X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fmodrdn.c;h=7c8b4390bfeb8436ac01a9230dfd42e8343cc4aa;hb=bdf9b3ae1bf92bbeb114fbe0eee8078130f4dbcb;hp=ba85f247dd23bb960beadbb4813c4a5dad140764;hpb=0e2af54a3ffdeebe3901370683be56fcc53023b0;p=openldap

diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
index ba85f247dd..7c8b4390bf 100644
--- a/servers/slapd/modrdn.c
+++ b/servers/slapd/modrdn.c
@@ -65,8 +65,7 @@ do_modrdn(
 	int manageDSAit;
 
 #ifdef NEW_LOGGING
-	LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY,
-		"do_modrdn: begin\n" ));
+	LDAP_LOG( OPERATION, ENTRY, "do_modrdn: begin\n", 0, 0, 0 );
 #else
 	Debug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 );
 #endif
@@ -83,12 +82,11 @@ do_modrdn(
 	 *	}
 	 */
 
-	if ( ber_scanf( op->o_ber, "{oob", &dn, &newrdn, &deloldrdn )
+	if ( ber_scanf( op->o_ber, "{mmb", &dn, &newrdn, &deloldrdn )
 	    == LBER_ERROR )
 	{
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			"do_modrdn: ber_scanf failed\n" ));
+		LDAP_LOG( OPERATION, ERR, "do_modrdn: ber_scanf failed\n", 0, 0, 0 );
 #else
 		Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
 #endif
@@ -106,8 +104,8 @@ do_modrdn(
 			 * newSuperior is present: report error.
 			 */
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-				"do_modrdn: (v2) invalid field newSuperior.\n" ));
+			LDAP_LOG( OPERATION, ERR,
+				"do_modrdn: (v2) invalid field newSuperior.\n", 0, 0, 0 );
 #else
 			Debug( LDAP_DEBUG_ANY,
 			    "modrdn(v2): invalid field newSuperior!\n",
@@ -120,14 +118,14 @@ do_modrdn(
 			goto cleanup;
 		}
 
-		if ( ber_scanf( op->o_ber, "o", &newSuperior ) 
+		if ( ber_scanf( op->o_ber, "m", &newSuperior ) 
 		     == LBER_ERROR ) {
 
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-				"do_modrdn: ber_scanf(\"a\") failed\n" ));
+			LDAP_LOG( OPERATION, ERR,
+				"do_modrdn: ber_scanf(\"m\") failed\n", 0, 0, 0 );
 #else
-			Debug( LDAP_DEBUG_ANY, "ber_scanf(\"a\") failed\n",
+			Debug( LDAP_DEBUG_ANY, "ber_scanf(\"m\") failed\n",
 				0, 0, 0 );
 #endif
 
@@ -141,10 +139,10 @@ do_modrdn(
 	}
 
 #ifdef NEW_LOGGING
-	LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
+	LDAP_LOG( OPERATION, ARGS, 
 		"do_modrdn: dn (%s) newrdn (%s) newsuperior(%s)\n",
 		dn.bv_val, newrdn.bv_val,
-		newSuperior.bv_len ? newSuperior.bv_val : "" ));
+		newSuperior.bv_len ? newSuperior.bv_val : "" );
 #else
 	Debug( LDAP_DEBUG_ARGS,
 	    "do_modrdn: dn (%s) newrdn (%s) newsuperior (%s)\n",
@@ -154,8 +152,7 @@ do_modrdn(
 
 	if ( ber_scanf( op->o_ber, /*{*/ "}") == LBER_ERROR ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			"do_modrdn: ber_scanf failed\n" ));
+		LDAP_LOG( OPERATION, ERR, "do_modrdn: ber_scanf failed\n", 0, 0, 0 );
 #else
 		Debug( LDAP_DEBUG_ANY, "do_modrdn: ber_scanf failed\n", 0, 0, 0 );
 #endif
@@ -168,8 +165,7 @@ do_modrdn(
 
