/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2005 The OpenLDAP Foundation.
+ * Copyright 2000-2008 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
AttributeDescription *entry = slap_schema.si_ad_entry;
struct berval p_dn, p_ndn;
struct berval new_dn = {0, NULL}, new_ndn = {0, NULL};
- int isroot = -1;
Entry *e = NULL;
Entry *p = NULL;
EntryInfo *ei = NULL, *eip = NULL, *nei = NULL, *neip = NULL;
struct bdb_op_info opinfo = {0};
Entry dummy = {0};
- ID id;
-
Entry *np = NULL; /* newSuperior Entry */
struct berval *np_dn = NULL; /* newSuperior dn */
struct berval *np_ndn = NULL; /* newSuperior ndn */
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
- Operation *ps_list;
- struct psid_entry *pm_list, *pm_prev;
int rc;
- EntryInfo *suffix_ei;
- Entry *ctxcsn_e;
- int ctxcsn_added = 0;
int parent_is_glue = 0;
int parent_is_leaf = 0;
rs->sr_text = "internal error";
goto return_results;
}
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto return_results;
+ }
parent_is_glue = 0;
parent_is_leaf = 0;
- ldap_pvt_thread_yield();
bdb_trans_backoff( ++num_retries );
}
}
if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
+#ifdef BDB_MULTIPLE_SUFFIXES
+ /* Allow renaming one suffix entry to another */
p_ndn = slap_empty_bv;
+#else
+ /* There can only be one suffix entry */
+ rs->sr_err = LDAP_NAMING_VIOLATION;
+ rs->sr_text = "cannot rename suffix entry";
+ goto return_results;
+#endif
} else {
dnParent( &e->e_nname, &p_ndn );
}
rs->sr_text = "old entry's parent does not exist";
goto return_results;
}
+ } else {
+ p = (Entry *)&slap_entry_root;
+ }
- /* check parent for "children" acl */
- rs->sr_err = access_allowed( op, p,
- children, NULL, ACL_WRITE, NULL );
-
- if ( ! rs->sr_err ) {
- switch( opinfo.boi_err ) {
- case DB_LOCK_DEADLOCK:
- case DB_LOCK_NOTGRANTED:
- goto retry;
- }
+ /* check parent for "children" acl */
+ rs->sr_err = access_allowed( op, p,
+ children, NULL,
+ op->oq_modrdn.rs_newSup == NULL ?
+ ACL_WRITE : ACL_WDEL,
+ NULL );
- rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
- Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
- 0, 0 );
- rs->sr_text = "no write access to old parent's children";
- goto return_results;
- }
+ if ( !p_ndn.bv_len )
+ p = NULL;
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modrdn) ": wr to children "
- "of entry %s OK\n", p_ndn.bv_val, 0, 0 );
-
- if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
- p_dn = slap_empty_bv;
- } else {
- dnParent( &e->e_name, &p_dn );
+ if ( ! rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
}
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modrdn) ": parent dn=%s\n",
- p_dn.bv_val, 0, 0 );
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
+ 0, 0 );
+ rs->sr_text = "no write access to old parent's children";
+ goto return_results;
+ }
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn) ": wr to children "
+ "of entry %s OK\n", p_ndn.bv_val, 0, 0 );
+
+ if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
+ p_dn = slap_empty_bv;
} else {
- /* no parent, modrdn entry directly under root */
- isroot = be_isroot( op );
- if ( ! isroot ) {
- if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
- || be_shadow_update( op ) ) {
-
- p = (Entry *)&slap_entry_root;
-
- /* check parent for "children" acl */
- rs->sr_err = access_allowed( op, p,
- children, NULL, ACL_WRITE, NULL );
-
- p = NULL;
-
- if ( ! rs->sr_err ) {
- switch( opinfo.boi_err ) {
- case DB_LOCK_DEADLOCK:
- case DB_LOCK_NOTGRANTED:
- goto retry;
- }
-
- rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
- Debug( LDAP_DEBUG_TRACE,
- "no access to parent\n",
- 0, 0, 0 );
- rs->sr_text = "no write access to old parent";
- goto return_results;
- }
-
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modrdn)
- ": wr to children of entry \"\" OK\n",
- 0, 0, 0 );
-
- p_dn.bv_val = "";
- p_dn.bv_len = 0;
-
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modrdn)
- ": parent dn=\"\"\n",
- 0, 0, 0 );
-
- } else {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modrdn)
- ": no parent, not root "
- "& \"\" is not suffix\n",
- 0, 0, 0);
- rs->sr_text = "no write access to old parent";
- rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
- goto return_results;
- }
- }
+ dnParent( &e->e_name, &p_dn );
}
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(bdb_modrdn) ": parent dn=%s\n",
+ p_dn.bv_val, 0, 0 );
+
new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
if ( op->oq_modrdn.rs_newSup != NULL ) {
}
}
+ /* There's a BDB_MULTIPLE_SUFFIXES case here that this code doesn't
+ * support. E.g., two suffixes dc=foo,dc=com and dc=bar,dc=net.
+ * We do not allow modDN
+ * dc=foo,dc=com
+ * newrdn dc=bar
+ * newsup dc=net
+ * and we probably should. But since MULTIPLE_SUFFIXES is deprecated
+ * I'm ignoring this problem for now.
