X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Fback-ldbm%2Fmodrdn.c;h=de0d99b8868636fcc41b9b8f76a508a019f8d84c;hb=426ca14a868b6edb638b48e14593542a365fcc4b;hp=d62ca575998151d04ccbe8e7ecf7e4ca161989cd;hpb=c4b432cb3f058fec34d1abadd7c7072e7014677e;p=openldap diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c index d62ca57599..de0d99b886 100644 --- a/servers/slapd/back-ldbm/modrdn.c +++ b/servers/slapd/back-ldbm/modrdn.c @@ -1,7 +1,7 @@ /* modrdn.c - ldbm backend modrdn routine */ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -34,44 +34,30 @@ int ldbm_back_modrdn( - Backend *be, - Connection *conn, Operation *op, - struct berval *dn, - struct berval *ndn, - struct berval *newrdn, - struct berval *nnewrdn, - int deleteoldrdn, - struct berval *newSuperior, - struct berval *nnewSuperior -) + SlapReply *rs ) { AttributeDescription *children = slap_schema.si_ad_children; - struct ldbminfo *li = (struct ldbminfo *) be->be_private; + AttributeDescription *entry = slap_schema.si_ad_entry; + struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private; struct berval p_dn, p_ndn; - struct berval new_dn = { 0, NULL}, *new_ndn = NULL; + struct berval new_dn = { 0, NULL}, new_ndn = { 0, NULL }; Entry *e, *p = NULL; Entry *matched; + /* LDAP v2 supporting correct attribute handling. */ + LDAPRDN *new_rdn = NULL; + LDAPRDN *old_rdn = NULL; int isroot = -1; - int rootlock = 0; #define CAN_ROLLBACK -1 #define MUST_DESTROY 1 int rc = CAN_ROLLBACK; int rc_id = 0; ID id = NOID; - const char *text = NULL; - char textbuf[SLAP_TEXT_BUFLEN]; - size_t textlen = sizeof textbuf; - /* Added to support LDAP v2 correctly (deleteoldrdn thing) */ - char **new_rdn_vals = NULL; /* Vals of new rdn */ - char **new_rdn_types = NULL; /* Types of new rdn */ - int a_cnt, d_cnt; - char *old_rdn = NULL; /* Old rdn's attr type & val */ - char **old_rdn_types = NULL; /* Types of old rdn attrs. */ - char **old_rdn_vals = NULL; /* Old rdn attribute values */ + const char *text = NULL; + char textbuf[SLAP_TEXT_BUFLEN]; + size_t textlen = sizeof textbuf; /* Added to support newSuperior */ Entry *np = NULL; /* newSuperior Entry */ - struct berval *np_dn = NULL; /* newSuperior dn */ struct berval *np_ndn = NULL; /* newSuperior ndn */ struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */ /* Used to interface with ldbm_modify_internal() */ @@ -79,141 +65,164 @@ ldbm_back_modrdn( int manageDSAit = get_manageDSAit( op ); #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY, + LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_modrdn: dn: %s newSuperior=%s\n", - dn->bv_len ? dn->bv_val : "NULL", - ( newSuperior && newSuperior->bv_len ) - ? newSuperior->bv_val : "NULL" )); + op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL", + ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len ) ? op->oq_modrdn.rs_newSup->bv_val : "NULL",0 ); #else Debug( LDAP_DEBUG_TRACE, "==>ldbm_back_modrdn: dn: %s newSuperior=%s\n", - dn->bv_len ? dn->bv_val : "NULL", - ( newSuperior && newSuperior->bv_len ) - ? newSuperior->bv_val : "NULL", 0 ); + op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL", + ( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len ) + ? op->oq_modrdn.rs_newSup->bv_val : "NULL", 0 ); #endif - /* get entry with writer lock */ - if ( (e = dn2entry_w( be, ndn->bv_val, &matched )) == NULL ) { - char* matched_dn = NULL; - struct berval** refs; + /* grab giant lock for writing */ + ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock); + /* get entry with writer lock */ + if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) { if( matched != NULL ) { - matched_dn = strdup( matched->e_dn ); - refs = is_entry_referral( matched ) - ? get_entry_referrals( be, conn, op, matched ) + rs->sr_matched = strdup( matched->e_dn ); + rs->sr_ref = is_entry_referral( matched ) + ? get_entry_referrals( op, matched ) : NULL; cache_return_entry_r( &li->li_cache, matched ); } else { - refs = referral_rewrite( default_referral, - NULL, dn, LDAP_SCOPE_DEFAULT ); + rs->sr_ref = referral_rewrite( default_referral, + NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } - send_ldap_result( conn, op, LDAP_REFERRAL, - matched_dn, NULL, refs, NULL ); + ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); + + rs->sr_err = LDAP_REFERRAL; + send_ldap_result( op, rs ); - ber_bvecfree( refs ); - free( matched_dn ); + if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref ); + free( (char *)rs->sr_matched ); return( -1 ); } + /* check entry for "entry" acl */ + if ( ! access_allowed( op, e, + entry, NULL, ACL_WRITE, NULL ) ) + { +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, ERR, + "ldbm_back_modrdn: no write access to entry of (%s)\n", + dn->bv_val, 0, 0 ); +#else + Debug( LDAP_DEBUG_TRACE, + "<=- ldbm_back_modrdn: no write access to entry\n", 0, + 0, 0 ); +#endif + + send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, + "no write access to entry" ); + + goto return_results; + } + if (!manageDSAit && is_entry_referral( e ) ) { /* parent is a referral, don't allow add */ /* parent is an alias, don't allow add */ - struct berval **refs = get_entry_referrals( be, - conn, op, e ); + rs->sr_ref = get_entry_referrals( op, e ); #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: entry %s is a referral\n", e->e_dn )); + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_back_modrdn: entry %s is a referral\n", e->e_dn, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "entry %s is referral\n", e->e_dn, 0, 0 ); #endif - send_ldap_result( conn, op, LDAP_REFERRAL, - e->e_dn, NULL, refs, NULL ); + rs->sr_err = LDAP_REFERRAL; + rs->sr_matched = e->e_name.bv_val; + send_ldap_result( op, rs ); - ber_bvecfree( refs ); + if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref ); goto return_results; } - if ( has_children( be, e ) ) { + if ( has_children( op->o_bd, e ) ) { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: entry %s has children\n", e->e_dn )); + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_back_modrdn: entry %s has children\n", e->e_dn, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "entry %s has children\n", e->e_dn, 0, 0 ); #endif - send_ldap_result( conn, op, LDAP_NOT_ALLOWED_ON_NONLEAF, - NULL, "subtree rename not supported", NULL, NULL ); + send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF, + "subtree rename not supported" ); goto return_results; } - p_ndn.bv_val = dn_parent( be, e->e_ndn ); - if ( p_ndn.bv_val ) - p_ndn.bv_len = e->e_nname.bv_len - (p_ndn.bv_val - e->e_ndn); - else - p_ndn.bv_len = 0; + if ( be_issuffix( op->o_bd, &e->e_nname ) ) { + p_ndn = slap_empty_bv ; + } else { + dnParent( &e->e_nname, &p_ndn ); + } if ( p_ndn.bv_len != 0 ) { /* Make sure parent entry exist and we can write its * children. */ - if( (p = dn2entry_w( be, p_ndn.bv_val, NULL )) == NULL) { + if( (p = dn2entry_w( op->o_bd, &p_ndn, NULL )) == NULL) { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: parent of %s does not exist\n", e->e_ndn )); + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_back_modrdn: parent of %s does not exist\n", + e->e_ndn, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "parent does not exist\n", 0, 0, 0); #endif - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "parent entry does not exist", NULL, NULL ); + send_ldap_error( op, rs, LDAP_OTHER, + "parent entry does not exist" ); goto return_results; } /* check parent for "children" acl */ - if ( ! access_allowed( be, conn, op, p, - children, NULL, ACL_WRITE ) ) + if ( ! access_allowed( op, p, + children, NULL, ACL_WRITE, NULL ) ) { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: no access to parent of (%s)\n", e->e_dn )); + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_back_modrdn: no access to parent of (%s)\n", + e->e_dn, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0, 0, 0 ); #endif - send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, - NULL, NULL, NULL, NULL ); + send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, + NULL ); goto return_results; } #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, - "ldbm_back_modrdn: wr to children of entry %s OK\n", - p_ndn.bv_val )); + LDAP_LOG( BACK_LDBM, DETAIL1, + "ldbm_back_modrdn: wr to children of entry %s OK\n", + p_ndn.bv_val, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: wr to children of entry %s OK\n", p_ndn.bv_val, 0, 0 ); #endif - p_dn.bv_val = dn_parent( be, e->e_dn ); - if ( p_dn.bv_val ) - p_dn.bv_len = e->e_name.bv_len - (p_dn.bv_val - e->e_dn); - else - p_dn.bv_len = 0; + if ( p_ndn.bv_val == slap_empty_bv.bv_val ) { + p_dn = slap_empty_bv; + } else { + dnParent( &e->e_name, &p_dn ); + } #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, - "ldbm_back_modrdn: parent dn=%s\n", p_dn.bv_val )); + LDAP_LOG( BACK_LDBM, DETAIL1, + "ldbm_back_modrdn: parent dn=%s\n", p_dn.bv_val, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n", p_dn.bv_val, 0, 0 ); @@ -221,57 +230,54 @@ ldbm_back_modrdn( } else { /* no parent, must be root to modify rdn */ - isroot = be_isroot( be, &op->o_ndn ); + isroot = be_isroot( op->o_bd, &op->o_ndn ); if ( ! isroot ) { - if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) { + if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) { + int can_access; p = (Entry *)&slap_entry_root; - rc = access_allowed( be, conn, op, p, - children, NULL, ACL_WRITE ); + can_access = access_allowed( op, p, + children, NULL, ACL_WRITE, NULL ); p = NULL; /* check parent for "children" acl */ - if ( ! rc ) { + if ( ! can_access ) { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_ERR, - "ldbm_back_modrdn: no access " - "to parent \"\"\n" )); + LDAP_LOG( BACK_LDBM, ERR, + "ldbm_back_modrdn: no access to parent \"\"\n", 0,0,0 ); #else Debug( LDAP_DEBUG_TRACE, "<=- ldbm_back_modrdn: no " "access to parent\n", 0, 0, 0 ); #endif - send_ldap_result( conn, op, + send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, - NULL, NULL, NULL, NULL ); + NULL ); goto return_results; } } else { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_ERR, - "ldbm_back_modrdn: (%s) has no " - "parent & not a root.\n", dn )); + LDAP_LOG( BACK_LDBM, ERR, + "ldbm_back_modrdn: (%s) has no parent & not a root.\n", + dn, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "<=- ldbm_back_modrdn: no parent & " "not root\n", 0, 0, 0); #endif - send_ldap_result( conn, op, + send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, - NULL, NULL, NULL, NULL ); + NULL ); goto return_results; } } - ldap_pvt_thread_mutex_lock(&li->li_root_mutex); - rootlock = 1; - #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: (%s) no parent, locked root.\n", e->e_dn )); + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_back_modrdn: (%s) no parent, locked root.\n", e->e_dn, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: no parent, locked root\n", @@ -281,63 +287,61 @@ ldbm_back_modrdn( new_parent_dn = &p_dn; /* New Parent unless newSuperior given */ - if ( newSuperior != NULL ) { + if ( op->oq_modrdn.rs_newSup != NULL ) { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, + LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_back_modrdn: new parent \"%s\" requested\n", - newSuperior->bv_val )); + op->oq_modrdn.rs_newSup->bv_val, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new parent \"%s\" requested...