 	if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			"do_modrdn: get_ctrls failed\n" ));
+		LDAP_LOG( OPERATION, ERR, "do_modrdn: get_ctrls failed\n", 0, 0, 0 );
 #else
 		Debug( LDAP_DEBUG_ANY, "do_modrdn: get_ctrls failed\n", 0, 0, 0 );
 #endif
@@ -181,9 +177,9 @@ do_modrdn(
 	rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
 	if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+		LDAP_LOG( OPERATION, INFO, 
 			"do_modrdn: conn %d  invalid dn (%s)\n",
-			conn->c_connid, dn.bv_val ));
+			conn->c_connid, dn.bv_val, 0 );
 #else
 		Debug( LDAP_DEBUG_ANY,
 			"do_modrdn: invalid dn (%s)\n", dn.bv_val, 0, 0 );
@@ -195,8 +191,8 @@ do_modrdn(
 
 	if( ndn.bv_len == 0 ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			   "do_modrdn:  attempt to modify root DSE.\n" ));
+		LDAP_LOG( OPERATION, ERR,
+			"do_modrdn:  attempt to modify root DSE.\n", 0, 0, 0 );
 #else
 		Debug( LDAP_DEBUG_ANY, "do_modrdn: root dse!\n", 0, 0, 0 );
 #endif
@@ -206,12 +202,14 @@ do_modrdn(
 		goto cleanup;
 
 #ifdef SLAPD_SCHEMA_DN
-	} else if ( strcasecmp( ndn.bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
+	} else if ( bvmatch( &ndn, &global_schemandn ) ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			"do_modrdn: attempt to modify subschema subentry\n" ));
+		LDAP_LOG( OPERATION, ERR,
+			"do_modrdn: attempt to modify subschema subentry: %s (%ld)\n",
+			global_schemandn.bv_val, (long) global_schemandn.bv_len, 0 );
 #else
-		Debug( LDAP_DEBUG_ANY, "do_modrdn: subschema subentry!\n", 0, 0, 0 );
+		Debug( LDAP_DEBUG_ANY, "do_modrdn: subschema subentry: %s (%ld)\n",
+			global_schemandn.bv_val, (long) global_schemandn.bv_len, 0 );
 #endif
 
 		send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
@@ -225,9 +223,9 @@ do_modrdn(
 	rc = dnPrettyNormal( NULL, &newrdn, &pnewrdn, &nnewrdn );
 	if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+		LDAP_LOG( OPERATION, INFO, 
 			"do_modrdn: conn %d  invalid newrdn (%s)\n",
-			conn->c_connid, newrdn.bv_val ));
+			conn->c_connid, newrdn.bv_val, 0 );
 #else
 		Debug( LDAP_DEBUG_ANY,
 			"do_modrdn: invalid newrdn (%s)\n", newrdn.bv_val, 0, 0 );
@@ -239,8 +237,8 @@ do_modrdn(
 
 	if( rdnValidate( &pnewrdn ) != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			"do_modrdn: invalid rdn (%s).\n", pnewrdn.bv_val ));
+		LDAP_LOG( OPERATION, ERR, 
+			"do_modrdn: invalid rdn (%s).\n", pnewrdn.bv_val, 0, 0 );
 #else
 		Debug( LDAP_DEBUG_ANY, "do_modrdn: invalid rdn (%s)\n",
 			pnewrdn.bv_val, 0, 0 );
@@ -256,9 +254,9 @@ do_modrdn(
 			&nnewSuperior );
 		if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			LDAP_LOG( OPERATION, INFO, 
 				"do_modrdn: conn %d  invalid newSuperior (%s)\n",
-				conn->c_connid, newSuperior.bv_val ));
+				conn->c_connid, newSuperior.bv_val, 0 );
 #else
 			Debug( LDAP_DEBUG_ANY,
 				"do_modrdn: invalid newSuperior (%s)\n",
@@ -270,7 +268,7 @@ do_modrdn(
 		}
 	}
 
