_add failed: %s (%d)\n",
}
/* attribute indexes */
- rs->sr_err = bdb_index_entry_add( op, lt2, op->oq_add.rs_e );
+ rs->sr_err = bdb_index_entry_add( op, lt2, op->ora_e );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": index_entry_add failed\n",
}
/* id2entry index */
- rs->sr_err = bdb_id2entry_add( op->o_bd, lt2, op->oq_add.rs_e );
+ rs->sr_err = bdb_id2entry_add( op->o_bd, lt2, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": id2entry_add failed\n",
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
- if ( slap_read_controls( op, rs, op->oq_add.rs_e,
+ if ( slap_read_controls( op, rs, op->ora_e,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_add) ": post-read "
"failed!\n", 0, 0, 0 );
- goto return_results;
+ if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
+ /* FIXME: is it correct to abort
+ * operation if control fails? */
+ goto return_results;
+ }
}
}
} else {
struct berval nrdn;
- Entry *e = entry_dup( op->ora_e );
/* pick the RDN if not suffix; otherwise pick the entire DN */
if (pdn.bv_len) {
- nrdn.bv_val = e->e_nname.bv_val;
+ nrdn.bv_val = op->ora_e->e_nname.bv_val;
nrdn.bv_len = pdn.bv_val - op->ora_e->e_nname.bv_val - 1;
} else {
- nrdn = e->e_nname;
+ nrdn = op->ora_e->e_nname;
}
- bdb_cache_add( bdb, ei, e, &nrdn, locker );
+ bdb_cache_add( bdb, ei, op->ora_e, &nrdn, ltid, &lock );
if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
rs->sr_text = "txn_commit failed";
}
ltid = NULL;
- op->o_private = NULL;
+ LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+ opinfo.boi_oe.oe_key = NULL;
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": added%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
- op->oq_add.rs_e->e_id, op->oq_add.rs_e->e_dn );
+ op->ora_e->e_id, op->ora_e->e_dn );
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
+ success = rs->sr_err;
send_ldap_result( op, rs );
- slap_graduate_commit_csn( op );
if( ltid != NULL ) {
TXN_ABORT( ltid );
}
- op->o_private = NULL;
+ if ( opinfo.boi_oe.oe_key ) {
+ LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
+ }
- if( postread_ctrl != NULL ) {
- slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
- slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
+ if( success == LDAP_SUCCESS ) {
+ /* We own the entry now, and it can be purged at will
+ * Check to make sure it's the same entry we entered with.
+ * Possibly a callback may have mucked with it, although
+ * in general callbacks should treat the entry as read-only.
+ */
+ bdb_cache_deref( oe->e_private );
+ if ( op->ora_e == oe )
+ op->ora_e = NULL;
+
+ if ( bdb->bi_txn_cp_kbyte ) {
+ TXN_CHECKPOINT( bdb->bi_dbenv,
+ bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
+ }
}
- if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
- TXN_CHECKPOINT( bdb->bi_dbenv,
- bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
+ slap_graduate_commit_csn( op );
+
+ if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
+ slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+ slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
return rs->sr_err;
}