modrdn.c 13 KB
Newer Older
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1
/* modrdn.c - ldbm backend modrdn routine */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
2
3
4
5
/*
 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
6

7
/*
8
9
10
11
 * LDAP v3 newSuperior support. Add new rdn as an attribute.
 * (Full support for v2 also used software/ideas contributed
 * by Roy Hooper rhooper@cyberus.ca, thanks to him for his
 * submission!.)
12
13
14
15
16
17
18
19
20
21
22
 *
 * Copyright 1999, Juan C. Gomez, All rights reserved.
 * This software is not subject to any license of Silicon Graphics 
 * Inc. or Purdue University.
 *
 * Redistribution and use in source and binary forms are permitted
 * without restriction or fee of any kind as long as this notice
 * is preserved.
 *
 */

Kurt Zeilenga's avatar
Kurt Zeilenga committed
23
24
#include "portable.h"

Kurt Zeilenga's avatar
Kurt Zeilenga committed
25
#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
26
27
28
29

#include <ac/string.h>
#include <ac/socket.h>

Kurt Zeilenga's avatar
Kurt Zeilenga committed
30
31
#include "slap.h"
#include "back-ldbm.h"
32
#include "proto-back-ldbm.h"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
33
34
35
36
37
38
39
40

int
ldbm_back_modrdn(
    Backend	*be,
    Connection	*conn,
    Operation	*op,
    char	*dn,
    char	*newrdn,
41
42
    int		deleteoldrdn,
    char	*newSuperior
Kurt Zeilenga's avatar
Kurt Zeilenga committed
43
44
45
)
{
	struct ldbminfo	*li = (struct ldbminfo *) be->be_private;
46
47
	char		*p_dn = NULL, *p_ndn = NULL;
	char		*new_dn = NULL, *new_ndn = NULL;
48
	Entry		*e, *p = NULL;
49
	Entry		*matched = NULL;
50
51
	int			rootlock = 0;
	int			rc = -1;
52
53
54
55
	/* Added to support LDAP v2 correctly (deleteoldrdn thing) */
	char		*new_rdn_val = NULL;	/* Val of new rdn */
	char		*new_rdn_type = NULL;	/* Type of new rdn */
	char		*old_rdn;		/* Old rdn's attr type & val */
Juan Gomez's avatar
Juan Gomez committed
56
57
	char		*old_rdn_type = NULL;	/* Type of old rdn attr. */
	char		*old_rdn_val = NULL;	/* Old rdn attribute value */
Juan Gomez's avatar
Juan Gomez committed
58
59
60
61
62
	/* Added to support newSuperior */ 
	Entry		*np = NULL;	/* newSuperior Entry */
	char		*np_dn = NULL;  /* newSuperior dn */
	char		*np_ndn = NULL; /* newSuperior ndn */
	char		*new_parent_dn = NULL;	/* np_dn, p_dn, or NULL */
63
64
65
66
67
68
	/* Used to interface with ldbm_modify_internal() */
	struct berval	add_bv;			/* Stores new rdn att */
	struct berval	*add_bvals[2];		/* Stores new rdn att */
	struct berval	del_bv;			/* Stores old rdn att */
	struct berval	*del_bvals[2];		/* Stores old rdn att */
	LDAPModList	mod[2];			/* Used to delete old rdn */
69
	int		manageDSAit = get_manageDSAit( op );
Juan Gomez's avatar
Juan Gomez committed
70

71
72
	Debug( LDAP_DEBUG_TRACE, "==>ldbm_back_modrdn(newSuperior=%s)\n",
	       (newSuperior ? newSuperior : "NULL"),
Juan Gomez's avatar
Juan Gomez committed
73
	       0, 0 );
74
75
76

	/* get entry with writer lock */
	if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
		char* matched_dn = NULL;
		struct berval** refs = NULL;

		if( matched != NULL ) {
			matched_dn = strdup( matched->e_dn );
			refs = is_entry_referral( matched )
				? get_entry_referrals( be, conn, op, matched )
				: NULL;
			cache_return_entry_r( &li->li_cache, matched );
		} else {
			refs = default_referral;
		}

		send_ldap_result( conn, op, LDAP_REFERRAL,
			matched_dn, NULL, refs, NULL );