+ */
if ( op->oq_modrdn.rs_newSup != NULL ) {
if ( op->oq_modrdn.rs_newSup->bv_len ) {
np_dn = op->oq_modrdn.rs_newSup;
np_ndn = op->oq_modrdn.rs_nnewSup;
- /* newSuperior == oldParent?, if so ==> ERROR */
+ /* newSuperior == oldParent? - checked above */
/* newSuperior == entry being moved?, if so ==> ERROR */
+ if ( dnIsSuffix( np_ndn, &e->e_nname )) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = "new superior not found";
+ goto return_results;
+ }
/* Get Entry with dn=newSuperior. Does newSuperior exist? */
rs->sr_err = bdb_dn2entry( op, ltid, np_ndn,
": newSup(ndn=%s) not here!\n",
np_ndn->bv_val, 0, 0);
rs->sr_text = "new superior not found";
- rs->sr_err = LDAP_OTHER;
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto return_results;
}
/* check newSuperior for "children" acl */
rs->sr_err = access_allowed( op, np, children,
- NULL, ACL_WRITE, NULL );
+ NULL, ACL_WADD, NULL );
if( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
}
} else {
- if ( isroot == -1 ) {
- isroot = be_isroot( op );
- }
-
np_dn = NULL;
/* no parent, modrdn entry directly under root */
- if ( ! isroot ) {
- if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
- || be_isupdate( op ) ) {
- np = (Entry *)&slap_entry_root;
-
- /* check parent for "children" acl */
- rs->sr_err = access_allowed( op, np,
- children, NULL, ACL_WRITE, NULL );
-
- np = NULL;
-
- if ( ! rs->sr_err ) {
- switch( opinfo.boi_err ) {
- case DB_LOCK_DEADLOCK:
- case DB_LOCK_NOTGRANTED:
- goto retry;
- }
-
- rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
- Debug( LDAP_DEBUG_TRACE,
- "no access to new superior\n",
- 0, 0, 0 );
- rs->sr_text =
- "no write access to new superior's children";
- goto return_results;
+ if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
+ || be_isupdate( op ) ) {
+ np = (Entry *)&slap_entry_root;
+
+ /* check parent for "children" acl */
+ rs->sr_err = access_allowed( op, np,
+ children, NULL, ACL_WADD, NULL );
+
+ np = NULL;
+
+ if ( ! rs->sr_err ) {
+ switch( opinfo.boi_err ) {
+ case DB_LOCK_DEADLOCK:
+ case DB_LOCK_NOTGRANTED:
+ goto retry;
}
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modrdn)
- ": wr to children "
- "of entry \"\" OK\n",
- 0, 0, 0 );
-
- } else {
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modrdn)
- ": new superior=\"\", not root "
- "& \"\" is not suffix\n",
- 0, 0, 0 );
- rs->sr_text = "no write access to new superior's children";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ Debug( LDAP_DEBUG_TRACE,
+ "no access to new superior\n",
+ 0, 0, 0 );
+ rs->sr_text =
+ "no write access to new superior's children";
goto return_results;
}
}
-
- Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_modrdn)
- ": new superior=\"\"\n",
- 0, 0, 0 );
}
Debug( LDAP_DEBUG_TRACE,
/* Shortcut the search */
nei = neip ? neip : eip;
- rs->sr_err = bdb_cache_find_ndn ( op, ltid, &new_ndn, &nei );
+ rs->sr_err = bdb_cache_find_ndn ( op, locker, &new_ndn, &nei );
if ( nei ) bdb_cache_entryinfo_unlock( nei );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_NOTFOUND:
break;
case 0:
+ /* Allow rename to same DN */
+ if ( nei == ei )
+ break;
rs->sr_err = LDAP_ALREADY_EXISTS;
goto return_results;
default:
if(( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
- rs->sr_err = LDAP_SUCCESS;
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ ltid = NULL;
+ /* Only free attrs if they were dup'd. */
+ if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
goto return_results;
}
} else {
- rc = bdb_cache_modrdn( e, &op->orr_nnewrdn, &dummy, neip,
- bdb->bi_dbenv, locker, &lock );
+ rc = bdb_cache_modrdn( bdb, e, &op->orr_nnewrdn, &dummy, neip,
+ locker, &lock );
switch( rc ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
send_ldap_result( op, rs );
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
- ldap_pvt_thread_yield();
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
}
done:
+ slap_graduate_commit_csn( op );
+
if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
if ( new_rdn != NULL ) {
ldap_rdnfree_x( new_rdn, op->o_tmpmemctx );
}
+
if ( old_rdn != NULL ) {
ldap_rdnfree_x( old_rdn, op->o_tmpmemctx );
}
+
if( mod != NULL ) {
- Modifications *tmp;
- for (; mod; mod=tmp ) {
- tmp = mod->sml_next;
- /* slap_modrdn2mods does things one way,
- * slap_mods_opattrs does it differently
- */
- if ( mod->sml_op != SLAP_MOD_SOFTADD &&
- mod->sml_op != LDAP_MOD_DELETE ) break;
- if ( mod->sml_nvalues ) free( mod->sml_nvalues[0].bv_val );
- free( mod );
- }
- slap_mods_free( mod );
+ slap_modrdn2mods_free( mod );
}
/* LDAP v3 Support */
if( ltid != NULL ) {
TXN_ABORT( ltid );
- op->o_private = NULL;
}
+ op->o_private = NULL;
- if( preread_ctrl != NULL ) {
+ if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
- if( postread_ctrl != NULL ) {
+ if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
projects / openldap / blobdiff