X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fmodify.c;h=c00bb762d5e7c3ed996378b3e409befd90f97609;hb=0f2eab27ce104de20bc0eb4f6b05196111f07c06;hp=6925de3ef52e62364b060120fdc02ddcd1870895;hpb=2a7036e5b0278568f59a5d88b9542fed0d37cf3f;p=openldap diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index 6925de3ef5..c00bb762d5 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -1,6 +1,6 @@ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ /* @@ -25,36 +25,38 @@ #include "ldap_pvt.h" #include "slap.h" +#ifdef LDAP_SLAPI +#include "slapi.h" +#endif +#include "lutil.h" int do_modify( - Connection *conn, - Operation *op ) + Operation *op, + SlapReply *rs ) { - char *dn, *ndn = NULL; + struct berval dn = { 0, NULL }; char *last; ber_tag_t tag; ber_len_t len; - LDAPModList *modlist = NULL; - LDAPModList **modtail = &modlist; + Modifications *modlist = NULL; + Modifications **modtail = &modlist; #ifdef LDAP_DEBUG - LDAPModList *tmp; + Modifications *tmp; +#endif +#ifdef LDAP_SLAPI + LDAPMod **modv = NULL; + Slapi_PBlock *pb = op->o_pb; #endif - Modifications *mods = NULL; - Backend *be; - int rc; - const char *text; int manageDSAit; #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY, - "do_modify: enter\n" )); + LDAP_LOG( OPERATION, ENTRY, "do_modify: enter\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 ); #endif - /* * Parse the modify request. It looks like this: * @@ -74,24 +76,21 @@ do_modify( * } */ - if ( ber_scanf( op->o_ber, "{a" /*}*/, &dn ) == LBER_ERROR ) { + if ( ber_scanf( op->o_ber, "{m" /*}*/, &dn ) == LBER_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "do_modify: ber_scanf failed\n" )); + LDAP_LOG( OPERATION, ERR, "do_modify: ber_scanf failed\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, "do_modify: ber_scanf failed\n", 0, 0, 0 ); #endif - send_ldap_disconnect( conn, op, - LDAP_PROTOCOL_ERROR, "decoding error" ); + send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" ); return SLAPD_DISCONNECT; } #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ARGS, - "do_modify: dn (%s)\n", dn )); + LDAP_LOG( OPERATION, ARGS, "do_modify: dn (%s)\n", dn.bv_val, 0, 0 ); #else - Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn, 0, 0 ); + Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn.bv_val, 0, 0 ); #endif @@ -102,36 +101,43 @@ do_modify( tag = ber_next_element( op->o_ber, &len, last ) ) { ber_int_t mop; + Modifications tmp, *mod; - (*modtail) = (LDAPModList *) ch_calloc( 1, sizeof(LDAPModList) ); + tmp.sml_nvalues = NULL; - if ( ber_scanf( op->o_ber, "{i{a[V]}}", &mop, - &(*modtail)->ml_type, &(*modtail)->ml_bvalues ) + if ( ber_scanf( op->o_ber, "{i{m[W]}}", &mop, + &tmp.sml_type, &tmp.sml_values ) == LBER_ERROR ) { - send_ldap_disconnect( conn, op, - LDAP_PROTOCOL_ERROR, "decoding modlist error" ); - rc = SLAPD_DISCONNECT; + send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding modlist error" ); + rs->sr_err = SLAPD_DISCONNECT; goto cleanup; } + mod = (Modifications *) ch_malloc( sizeof(Modifications) ); + mod->sml_op = mop; + mod->sml_type = tmp.sml_type; + mod->sml_values = tmp.sml_values; + mod->sml_nvalues = NULL; + mod->sml_desc = NULL; + mod->sml_next = NULL; + *modtail = mod; + switch( mop ) { case LDAP_MOD_ADD: - if ( (*modtail)->ml_bvalues == NULL ) { + if ( mod->sml_values == NULL ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "do_modify: modify/add operation (%ld) requires values\n", - (long)mop )); + LDAP_LOG( OPERATION, ERR, + "do_modify: modify/add operation (%ld) requires values\n", + (long)mop, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, "do_modify: modify/add operation (%ld) requires values\n", (long) mop, 0, 0 ); #endif - send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, - NULL, "modify/add operation requires values", - NULL, NULL ); - rc = LDAP_PROTOCOL_ERROR; + send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, + "modify/add operation requires values" ); goto cleanup; } @@ -143,31 +149,27 @@ do_modify( default: { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "do_modify: invalid modify operation (%ld)\n", - (long)mop )); + LDAP_LOG( OPERATION, ERR, + "do_modify: invalid modify operation (%ld)\n", (long)mop, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, "do_modify: invalid modify operation (%ld)\n", (long) mop, 0, 0 ); #endif - send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, - NULL, "unrecognized modify operation", NULL, NULL ); - rc = LDAP_PROTOCOL_ERROR; + send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, + "unrecognized modify operation" ); goto cleanup; } } - (*modtail)->ml_op = mop; - modtail = &(*modtail)->ml_next; + modtail = &mod->sml_next; } *modtail = NULL; - if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) { + if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "do_modify: get_ctrls failed\n" )); + LDAP_LOG( OPERATION, ERR, "do_modify: get_ctrls failed\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, "do_modify: get_ctrls failed\n", 0, 0, 0 ); #endif @@ -175,60 +177,117 @@ do_modify( goto cleanup; } - ndn = ch_strdup( dn ); - - if( dn_normalize( ndn ) == NULL ) { + rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx ); + if( rs->sr_err != LDAP_SUCCESS ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "do_modify: invalid dn (%s)\n", dn )); + LDAP_LOG( OPERATION, INFO, "do_modify: conn %d invalid dn (%s)\n", + op->o_connid, dn.bv_val, 0 ); #else - Debug( LDAP_DEBUG_ANY, "do_modify: invalid dn (%s)\n", dn, 0, 0 ); + Debug( LDAP_DEBUG_ANY, + "do_modify: invalid dn (%s)\n", dn.bv_val, 0, 0 ); #endif - - send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL, - "invalid DN", NULL, NULL ); + send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" ); goto cleanup; } - if( ndn == '\0' ) { + if( op->o_req_ndn.bv_len == 0 ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "do_modify: attempt to modify root DSE.\n" )); + LDAP_LOG( OPERATION, ERR, + "do_modify: attempt to modify root DSE.\n",0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, "do_modify: root dse!\n", 0, 0, 0 ); #endif - send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM, - NULL, "modify upon the root DSE not supported", NULL, NULL ); + send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, + "modify upon the root DSE not supported" ); + goto cleanup; + + } else if ( bvmatch( &op->o_req_ndn, &global_schemandn ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "do_modify: attempt to modify subschema subentry.\n" , 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, "do_modify: subschema subentry!\n", 0, 0, 0 ); +#endif + + send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, + "modification of subschema subentry not supported" ); goto cleanup; } #ifdef LDAP_DEBUG #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1, - "do_modify: modifications:\n" )); + LDAP_LOG( OPERATION, DETAIL1, "do_modify: modifications:\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ARGS, "modifications:\n", 0, 0, 0 ); #endif - for ( tmp = modlist; tmp != NULL; tmp = tmp->ml_next ) { + for ( tmp = modlist; tmp != NULL; tmp = tmp->sml_next ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1, - "\t%s: %s\n", tmp->ml_op == LDAP_MOD_ADD ? - "add" : (tmp->ml_op == LDAP_MOD_DELETE ? - "delete" : "replace"), tmp->ml_type )); + LDAP_LOG( OPERATION, DETAIL1, "\t%s: %s\n", + tmp->sml_op == LDAP_MOD_ADD ? + "add" : (tmp->sml_op == LDAP_MOD_DELETE ? + "delete" : "replace"), tmp->sml_type.bv_val, 0 ); + + if ( tmp->sml_values == NULL ) { + LDAP_LOG( OPERATION, DETAIL1, "\t\tno values", 0, 0, 0 ); + } else if ( tmp->sml_values[0].bv_val == NULL ) { + LDAP_LOG( OPERATION, DETAIL1, "\t\tzero values", 0, 0, 0 ); + } else if ( tmp->sml_values[1].bv_val == NULL ) { + LDAP_LOG( OPERATION, DETAIL1, "\t\tone value", 0, 0, 0 ); + } else { + LDAP_LOG( OPERATION, DETAIL1, "\t\tmultiple values", 0, 0, 0 ); + } + #else Debug( LDAP_DEBUG_ARGS, "\t%s: %s\n", - tmp->ml_op == LDAP_MOD_ADD - ? "add" : (tmp->ml_op == LDAP_MOD_DELETE - ? "delete" : "replace"), tmp->ml_type, 0 ); + tmp->sml_op == LDAP_MOD_ADD + ? "add" : (tmp->sml_op == LDAP_MOD_DELETE + ? "delete" : "replace"), tmp->sml_type.bv_val, 0 ); + + if ( tmp->sml_values == NULL ) { + Debug( LDAP_DEBUG_ARGS, "%s\n", + "\t\tno values", NULL, NULL ); + } else if ( tmp->sml_values[0].bv_val == NULL ) { + Debug( LDAP_DEBUG_ARGS, "%s\n", + "\t\tzero values", NULL, NULL ); + } else if ( tmp->sml_values[1].bv_val == NULL ) { + Debug( LDAP_DEBUG_ARGS, "%s, length %ld\n", + "\t\tone value", (long) tmp->sml_values[0].bv_len, NULL ); + } else { + Debug( LDAP_DEBUG_ARGS, "%s\n", + "\t\tmultiple values", NULL, NULL ); + } #endif - } -#endif - Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d MOD dn=\"%s\"\n", - op->o_connid, op->o_opid, dn, 0, 0 ); + if ( StatslogTest( LDAP_DEBUG_STATS ) ) { + char abuf[BUFSIZ/2], *ptr = abuf; + int len = 0; + + Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu MOD dn=\"%s\"\n", + op->o_connid, op->o_opid, dn.bv_val, 0, 0 ); + + for ( tmp = modlist; tmp != NULL; tmp = tmp->sml_next ) { + if (len + 1 + tmp->sml_type.bv_len > sizeof(abuf)) { + Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu MOD attr=%s\n", + op->o_connid, op->o_opid, abuf, 0, 0 ); + len = 0; + ptr = abuf; + } + if (len) { + *ptr++ = ' '; + len++; + } + ptr = lutil_strcopy(ptr, tmp->sml_type.bv_val); + len += tmp->sml_type.bv_len; + } + if (len) { + Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu MOD attr=%s\n", + op->o_connid, op->o_opid, abuf, 0, 0 ); + } + } +#endif /* LDAP_DEBUG */ manageDSAit = get_manageDSAit( op ); @@ -237,28 +296,82 @@ do_modify( * appropriate one, or send a referral to our "referral server" * if we don't hold it. */ - if ( (be = select_backend( ndn, manageDSAit )) == NULL ) { - send_ldap_result( conn, op, rc = LDAP_REFERRAL, - NULL, NULL, default_referral, NULL ); + if ( (op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 )) == NULL ) { + rs->sr_ref = referral_rewrite( default_referral, + NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); + if (!rs->sr_ref) rs->sr_ref = default_referral; + + rs->sr_err = LDAP_REFERRAL; + send_ldap_result( op, rs ); + + if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref ); goto cleanup; } /* check restrictions */ - rc = backend_check_restrictions( be, conn, op, NULL, &text ) ; - if( rc != LDAP_SUCCESS ) { - send_ldap_result( conn, op, rc, - NULL, text, NULL, NULL ); + if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { + send_ldap_result( op, rs ); goto cleanup; } /* check for referrals */ - rc = backend_check_referrals( be, conn, op, dn, ndn ); - if ( rc != LDAP_SUCCESS ) { + if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) { goto cleanup; } - /* deref suffix alias if appropriate */ - ndn = suffix_alias( be, ndn ); +#if defined( LDAP_SLAPI ) + slapi_x_pblock_set_operation( pb, op ); + slapi_pblock_set( pb, SLAPI_MODIFY_TARGET, (void *)dn.bv_val ); + slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit ); + modv = slapi_x_modifications2ldapmods( &modlist ); + slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv ); + + rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_MODIFY_FN, pb ); + if ( rs->sr_err != 0 ) { + /* + * A preoperation plugin failure will abort the + * entire operation. + */ +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, "do_modify: modify preoperation plugin " + "failed\n", 0, 0, 0 ); +#else + Debug(LDAP_DEBUG_TRACE, "do_modify: modify preoperation plugin failed.