1 /* modrdn.c - mdb backend modrdn routine */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 *
5 * Copyright 2000-2021 The OpenLDAP Foundation.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
10 * Public License.
11 *
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
15 */
16
17 #include "portable.h"
18
19 #include <stdio.h>
20 #include <ac/string.h>
21
22 #include "back-mdb.h"
23
24 int
mdb_modrdn(Operation * op,SlapReply * rs)25 mdb_modrdn( Operation *op, SlapReply *rs )
26 {
27 struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
28 AttributeDescription *children = slap_schema.si_ad_children;
29 AttributeDescription *entry = slap_schema.si_ad_entry;
30 struct berval p_dn, p_ndn;
31 Entry *e = NULL;
32 Entry *p = NULL;
33 /* LDAP v2 supporting correct attribute handling. */
34 char textbuf[SLAP_TEXT_BUFLEN];
35 size_t textlen = sizeof textbuf;
36 MDB_txn *txn = NULL;
37 MDB_cursor *mc;
38 struct mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo;
39 Entry dummy = {0};
40
41 Entry *np = NULL; /* newSuperior Entry */
42 struct berval *np_dn = NULL; /* newSuperior dn */
43 struct berval *np_ndn = NULL; /* newSuperior ndn */
44 struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
45
46 int manageDSAit = get_manageDSAit( op );
47
48 ID nid, nsubs;
49 LDAPControl **preread_ctrl = NULL;
50 LDAPControl **postread_ctrl = NULL;
51 LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
52 int num_ctrls = 0;
53
54 int parent_is_glue = 0;
55 int parent_is_leaf = 0;
56
57 Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(mdb_modrdn) "(%s,%s,%s)\n",
58 op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
59 op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
60
61 ctrls[num_ctrls] = NULL;
62
63 /* begin transaction */
64 rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi );
65 rs->sr_text = NULL;
66 if( rs->sr_err != 0 ) {
67 Debug( LDAP_DEBUG_TRACE,
68 LDAP_XSTRING(mdb_modrdn) ": txn_begin failed: "
69 "%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err );
70 rs->sr_err = LDAP_OTHER;
71 rs->sr_text = "internal error";
72 goto return_results;
73 }
74 txn = moi->moi_txn;
75
76 slap_mods_opattrs( op, &op->orr_modlist, 1 );
77
78 if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
79 #ifdef MDB_MULTIPLE_SUFFIXES
80 /* Allow renaming one suffix entry to another */
81 p_ndn = slap_empty_bv;
82 #else
83 /* There can only be one suffix entry */
84 rs->sr_err = LDAP_NAMING_VIOLATION;
85 rs->sr_text = "cannot rename suffix entry";
86 goto return_results;
87 #endif
88 } else {
89 dnParent( &op->o_req_ndn, &p_ndn );
90 }
91 np_ndn = &p_ndn;
92 /* Make sure parent entry exist and we can write its
93 * children.
94 */
95 rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mc );
96 if ( rs->sr_err != 0 ) {
97 Debug(LDAP_DEBUG_TRACE,
98 "<=- " LDAP_XSTRING(mdb_modrdn)
99 ": cursor_open failed: %s (%d)\n",
100 mdb_strerror(rs->sr_err), rs->sr_err );
101 rs->sr_err = LDAP_OTHER;
102 rs->sr_text = "DN cursor_open failed";
103 goto return_results;
104 }
105 rs->sr_err = mdb_dn2entry( op, txn, mc, &p_ndn, &p, NULL, 0 );
106 switch( rs->sr_err ) {
107 case MDB_NOTFOUND:
108 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn)
109 ": parent does not exist\n" );
110 rs->sr_ref = referral_rewrite( default_referral, NULL,
111 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
112 rs->sr_err = LDAP_REFERRAL;
113
114 send_ldap_result( op, rs );
115
116 ber_bvarray_free( rs->sr_ref );
117 goto done;
118 case 0:
119 break;
120 case LDAP_BUSY:
121 rs->sr_text = "ldap server busy";
122 goto return_results;
123 default:
124 rs->sr_err = LDAP_OTHER;
125 rs->sr_text = "internal error";
126 goto return_results;
127 }
128
129 /* check parent for "children" acl */
130 rs->sr_err = access_allowed( op, p,
131 children, NULL,
132 op->oq_modrdn.rs_newSup == NULL ?
