X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldbm%2Fmodify.c;h=46ca1025a9471f132ae9b6db966aba937af53af5;hb=426ca14a868b6edb638b48e14593542a365fcc4b;hp=9ae82205434f763885580543596d5067d22d348f;hpb=e9c2895472d41da41fee1ffb049195b190f6adbc;p=openldap diff --git a/servers/slapd/back-ldbm/modify.c b/servers/slapd/back-ldbm/modify.c index 9ae8220543..46ca1025a9 100644 --- a/servers/slapd/back-ldbm/modify.c +++ b/servers/slapd/back-ldbm/modify.c @@ -1,4 +1,9 @@ /* modify.c - ldbm backend modify routine */ +/* $OpenLDAP$ */ +/* + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ #include "portable.h" @@ -12,354 +17,365 @@ #include "back-ldbm.h" #include "proto-back-ldbm.h" -static void add_lastmods(Operation *op, LDAPModList **ml); - - -static void -add_lastmods( Operation *op, LDAPModList **modlist ) -{ - char buf[22]; - struct berval bv; - struct berval *bvals[2]; - LDAPModList **m; - LDAPModList *tmp; - struct tm *ltm; - time_t currenttime; - - Debug( LDAP_DEBUG_TRACE, "add_lastmods\n", 0, 0, 0 ); - - bvals[0] = &bv; - bvals[1] = NULL; - - /* remove any attempts by the user to modify these attrs */ - for ( m = modlist; *m != NULL; m = &(*m)->ml_next ) { - if ( oc_check_no_usermod_attr( (*m)->ml_type ) ) { - Debug( LDAP_DEBUG_TRACE, - "add_lastmods: found no user mod attr: %s\n", - (*m)->ml_type, 0, 0 ); - tmp = *m; - *m = (*m)->ml_next; - free( tmp->ml_type ); - if ( tmp->ml_bvalues != NULL ) { - ber_bvecfree( tmp->ml_bvalues ); - } - free( tmp ); - if (!*m) - break; - } - } - - if ( op->o_dn == NULL || op->o_dn[0] == '\0' ) { - bv.bv_val = "NULLDN"; - bv.bv_len = strlen( bv.bv_val ); - } else { - bv.bv_val = op->o_dn; - bv.bv_len = strlen( bv.bv_val ); - } - tmp = (LDAPModList *) ch_calloc( 1, sizeof(LDAPModList) ); - tmp->ml_type = ch_strdup( "modifiersname" ); - tmp->ml_op = LDAP_MOD_REPLACE; - tmp->ml_bvalues = (struct berval **) ch_calloc(2, sizeof(struct berval *)); - tmp->ml_bvalues[0] = ber_bvdup( &bv ); - tmp->ml_next = *modlist; - *modlist = tmp; - - currenttime = slap_get_time(); - ldap_pvt_thread_mutex_lock( &gmtime_mutex ); -#ifndef LDAP_LOCALTIME - ltm = gmtime( ¤ttime ); - strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm ); -#else - ltm = localtime( ¤ttime ); - strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm ); -#endif - ldap_pvt_thread_mutex_unlock( &gmtime_mutex ); - - bv.bv_val = buf; - bv.bv_len = strlen( bv.bv_val ); - tmp = (LDAPModList *) ch_calloc( 1, sizeof(LDAPModList) ); - tmp->ml_type = ch_strdup( "modifytimestamp" ); - tmp->ml_op = LDAP_MOD_REPLACE; - tmp->ml_bvalues = (struct berval **) ch_calloc(2, sizeof(struct berval *)); - tmp->ml_bvalues[0] = ber_bvdup( &bv ); - tmp->ml_next = *modlist; - *modlist = tmp; - -} - /* We need this function because of LDAP modrdn. If we do not * add this there would be a bunch of code replication here * and there and of course the likelihood of bugs increases. * Juan C. Gomez (gomez@engr.sgi.com) 05/18/99 */ - int ldbm_modify_internal( - Backend *be, - Connection *conn, Operation *op, - char *dn, - LDAPModList *modlist, - Entry *e + Modifications *modlist, + Entry *e, + const char **text, + char *textbuf, + size_t textlen ) { - int err; - LDAPMod *mod; - LDAPModList *ml; - Attribute *a; - - if ( ((be->be_lastmod == ON) - || ((be->be_lastmod == UNDEFINED)&&(global_lastmod == ON))) - && (be->be_update_ndn == NULL)) { - - /* XXX: It may be wrong, it changes mod time even if - * mod fails! - */ - add_lastmods( op, &modlist ); - - } + int rc = LDAP_SUCCESS; + Modification *mod; + Modifications *ml; + Attribute *save_attrs; + Attribute *ap; + +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_modify_internal: %s\n", e->e_name.bv_val, 0, 0 ); +#else + Debug(LDAP_DEBUG_TRACE, "ldbm_modify_internal: %s\n", e->e_name.bv_val, 0, 0); +#endif - if ( (err = acl_check_modlist( be, conn, op, e, modlist )) - != LDAP_SUCCESS ) { - send_ldap_result( conn, op, err, NULL, NULL ); - return -1; + if ( !acl_check_modlist( op, e, modlist )) { + return LDAP_INSUFFICIENT_ACCESS; } - for ( ml = modlist; ml != NULL; ml = ml->ml_next ) { + save_attrs = e->e_attrs; + e->e_attrs = attrs_dup( e->e_attrs ); - mod = &ml->ml_mod; + for ( ml = modlist; ml != NULL; ml = ml->sml_next ) { + mod = &ml->sml_mod; - switch ( mod->mod_op & ~LDAP_MOD_BVALUES ) { + switch ( mod->sm_op ) { case LDAP_MOD_ADD: - err = add_values( e, mod, op->o_ndn ); +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_modify_internal: add\n", 0, 0, 0); +#else + Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: add\n", 0, 0, 0); +#endif + + rc = modify_add_values( e, mod, get_permissiveModify( op ), + text, textbuf, textlen ); + if( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_modify_internal: failed %d (%s)\n", rc, *text, 0 ); +#else + Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: %d %s\n", + rc, *text, 0); +#endif + } break; case LDAP_MOD_DELETE: - err = delete_values( e, mod, op->o_ndn ); +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_modify_internal: delete\n", 0,0,0); +#else + Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: delete\n", 0, 0, 0); +#endif + + rc = modify_delete_values( e, mod, get_permissiveModify( op ), + text, textbuf, textlen ); + assert( rc != LDAP_TYPE_OR_VALUE_EXISTS ); + if( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_modify_internal: failed %d (%s)\n", rc, *text, 0 ); +#else + Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: %d %s\n", + rc, *text, 0); +#endif + } break; case LDAP_MOD_REPLACE: - /* Need to remove all values from indexes before they - * are lost. +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_modify_internal: replace\n",0,0,0); +#else + Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: replace\n", 0, 0, 0); +#endif + + rc = modify_replace_values( e, mod, get_permissiveModify( op ), + text, textbuf, textlen ); + if( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_modify_internal: failed %d (%s)\n", rc, *text, 0 ); +#else + Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: %d %s\n", + rc, *text, 0); +#endif + } + break; + + case SLAP_MOD_SOFTADD: +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, DETAIL1, + "ldbm_modify_internal: softadd\n", 0, 0, 0 ); +#else + Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: softadd\n", 0, 0, 0); +#endif + + /* Avoid problems in index_add_mods() + * We need to add index if necessary. */ - if( e->e_attrs - && ((a = attr_find( e->e_attrs, mod->mod_type )) - != NULL) ) { - - (void) index_change_values( be, - mod->mod_type, - a->a_vals, - e->e_id, - __INDEX_DELETE_OP); + mod->sm_op = LDAP_MOD_ADD; + + rc = modify_add_values( e, mod, get_permissiveModify( op ), + text, textbuf, textlen ); + if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) { + rc = LDAP_SUCCESS; } - err = replace_values( e, mod, op->o_ndn ); + if( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_modify_internal: failed %d (%s)\n", rc, *text, 0 ); +#else + Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: %d %s\n", + rc, *text, 0); +#endif + } break; - case LDAP_MOD_SOFTADD: - /* Avoid problems in index_add_mods() - * We need to add index if necessary. - */ - mod->mod_op = LDAP_MOD_ADD; - if ( (err = add_values( e, mod, op->o_ndn )) - == LDAP_TYPE_OR_VALUE_EXISTS ) { - - err = LDAP_SUCCESS; - mod->mod_op = LDAP_MOD_SOFTADD; - - } - break; + default: +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, ERR, + "ldbm_modify_internal: invalid op %d\n", mod->sm_op, 0, 0 ); +#else + Debug(LDAP_DEBUG_ANY, "ldbm_modify_internal: invalid op %d\n", + mod->sm_op, 0, 0); +#endif + + rc = LDAP_OTHER; + *text = "Invalid modify operation"; +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_modify_internal: %d (%s)\n", rc, *text, 0 ); +#else + Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: %d %s\n", + rc, *text, 0); +#endif + } + + if ( rc != LDAP_SUCCESS ) { + goto exit; } - if ( err != LDAP_SUCCESS ) { - /* unlock entry, delete from cache */ - send_ldap_result( conn, op, err, NULL, NULL ); - return -1; + /* If objectClass was modified, reset the flags */ + if ( mod->sm_desc == slap_schema.si_ad_objectClass ) { + e->e_ocflags = 0; + } + + /* check if modified attribute was indexed */ + rc = index_is_indexed( op->o_bd, mod->sm_desc ); + if ( rc == LDAP_SUCCESS ) { + ap = attr_find( save_attrs, mod->sm_desc ); + if ( ap ) ap->a_flags |= SLAP_ATTR_IXDEL; + + ap = attr_find( e->e_attrs, mod->sm_desc ); + if ( ap ) ap->a_flags |= SLAP_ATTR_IXADD; } } /* check that the entry still obeys the schema */ - if ( global_schemacheck && oc_schema_check( e ) != 0 ) { - Debug( LDAP_DEBUG_ANY, "entry failed schema check\n", 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, NULL, NULL ); - return -1; +#ifndef LDAP_CACHING + rc = entry_schema_check( op->o_bd, e, save_attrs, text, textbuf, textlen ); +#else /* LDAP_CACHING */ + if ( !op->o_caching_on ) { + rc = entry_schema_check( op->o_bd, e, save_attrs, + text, textbuf, textlen ); + } else { + rc = LDAP_SUCCESS; } +#endif /* LDAP_CACHING */ - /* check for abandon */ - ldap_pvt_thread_mutex_lock( &op->o_abandonmutex ); - if ( op->o_abandon ) { - ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); - return -1; - } - ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); + if ( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, ERR, + "ldbm_modify_internal: entry failed schema check: %s\n", + *text, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, "entry failed schema check: %s\n", + *text, 0, 0 ); +#endif - /* modify indexes */ - if ( index_add_mods( be, modlist, e->e_id ) != 0 ) { - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL ); - return -1; + goto exit; } /* check for abandon */ - ldap_pvt_thread_mutex_lock( &op->o_abandonmutex ); if ( op->o_abandon ) { - ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); - return -1; + rc = SLAPD_ABANDON; + goto exit; + } + + /* update the indices of the modified attributes */ + + /* start with deleting the old index entries */ + for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) { + if ( ap->a_flags & SLAP_ATTR_IXDEL ) { + rc = index_values( op->o_bd, ap->a_desc, + ap->a_nvals, + e->e_id, SLAP_INDEX_DELETE_OP ); + if ( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, ERR, + "ldbm_modify_internal: Attribute index delete failure\n", + 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "Attribute index delete failure", + 0, 0, 0 ); +#endif + goto exit; + } + ap->a_flags &= ~SLAP_ATTR_IXDEL; + } } - ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); - return 0; + /* add the new index entries */ + for ( ap = e->e_attrs; ap != NULL; ap = ap->a_next ) { + if ( ap->a_flags & SLAP_ATTR_IXADD ) { + rc = index_values( op->o_bd, ap->a_desc, + ap->a_nvals, + e->e_id, SLAP_INDEX_ADD_OP ); + if ( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, ERR, + "ldbm_modify_internal: Attribute index add failure\n", + 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "Attribute index add failure", + 0, 0, 0 ); +#endif + goto exit; + } + ap->a_flags &= ~SLAP_ATTR_IXADD; + } + } -}/* int ldbm_modify_internal() */ +exit: + if ( rc == LDAP_SUCCESS ) { + attrs_free( save_attrs ); + } else { + for ( ap = save_attrs; ap; ap = ap->a_next ) { + ap->a_flags = 0; + } + attrs_free( e->e_attrs ); + e->e_attrs = save_attrs; + } + return rc; +} int ldbm_back_modify( - Backend *be, - Connection *conn, Operation *op, - char *dn, - LDAPModList *modlist -) + SlapReply *rs ) { - struct ldbminfo *li = (struct ldbminfo *) be->be_private; - char *matched; + struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private; + Entry *matched; Entry *e; + int manageDSAit = get_manageDSAit( op ); + char textbuf[SLAP_TEXT_BUFLEN]; + size_t textlen = sizeof textbuf; +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_modify: enter\n", 0, 0, 0); +#else Debug(LDAP_DEBUG_ARGS, "ldbm_back_modify:\n", 0, 0, 0); +#endif + + /* grab giant lock for writing */ + ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock); /* acquire and lock entry */ - if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) { - send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, - NULL ); + if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) { if ( matched != NULL ) { - free( matched ); + rs->sr_matched = ch_strdup( matched->e_dn ); + rs->sr_ref = is_entry_referral( matched ) + ? get_entry_referrals( op, matched ) + : NULL; + cache_return_entry_r( &li->li_cache, matched ); + } else { + rs->sr_ref = referral_rewrite( default_referral, + NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } + + ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); + rs->sr_err = LDAP_REFERRAL; + send_ldap_result( op, rs ); + + if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref ); + free( (char *)rs->sr_matched ); + return( -1 ); } - /* Modify the entry */ - if ( ldbm_modify_internal( be, conn, op, dn, modlist, e ) != 0 ) { +#ifndef LDAP_CACHING + if ( !manageDSAit && is_entry_referral( e ) ) +#else /* LDAP_CACHING */ + if ( !op->o_caching_on && !manageDSAit && is_entry_referral( e ) ) +#endif /* LDAP_CACHING */ + { + /* parent is a referral, don't allow add */ + /* parent is an alias, don't allow add */ + rs->sr_ref = get_entry_referrals( op, e ); + +#ifdef NEW_LOGGING + LDAP_LOG( BACK_LDBM, INFO, + "ldbm_back_modify: entry (%s) is referral\n", op->o_req_ndn.bv_val, 0, 0 ); +#else + Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, + 0, 0 ); +#endif + + rs->sr_err = LDAP_REFERRAL; + rs->sr_matched = e->e_name.bv_val; + send_ldap_result( op, rs ); + + if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref ); goto error_return; + } + + /* Modify the entry */ + rs->sr_err = ldbm_modify_internal( op, op->oq_modify.rs_modlist, e, + &rs->sr_text, textbuf, textlen ); + if( rs->sr_err != LDAP_SUCCESS ) { + if( rs->sr_err != SLAPD_ABANDON ) { + send_ldap_result( op, rs ); + } + + goto error_return; } /* change the entry itself */ - if ( id2entry_add( be, e ) != 0 ) { - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL ); + if ( id2entry_add( op->o_bd, e ) != 0 ) { + send_ldap_error( op, rs, LDAP_OTHER, + "id2entry failure" ); goto error_return; } - send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL ); + send_ldap_error( op, rs, LDAP_SUCCESS, + NULL ); + cache_return_entry_w( &li->li_cache, e ); + ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); return( 0 ); error_return:; cache_return_entry_w( &li->li_cache, e ); + ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); return( -1 ); } - -int -add_values( - Entry *e, - LDAPMod *mod, - char *dn -) -{ - int i; - Attribute *a; - - /* check if the values we're adding already exist */ - if ( (a = attr_find( e->e_attrs, mod->mod_type )) != NULL ) { - for ( i = 0; mod->mod_bvalues[i] != NULL; i++ ) { - if ( value_find( a->a_vals, mod->mod_bvalues[i], - a->a_syntax, 3 ) == 0 ) { - return( LDAP_TYPE_OR_VALUE_EXISTS ); - } - } - } - - /* no - add them */ - if( attr_merge( e, mod->mod_type, mod->mod_bvalues ) != 0 ) { - return( LDAP_CONSTRAINT_VIOLATION ); - } - - return( LDAP_SUCCESS ); -} - -int -delete_values( - Entry *e, - LDAPMod *mod, - char *dn -) -{ - int i, j, k, found; - Attribute *a; - - /* delete the entire attribute */ - if ( mod->mod_bvalues == NULL ) { - Debug( LDAP_DEBUG_ARGS, "removing entire attribute %s\n", - mod->mod_type, 0, 0 ); - return( attr_delete( &e->e_attrs, mod->mod_type ) ? - LDAP_NO_SUCH_ATTRIBUTE : LDAP_SUCCESS ); - } - - /* delete specific values - find the attribute first */ - if ( (a = attr_find( e->e_attrs, mod->mod_type )) == NULL ) { - Debug( LDAP_DEBUG_ARGS, "could not find attribute %s\n", - mod->mod_type, 0, 0 ); - return( LDAP_NO_SUCH_ATTRIBUTE ); - } - - /* find each value to delete */ - for ( i = 0; mod->mod_bvalues[i] != NULL; i++ ) { - found = 0; - for ( j = 0; a->a_vals[j] != NULL; j++ ) { - if ( value_cmp( mod->mod_bvalues[i], a->a_vals[j], - a->a_syntax, 3 ) != 0 ) { - continue; - } - found = 1; - - /* found a matching value - delete it */ - ber_bvfree( a->a_vals[j] ); - for ( k = j + 1; a->a_vals[k] != NULL; k++ ) { - a->a_vals[k - 1] = a->a_vals[k]; - } - a->a_vals[k - 1] = NULL; - break; - } - - /* looked through them all w/o finding it */ - if ( ! found ) { - Debug( LDAP_DEBUG_ARGS, - "could not find value for attr %s\n", - mod->mod_type, 0, 0 ); - return( LDAP_NO_SUCH_ATTRIBUTE ); - } - } - - return( LDAP_SUCCESS ); -} - -int -replace_values( - Entry *e, - LDAPMod *mod, - char *dn -) -{ - - /* XXX: BEFORE YOU GET RID OF PREVIOUS VALUES REMOVE FROM INDEX - * FILES - */ - - (void) attr_delete( &e->e_attrs, mod->mod_type ); - - if ( attr_merge( e, mod->mod_type, mod->mod_bvalues ) != 0 ) { - return( LDAP_CONSTRAINT_VIOLATION ); - } - - return( LDAP_SUCCESS ); -}