]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/back-ldbm/modrdn.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Round two of referrals/aliases: WORK IN PROGRESS, may not compile!
[openldap] / servers / slapd / back-ldbm / modrdn.c
diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c
index e724b9c18b8f20cc9f34a3ea3727cdc4f0138f56..4f743c473c16a9352ff905dec096e9d108c0e36c 100644 (file)
--- a/servers/slapd/back-ldbm/modrdn.c
+++ b/servers/slapd/back-ldbm/modrdn.c
@@ -39,10 +39,10 @@ ldbm_back_modrdn(
 )
 {
        struct ldbminfo *li = (struct ldbminfo *) be->be_private;
-       char            *matched = NULL;
        char            *p_dn = NULL, *p_ndn = NULL;
        char            *new_dn = NULL, *new_ndn = NULL;
        Entry           *e, *p = NULL;
+       Entry           *matched = NULL;
        int                     rootlock = 0;
        int                     rc = -1;
        /* Added to support LDAP v2 correctly (deleteoldrdn thing) */
@@ -62,7 +62,7 @@ ldbm_back_modrdn(
        struct berval   del_bv;                 /* Stores old rdn att */
        struct berval   *del_bvals[2];          /* Stores old rdn att */
        LDAPModList     mod[2];                 /* Used to delete old rdn */
-
+       int             manageDSAit = get_manageDSAit( op );
 
        Debug( LDAP_DEBUG_TRACE, "==>ldbm_back_modrdn(newSuperior=%s)\n",
               (newSuperior ? newSuperior : "NULL"),
@@ -70,30 +70,62 @@ ldbm_back_modrdn(
 
        /* get entry with writer lock */
        if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
-               send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
-                       matched, NULL, NULL );
+               char* matched_dn = NULL;
+               struct berval** refs = NULL;
+
+               if( matched != NULL ) {
+                       matched_dn = strdup( matched->e_dn );
+                       refs = is_entry_referral( matched )
+                               ? get_entry_referrals( be, conn, op, matched )
+                               : NULL;
+                       cache_return_entry_r( &li->li_cache, matched );
+               } else {
+                       refs = default_referral;
+               }
+
+               send_ldap_result( conn, op, LDAP_REFERRAL,
+                       matched_dn, NULL, refs, NULL );
+
                if ( matched != NULL ) {
-                       free( matched );
+                       ber_bvecfree( refs );
+                       free( matched_dn );
                }
+
                return( -1 );
        }
 
 #ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
-               /* check parent for "children" acl */
        if ( ! access_allowed( be, conn, op, e,
                "entry", NULL, ACL_WRITE ) )
        {
                Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
                        0, 0 );
                send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
-                       "", "" );
+                       NULL, NULL, NULL, NULL );
                goto return_results;
        }
 #endif
 
+       if (!manageDSAit && is_entry_referral( e ) ) {
+               /* parent is a referral, don't allow add */
+               /* parent is an alias, don't allow add */
+               struct berval **refs = get_entry_referrals( be,
+                       conn, op, e );
+
+               Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
+                   0, 0 );
+
+               send_ldap_result( conn, op, LDAP_REFERRAL,
+                   e->e_dn, NULL, refs, NULL );
+
+               ber_bvecfree( refs );
+
+               goto return_results;
+       }
+
        if ( (p_ndn = dn_parent( be, e->e_ndn )) != NULL ) {
 
-               /* Make sure parent entry exist and we can write its 
+               /* Make sure parent entry exist and we can write its 
                 * children.
                 */
 
@@ -101,7 +133,7 @@ ldbm_back_modrdn(
                        Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
                                0, 0, 0);
                        send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
-                               NULL, NULL, NULL );
+                               NULL, NULL, NULL, NULL );
                        goto return_results;
                }
 
@@ -112,7 +144,7 @@ ldbm_back_modrdn(
                        Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
                                0, 0 );
                        send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
-                               NULL, NULL, NULL );
+                               NULL, NULL, NULL, NULL );
                        goto return_results;
                }
 
@@ -132,7 +164,7 @@ ldbm_back_modrdn(
                        Debug( LDAP_DEBUG_TRACE, "no parent & not root\n",
                                0, 0, 0);
                        send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
-                               NULL, NULL, NULL );
+                               NULL, NULL, NULL, NULL );
                        goto return_results;
                }
 
@@ -163,12 +195,11 @@ ldbm_back_modrdn(
                /* Get Entry with dn=newSuperior. Does newSuperior exist? */
 
                if( (np = dn2entry_w( be, np_ndn, &matched )) == NULL) {
-
                        Debug( LDAP_DEBUG_TRACE,
                               "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
                               np_ndn, 0, 0);
                        send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
-                               NULL, NULL, NULL );
+                               NULL, NULL, NULL, NULL );
                        goto return_results;
                }
 