\n", + 0, 0, 0); +#endif + if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0) { + rs->sr_err = LDAP_OTHER; + } + slapi_x_free_ldapmods( modv ); + modv = NULL; + goto cleanup; + } + + /* + * It's possible that the preoperation plugin changed the + * modification array, so we need to convert it back to + * a Modification list. + * + * Calling slapi_x_modifications2ldapmods() destroyed modlist so + * we don't need to free it. + */ + slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv ); + modlist = slapi_x_ldapmods2modifications( modv ); + + /* + * NB: it is valid for the plugin to return no modifications + * (for example, a plugin might store some attributes elsewhere + * and remove them from the modification list; if only those + * attribute types were included in the modification request, + * then slapi_x_ldapmods2modifications() above will return + * NULL). + */ + if ( modlist == NULL ) { + rs->sr_err = LDAP_SUCCESS; + send_ldap_result( op, rs ); + goto cleanup; + } +#endif /* defined( LDAP_SLAPI ) */ /* * do the modify if 1 && (2 || 3) @@ -266,118 +379,131 @@ do_modify( * 2) this backend is master for what it holds; * 3) it's a replica and the dn supplied is the update_ndn. */ - if ( be->be_modify ) { + if ( op->o_bd->be_modify ) { /* do the update here */ - int repl_user = (be->be_update_ndn != NULL && - strcmp( be->be_update_ndn, op->o_ndn ) == 0); + int repl_user = be_isupdate( op->o_bd, &op->o_ndn ); #ifndef SLAPD_MULTIMASTER /* Multimaster slapd does not have to check for replicator dn * because it accepts each modify request */ - if ( be->be_update_ndn == NULL || repl_user ) + if ( !op->o_bd->be_update_ndn.bv_len || repl_user ) #endif { - int update = be->be_update_ndn != NULL; - const char *text; - rc = slap_modlist2mods( modlist, update, &mods, &text ); + int update = op->o_bd->be_update_ndn.bv_len; + char textbuf[SLAP_TEXT_BUFLEN]; + size_t textlen = sizeof textbuf; - if( rc != LDAP_SUCCESS ) { - send_ldap_result( conn, op, rc, - NULL, text, NULL, NULL ); + rs->sr_err = slap_mods_check( modlist, update, &rs->sr_text, + textbuf, textlen, op->o_tmpmemctx ); + + if( rs->sr_err != LDAP_SUCCESS ) { + send_ldap_result( op, rs ); goto cleanup; } - if ( (be->be_lastmod == ON || (be->be_lastmod == UNDEFINED && - global_lastmod == ON)) && !repl_user ) - { - Modifications **modstail; - for( modstail = &mods; - *modstail != NULL; - modstail = &(*modstail)->sml_next ) + if ( !repl_user ) { + for( modtail = &modlist; + *modtail != NULL; + modtail = &(*modtail)->sml_next ) { /* empty */ } - rc = slap_mods_opattrs( op, modstail, &text ); - if( rc != LDAP_SUCCESS ) { - send_ldap_result( conn, op, rc, - NULL, text, - NULL, NULL ); + rs->sr_err = slap_mods_opattrs( op, modlist, modtail, + &rs->sr_text, textbuf, textlen ); + if( rs->sr_err != LDAP_SUCCESS ) { + send_ldap_result( op, rs ); goto cleanup; } } - if ( (*be->be_modify)( be, conn, op, dn, ndn, mods ) == 0 + op->orm_modlist = modlist; + if ( (op->o_bd->be_modify)( op, rs ) == 0 #ifdef SLAPD_MULTIMASTER && !repl_user #endif ) { /* but we log only the ones not from a replicator user */ - replog( be, op, dn, mods ); + replog( op ); } #ifndef SLAPD_MULTIMASTER /* send a referral */ } else { - send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL, - be->be_update_refs ? be->be_update_refs : default_referral, - NULL ); + BerVarray defref = op->o_bd->be_update_refs + ? op->o_bd->be_update_refs : default_referral; + rs->sr_ref = referral_rewrite( defref, + NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); + + if (!rs->sr_ref) rs->sr_ref = defref; + rs->sr_err = LDAP_REFERRAL; + send_ldap_result( op, rs ); + if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref ); #endif } } else { - send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM, - NULL, "operation not supported within namingContext", NULL, NULL ); + send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, + "operation not supported within namingContext" ); + } + +#if defined( LDAP_SLAPI ) + if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_MODIFY_FN, pb ) != 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, "do_modify: modify postoperation plugins " + "failed\n", 0, 0, 0 ); +#else + Debug(LDAP_DEBUG_TRACE, "do_modify: modify postoperation plugins " + "failed.\n", 0, 0, 0); +#endif } +#endif /* defined( LDAP_SLAPI ) */ cleanup: - free( dn ); - if( ndn != NULL ) free( ndn ); - if ( modlist != NULL ) - slap_modlist_free( modlist ); - if ( mods != NULL ) - slap_mods_free( mods ); - return rc; + free( op->o_req_dn.bv_val ); + free( op->o_req_ndn.bv_val ); + if ( modlist != NULL ) slap_mods_free( modlist ); +#if defined( LDAP_SLAPI ) + if ( modv != NULL ) slapi_x_free_ldapmods( modv ); +#endif + return rs->sr_err; } /* - * convert a raw list of modifications to internal format * Do basic attribute type checking and syntax validation. */ -int slap_modlist2mods( - LDAPModList *ml, +int slap_mods_check( + Modifications *ml, int update, - Modifications **mods, - const char **text ) + const char **text, + char *textbuf, + size_t textlen, + void *ctx ) { int rc; - Modifications **modtail = mods; - for( ; ml != NULL; ml = ml->ml_next ) { - Modifications *mod; + for( ; ml != NULL; ml = ml->sml_next ) { AttributeDescription *ad = NULL; - mod = (Modifications *) - ch_calloc( 1, sizeof(Modifications) ); - - /* copy the op */ - mod->sml_op = ml->ml_op; - /* convert to attribute description */ - rc = slap_str2ad( ml->ml_type, &mod->sml_desc, text ); + rc = slap_bv2ad( &ml->sml_type, &ml->sml_desc, text ); if( rc != LDAP_SUCCESS ) { - slap_mods_free( mod ); + snprintf( textbuf, textlen, "%s: %s", + ml->sml_type.bv_val, *text ); + *text = textbuf; return rc; } - ad = mod->sml_desc; + ad = ml->sml_desc; if( slap_syntax_is_binary( ad->ad_type->sat_syntax ) && !slap_ad_is_binary( ad )) { /* attribute requires binary transfer */ - slap_mods_free( mod ); - *text = "attribute requires ;binary transfer"; + snprintf( textbuf, textlen, + "%s: requires ;binary transfer", + ml->sml_type.bv_val ); + *text = textbuf; return LDAP_UNDEFINED_TYPE; } @@ -385,73 +511,138 @@ int slap_modlist2mods( && slap_ad_is_binary( ad )) { /* attribute requires binary transfer */ - slap_mods_free( mod ); - *text = "attribute disallows ;binary transfer"; + snprintf( textbuf, textlen, + "%s: disallows ;binary transfer", + ml->sml_type.bv_val ); + *text = textbuf; + return LDAP_UNDEFINED_TYPE; + } + + if( slap_ad_is_tag_range( ad )) { + /* attribute requires binary transfer */ + snprintf( textbuf, textlen, + "%s: inappropriate use of tag range option", + ml->sml_type.bv_val ); + *text = textbuf; return LDAP_UNDEFINED_TYPE; } if (!update && is_at_no_user_mod( ad->ad_type )) { /* user modification disallowed */ - slap_mods_free( mod ); - *text = "no user modification allowed"; + snprintf( textbuf, textlen, + "%s: no user modification allowed", + ml->sml_type.bv_val ); + *text = textbuf; + return LDAP_CONSTRAINT_VIOLATION; + } + + if ( is_at_obsolete( ad->ad_type ) && + ( ml->sml_op == LDAP_MOD_ADD || ml->sml_values != NULL ) ) + { + /* + * attribute