-	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d MODRDN dn=\"%s\"\n",
+	Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu MODRDN dn=\"%s\"\n",
 	    op->o_connid, op->o_opid, pdn.bv_val, 0, 0 );
 
 	manageDSAit = get_manageDSAit( op );
@@ -281,13 +279,13 @@ do_modrdn(
 	 * if we don't hold it.
 	 */
 	if ( (be = select_backend( &ndn, manageDSAit, 0 )) == NULL ) {
-		BVarray ref = referral_rewrite( default_referral,
+		BerVarray ref = referral_rewrite( default_referral,
 			NULL, &pdn, LDAP_SCOPE_DEFAULT );
 
 		send_ldap_result( conn, op, rc = LDAP_REFERRAL,
 			NULL, NULL, ref ? ref : default_referral, NULL );
 
-		bvarray_free( ref );
+		ber_bvarray_free( ref );
 		goto cleanup;
 	}
 
@@ -357,15 +355,15 @@ do_modrdn(
 			}
 #ifndef SLAPD_MULTIMASTER
 		} else {
-			BVarray defref = be->be_update_refs
+			BerVarray defref = be->be_update_refs
 				? be->be_update_refs : default_referral;
-			BVarray ref = referral_rewrite( defref,
+			BerVarray ref = referral_rewrite( defref,
 				NULL, &pdn, LDAP_SCOPE_DEFAULT );
 
 			send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL,
 				ref ? ref : defref, NULL );
 
-			bvarray_free( ref );
+			ber_bvarray_free( ref );
 #endif
 		}
 	} else {
@@ -375,17 +373,162 @@ do_modrdn(
 	}
 
 cleanup:
-	free( dn.bv_val );
 	free( pdn.bv_val );
 	free( ndn.bv_val );
 
-	free( newrdn.bv_val );	
 	free( pnewrdn.bv_val );	
 	free( nnewrdn.bv_val );	
 
-	if ( newSuperior.bv_val ) free( newSuperior.bv_val );
 	if ( pnewSuperior.bv_val ) free( pnewSuperior.bv_val );
 	if ( nnewSuperior.bv_val ) free( nnewSuperior.bv_val );
 