Kurt Zeilenga's avatar
Kurt Zeilenga committed
93
		if ( matched != NULL ) {
94
95
			ber_bvecfree( refs );
			free( matched_dn );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
96
		}
97

Kurt Zeilenga's avatar
Kurt Zeilenga committed
98
99
100
		return( -1 );
	}

101
#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
102
103
	if ( ! access_allowed( be, conn, op, e,
		"entry", NULL, ACL_WRITE ) )
104
105
106
107
	{
		Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
			0, 0 );
		send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
108
			NULL, NULL, NULL, NULL );
109
110
111
112
		goto return_results;
	}
#endif

113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
	if (!manageDSAit && is_entry_referral( e ) ) {
		/* parent is a referral, don't allow add */
		/* parent is an alias, don't allow add */
		struct berval **refs = get_entry_referrals( be,
			conn, op, e );

		Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
		    0, 0 );

		send_ldap_result( conn, op, LDAP_REFERRAL,
		    e->e_dn, NULL, refs, NULL );

		ber_bvecfree( refs );

		goto return_results;
	}

130
	if ( (p_ndn = dn_parent( be, e->e_ndn )) != NULL ) {
Juan Gomez's avatar
Juan Gomez committed
131

132
		/* Make sure parent entry exist and we can write its 
Juan Gomez's avatar
Juan Gomez committed
133
134
135
		 * children.
		 */

136
		if( (p = dn2entry_w( be, p_ndn, &matched )) == NULL) {
137
138
139
			Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
				0, 0, 0);
			send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
140
				NULL, NULL, NULL, NULL );
141
142
143
144
			goto return_results;
		}

		/* check parent for "children" acl */
145
146
		if ( ! access_allowed( be, conn, op, p,
			"children", NULL, ACL_WRITE ) )
147
148
149
150
		{
			Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
				0, 0 );
			send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
151
				NULL, NULL, NULL, NULL );
152
153
154
			goto return_results;
		}

Juan Gomez's avatar
Juan Gomez committed
155
156
157
158
		Debug( LDAP_DEBUG_TRACE,
		       "ldbm_back_modrdn: wr to children of entry %s OK\n",
		       p_ndn, 0, 0 );
		
159
		p_dn = dn_parent( be, e->e_dn );
Juan Gomez's avatar
Juan Gomez committed
160
161
162
163
	

		Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n",
		       p_dn, 0, 0 );
164

Kurt Zeilenga's avatar
Kurt Zeilenga committed
165
	} else {
166
		/* no parent, modrdn entry directly under root */
167
		if( ! be_isroot( be, op->o_ndn ) ) {
168
169
170
			Debug( LDAP_DEBUG_TRACE, "no parent & not root\n",
				0, 0, 0);
			send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
171
				NULL, NULL, NULL, NULL );
172
173
174
			goto return_results;
		}

175
		ldap_pvt_thread_mutex_lock(&li->li_root_mutex);
176
		rootlock = 1;
Juan Gomez's avatar
Juan Gomez committed
177
178
179
180
181
		
		Debug( LDAP_DEBUG_TRACE,
		       "ldbm_back_modrdn: no parent, locked root\n",
		       0, 0, 0 );

182
	}
Juan Gomez's avatar
Juan Gomez committed
183
184
185
186
187
188
189
190

	new_parent_dn = p_dn;	/* New Parent unless newSuperior given */

	if ( (np_dn = newSuperior) != NULL) {
		Debug( LDAP_DEBUG_TRACE, 
		       "ldbm_back_modrdn: new parent requested...\n",
		       0, 0, 0 );

191
192
		np_ndn = ch_strdup( np_dn );
		(void) dn_normalize_case( np_ndn );
Juan Gomez's avatar
Juan Gomez committed
193
194
195
196
197
198
199
200
201

