From 6f0edd6c22097820d92a3fa57e1b84700414bfcc Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@openldap.org>
Date: Sun, 31 Jul 2005 04:56:27 +0000
Subject: [PATCH] Call slap_mods2entry() in do_add(), so that global overlays
 (including global SLAPI plugins) have access to op->ora_e.

Note that slap_mods2entry() is still called in fe_op_add() in order to
add any operational attributes.
---
 servers/slapd/add.c                | 46 ++++++++++++++++++------------
 servers/slapd/back-ldap/chain.c    | 37 ++----------------------
 servers/slapd/modify.c             | 28 ++++++++++++++++++
 servers/slapd/proto-slap.h         |  9 +++++-
 servers/slapd/slapi/proto-slapi.h  |  2 +-
 servers/slapd/slapi/slapi_ops.c    | 24 ++++++++++------
 servers/slapd/slapi/slapi_pblock.c | 14 ++++++---
 servers/slapd/slapi/slapi_utils.c  | 17 +++++++----
 8 files changed, 103 insertions(+), 74 deletions(-)

diff --git a/servers/slapd/add.c b/servers/slapd/add.c
index b877169f49..30af7693dd 100644
--- a/servers/slapd/add.c
+++ b/servers/slapd/add.c
@@ -166,6 +166,14 @@ do_add( Operation *op, SlapReply *rs )
 	/* temporary; remove if not invoking backend function */
 	op->ora_modlist = modlist;
 
+	/* call this so global overlays/SLAPI have access to ora_e */
+	rs->sr_err = slap_mods2entry( op->ora_modlist, &op->ora_e,
+		1, 0, &rs->sr_text, textbuf, textlen );
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		send_ldap_result( op, rs );
+		goto done;
+	}
+
 	op->o_bd = frontendDB;
 	rc = frontendDB->be_add( op, rs );
 	if ( rc == 0 ) {
@@ -302,6 +310,7 @@ fe_op_add( Operation *op, SlapReply *rs )
 					assert( (*modtail)->sml_desc != NULL );
 				}
 
+
 				rs->sr_err = slap_mods_opattrs( op, modlist,
 						modtail, &rs->sr_text,
 						textbuf, textlen, 1 );
@@ -309,13 +318,21 @@ fe_op_add( Operation *op, SlapReply *rs )
 					send_ldap_result( op, rs );
 					goto done;
 				}
-			}
 
-			rs->sr_err = slap_mods2entry( modlist, &op->ora_e,
-				repl_user, 0, &rs->sr_text, textbuf, textlen );
-			if ( rs->sr_err != LDAP_SUCCESS ) {
-				send_ldap_result( op, rs );
-				goto done;
+				/* check for duplicate values */
+				rs->sr_err = slap_mods_no_repl_user_mod_check( op,
+					modlist, &rs->sr_text, textbuf, textlen );
+				if ( rs->sr_err != LDAP_SUCCESS ) {
+					send_ldap_result( op, rs );
+					goto done;
+				}
+
+				rs->sr_err = slap_mods2entry( *modtail, &op->ora_e,
+					0, 0, &rs->sr_text, textbuf, textlen );
+				if ( rs->sr_err != LDAP_SUCCESS ) {
+					send_ldap_result( op, rs );
+					goto done;
+				}
 			}
 
 #ifdef SLAPD_MULTIMASTER
@@ -373,22 +390,22 @@ int
 slap_mods2entry(
 	Modifications *mods,
 	Entry **e,
-	int repl_user,
+	int initial,
 	int dup,
 	const char **text,
 	char *textbuf, size_t textlen )
 {
 	Attribute **tail = &(*e)->e_attrs;
-	assert( *tail == NULL );
+
+	if ( initial ) {
+		assert( *tail == NULL );
+	}
 
 	*text = textbuf;
 
 	for( ; mods != NULL; mods = mods->sml_next ) {
 		Attribute *attr;
 
-		if ( !repl_user ) {
-			assert( mods->sml_op == LDAP_MOD_ADD );
-		}
 		assert( mods->sml_desc != NULL );
 
 		attr = attr_find( (*e)->e_attrs, mods->sml_desc );
@@ -398,13 +415,6 @@ slap_mods2entry(
 #ifdef SLURPD_FRIENDLY
 			ber_len_t i,j;
 