is obsolete, + * only allow replace/delete with no values + */ + snprintf( textbuf, textlen, + "%s: attribute is obsolete", + ml->sml_type.bv_val ); + *text = textbuf; return LDAP_CONSTRAINT_VIOLATION; } /* * check values */ - if( ml->ml_bvalues != NULL ) { + if( ml->sml_values != NULL ) { ber_len_t nvals; slap_syntax_validate_func *validate = ad->ad_type->sat_syntax->ssyn_validate; - - if( !validate ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "modlist2mods: no validator for syntax %S\n", - ad->ad_type->sat_syntax->ssyn_oid )); -#else - Debug( LDAP_DEBUG_TRACE, - "modlist2mods: no validator for syntax %s\n", - ad->ad_type->sat_syntax->ssyn_oid, 0, 0 ); -#endif - - slap_mods_free( mod ); + slap_syntax_transform_func *pretty = + ad->ad_type->sat_syntax->ssyn_pretty; + + if( !pretty && !validate ) { *text = "no validator for syntax"; + snprintf( textbuf, textlen, + "%s: no validator for syntax %s", + ml->sml_type.bv_val, + ad->ad_type->sat_syntax->ssyn_oid ); + *text = textbuf; return LDAP_INVALID_SYNTAX; } /* * check that each value is valid per syntax + * and pretty if appropriate */ - for( nvals = 0; ml->ml_bvalues[nvals]; nvals++ ) { - rc = validate( ad->ad_type->sat_syntax, ml->ml_bvalues[nvals] ); + for( nvals = 0; ml->sml_values[nvals].bv_val; nvals++ ) { + struct berval pval; + if( pretty ) { + rc = pretty( ad->ad_type->sat_syntax, + &ml->sml_values[nvals], &pval, ctx ); + } else { + rc = validate( ad->ad_type->sat_syntax, + &ml->sml_values[nvals] ); + } if( rc != 0 ) { - slap_mods_free( mod ); - *text = "value contains invalid data"; + snprintf( textbuf, textlen, + "%s: value #%ld invalid per syntax", + ml->sml_type.bv_val, (long) nvals ); + *text = textbuf; return LDAP_INVALID_SYNTAX; } + + if( pretty ) { + ber_memfree_x( ml->sml_values[nvals].bv_val, ctx ); + ml->sml_values[nvals] = pval; + } } /* * a rough single value check... an additional check is needed * to catch add of single value to existing single valued attribute */ - if( ( mod->sml_op == LDAP_MOD_ADD || mod->sml_op == LDAP_MOD_REPLACE ) + if ((ml->sml_op == LDAP_MOD_ADD || ml->sml_op == LDAP_MOD_REPLACE) && nvals > 1 && is_at_single_value( ad->ad_type )) { - slap_mods_free( mod ); - *text = "multiple values provided"; - return LDAP_INVALID_SYNTAX; + snprintf( textbuf, textlen, + "%s: multiple values provided", + ml->sml_type.bv_val ); + *text = textbuf; + return LDAP_CONSTRAINT_VIOLATION; } - } - - mod->sml_bvalues = ml->ml_bvalues; - ml->ml_values = NULL; - *modtail = mod; - modtail = &mod->sml_next; + if( nvals && ad->ad_type->sat_equality && + ad->ad_type->sat_equality->smr_normalize ) + { + ml->sml_nvalues = ber_memalloc_x( (nvals+1)*sizeof(struct berval), ctx ); + for( nvals = 0; ml->sml_values[nvals].bv_val; nvals++ ) { + rc = ad->ad_type->sat_equality->smr_normalize( + 0, + ad->ad_type->sat_syntax, + ad->ad_type->sat_equality, + &ml->sml_values[nvals], &ml->sml_nvalues[nvals], ctx ); + if( rc ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, DETAIL1, + "str2entry: NULL (ssyn_normalize %d)\n", + rc, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "<= str2entry NULL (ssyn_normalize %d)\n", + rc, 0, 0 ); +#endif + snprintf( textbuf, textlen, + "%s: value #%ld normalization failed", + ml->sml_type.bv_val, (long) nvals ); + *text = textbuf; + return rc; + } + } + ml->sml_nvalues[nvals].bv_val = NULL; + ml->sml_nvalues[nvals].bv_len = 0; + } + } } return LDAP_SUCCESS; @@ -459,13 +650,15 @@ int slap_modlist2mods( int slap_mods_opattrs( Operation *op, + Modifications *mods, Modifications **modtail, - const char **text ) + const char **text, + char *textbuf, size_t textlen ) { - struct berval name, timestamp; - time_t now = slap_get_time(); - char timebuf[22]; - struct