		/* newSuperior == oldParent?, if so ==> ERROR */
		/* newSuperior == entry being moved?, if so ==> ERROR */
		/* Get Entry with dn=newSuperior. Does newSuperior exist? */

		if( (np = dn2entry_w( be, np_ndn, &matched )) == NULL) {
			Debug( LDAP_DEBUG_TRACE,
			       "ldbm_back_modrdn: newSup(ndn=%s) not here!\n",
			       np_ndn, 0, 0);
202
203
			send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
				NULL, NULL, NULL, NULL );
Juan Gomez's avatar
Juan Gomez committed
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
			goto return_results;
		}

		Debug( LDAP_DEBUG_TRACE,
		       "ldbm_back_modrdn: wr to new parent OK np=%p, id=%d\n",
		       np, np->e_id, 0 );
	    
		/* check newSuperior for "children" acl */
		if ( !access_allowed( be, conn, op, np, "children", NULL,
				      ACL_WRITE ) )
		{
			Debug( LDAP_DEBUG_TRACE,
			       "ldbm_back_modrdn: no wr to newSup children\n",
			       0, 0, 0 );
			send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
				NULL, NULL, NULL, NULL );
			goto return_results;
		}

		if ( is_entry_alias( np ) ) {
			/* entry is an alias, don't allow bind */
			Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0,
			    0, 0 );

			send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM,
			    NULL, NULL, NULL, NULL );

			goto return_results;
		}

		if ( is_entry_referral( np ) ) {
			/* parent is a referral, don't allow add */
			/* parent is an alias, don't allow add */
			Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
				0, 0 );

			send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
			    NULL, NULL, NULL, NULL );

Juan Gomez's avatar
Juan Gomez committed
243
244
245
246
247
248
249
250
			goto return_results;
		}

		Debug( LDAP_DEBUG_TRACE,
		       "ldbm_back_modrdn: wr to new parent's children OK\n",
		       0, 0 , 0 );

		new_parent_dn = np_dn;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
251
	}
Juan Gomez's avatar
Juan Gomez committed
252
253
	
	/* Build target dn and make sure target entry doesn't exist already. */
254

Juan Gomez's avatar
Juan Gomez committed
255
	build_new_dn( &new_dn, e->e_dn, new_parent_dn, newrdn ); 
Kurt Zeilenga's avatar
Kurt Zeilenga committed
256

Juan Gomez's avatar
Juan Gomez committed
257

258
259
	new_ndn = ch_strdup(new_dn);
	(void) dn_normalize_case( new_ndn );
Juan Gomez's avatar
Juan Gomez committed
260
261
262
263
264

	Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new ndn=%s\n",
	       new_ndn, 0, 0 );

	if (dn2id ( be, new_ndn ) != NOID) {
265
266
		send_ldap_result( conn, op, LDAP_ALREADY_EXISTS,
			NULL, NULL, NULL, NULL );
267
		goto return_results;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
268
269
	}

Juan Gomez's avatar
Juan Gomez committed
270
271
272
273
	Debug( LDAP_DEBUG_TRACE,
	       "ldbm_back_modrdn: new ndn=%s does not exist\n",
	       new_ndn, 0, 0 );

274
275
	/* Get attribute type and attribute value of our new rdn, we will
	 * need to add that to our new entry
Kurt Zeilenga's avatar
Kurt Zeilenga committed
276
277
	 */

278
279
280
281
282
	if ( (new_rdn_type = rdn_attr_type( newrdn )) == NULL ) {
	    
		Debug( LDAP_DEBUG_TRACE,
		       "ldbm_back_modrdn: can't figure out type of newrdn\n",
		       0, 0, 0 );
283
284
		send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
			NULL, NULL, NULL, NULL );
285
286
287
288
289
290
291
292
293
		goto return_results;		

	}

	if ( (new_rdn_val = rdn_attr_value( newrdn )) == NULL ) {
	    
		Debug( LDAP_DEBUG_TRACE,
		       "ldbm_back_modrdn: can't figure out val of newrdn\n",
		       0, 0, 0 );
294
295
		send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
			NULL, NULL, NULL, NULL );
296
297
298
299
		goto return_results;		