133 ACL_WRITE : ACL_WDEL,
134 NULL );
135
136 if ( ! rs->sr_err ) {
137 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
138 Debug( LDAP_DEBUG_TRACE, "no access to parent\n" );
139 rs->sr_text = "no write access to parent's children";
140 goto return_results;
141 }
142
143 Debug( LDAP_DEBUG_TRACE,
144 LDAP_XSTRING(mdb_modrdn) ": wr to children "
145 "of entry %s OK\n", p_ndn.bv_val );
146
147 if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
148 p_dn = slap_empty_bv;
149 } else {
150 dnParent( &op->o_req_dn, &p_dn );
151 }
152
153 Debug( LDAP_DEBUG_TRACE,
154 LDAP_XSTRING(mdb_modrdn) ": parent dn=%s\n",
155 p_dn.bv_val );
156
157 /* get entry */
158 rs->sr_err = mdb_dn2entry( op, txn, mc, &op->o_req_ndn, &e, &nsubs, 0 );
159 switch( rs->sr_err ) {
160 case MDB_NOTFOUND:
161 e = p;
162 p = NULL;
163 case 0:
164 break;
165 case LDAP_BUSY:
166 rs->sr_text = "ldap server busy";
167 goto return_results;
168 default:
169 rs->sr_err = LDAP_OTHER;
170 rs->sr_text = "internal error";
171 goto return_results;
172 }
173
174 /* FIXME: dn2entry() should return non-glue entry */
175 if (( rs->sr_err == MDB_NOTFOUND ) ||
176 ( !manageDSAit && e && is_entry_glue( e )))
177 {
178 if( e != NULL ) {
179 rs->sr_matched = ch_strdup( e->e_dn );
180 if ( is_entry_referral( e )) {
181 BerVarray ref = get_entry_referrals( op, e );
182 rs->sr_ref = referral_rewrite( ref, &e->e_name,
183 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
184 ber_bvarray_free( ref );
185 } else {
186 rs->sr_ref = NULL;
187 }
188 mdb_entry_return( op, e );
189 e = NULL;
190
191 } else {
192 rs->sr_ref = referral_rewrite( default_referral, NULL,
193 &op->o_req_dn, LDAP_SCOPE_DEFAULT );
194 }
195
196 rs->sr_err = LDAP_REFERRAL;
197 send_ldap_result( op, rs );
198
199 ber_bvarray_free( rs->sr_ref );
200 free( (char *)rs->sr_matched );
201 rs->sr_ref = NULL;
202 rs->sr_matched = NULL;
203
204 goto done;
205 }
206
207 if ( get_assert( op ) &&
208 ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
209 {
210 rs->sr_err = LDAP_ASSERTION_FAILED;
211 goto return_results;
212 }
213
214 /* check write on old entry */
215 rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL );
216 if ( ! rs->sr_err ) {
217 Debug( LDAP_DEBUG_TRACE, "no access to entry\n" );
218 rs->sr_text = "no write access to old entry";
219 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
220 goto return_results;
221 }
222
223 if (!manageDSAit && is_entry_referral( e ) ) {
224 /* entry is a referral, don't allow rename */
225 rs->sr_ref = get_entry_referrals( op, e );
226
227 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn)
228 ": entry %s is referral\n", e->e_dn );
229
230 rs->sr_err = LDAP_REFERRAL,
231 rs->sr_matched = e->e_name.bv_val;
232 send_ldap_result( op, rs );
233
234 ber_bvarray_free( rs->sr_ref );
235 rs->sr_ref = NULL;
236 rs->sr_matched = NULL;
237 goto done;
238 }
239
240 new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
241
242 if ( op->oq_modrdn.rs_newSup != NULL ) {
243 Debug( LDAP_DEBUG_TRACE,
244 LDAP_XSTRING(mdb_modrdn)
245 ": new parent \"%s\" requested...\n",
246 op->oq_modrdn.rs_newSup->bv_val );
247
248 /* newSuperior == oldParent? */
249 if( dn_match( &p_ndn, op->oq_modrdn.rs_nnewSup ) ) {
250 Debug( LDAP_DEBUG_TRACE, "mdb_back_modrdn: "
251 "new parent \"%s\" same as the old parent \"%s\"\n",
252 op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val );
253 op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
254 }
255 }
256
257 /* There's a MDB_MULTIPLE_SUFFIXES case here that this code doesn't
258 * support. E.g., two suffixes dc=foo,dc=com and dc=bar,dc=net.