-			if( !repl_user ) {
-				snprintf( textbuf, textlen,
-					"attribute '%s' provided more than once",
-					mods->sml_desc->ad_cname.bv_val );
-				return LDAP_TYPE_OR_VALUE_EXISTS;
-			}
-
 			for( i=0; attr->a_vals[i].bv_val; i++ ) {
 				/* count them */
 			}
diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c
index 4b1bc2433b..2cba84c833 100644
--- a/servers/slapd/back-ldap/chain.c
+++ b/servers/slapd/back-ldap/chain.c
@@ -441,43 +441,10 @@ ldap_chain_response( Operation *op, SlapReply *rs )
 		}
 		break;
 	case LDAP_REQ_ADD:
-		{
-		int		cleanup_attrs = 0;
-
-		if ( op->ora_e->e_attrs == NULL ) {
-			char		textbuf[ SLAP_TEXT_BUFLEN ];
-			size_t		textlen = sizeof( textbuf );
-
-#if 0
-			/* FIXME: op->o_bd is still set to the BackendDB 
-			 * structure of the database that tried to handle
-			 * the operation and actually returned a referral
-			 * ... */
-			assert( SLAP_DBFLAGS( op->o_bd ) & SLAP_DBFLAG_GLOBAL_OVERLAY );
-#endif
-
-			/* global overlay: create entry */
-			/* NOTE: this is a hack to use the chain overlay
-			 * as global.  I expect to be able to remove this
-			 * soon by using slap_mods2entry() earlier in
-			 * do_add(), adding the operational attrs later
-			 * if required. */
-			rs->sr_err = slap_mods2entry( op->ora_modlist,
-					&op->ora_e, 0, 1,
-					&rs->sr_text, textbuf, textlen );
-			if ( rs->sr_err != LDAP_SUCCESS ) {
-				send_ldap_result( op, rs );
-				rc = 1;
-				break;
-			}
-		}
+		/* slap_mods2entry () should be called in do_add() */
+		assert( op->ora_e->e_attrs != NULL );
 		rc = ldap_chain_op( op, rs, lback->bi_op_add, ref );
-		if ( cleanup_attrs ) {
-			attrs_free( op->ora_e->e_attrs );
-			op->ora_e->e_attrs = NULL;
-		}
 		break;
-		}
 	case LDAP_REQ_DELETE:
 		rc = ldap_chain_op( op, rs, lback->bi_op_delete, ref );
 		break;
diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c
index e943b22db1..efa03812d9 100644
--- a/servers/slapd/modify.c
+++ b/servers/slapd/modify.c
@@ -525,6 +525,34 @@ slap_mods_no_user_mod_check(
 	return LDAP_SUCCESS;
 }
 
+int
+slap_mods_no_repl_user_mod_check(
+	Operation *op,
+	Modifications *ml,
+	const char **text,
+	char *textbuf,
+	size_t textlen )
+{
+	Modifications *mods;
+	Modifications *modp;
+
+	for ( mods = ml; mods != NULL; mods = mods->sml_next ) {
+		assert( mods->sml_op == LDAP_MOD_ADD );
+
+		/* check doesn't already appear */
+		for ( modp = ml; modp != NULL; modp = modp->sml_next ) {
+			if ( mods->sml_desc == modp->sml_desc  ) {
+				snprintf( textbuf, textlen,
+					"attribute '%s' provided more than once",
+					mods->sml_desc->ad_cname.bv_val );
+				return LDAP_TYPE_OR_VALUE_EXISTS;
+			}
+		}
+	}
+
+	return LDAP_SUCCESS;
+}
+
 /*
  * Do basic attribute type checking and syntax validation.
  */
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 29c6d8f15c..77eea618ac 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -157,7 +157,7 @@ LDAP_SLAPD_V( AttributeName * ) slap_anlist_all_attributes;
  * add.c
  */
 LDAP_SLAPD_F (int) slap_mods2entry LDAP_P(( Modifications *mods, Entry **e,
-	int repl_user, int dup, const char **text, char *textbuf, size_t textlen ));
+	int initial, int dup, const char **text, char *textbuf, size_t textlen ));
 
 LDAP_SLAPD_F (int) slap_entry2mods LDAP_P(( Entry *e,
 						Modifications **mods, const char **text,
@@ -957,6 +957,13 @@ LDAP_SLAPD_F( int ) slap_mods_no_user_mod_check(
 	const char **text,
 	char *textbuf, size_t textlen );
 
+LDAP_SLAPD_F ( int ) slap_mods_no_repl_user_mod_check(
+	Operation *op,
+	Modifications *ml,
+	const char **text,
+	char *textbuf,
+	size_t textlen );
+
 LDAP_SLAPD_F( int ) slap_mods_check(
 	Modifications *ml,
 	const char **text,
diff --git a/servers/slapd/slapi/proto-slapi.h b/servers/slapd/slapi/proto-slapi.h
index 4a7d6b0dde..b39873745d 100644
--- a/servers/slapd/slapi/proto-slapi.h
+++ b/servers/slapd/slapi/proto-slapi.h
@@ -27,7 +27,7 @@ LDAP_BEGIN_DECL
 