	}

300
	Debug( LDAP_DEBUG_TRACE,
301
	       "ldbm_back_modrdn: new_rdn_val=\"%s\", new_rdn_type=\"%s\"\n",
302
303
304
305
306
307
308
309
310
	       new_rdn_val, new_rdn_type, 0 );

	/* Retrieve the old rdn from the entry's dn */

	if ( (old_rdn = dn_rdn( be, dn )) == NULL ) {

		Debug( LDAP_DEBUG_TRACE,
		       "ldbm_back_modrdn: can't figure out old_rdn from dn\n",
		       0, 0, 0 );
311
312
		send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
			NULL, NULL, NULL, NULL );
313
314
315
316
		goto return_results;		

	}

Juan Gomez's avatar
Juan Gomez committed
317
318
319
320
321
	if ( (old_rdn_type = rdn_attr_type( old_rdn )) == NULL ) {
	    
		Debug( LDAP_DEBUG_TRACE,
		       "ldbm_back_modrdn: can't figure out the old_rdn type\n",
		       0, 0, 0 );
322
323
		send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
			NULL, NULL, NULL, NULL );
Juan Gomez's avatar
Juan Gomez committed
324
325
326
327
328
329
330
		goto return_results;		
		
	}
	
	if ( strcasecmp( old_rdn_type, new_rdn_type ) != 0 ) {

	    /* Not a big deal but we may say something */
331
332
	    Debug( LDAP_DEBUG_TRACE,
		   "ldbm_back_modrdn: old_rdn_type=%s, new_rdn_type=%s!\n",
Juan Gomez's avatar
Juan Gomez committed
333
334
335
336
		   old_rdn_type, new_rdn_type, 0 );
	    
	}		

337
#ifdef DNS_DN
338
	if ( dn_type( old_rdn ) == DN_X500 ) {
339
#endif
340
341
342

		Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
		       0, 0, 0 );
343
344
345
		
		/* Add new attribute value to the entry.
		 */
346

347
348
349
350
351
		add_bvals[0] = &add_bv;		/* Array of bervals */
		add_bvals[1] = NULL;

		add_bv.bv_val = new_rdn_val;
		add_bv.bv_len = strlen(new_rdn_val);
352
		
353
354
355
356
		mod[0].ml_type = new_rdn_type;	
		mod[0].ml_bvalues = add_bvals;
		mod[0].ml_op = LDAP_MOD_SOFTADD;
		mod[0].ml_next = NULL;
357

Juan Gomez's avatar
Juan Gomez committed
358
359
360
361
362
363
364
365
366
367
368
		/* Remove old rdn value if required */

		if (deleteoldrdn) {
			/* Get value of old rdn */
	
			if ((old_rdn_val = rdn_attr_value( old_rdn ))
			    == NULL) {
			    
				Debug( LDAP_DEBUG_TRACE,
				       "ldbm_back_modrdn: can't figure out old_rdn_val from old_rdn\n",
				       0, 0, 0 );
369
370
				send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
					NULL, NULL, NULL, NULL );
Juan Gomez's avatar
Juan Gomez committed
371
372
373
				goto return_results;		
			}

374
375
376
			del_bvals[0] = &del_bv;		/* Array of bervals */
			del_bvals[1] = NULL;

Juan Gomez's avatar
Juan Gomez committed
377
378
			/* Remove old value of rdn as an attribute. */
		    
379
380
			del_bv.bv_val = old_rdn_val;
			del_bv.bv_len = strlen(old_rdn_val);
Juan Gomez's avatar
Juan Gomez committed
381
382
383
384

			/* No need to normalize old_rdn_type, delete_values()
			 * does that for us
			 */
385
			mod[0].ml_next = &mod[1];
386
387
388
389
			mod[1].ml_type = old_rdn_type;	
			mod[1].ml_bvalues = del_bvals;
			mod[1].ml_op = LDAP_MOD_DELETE;
			mod[1].ml_next = NULL;
Juan Gomez's avatar
Juan Gomez committed
390

391
			Debug( LDAP_DEBUG_TRACE,
392
			       "ldbm_back_modrdn: removing old_rdn_val=%s\n",
Juan Gomez's avatar
Juan Gomez committed
393
			       old_rdn_val, 0, 0 );
394
		}
395
	