tm *ltm; + struct berval name, timestamp, csn; + struct berval nname; + char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ]; + char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ]; Modifications *mod; int mop = op->o_tag == LDAP_REQ_ADD @@ -474,110 +667,161 @@ int slap_mods_opattrs( assert( modtail != NULL ); assert( *modtail == NULL ); - ldap_pvt_thread_mutex_lock( &gmtime_mutex ); - ltm = gmtime( &now ); - strftime( timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", ltm ); - ldap_pvt_thread_mutex_unlock( &gmtime_mutex ); - timestamp.bv_val = timebuf; - timestamp.bv_len = strlen(timebuf); + if( SLAP_LASTMOD(op->o_bd) ) { + struct tm *ltm; + time_t now = slap_get_time(); - if( op->o_dn == NULL || op->o_dn[0] == '\0' ) { - name.bv_val = SLAPD_ANONYMOUS; - name.bv_len = sizeof(SLAPD_ANONYMOUS)-1; - } else { - name.bv_val = op->o_dn; - name.bv_len = strlen( op->o_dn ); + ldap_pvt_thread_mutex_lock( &gmtime_mutex ); + ltm = gmtime( &now ); + lutil_gentime( timebuf, sizeof(timebuf), ltm ); + + csn.bv_len = lutil_csnstr( csnbuf, sizeof( csnbuf ), 0, 0 ); + ldap_pvt_thread_mutex_unlock( &gmtime_mutex ); + csn.bv_val = csnbuf; + + timestamp.bv_val = timebuf; + timestamp.bv_len = strlen(timebuf); + + if( op->o_dn.bv_len == 0 ) { + name.bv_val = SLAPD_ANONYMOUS; + name.bv_len = sizeof(SLAPD_ANONYMOUS)-1; + nname = name; + } else { + name = op->o_dn; + nname = op->o_ndn; + } } if( op->o_tag == LDAP_REQ_ADD ) { - mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ) ); + struct berval tmpval; + + if( global_schemacheck ) { + int rc = mods_structural_class( mods, &tmpval, + text, textbuf, textlen ); + if( rc != LDAP_SUCCESS ) { + return rc; + } + + mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); + mod->sml_op = mop; + mod->sml_type.bv_val = NULL; + mod->sml_desc = slap_schema.si_ad_structuralObjectClass; + mod->sml_values = + (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod->sml_values[0], &tmpval ); + mod->sml_values[1].bv_len = 0; + mod->sml_values[1].bv_val = NULL; + assert( mod->sml_values[0].bv_val ); + mod->sml_nvalues = + (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod->sml_nvalues[0], &tmpval ); + mod->sml_nvalues[1].bv_len = 0; + mod->sml_nvalues[1].bv_val = NULL; + assert( mod->sml_nvalues[0].bv_val ); + *modtail = mod; + modtail = &mod->sml_next; + } + + if( SLAP_LASTMOD(op->o_bd) ) { + char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ]; + + tmpval.bv_len = lutil_uuidstr( uuidbuf, sizeof( uuidbuf ) ); + tmpval.bv_val = uuidbuf; + + mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); + mod->sml_op = mop; + mod->sml_type.bv_val = NULL; + mod->sml_desc = slap_schema.si_ad_entryUUID; + mod->sml_values = + (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod->sml_values[0], &tmpval ); + mod->sml_values[1].bv_len = 0; + mod->sml_values[1].bv_val = NULL; + assert( mod->sml_values[0].bv_val ); + mod->sml_nvalues = NULL; + *modtail = mod; + modtail = &mod->sml_next; + + mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); + mod->sml_op = mop; + mod->sml_type.bv_val = NULL; + mod->sml_desc = slap_schema.si_ad_creatorsName; + mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod->sml_values[0], &name ); + mod->sml_values[1].bv_len = 0; + mod->sml_values[1].bv_val = NULL; + assert( mod->sml_values[0].bv_val ); + mod->sml_nvalues = + (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod->sml_nvalues[0], &nname ); + mod->sml_nvalues[1].bv_len = 0; + mod->sml_nvalues[1].bv_val = NULL; + assert( mod->sml_nvalues[0].bv_val ); + *modtail = mod; + modtail = &mod->sml_next; + + mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); + mod->sml_op = mop; + mod->sml_type.bv_val = NULL; + mod->sml_desc = slap_schema.si_ad_createTimestamp; + mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod->sml_values[0], ×tamp ); + mod->sml_values[1].bv_len = 0; + mod->sml_values[1].bv_val = NULL; + assert( mod->sml_values[0].bv_val ); + mod->sml_nvalues = NULL; + *modtail = mod; + modtail = &mod->sml_next; + } + } + + if( SLAP_LASTMOD(op->o_bd) ) { + mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); mod->sml_op = mop; - mod->sml_desc = ad_dup( slap_schema.si_ad_creatorsName ); - mod->sml_bvalues = (struct berval **) malloc( 2 * sizeof( struct berval * ) ); - mod->sml_bvalues[0] = ber_bvdup( &name ); - mod->sml_bvalues[1] = NULL; + mod->sml_type.bv_val = NULL; + mod->sml_desc = slap_schema.si_ad_entryCSN; + mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod->sml_values[0], &csn ); + mod->sml_values[1].bv_len = 0; + mod->sml_values[1].bv_val = NULL; + assert( mod->sml_values[0].bv_val ); + mod->sml_nvalues = NULL; + *modtail = mod; + modtail = &mod->sml_next; + mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); + mod->sml_op = mop; + mod->sml_type.bv_val = NULL; + mod->sml_desc = slap_schema.si_ad_modifiersName; + mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod->sml_values[0], &name ); + mod->sml_values[1].bv_len = 0; + mod->sml_values[1].bv_val = NULL; + assert( mod->sml_values[0].bv_val ); + mod->sml_nvalues = + (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod->sml_nvalues[0], &nname ); + mod->sml_nvalues[1].bv_len = 0; + mod->sml_nvalues[1].bv_val = NULL; + assert( mod->sml_nvalues[0].bv_val ); *modtail = mod; modtail = &mod->sml_next; - mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ) ); + mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); mod->sml_op = mop; - mod->sml_desc = ad_dup( slap_schema.si_ad_createTimestamp ); - mod->sml_bvalues = (struct berval **) malloc( 2 * sizeof( struct berval * ) ); - mod->sml_bvalues[0] = ber_bvdup( ×tamp ); - mod->sml_bvalues[1] = NULL; + mod->sml_type.bv_val = NULL; + mod->sml_desc = slap_schema.si_ad_modifyTimestamp; + mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod->sml_values[0], ×tamp ); + mod->sml_values[1].bv_len = 0; + mod->sml_values[1].bv_val = NULL; + assert( mod->sml_values[0].bv_val ); + mod->sml_nvalues = NULL; *modtail = mod; modtail = &mod->sml_next; } - mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ) ); - mod->sml_op = mop; - mod->sml_desc = ad_dup( slap_schema.si_ad_modifiersName ); - mod->sml_bvalues = (struct berval **) malloc( 2 * sizeof( struct berval * ) ); - mod->sml_bvalues[0] = ber_bvdup( &name ); - mod->sml_bvalues[1] = NULL; - *modtail = mod; - modtail = &mod->sml_next; - - mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ) ); - mod->sml_op = mop; - mod->sml_desc = ad_dup( slap_schema.si_ad_modifyTimestamp ); - mod->sml_bvalues = (struct berval **) malloc( 2 * sizeof( struct berval * ) ); - mod->sml_bvalues[0] = ber_bvdup( ×tamp ); - mod->sml_bvalues[1] = NULL; - *modtail = mod; - modtail = &mod->sml_next; - + *modtail = NULL; return LDAP_SUCCESS; } - -void -slap_mod_free( - Modification *mod, - int freeit -) -{ - ad_free( mod->sm_desc, 1 ); - - if ( mod->sm_bvalues != NULL ) - ber_bvecfree( mod->sm_bvalues ); - - if( freeit ) - free( mod ); -} - -void -slap_mods_free( - Modifications *ml -) -{ - Modifications *next; - - for ( ; ml != NULL; ml = next ) { - next = ml->sml_next; - - slap_mod_free( &ml->sml_mod, 0 ); - free( ml ); - } -} - -void -slap_modlist_free( - LDAPModList *ml -) -{ - LDAPModList *next; - - for ( ; ml != NULL; ml = next ) { - next = ml->ml_next; - - if (ml->ml_type) - free( ml->ml_type ); - - if ( ml->ml_bvalues != NULL ) - ber_bvecfree( ml->ml_bvalues ); - - free( ml ); - } -}