 /* slapi_utils.c */
 LDAP_SLAPI_F (LDAPMod **) slapi_int_modifications2ldapmods LDAP_P(( Modifications **, void *ctx ));
-LDAP_SLAPI_F (Modifications *) slapi_int_ldapmods2modifications LDAP_P(( LDAPMod **, void *ctx ));
+LDAP_SLAPI_F (Modifications *) slapi_int_ldapmods2modifications LDAP_P(( LDAPMod **, int dup, void *ctx ));
 LDAP_SLAPI_F (void) slapi_int_free_ldapmods LDAP_P(( LDAPMod ** ));
 LDAP_SLAPI_F (int) slapi_int_count_controls LDAP_P(( LDAPControl **ctrls ));
 LDAP_SLAPI_F (char **) slapi_get_supported_extended_ops LDAP_P((void));
diff --git a/servers/slapd/slapi/slapi_ops.c b/servers/slapd/slapi/slapi_ops.c
index c224d7a667..d57f3fc651 100644
--- a/servers/slapd/slapi/slapi_ops.c
+++ b/servers/slapd/slapi/slapi_ops.c
@@ -296,7 +296,7 @@ slapi_int_set_operation_dn( Slapi_PBlock *pb )
 
 	if ( BER_BVISNULL( &op->o_ndn ) ) {
 		/* set to root DN */
-		be = select_backend( &op->o_req_ndn, 0, 0 );
+		be = select_backend( &op->o_req_ndn, get_manageDSAit( op ), 1 );
 		if ( be != NULL ) {
 			ber_dupbv( &op->o_dn, &be->be_rootdn );
 			ber_dupbv( &op->o_ndn, &be->be_rootndn );
@@ -344,10 +344,10 @@ slapi_int_connection_done_pb( Slapi_PBlock *pb )
 		}
 		break;
 	case LDAP_REQ_ADD:
-		slapi_int_mods_free( op->ora_modlist );
+		slap_mods_free( op->ora_modlist );
 		break;
 	case LDAP_REQ_MODIFY:
-		slapi_int_mods_free( op->orm_modlist );
+		slap_mods_free( op->orm_modlist );
 		break;
 	case LDAP_REQ_SEARCH:
 		if ( op->ors_attrs != NULL ) {
@@ -429,6 +429,10 @@ slapi_add_internal_pb( Slapi_PBlock *pb )
 	entry_orig = pb->pb_op->ora_e;
 	pb->pb_op->ora_e = NULL;
 
+	/*
+	 * The caller can specify a new entry, or a target DN and set
+	 * of modifications, but not both.
+	 */
 	if ( entry_orig != NULL ) {
 		if ( pb->pb_op->ora_modlist != NULL || !BER_BVISNULL( &pb->pb_op->o_req_ndn )) {
 			rs->sr_err = LDAP_PARAM_ERROR;
@@ -443,10 +447,6 @@ slapi_add_internal_pb( Slapi_PBlock *pb )
 		goto cleanup;
 	}
 
-	/*
-	 * The caller can specify a new entry, or a target DN and set
-	 * of modifications, but not both.
-	 */
 	pb->pb_op->ora_e = (Entry *)slapi_ch_calloc( 1, sizeof(Entry) );
 	ber_dupbv( &pb->pb_op->ora_e->e_name,  &pb->pb_op->o_req_dn );
 	ber_dupbv( &pb->pb_op->ora_e->e_nname, &pb->pb_op->o_req_ndn );
@@ -469,11 +469,17 @@ slapi_add_internal_pb( Slapi_PBlock *pb )
                 goto cleanup;
         }
 
+	/* Duplicate the values, because we may call slapi_entry_free() */
+	rs->sr_err = slap_mods2entry( pb->pb_op->ora_modlist, &pb->pb_op->ora_e,
+		1, 1, &rs->sr_text, pb->pb_textbuf, sizeof( pb->pb_textbuf ) );
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		goto cleanup;
+	}
+
 	if ( slapi_int_func_internal_pb( pb, op_add ) == 0 ) {
 		if ( pb->pb_op->ora_e != NULL && pb->pb_op->o_private != NULL ) {
 			BackendDB	*bd = pb->pb_op->o_bd;
 