259 * We do not allow modDN
260 * dc=foo,dc=com
261 * newrdn dc=bar
262 * newsup dc=net
263 * and we probably should. But since MULTIPLE_SUFFIXES is deprecated
264 * I'm ignoring this problem for now.
265 */
266 if ( op->oq_modrdn.rs_newSup != NULL ) {
267 if ( op->oq_modrdn.rs_newSup->bv_len ) {
268 np_dn = op->oq_modrdn.rs_newSup;
269 np_ndn = op->oq_modrdn.rs_nnewSup;
270
271 /* newSuperior == oldParent? - checked above */
272 /* newSuperior == entry being moved?, if so ==> ERROR */
273 if ( dnIsSuffix( np_ndn, &e->e_nname )) {
274 rs->sr_err = LDAP_NO_SUCH_OBJECT;
275 rs->sr_text = "new superior not found";
276 goto return_results;
277 }
278 /* Get Entry with dn=newSuperior. Does newSuperior exist? */
279 rs->sr_err = mdb_dn2entry( op, txn, NULL, np_ndn, &np, NULL, 0 );
280
281 switch( rs->sr_err ) {
282 case 0:
283 break;
284 case MDB_NOTFOUND:
285 Debug( LDAP_DEBUG_TRACE,
286 LDAP_XSTRING(mdb_modrdn)
287 ": newSup(ndn=%s) not here!\n",
288 np_ndn->bv_val );
289 rs->sr_text = "new superior not found";
290 rs->sr_err = LDAP_NO_SUCH_OBJECT;
291 goto return_results;
292 case LDAP_BUSY:
293 rs->sr_text = "ldap server busy";
294 goto return_results;
295 default:
296 rs->sr_err = LDAP_OTHER;
297 rs->sr_text = "internal error";
298 goto return_results;
299 }
300
301 /* check newSuperior for "children" acl */
302 rs->sr_err = access_allowed( op, np, children,
303 NULL, ACL_WADD, NULL );
304
305 if( ! rs->sr_err ) {
306 Debug( LDAP_DEBUG_TRACE,
307 LDAP_XSTRING(mdb_modrdn)
308 ": no wr to newSup children\n" );
309 rs->sr_text = "no write access to new superior's children";
310 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
311 goto return_results;
312 }
313
314 Debug( LDAP_DEBUG_TRACE,
315 LDAP_XSTRING(mdb_modrdn)
316 ": wr to new parent OK np=%p, id=%ld\n",
317 (void *) np, (long) np->e_id );
318
319 if ( is_entry_alias( np ) ) {
320 /* parent is an alias, don't allow add */
321 Debug( LDAP_DEBUG_TRACE,
322 LDAP_XSTRING(mdb_modrdn)
323 ": entry is alias\n" );
324 rs->sr_text = "new superior is an alias";
325 rs->sr_err = LDAP_ALIAS_PROBLEM;
326 goto return_results;
327 }
328
329 if ( is_entry_referral( np ) ) {
330 /* parent is a referral, don't allow add */
331 Debug( LDAP_DEBUG_TRACE,
332 LDAP_XSTRING(mdb_modrdn)
333 ": entry is referral\n" );
334 rs->sr_text = "new superior is a referral";
335 rs->sr_err = LDAP_OTHER;
336 goto return_results;
337 }
338 np_dn = &np->e_name;
339
340 } else {
341 np_dn = NULL;
342
343 /* no parent, modrdn entry directly under root */
344 if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
345 || be_isupdate( op ) ) {
346 np = (Entry *)&slap_entry_root;
347
348 /* check parent for "children" acl */
349 rs->sr_err = access_allowed( op, np,
350 children, NULL, ACL_WADD, NULL );
351
352 np = NULL;
353
354 if ( ! rs->sr_err ) {
355 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
356 Debug( LDAP_DEBUG_TRACE,
357 "no access to new superior\n" );
358 rs->sr_text =
359 "no write access to new superior's children";
360 goto return_results;
361 }
362 }
363 }
364
365 Debug( LDAP_DEBUG_TRACE,
366 LDAP_XSTRING(mdb_modrdn)
367 ": wr to new parent's children OK\n" );
368
369 new_parent_dn = np_dn;
370 }
371
372 /* Make sure target entry doesn't exist already. */