\n", - newSuperior->bv_val, 0, 0 ); + op->oq_modrdn.rs_newSup->bv_val, 0, 0 ); #endif - np_dn = newSuperior; - np_ndn = nnewSuperior; + np_ndn = op->oq_modrdn.rs_nnewSup; /* newSuperior == oldParent? */ - if ( p_ndn.bv_len == np_ndn->bv_len && - strcmp( p_ndn.bv_val, np_ndn->bv_val ) == 0 ) { + if ( dn_match( &p_ndn, np_ndn ) ) { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, "ldbm_back_modrdn: " + LDAP_LOG( BACK_LDBM, INFO, "ldbm_back_modrdn: " "new parent\"%s\" seems to be the same as the " - "old parent \"%s\"\n", - newSuperior->bv_val, p_dn.bv_val )); + "old parent \"%s\"\n", op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: " "new parent\"%s\" seems to be the same as the " "old parent \"%s\"\n", - newSuperior->bv_val, p_dn.bv_val, 0 ); + op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 ); #endif - newSuperior = NULL; /* ignore newSuperior */ + op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */ } } - if ( newSuperior != NULL ) { + if ( op->oq_modrdn.rs_newSup != NULL ) { /* newSuperior == entry being moved?, if so ==> ERROR */ /* Get Entry with dn=newSuperior. Does newSuperior exist? */ - if ( nnewSuperior->bv_len ) { - if( (np = dn2entry_w( be, np_ndn->bv_val, NULL )) == NULL) { + if ( op->oq_modrdn.rs_nnewSup->bv_len ) { + if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_ERR, - "ldbm_back_modrdn: newSup(ndn=%s) not found.\n", np_ndn->bv_val )); + LDAP_LOG( BACK_LDBM, ERR, + "ldbm_back_modrdn: newSup(ndn=%s) not found.\n", + np_ndn->bv_val, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: newSup(ndn=%s) not here!\n", np_ndn->bv_val, 0, 0); #endif - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "newSuperior not found", NULL, NULL ); + send_ldap_error( op, rs, LDAP_OTHER, + "newSuperior not found" ); goto return_results; } #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, + LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n", - np, np->e_id )); + np, np->e_id, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n", @@ -345,35 +349,34 @@ ldbm_back_modrdn( #endif /* check newSuperior for "children" acl */ - if ( !access_allowed( be, conn, op, np, children, NULL, - ACL_WRITE ) ) + if ( !access_allowed( op, np, children, NULL, + ACL_WRITE, NULL ) ) { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: no wr to newSup children.\n" )); + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_back_modrdn: no wr to newSup children.\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: no wr to newSup children\n", 0, 0, 0 ); #endif - send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, - NULL, NULL, NULL, NULL ); + send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL ); goto return_results; } if ( is_entry_alias( np ) ) { /* parent is an alias, don't allow add */ #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: entry (%s) is an alias.\n", np->e_dn )); + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_back_modrdn: entry (%s) is an alias.\n", np->e_dn,0,0); #else Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 ); #endif - send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, - NULL, "newSuperior is an alias", NULL, NULL ); + send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM, + "newSuperior is an alias" ); goto return_results; } @@ -381,16 +384,16 @@ ldbm_back_modrdn( if ( is_entry_referral( np ) ) { /* parent is a referral, don't allow add */ #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, + LDAP_LOG( BACK_LDBM, INFO, "ldbm_back_modrdn: entry (%s) is a referral\n", - np->e_dn )); + np->e_dn, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n", np->e_dn, 0, 0 ); #endif - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "newSuperior is a referral", NULL, NULL ); + send_ldap_error( op, rs, LDAP_OTHER, + "newSuperior is a referral" ); goto return_results; } @@ -399,40 +402,41 @@ ldbm_back_modrdn( /* no parent, must be root to modify newSuperior */ if ( isroot == -1 ) { - isroot = be_isroot( be, &op->o_ndn ); + isroot = be_isroot( op->o_bd, &op->o_ndn ); } if ( ! isroot ) { - if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) { + if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) { + int can_access; np = (Entry *)&slap_entry_root; - rc = access_allowed( be, conn, op, np, - children, NULL, ACL_WRITE ); + can_access = access_allowed( op, np, + children, NULL, ACL_WRITE, NULL ); np = NULL; /* check parent for "children" acl */ - if ( ! rc ) { + if ( ! can_access ) { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_ERR, + LDAP_LOG( BACK_LDBM, ERR, "ldbm_back_modrdn: no access " - "to new superior \"\"\n" )); + "to new superior \"\"\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "<=- ldbm_back_modrdn: no " "access to new superior\n", 0, 0, 0 ); #endif - send_ldap_result( conn, op, + send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, - NULL, NULL, NULL, NULL ); + NULL ); goto return_results; } } else { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_ERR, - "ldbm_back_modrdn: \"\" " - "not allowed as new superior\n" )); + LDAP_LOG( BACK_LDBM, ERR, + "ldbm_back_modrdn: \"\" not allowed as new superior\n", + 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "<=- ldbm_back_modrdn: \"\" " @@ -440,306 +444,133 @@ ldbm_back_modrdn( 0, 0, 0); #endif - send_ldap_result( conn, op, + send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, - NULL, NULL, NULL, NULL ); + NULL ); goto return_results; } } } #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, - "ldbm_back_modrdn: wr to new parent's children OK.\n" )); + LDAP_LOG( BACK_LDBM, DETAIL1, + "ldbm_back_modrdn: wr to new parent's children OK.\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: wr to new parent's children OK\n", 0, 0, 0 ); #endif - new_parent_dn = np_dn; + new_parent_dn = op->oq_modrdn.rs_newSup; } /* Build target dn and make sure target entry doesn't exist already. */ - build_new_dn( &new_dn, new_parent_dn, newrdn ); - dnNormalize( NULL, &new_dn, &new_ndn ); + build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn ); + dnNormalize2( NULL, &new_dn, &new_ndn ); #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, - "ldbm_back_modrdn: new ndn=%s\n", new_ndn->bv_val )); + LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_back_modrdn: new ndn=%s\n", + new_ndn.bv_val, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n", - new_ndn->bv_val, 0, 0 ); + new_ndn.bv_val, 0, 0 ); #endif /* check for abandon */ - ldap_pvt_thread_mutex_lock( &op->o_abandonmutex ); if ( op->o_abandon ) { - ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); goto return_results; } - ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); - if ( ( rc_id = dn2id ( be, new_ndn->bv_val, &id ) ) || id != NOID ) { + if ( ( rc_id = dn2id ( op->o_bd, &new_ndn, &id ) ) || id != NOID ) { /* if (rc_id) something bad happened to ldbm cache */ - send_ldap_result( conn, op, - rc_id ? LDAP_OPERATIONS_ERROR : LDAP_ALREADY_EXISTS, - NULL, NULL, NULL, NULL ); + rs->sr_err = rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS; + send_ldap_result( op, rs ); goto return_results; } #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: new ndn (%s) does not exist\n", new_ndn )); + LDAP_LOG( BACK_LDBM, INFO, "ldbm_back_modrdn: new ndn (%s) does not exist\n", + new_ndn.bv_val, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s does not exist\n", - new_ndn, 0, 0 ); + new_ndn.bv_val, 0, 0 ); #endif - - /* Get attribute types and values of our new rdn, we will + /* Get attribute type and attribute value of our new rdn, we will * need to add that to our new entry */ - if ( rdn_attrs( newrdn->bv_val, &new_rdn_types, &new_rdn_vals ) ) { + if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text, + LDAP_DN_FORMAT_LDAP ) ) + { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: can't figure out type(s)/value(s) of newrdn\n" )); + LDAP_LOG ( OPERATION, ERR, + "ldbm_back_modrdn: can't figure out " + "type(s)/values(s) of newrdn\n", + 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, - "ldbm_back_modrdn: can't figure out type(s)/value(s) of newrdn\n", - 0, 0, 0 ); + "ldbm_back_modrdn: can't figure out " + "type(s)/values(s) of newrdn\n", + 0, 0, 0 ); #endif - - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "unable to parse type(s)/value(s) used in RDN", NULL, NULL ); goto return_results; } #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, - "ldbm_back_modrdn: new_rdn_val=\"%s\", new_rdn_type=\"%s\"\n", - new_rdn_vals[0], new_rdn_types[0] )); + LDAP_LOG ( OPERATION, RESULTS, + "ldbm_back_modrdn: new_rdn_type=\"%s\", " + "new_rdn_val=\"%s\"\n", + new_rdn[ 0 ][ 0 ]->la_attr.bv_val, + new_rdn[ 0 ][ 0 ]->la_value.bv_val, 0 ); #else Debug( LDAP_DEBUG_TRACE, - "ldbm_back_modrdn: new_rdn_val=\"%s\", new_rdn_type=\"%s\"\n", - new_rdn_vals[0], new_rdn_types[0], 0 ); -#endif - - /* Retrieve the old rdn from the entry's dn */ - if ( (old_rdn = dn_rdn( be, dn )) == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: can't figure out old_rdn from dn (%s)\n", - dn->bv_val )); -#else - Debug( LDAP_DEBUG_TRACE, - "ldbm_back_modrdn: can't figure out old_rdn from dn\n", - 0, 0, 0 ); + "ldbm_back_modrdn: new_rdn_type=\"%s\", " + "new_rdn_val=\"%s\"\n", + new_rdn[ 0 ][ 0 ]->la_attr.bv_val, + new_rdn[ 0 ][ 0 ]->la_value.bv_val, 0 ); #endif - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "could not parse old DN", NULL, NULL ); - goto return_results; - } - - if ( rdn_attrs( old_rdn, &old_rdn_types, &old_rdn_vals ) ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: can't figure out the old_rdn type(s)/value(s).\n" )); -#else - Debug( LDAP_DEBUG_TRACE, - "ldbm_back_modrdn: can't figure out the old_rdn type(s)/value(s)\n", - 0, 0, 0 ); -#endif - - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "unable to parse type(s)/value(s) used in RDN from old DN", NULL, NULL ); - goto return_results; - } - - if ( newSuperior == NULL - && charray_strcasecmp( (const char **)old_rdn_types, (const char **)new_rdn_types ) != 0 ) - { - /* Not a big deal but we may say something */ -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: old_rdn_type=%s new_rdn_type=%s\n", - old_rdn_types[0], new_rdn_types[0] )); -#else - Debug( LDAP_DEBUG_TRACE, - "ldbm_back_modrdn: old_rdn_type=%s, new_rdn_type=%s!\n", - old_rdn_types[0], new_rdn_types[0], 0 ); -#endif - } - -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, - "ldbm_back_modrdn: DN_X500\n" )); -#else - Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n", - 0, 0, 0 ); -#endif - - mod = NULL; - for ( a_cnt = 0; new_rdn_types[a_cnt]; a_cnt++ ) { - int rc; - AttributeDescription *desc = NULL; - Modifications *mod_tmp; - struct berval val; - - - rc = slap_str2ad( new_rdn_types[a_cnt], &desc, &text ); - - if ( rc != LDAP_SUCCESS ) { + if ( op->oq_modrdn.rs_deleteoldrdn ) { + if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text, + LDAP_DN_FORMAT_LDAP ) ) + { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: slap_str2ad error: %s (%s)\n", - text, new_rdn_types[a_cnt] )); + LDAP_LOG ( OPERATION, ERR, + "ldbm_back_modrdn: can't figure out " + "type(s)/values(s) of old_rdn\n", + 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, - "ldbm_back_modrdn: %s: %s (new)\n", - text, new_rdn_types[a_cnt], 0 ); + "ldbm_back_modrdn: can't figure out " + "the old_rdn type(s)/value(s)\n", + 0, 0, 0 ); #endif - - send_ldap_result( conn, op, rc, - NULL, text, NULL, NULL ); - goto return_results; } - - val.bv_val = new_rdn_vals[a_cnt]; - val.bv_len = strlen( val.bv_val ); - if ( ! access_allowed( be, conn, op, e, - desc, &val, ACL_WRITE ) ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: access " - "not allowed to attr \"%s\"\n", - new_rdn_types[a_cnt] )); -#else - Debug( LDAP_DEBUG_TRACE, - "ldbm_back_modrdn: access not allowed " - "to attr \"%s\"\n%s%s", - new_rdn_types[a_cnt], "", "" ); -#endif - send_ldap_result( conn, op, - LDAP_INSUFFICIENT_ACCESS, - NULL, NULL, NULL, NULL ); - - goto return_results; - } - - mod_tmp = (Modifications *)ch_malloc( sizeof( Modifications ) ); - mod_tmp->sml_desc = desc; - mod_tmp->sml_bvalues = (struct berval **)ch_malloc( 2 * sizeof(struct berval *) ); - mod_tmp->sml_bvalues[0] = ber_bvstrdup( new_rdn_vals[a_cnt] ); - mod_tmp->sml_bvalues[1] = NULL; - mod_tmp->sml_op = SLAP_MOD_SOFTADD; - mod_tmp->sml_next = mod; - mod = mod_tmp; } - /* Remove old rdn value if required */ - if ( deleteoldrdn ) { - /* Get value of old rdn */ - if ( old_rdn_vals == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: can't figure out old RDN value(s) from old RDN\n" )); -#else - Debug( LDAP_DEBUG_TRACE, - "ldbm_back_modrdn: can't figure out oldRDN value(s) from old RDN\n", - 0, 0, 0 ); -#endif - - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "could not parse value(s) from old RDN", NULL, NULL ); - goto return_results; - } - - for ( d_cnt = 0; old_rdn_types[d_cnt]; d_cnt++ ) { - int rc; - AttributeDescription *desc = NULL; - Modifications *mod_tmp; - struct berval val; - - - rc = slap_str2ad( old_rdn_types[d_cnt], &desc, &text ); - - if ( rc != LDAP_SUCCESS ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: %s: %s (old)\n", - text, old_rdn_types[d_cnt] )); -#else - Debug( LDAP_DEBUG_TRACE, - "ldbm_back_modrdn: %s: %s (old)\n", - text, old_rdn_types[d_cnt], 0 ); -#endif - - send_ldap_result( conn, op, rc, - NULL, text, NULL, NULL ); - - goto return_results; - } - - val.bv_val = old_rdn_vals[d_cnt]; - val.bv_len = strlen( val.bv_val ); - if ( ! access_allowed( be, conn, op, e, - desc, &val, ACL_WRITE ) ) { #ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_back_modrdn: access " - "not allowed to attr \"%s\"\n", - old_rdn_types[d_cnt] )); + LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_back_modrdn: DN_X500\n", 0, 0, 0 ); #else - Debug( LDAP_DEBUG_TRACE, - "ldbm_back_modrdn: access not allowed " - "to attr \"%s\"\n%s%s", - old_rdn_types[d_cnt], "", "" ); -#endif - send_ldap_result( conn, op, - LDAP_INSUFFICIENT_ACCESS, - NULL, NULL, NULL, NULL ); - - goto return_results; - } - - /* Remove old value of rdn as an attribute. */ - mod_tmp = (Modifications *)ch_malloc( sizeof( Modifications ) ); - mod_tmp->sml_desc = desc; - mod_tmp->sml_bvalues = (struct berval **)ch_malloc( 2 * sizeof(struct berval *) ); - mod_tmp->sml_bvalues[0] = ber_bvstrdup( old_rdn_vals[d_cnt] ); - mod_tmp->sml_bvalues[1] = NULL; - mod_tmp->sml_op = LDAP_MOD_DELETE; - mod_tmp->sml_next = mod; - mod = mod_tmp; - -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, - "ldbm_back_modrdn: removing old_rdn_val=%s\n", old_rdn_vals[0] )); -#else - Debug( LDAP_DEBUG_TRACE, - "ldbm_back_modrdn: removing old_rdn_val=%s\n", - old_rdn_vals[0], 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n", + 0, 0, 0 ); #endif - } + + if ( slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod ) != LDAP_SUCCESS ) { + goto return_results; } - + /* check for abandon */ - ldap_pvt_thread_mutex_lock( &op->o_abandonmutex ); if ( op->o_abandon ) { - ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); goto return_results; } - ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); /* delete old one */ - if ( dn2id_delete( be, e->e_ndn, e->e_id ) != 0 ) { - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "DN index delete fail", NULL, NULL ); + if ( dn2id_delete( op->o_bd, &e->e_nname, e->e_id ) != 0 ) { + send_ldap_error( op, rs, LDAP_OTHER, + "DN index delete fail" ); goto return_results; } @@ -751,67 +582,75 @@ ldbm_back_modrdn( free( e->e_dn ); free( e->e_ndn ); e->e_name = new_dn; - e->e_nname = *new_ndn; + e->e_nname = new_ndn; new_dn.bv_val = NULL; - new_ndn = NULL; + new_ndn.bv_val = NULL; + + /* NOTE: after this you must not free new_dn or new_ndn! + * They are used by cache. + */ /* add new one */ - if ( dn2id_add( be, e->e_ndn, e->e_id ) != 0 ) { - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "DN index add failed", NULL, NULL ); + if ( dn2id_add( op->o_bd, &e->e_nname, e->e_id ) != 0 ) { + send_ldap_error( op, rs, LDAP_OTHER, + "DN index add failed" ); goto return_results; } /* modify memory copy of entry */ - rc = ldbm_modify_internal( be, conn, op, dn->bv_val, &mod[0], e, - &text, textbuf, textlen ); - - if( rc != LDAP_SUCCESS ) { - if( rc != SLAPD_ABANDON ) { - send_ldap_result( conn, op, rc, - NULL, text, NULL, NULL ); - } - + rc_id = ldbm_modify_internal( op, &mod[0], e, + &rs->sr_text, textbuf, textlen ); + switch ( rc_id ) { + case LDAP_SUCCESS: + break; + + case SLAPD_ABANDON: + /* too late ... */ + rs->sr_err = rc_id; + send_ldap_result( op, rs ); + goto return_results; + + default: /* here we may try to delete the newly added dn */ - if ( dn2id_delete( be, e->e_ndn, e->e_id ) != 0 ) { + if ( dn2id_delete( op->o_bd, &e->e_nname, e->e_id ) != 0 ) { /* we already are in trouble ... */ ; } - goto return_results; } (void) cache_update_entry( &li->li_cache, e ); - /* NOTE: after this you must not free new_dn or new_ndn! - * They are used by cache. - */ - /* id2entry index */ - if ( id2entry_add( be, e ) != 0 ) { - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "entry update failed", NULL, NULL ); + if ( id2entry_add( op->o_bd, e ) != 0 ) { + send_ldap_error( op, rs, LDAP_OTHER, + "entry update failed" ); goto return_results; } - send_ldap_result( conn, op, LDAP_SUCCESS, - NULL, NULL, NULL, NULL ); + rs->sr_err = LDAP_SUCCESS; + send_ldap_result( op, rs ); rc = 0; cache_entry_commit( e ); return_results: if( new_dn.bv_val != NULL ) free( new_dn.bv_val ); - if( new_ndn != NULL ) ber_bvfree( new_ndn ); + if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val ); /* LDAP v2 supporting correct attribute handling. */ - if( new_rdn_types != NULL ) charray_free( new_rdn_types ); - if( new_rdn_vals != NULL ) charray_free( new_rdn_vals ); - if( old_rdn != NULL ) free(old_rdn); - if( old_rdn_types != NULL ) charray_free( old_rdn_types ); - if( old_rdn_vals != NULL ) charray_free( old_rdn_vals ); - + if ( new_rdn != NULL ) { + ldap_rdnfree( new_rdn ); + } + if ( old_rdn != NULL ) { + ldap_rdnfree( old_rdn ); + } if ( mod != NULL ) { - slap_mods_free( mod ); + Modifications *tmp; + for (; mod; mod = tmp ) { + if ( mod->sml_nvalues ) free( mod->sml_nvalues[0].bv_val ); + tmp = mod->sml_next; + free( mod ); + } } /* LDAP v3 Support */ @@ -825,11 +664,6 @@ return_results: cache_return_entry_w( &li->li_cache, p ); } - if ( rootlock ) { - /* release root writer lock */ - ldap_pvt_thread_mutex_unlock(&li->li_root_mutex); - } - /* free entry and writer lock */ cache_return_entry_w( &li->li_cache, e ); if ( rc == MUST_DESTROY ) { @@ -838,5 +672,6 @@ return_results: * the entry must be freed */ entry_free( e ); } + ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); return( rc ); }