 	return rc;
 }
+
+int
+slap_modrdn2mods(
+	Backend		*be,
+	Connection	*conn,
+	Operation	*op,
+	Entry		*e,
+	LDAPRDN		*old_rdn,
+	LDAPRDN		*new_rdn,
+	int		deleteoldrdn,
+	Modifications	**pmod )
+{
+	int		rc = LDAP_SUCCESS;
+	const char	*text;
+	Modifications	*mod = NULL;
+	int		a_cnt, d_cnt;
+
+	assert( new_rdn != NULL );
+	assert( !deleteoldrdn || old_rdn != NULL );
+
+	/* Add new attribute values to the entry */
+	for ( a_cnt = 0; new_rdn[ 0 ][ a_cnt ]; a_cnt++ ) {
+		AttributeDescription	*desc = NULL;
+		Modifications 		*mod_tmp;
+
+		rc = slap_bv2ad( &new_rdn[ 0 ][ a_cnt ]->la_attr, 
+				&desc, &text );
+
+		if ( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+			LDAP_LOG ( OPERATION, ERR, 
+				"slap_modrdn2modlist: %s: %s (new)\n", 
+				text, 
+				new_rdn[ 0 ][ a_cnt ]->la_attr.bv_val, 0 );
+#else
+			Debug( LDAP_DEBUG_TRACE,
+				"slap_modrdn2modlist: %s: %s (new)\n",
+				text, 
+				new_rdn[ 0 ][ a_cnt ]->la_attr.bv_val, 0 );
+#endif
+			goto done;		
+		}
+
+		/* ACL check of newly added attrs */
+		if ( be && !access_allowed( be, conn, op, e, desc,
+			&new_rdn[ 0 ][ a_cnt ]->la_value, ACL_WRITE, NULL ) ) {
+#ifdef NEW_LOGGING
+			LDAP_LOG ( OPERATION, ERR, 
+				"slap_modrdn2modlist: access to attr \"%s\" "
+				"(new) not allowed\n", 
+				new_rdn[ 0 ][a_cnt]->la_attr.bv_val, 0, 0 );
+#else
+			Debug( LDAP_DEBUG_TRACE,
+				"slap_modrdn2modlist: access to attr \"%s\" "
+				"(new) not allowed\n", 
+				new_rdn[ 0 ][ a_cnt ]->la_attr.bv_val, 0, 0 );
+#endif
+			rc = LDAP_INSUFFICIENT_ACCESS;
+			goto done;
+		}
+
+		/* Apply modification */
+		mod_tmp = ( Modifications * )ch_malloc( sizeof( Modifications )
+			+ 2 * sizeof( struct berval ) );
+		mod_tmp->sml_desc = desc;
+		mod_tmp->sml_bvalues = ( BerVarray )( mod_tmp + 1 );
+		mod_tmp->sml_bvalues[ 0 ] = new_rdn[ 0 ][ a_cnt ]->la_value;
+		mod_tmp->sml_bvalues[ 1 ].bv_val = NULL;
+		mod_tmp->sml_op = SLAP_MOD_SOFTADD;
+		mod_tmp->sml_next = mod;
+		mod = mod_tmp;
+	}
+
+	/* Remove old rdn value if required */
+	if ( deleteoldrdn ) {
+		for ( d_cnt = 0; old_rdn[ 0 ][ d_cnt ]; d_cnt++ ) {
+			AttributeDescription	*desc = NULL;
+			Modifications 		*mod_tmp;
+
+			rc = slap_bv2ad( &old_rdn[ 0 ][ d_cnt ]->la_attr,
+					&desc, &text );
+
+			if ( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG ( OPERATION, ERR, 
+					"slap_modrdn2modlist: %s: %s (old)\n", 
+					text, 
+					old_rdn[ 0 ][ d_cnt ]->la_attr.bv_val, 
+					0 );
+#else
+				Debug( LDAP_DEBUG_TRACE,
+					"slap_modrdn2modlist: %s: %s (old)\n",
+					text, 
+					old_rdn[ 0 ][ d_cnt ]->la_attr.bv_val, 
+					0 );
+#endif
+				goto done;		
+			}
+
+			/* ACL check of newly added attrs */
+			if ( be && !access_allowed( be, conn, op, e, desc,
+				&old_rdn[ 0 ][ d_cnt ]->la_value, ACL_WRITE, 
+				NULL ) ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG ( OPERATION, ERR, 
+					"slap_modrdn2modlist: access "
+					"to attr \"%s\" (old) not allowed\n", 
+					old_rdn[ 0 ][ d_cnt ]->la_attr.bv_val, 
+					0, 0 );
+#else
+				Debug( LDAP_DEBUG_TRACE,
+					"slap_modrdn2modlist: access "
+					"to attr \"%s\" (old) not allowed\n", 
+					old_rdn[ 0 ][ d_cnt ]->la_attr.bv_val,
+					0, 0 );
+#endif
+				rc = LDAP_INSUFFICIENT_ACCESS;
+				goto done;
+			}
+
+			/* Apply modification */
+			mod_tmp = ( Modifications * )ch_malloc( sizeof( Modifications )
+				+ 2 * sizeof ( struct berval ) );
+			mod_tmp->sml_desc = desc;
+			mod_tmp->sml_bvalues = ( BerVarray )(mod_tmp+1);
+			mod_tmp->sml_bvalues[ 0 ] 
+				= old_rdn[ 0 ][ d_cnt ]->la_value;
+			mod_tmp->sml_bvalues[ 1 ].bv_val = NULL;
+			mod_tmp->sml_op = LDAP_MOD_DELETE;
+			mod_tmp->sml_next = mod;
+			mod = mod_tmp;
+		}
+	}
+	
+done:
+	/* LDAP v2 supporting correct attribute handling. */
+	if ( rc != LDAP_SUCCESS && mod != NULL ) {
+		Modifications *tmp;
+		for ( ; mod; mod = tmp ) {
+			tmp = mod->sml_next;
+			ch_free( mod );
+		}
+	}
+
+	*pmod = mod;
+
+	return rc;
+}