@@ -184,7 +215,30 @@ ldbm_back_modrdn(
                               "ldbm_back_modrdn: no wr to newSup children\n",
                               0, 0, 0 );
                        send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
-                                         NULL, NULL, NULL );
+                               NULL, NULL, NULL, NULL );
+                       goto return_results;
+               }
+
+               if ( is_entry_alias( np ) ) {
+                       /* entry is an alias, don't allow bind */
+                       Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0,
+                           0, 0 );
+
+                       send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM,
+                           NULL, NULL, NULL, NULL );
+
+                       goto return_results;
+               }
+
+               if ( is_entry_referral( np ) ) {
+                       /* parent is a referral, don't allow add */
+                       /* parent is an alias, don't allow add */
+                       Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
+                               0, 0 );
+
+                       send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+                           NULL, NULL, NULL, NULL );
+
                        goto return_results;
                }
 
@@ -192,9 +246,7 @@ ldbm_back_modrdn(
                       "ldbm_back_modrdn: wr to new parent's children OK\n",
                       0, 0 , 0 );
 
-
                new_parent_dn = np_dn;
-
        }
        
        /* Build target dn and make sure target entry doesn't exist already. */
@@ -209,7 +261,7 @@ ldbm_back_modrdn(
 
        if (dn2id ( be, new_ndn ) != NOID) {
                send_ldap_result( conn, op, LDAP_ALREADY_EXISTS,
-                       NULL, NULL, NULL );
+                       NULL, NULL, NULL, NULL );
                goto return_results;
        }
 
@@ -228,7 +280,7 @@ ldbm_back_modrdn(
        /* delete old one */
        if ( dn2id_delete( be, e->e_ndn ) != 0 ) {
                send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
-                       NULL, NULL, NULL );
+                       NULL, NULL, NULL, NULL );
                goto return_results;
        }
 
@@ -241,7 +293,7 @@ ldbm_back_modrdn(
        /* add new one */
        if ( dn2id_add( be, e->e_ndn, e->e_id ) != 0 ) {
                send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
-                       NULL, NULL, NULL );
+                       NULL, NULL, NULL, NULL );
                goto return_results;
        }
 
@@ -256,7 +308,7 @@ ldbm_back_modrdn(
                       "ldbm_back_modrdn: can't figure out type of newrdn\n",
                       0, 0, 0 );
                send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
-                       NULL, NULL, NULL );
+                       NULL, NULL, NULL, NULL );
                goto return_results;            
 
        }
@@ -267,7 +319,7 @@ ldbm_back_modrdn(
                       "ldbm_back_modrdn: can't figure out val of newrdn\n",
                       0, 0, 0 );
                send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
-                       NULL, NULL, NULL );
+                       NULL, NULL, NULL, NULL );
                goto return_results;            
 
        }
@@ -284,7 +336,7 @@ ldbm_back_modrdn(
                       "ldbm_back_modrdn: can't figure out old_rdn from dn\n",
                       0, 0, 0 );
                send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
-                       NULL, NULL, NULL );
+                       NULL, NULL, NULL, NULL );
                goto return_results;            
 
        }
@@ -295,7 +347,7 @@ ldbm_back_modrdn(
                       "ldbm_back_modrdn: can't figure out the old_rdn type\n",
                       0, 0, 0 );
                send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
-                       NULL, NULL, NULL );
+                       NULL, NULL, NULL, NULL );
                goto return_results;            
                
        }
@@ -331,7 +383,6 @@ ldbm_back_modrdn(
                /* Remove old rdn value if required */
 
                if (deleteoldrdn) {
-
                        /* Get value of old rdn */
        
                        if ((old_rdn_val = rdn_attr_value( old_rdn ))
@@ -340,12 +391,9 @@ ldbm_back_modrdn(
                                Debug( LDAP_DEBUG_TRACE,
                                       "ldbm_back_modrdn: can't figure out old_rdn_val from old_rdn\n",
                                       0, 0, 0 );
-                               send_ldap_result( conn, op,
-                                                 LDAP_OPERATIONS_ERROR,
-                                                 NULL, NULL, NULL );
+                               send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+                                       NULL, NULL, NULL, NULL );
                                goto return_results;            
-
-
                        }
 
                        del_bvals[0] = &del_bv;         /* Array of bervals */
@@ -383,7 +431,7 @@ ldbm_back_modrdn(
                       0, 0, 0 );
   
                send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
-                       NULL, NULL, NULL );
+                       NULL, NULL, NULL, NULL );
                goto return_results;
 
        }
@@ -406,11 +454,12 @@ ldbm_back_modrdn(
        if ( id2entry_add( be, e ) != 0 ) {
                entry_free( e );
                send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
-                       NULL, NULL, NULL );
+                       NULL, NULL, NULL, NULL );
                goto return_results_after;
        }
 
-       send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL, NULL );
+       send_ldap_result( conn, op, LDAP_SUCCESS,
+               NULL, NULL, NULL, NULL );
        rc = 0;
        goto return_results_after;      
 
Cloned from git://git.openldap.org/openldap.git