373 Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn) ": new ndn=%s\n",
374 op->orr_nnewDN.bv_val );
375
376 /* Shortcut the search */
377 rs->sr_err = mdb_dn2id ( op, txn, NULL, &op->orr_nnewDN, &nid, NULL, NULL, NULL );
378 switch( rs->sr_err ) {
379 case MDB_NOTFOUND:
380 break;
381 case 0:
382 /* Allow rename to same DN */
383 if ( nid == e->e_id )
384 break;
385 rs->sr_err = LDAP_ALREADY_EXISTS;
386 goto return_results;
387 default:
388 rs->sr_err = LDAP_OTHER;
389 rs->sr_text = "internal error";
390 goto return_results;
391 }
392
393 if( op->o_preread ) {
394 if( preread_ctrl == NULL ) {
395 preread_ctrl = &ctrls[num_ctrls++];
396 ctrls[num_ctrls] = NULL;
397 }
398 if( slap_read_controls( op, rs, e,
399 &slap_pre_read_bv, preread_ctrl ) )
400 {
401 Debug( LDAP_DEBUG_TRACE,
402 "<=- " LDAP_XSTRING(mdb_modrdn)
403 ": pre-read failed!\n" );
404 if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
405 /* FIXME: is it correct to abort
406 * operation if control fails? */
407 goto return_results;
408 }
409 }
410 }
411
412 /* delete old DN
413 * If moving to a new parent, must delete current subtree count,
414 * otherwise leave it unchanged since we'll be adding it right back.
415 */
416 rs->sr_err = mdb_dn2id_delete( op, mc, e->e_id, np ? nsubs : 0 );
417 if ( rs->sr_err != 0 ) {
418 Debug(LDAP_DEBUG_TRACE,
419 "<=- " LDAP_XSTRING(mdb_modrdn)
420 ": dn2id del failed: %s (%d)\n",
421 mdb_strerror(rs->sr_err), rs->sr_err );
422 rs->sr_err = LDAP_OTHER;
423 rs->sr_text = "DN index delete fail";
424 goto return_results;
425 }
426
427 /* copy the entry, then override some fields */
428 dummy = *e;
429 dummy.e_name = op->orr_newDN;
430 dummy.e_nname = op->orr_nnewDN;
431 dummy.e_attrs = NULL;
432
433 /* add new DN */
434 rs->sr_err = mdb_dn2id_add( op, mc, mc, np ? np->e_id : p->e_id,
435 nsubs, np != NULL, &dummy );
436 if ( rs->sr_err != 0 ) {
437 Debug(LDAP_DEBUG_TRACE,
438 "<=- " LDAP_XSTRING(mdb_modrdn)
439 ": dn2id add failed: %s (%d)\n",
440 mdb_strerror(rs->sr_err), rs->sr_err );
441 rs->sr_err = LDAP_OTHER;
442 rs->sr_text = "DN index add failed";
443 goto return_results;
444 }
445
446 dummy.e_attrs = e->e_attrs;
447
448 if ( op->orr_modlist != NULL ) {
449 /* modify entry */
450 rs->sr_err = mdb_modify_internal( op, txn, op->orr_modlist, &dummy,
451 &rs->sr_text, textbuf, textlen );
452 if( rs->sr_err != LDAP_SUCCESS ) {
453 Debug(LDAP_DEBUG_TRACE,
454 "<=- " LDAP_XSTRING(mdb_modrdn)
455 ": modify failed: %s (%d)\n",
456 mdb_strerror(rs->sr_err), rs->sr_err );
457 goto return_results;
458 }
459 }
460
461 /* id2entry index */
462 rs->sr_err = mdb_id2entry_update( op, txn, NULL, &dummy );
463 if ( rs->sr_err != 0 ) {
464 Debug(LDAP_DEBUG_TRACE,
465 "<=- " LDAP_XSTRING(mdb_modrdn)
466 ": id2entry failed: %s (%d)\n",
467 mdb_strerror(rs->sr_err), rs->sr_err );
468 if ( rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED ) {
469 rs->sr_text = "entry too big";
470 } else {
471 rs->sr_err = LDAP_OTHER;
472 rs->sr_text = "entry update failed";
473 }
474 goto return_results;
475 }
476
477 if ( p_ndn.bv_len != 0 ) {
478 if ((parent_is_glue = is_entry_glue(p))) {
479 rs->sr_err = mdb_dn2id_children( op, txn, p );
480 if ( rs->sr_err != MDB_NOTFOUND ) {