-			/* could we use SLAPI_BACKEND instead? */
 			pb->pb_op->o_bd = (BackendDB *)pb->pb_op->o_private;
 			pb->pb_op->o_private = NULL;
 			be_entry_release_w( pb->pb_op, pb->pb_op->ora_e );
@@ -492,7 +498,7 @@ cleanup:
 	}
 	if ( entry_orig != NULL ) {
 		pb->pb_op->ora_e = entry_orig;
-		slapi_int_mods_free( pb->pb_op->ora_modlist );
+		slap_mods_free( pb->pb_op->ora_modlist );
 		pb->pb_op->ora_modlist = NULL;
 	}
 
diff --git a/servers/slapd/slapi/slapi_pblock.c b/servers/slapd/slapi/slapi_pblock.c
index cc1b653e76..791a3101d1 100644
--- a/servers/slapd/slapi/slapi_pblock.c
+++ b/servers/slapd/slapi/slapi_pblock.c
@@ -889,11 +889,10 @@ pblock_set( Slapi_PBlock *pb, int param, void *value )
 		break;
 	case SLAPI_ADD_ENTRY:
 		PBLOCK_ASSERT_OP( pb, 0 );
-		if ( pb->pb_op->o_tag == LDAP_REQ_ADD ) {
+		if ( pb->pb_op->o_tag == LDAP_REQ_ADD )
 			pb->pb_op->ora_e = (Slapi_Entry *)value;
-		} else {
+		else
 			rc = PBLOCK_ERROR;
-		}
 		break;
 	case SLAPI_MODIFY_MODS: {
 		Modifications **mlp;
@@ -916,7 +915,14 @@ pblock_set( Slapi_PBlock *pb, int param, void *value )
 			slapi_int_mods_free( *mlp );
 			*mlp = NULL;
 		}
-		*mlp = slapi_int_ldapmods2modifications( (LDAPMod **)value, NULL );
+		/*
+		 * Note: for internal operations, the modifications need to be
+		 * duplicated because slap_mods_check() will free values before
+		 * prettying, and we have no idea how the values were
+		 * allocated. For frontend operations, slap_mods_check() will
+		 * have already been called.	
+		 */
+		*mlp = slapi_int_ldapmods2modifications( (LDAPMod **)value, pb->pb_intop, NULL );
 		break;
 	}
 	case SLAPI_MODRDN_NEWRDN:
diff --git a/servers/slapd/slapi/slapi_utils.c b/servers/slapd/slapi/slapi_utils.c
index fea5e7d02e..e12d8ab900 100644
--- a/servers/slapd/slapi/slapi_utils.c
+++ b/servers/slapd/slapi/slapi_utils.c
@@ -2657,7 +2657,7 @@ int slapi_acl_check_mods(Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char
 	if ( pb == NULL || pb->pb_op == NULL )
 		return LDAP_PARAM_ERROR;
 
-	ml = slapi_int_ldapmods2modifications( mods, NULL );
+	ml = slapi_int_ldapmods2modifications( mods, 0, NULL );
 	if ( ml == NULL ) {
 		return LDAP_OTHER;
 	}
@@ -2741,7 +2741,7 @@ LDAPMod **slapi_int_modifications2ldapmods(
  * LDAPMods array; the latter MUST be freed with
  * slapi_int_free_ldapmods() (see below).
  */
-Modifications *slapi_int_ldapmods2modifications ( LDAPMod **mods, void *memctx )
+Modifications *slapi_int_ldapmods2modifications ( LDAPMod **mods, int dup, void *memctx )
 {
 	Modifications *modlist = NULL, **modtail;
 	LDAPMod **modp;
@@ -2791,12 +2791,17 @@ Modifications *slapi_int_ldapmods2modifications ( LDAPMod **mods, void *memctx )
 			/* NB: This implicitly trusts a plugin to return valid modifications. */
 			if ( lmod->mod_op & LDAP_MOD_BVALUES ) {
 				for ( i = 0; lmod->mod_bvalues[i] != NULL; i++ ) {
-					mod->sml_values[i].bv_val = lmod->mod_bvalues[i]->bv_val;
-					mod->sml_values[i].bv_len = lmod->mod_bvalues[i]->bv_len;
+					if ( dup ) {
+						ber_dupbv( &mod->sml_values[i], lmod->mod_bvalues[i] );
+					} else {
+						mod->sml_values[i].bv_val = lmod->mod_bvalues[i]->bv_val;
+						mod->sml_values[i].bv_len = lmod->mod_bvalues[i]->bv_len;
+					}
 				}
 			} else {
 				for ( i = 0; lmod->mod_values[i] != NULL; i++ ) {
-					mod->sml_values[i].bv_val = lmod->mod_values[i];
+					mod->sml_values[i].bv_val = dup ? slapi_ch_strdup( lmod->mod_values[i] ) :
+						lmod->mod_values[i];
 					mod->sml_values[i].bv_len = strlen( lmod->mod_values[i] );
 				}
 			}
@@ -2837,7 +2842,7 @@ slapi_int_mods_free( Modifications *ml )
 /*
  * This function only frees the parts of the mods array that
  * are not shared with the Modification list that was created
- * by slapi_int_ldapmods2modifications(). 
+ * by slapi_int_ldapmods2modifications() (if dup == 0).
  */
 void
 slapi_int_free_ldapmods ( LDAPMod **mods )
-- 
2.39.2