396
#ifdef DNS_DN
397
398
399
400
	} else {
		Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DNS DN\n",
		       0, 0, 0 );
		/* XXXV3: not sure of what to do here */
401
		Debug( LDAP_DEBUG_TRACE,
402
		       "ldbm_back_modrdn: not fully implemented...\n",
403
404
		       0, 0, 0 );
  
405
406
		send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
			NULL, NULL, NULL, NULL );
407
		goto return_results;
408
409

	}
410
#endif
411

412
413
414
415
416
417
418
419
	/* check for abandon */
	ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
	if ( op->o_abandon ) {
		ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
		goto return_results;
	}
	ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );

420
421
422
423
424
425
426
427
	/* delete old one */
	if ( dn2id_delete( be, e->e_ndn, e->e_id ) != 0 ) {
		send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
			NULL, NULL, NULL, NULL );
		goto return_results;
	}

	(void) cache_delete_entry( &li->li_cache, e );
428
429
430

	/* XXX: there is no going back! */

431
432
433
434
	free( e->e_dn );
	free( e->e_ndn );
	e->e_dn = new_dn;
	e->e_ndn = new_ndn;
435
436
	new_dn = NULL;
	new_ndn = NULL;
437
438
439
440
441
442
443
444

	/* add new one */
	if ( dn2id_add( be, e->e_ndn, e->e_id ) != 0 ) {
		send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
			NULL, NULL, NULL, NULL );
		goto return_results;
	}

445
	/* modify memory copy of entry */
446
447
	if ( ldbm_modify_internal( be, conn, op, dn, &mod[0], e )
	     != 0 ) {
448
449
450
451
	    
	    goto return_results;
	}
	
452
453
	(void) cache_update_entry( &li->li_cache, e );

454
455
456
457
	/* NOTE: after this you must not free new_dn or new_ndn!
	 * They are used by cache.
	 */

Kurt Zeilenga's avatar
Kurt Zeilenga committed
458
459
460
	/* id2entry index */
	if ( id2entry_add( be, e ) != 0 ) {
		entry_free( e );
461
462
		send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
			NULL, NULL, NULL, NULL );
463
		goto return_results;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
464
	}
465

466
467
	send_ldap_result( conn, op, LDAP_SUCCESS,
		NULL, NULL, NULL, NULL );
468
469
470
	rc = 0;

return_results:
471
472
	if( new_dn != NULL ) free( new_dn );
	if( new_ndn != NULL ) free( new_ndn );
473

474
475
476
	if( p_dn != NULL ) free( p_dn );
	if( p_ndn != NULL ) free( p_ndn );

477
	if( matched != NULL ) free( matched );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
478

479
480
481
482
	/* LDAP v2 supporting correct attribute handling. */
	if( new_rdn_type != NULL ) free(new_rdn_type);
	if( new_rdn_val != NULL ) free(new_rdn_val);
	if( old_rdn != NULL ) free(old_rdn);
Juan Gomez's avatar
Juan Gomez committed
483
484
	if( old_rdn_type != NULL ) free(old_rdn_type);
	if( old_rdn_val != NULL ) free(old_rdn_val);
485

Juan Gomez's avatar
Juan Gomez committed
486
487
488
489
490

	/* LDAP v3 Support */
	if ( np_dn != NULL ) free( np_dn );
	if ( np_ndn != NULL ) free( np_ndn );

491
492
493
494
495
	if( np != NULL ) {
		/* free new parent and writer lock */
		cache_return_entry_w( &li->li_cache, np );
	}

496
497
498
	if( p != NULL ) {
		/* free parent and writer lock */
		cache_return_entry_w( &li->li_cache, p );
499
	}
500

501
	if ( rootlock ) {
502
		/* release root writer lock */
503
		ldap_pvt_thread_mutex_unlock(&li->li_root_mutex);
504
	}
505
506
507

	/* free entry and writer lock */
	cache_return_entry_w( &li->li_cache, e );
508
	return( rc );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
509
}