481 switch( rs->sr_err ) {
482 case 0:
483 break;
484 default:
485 Debug(LDAP_DEBUG_ARGS,
486 "<=- " LDAP_XSTRING(mdb_modrdn)
487 ": has_children failed: %s (%d)\n",
488 mdb_strerror(rs->sr_err), rs->sr_err );
489 rs->sr_err = LDAP_OTHER;
490 rs->sr_text = "internal error";
491 goto return_results;
492 }
493 } else {
494 parent_is_leaf = 1;
495 }
496 }
497 mdb_entry_return( op, p );
498 p = NULL;
499 }
500
501 if( op->o_postread ) {
502 if( postread_ctrl == NULL ) {
503 postread_ctrl = &ctrls[num_ctrls++];
504 ctrls[num_ctrls] = NULL;
505 }
506 if( slap_read_controls( op, rs, &dummy,
507 &slap_post_read_bv, postread_ctrl ) )
508 {
509 Debug( LDAP_DEBUG_TRACE,
510 "<=- " LDAP_XSTRING(mdb_modrdn)
511 ": post-read failed!\n" );
512 if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
513 /* FIXME: is it correct to abort
514 * operation if control fails? */
515 goto return_results;
516 }
517 }
518 }
519
520 if( moi == &opinfo ) {
521 LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
522 opinfo.moi_oe.oe_key = NULL;
523 if( op->o_noop ) {
524 mdb_txn_abort( txn );
525 rs->sr_err = LDAP_X_NO_OPERATION;
526 txn = NULL;
527 goto return_results;
528
529 } else {
530 if(( rs->sr_err=mdb_txn_commit( txn )) != 0 ) {
531 rs->sr_text = "txn_commit failed";
532 } else {
533 rs->sr_err = LDAP_SUCCESS;
534 }
535 txn = NULL;
536 }
537 }
538
539 if( rs->sr_err != LDAP_SUCCESS ) {
540 Debug( LDAP_DEBUG_ANY,
541 LDAP_XSTRING(mdb_modrdn) ": %s : %s (%d)\n",
542 rs->sr_text, mdb_strerror(rs->sr_err), rs->sr_err );
543 rs->sr_err = LDAP_OTHER;
544
545 goto return_results;
546 }
547
548 Debug(LDAP_DEBUG_TRACE,
549 LDAP_XSTRING(mdb_modrdn)
550 ": rdn modified%s id=%08lx dn=\"%s\"\n",
551 op->o_noop ? " (no-op)" : "",
552 dummy.e_id, op->o_req_dn.bv_val );
553 rs->sr_text = NULL;
554 if( num_ctrls ) rs->sr_ctrls = ctrls;
555
556 return_results:
557 if ( e != NULL && dummy.e_attrs != e->e_attrs ) {
558 attrs_free( dummy.e_attrs );
559 }
560 send_ldap_result( op, rs );
561
562 #if 0
563 if( rs->sr_err == LDAP_SUCCESS && mdb->bi_txn_cp_kbyte ) {
564 TXN_CHECKPOINT( mdb->bi_dbenv,
565 mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 );
566 }
567 #endif
568
569 if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
570 op->o_delete_glue_parent = 1;
571 }
572
573 done:
574 slap_graduate_commit_csn( op );
575
576 /* LDAP v3 Support */
577 if( np != NULL ) {
578 /* free new parent */
579 mdb_entry_return( op, np );
580 }
581
582 if( p != NULL ) {
583 /* free parent */
584 mdb_entry_return( op, p );
585 }
586
587 /* free entry */
588 if( e != NULL ) {
589 mdb_entry_return( op, e );
590 }
591
592 if( moi == &opinfo ) {
593 if( txn != NULL ) {
594 mdb_txn_abort( txn );
595 }
596 if ( opinfo.moi_oe.oe_key ) {
597 LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
598 }
599 } else {
600 moi->moi_ref--;
601 }
602
603 if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
604 slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
605 slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
606 }
607 if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
608 slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
609 slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
610 }
611 return rs->sr_err;
612 }
613