)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
- char *matched;
- char *pdn, *newdn, *p;
+ char *matched = NULL;
+ char *p_dn = NULL, *p_ndn = NULL;
+ char *new_dn = NULL, *new_ndn = NULL;
char sep[2];
- Entry *e;
-
- matched = NULL;
+ Entry *e, *p = NULL;
+ int rootlock = 0;
+ int rc = -1;
/* get entry with writer lock */
if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
return( -1 );
}
- if ( (pdn = dn_parent( be, dn )) != NULL ) {
+#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
+ /* check parent for "children" acl */
+ if ( ! access_allowed( be, conn, op, e,
+ "entry", NULL, ACL_WRITE ) )
+ {
+ Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
+ 0, 0 );
+ send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
+ "", "" );
+ goto return_results;
+ }
+#endif
+
+ if ( (p_ndn = dn_parent( be, e->e_ndn )) != NULL ) {
/* parent + rdn + separator(s) + null */
- newdn = (char *) ch_malloc( strlen( pdn ) + strlen( newrdn )
+ if( (p = dn2entry_w( be, p_ndn, &matched )) == NULL) {
+ Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
+ 0, 0, 0);
+ send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+ "", "");
+ goto return_results;
+ }
+
+#ifndef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
+ /* check parent for "children" acl */
+ if ( ! access_allowed( be, conn, op, p,
+ "children", NULL, ACL_WRITE ) )
+ {
+ Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
+ 0, 0 );
+ send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
+ "", "" );
+ goto return_results;
+ }
+#endif
+
+ p_dn = dn_parent( be, e->e_dn );
+ new_dn = (char *) ch_malloc( strlen( p_dn ) + strlen( newrdn )
+ 3 );
- if ( dn_type( dn ) == DN_X500 ) {
- strcpy( newdn, newrdn );
- strcat( newdn, ", " );
- strcat( newdn, pdn );
+ if ( dn_type( e->e_dn ) == DN_X500 ) {
+ strcpy( new_dn, newrdn );
+ strcat( new_dn, ", " );
+ strcat( new_dn, p_dn );
} else {
- strcpy( newdn, newrdn );
- p = strchr( newrdn, '\0' );
- p--;
- if ( *p != '.' && *p != '@' ) {
- if ( (p = strpbrk( dn, ".@" )) != NULL ) {
- sep[0] = *p;
+ char *s;
+ strcpy( new_dn, newrdn );
+ s = strchr( newrdn, '\0' );
+ s--;
+ if ( *s != '.' && *s != '@' ) {
+ if ( (s = strpbrk( dn, ".@" )) != NULL ) {
+ sep[0] = *s;
sep[1] = '\0';
- strcat( newdn, sep );
+ strcat( new_dn, sep );
}
}
- strcat( newdn, pdn );
+ strcat( new_dn, p_dn );
}
+
} else {
- newdn = strdup( newrdn );
+ /* no parent, modrdn entry directly under root */
+ if( ! be_isroot( be, op->o_ndn ) ) {
+ Debug( LDAP_DEBUG_TRACE, "no parent & not root\n",
+ 0, 0, 0);
+ send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
+ "", "");
+ goto return_results;
+ }
+
+ pthread_mutex_lock(&li->li_root_mutex);
+ rootlock = 1;
+
+ new_dn = ch_strdup( newrdn );
}
- (void) dn_normalize( newdn );
- /* get entry with writer lock */
- if ( (dn2id ( be, newdn ) ) != NOID ) {
- free( newdn );
- free( pdn );
+ new_ndn = dn_normalize_case( ch_strdup( new_dn ) );
+
+ if ( (dn2id ( be, new_ndn ) ) != NOID ) {
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, NULL, NULL );
- goto error_return;
+ goto return_results;
}
/* check for abandon */
pthread_mutex_lock( &op->o_abandonmutex );
if ( op->o_abandon ) {
pthread_mutex_unlock( &op->o_abandonmutex );
- free( newdn );
- free( pdn );
- goto error_return;
+ goto return_results;
}
pthread_mutex_unlock( &op->o_abandonmutex );
/* add new one */
- if ( dn2id_add( be, newdn, e->e_id ) != 0 ) {
- free( newdn );
- free( pdn );
+ if ( dn2id_add( be, new_ndn, e->e_id ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
- goto error_return;
+ goto return_results;
}
/* delete old one */
- if ( dn2id_delete( be, dn ) != 0 ) {
- free( newdn );
- free( pdn );
+ if ( dn2id_delete( be, e->e_ndn ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
- goto error_return;
+ goto return_results;
}
(void) cache_delete_entry( &li->li_cache, e );
free( e->e_dn );
- e->e_dn = newdn;
+ free( e->e_ndn );
+ e->e_dn = new_dn;
+ e->e_ndn = new_ndn;
/* XXX
* At some point here we need to update the attribute values in
if ( id2entry_add( be, e ) != 0 ) {
entry_free( e );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
- goto error_return;
+ goto return_results;
}
- free( pdn );
- /* free entry and writer lock */
- cache_return_entry_w( &li->li_cache, e );
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
+ rc = 0;
- return( 0 );
+return_results:
+ if( new_dn != NULL ) free( new_dn );
+ if( new_ndn != NULL ) free( new_ndn );
+ if( p_dn != NULL ) free( p_dn );
+ if( p_ndn != NULL ) free( p_ndn );
+
+ if( matched != NULL ) free( matched );
+
+ if( p != NULL ) {
+ /* free parent and writer lock */
+ cache_return_entry_w( &li->li_cache, p );
+ }
+
+ if ( rootlock ) {
+ /* release root writer lock */
+ pthread_mutex_unlock(&li->li_root_mutex);
+ }
-error_return:
/* free entry and writer lock */
cache_return_entry_w( &li->li_cache, e );
- return( -1 );
+ return( rc );
}
projects / openldap / blobdiff