/*
* Obsolete constraint checking.
*/
int
slap_mods_obsolete_check(
Operation *op,
Modifications *ml,
const char **text,
char *textbuf,
size_t textlen )
{
if( get_relax( op ) ) return LDAP_SUCCESS;
for ( ; ml != NULL; ml = ml->sml_next ) {
if ( is_at_obsolete( ml->sml_desc->ad_type ) &&
(( ml->sml_op != LDAP_MOD_REPLACE &&
ml->sml_op != LDAP_MOD_DELETE ) ||
ml->sml_values != NULL ))
{
/*
* attribute is obsolete,
* only allow replace/delete with no values
*/
snprintf( textbuf, textlen,
"%s: attribute is obsolete",
ml->sml_type.bv_val );
*text = textbuf;
return LDAP_CONSTRAINT_VIOLATION;
}
}
return LDAP_SUCCESS;
}
/*
* No-user-modification constraint checking.
*/
int
slap_mods_no_user_mod_check(
Operation *op,
Modifications *ml,
const char **text,
char *textbuf,
size_t textlen )
{
for ( ; ml != NULL; ml = ml->sml_next ) {
if ( !is_at_no_user_mod( ml->sml_desc->ad_type ) ) {
continue;
}
if ( ml->sml_flags & SLAP_MOD_INTERNAL ) {
continue;
}
if ( get_relax( op ) ) {
if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_MANAGEABLE ) {
ml->sml_flags |= SLAP_MOD_MANAGING;
continue;
}
/* attribute not manageable */
snprintf( textbuf, textlen,
"%s: no-user-modification attribute not manageable",
ml->sml_type.bv_val );
} else {
/* user modification disallowed */
snprintf( textbuf, textlen,
"%s: no user modification allowed",
ml->sml_type.bv_val );
}
*text = textbuf;
return LDAP_CONSTRAINT_VIOLATION;
}
return LDAP_SUCCESS;
}
int
meta_back_modify( Operation *op, SlapReply *rs )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt;
metaconn_t *mc;
int rc = 0;
LDAPMod **modv = NULL;
LDAPMod *mods = NULL;
Modifications *ml;
int candidate = -1, i;
int isupdate;
struct berval mdn = BER_BVNULL;
struct berval mapped;
dncookie dc;
int msgid;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
LDAPControl **ctrls = NULL;
mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
assert( mc->mc_conns[ candidate ].msc_ld != NULL );
/*
* Rewrite the modify dn, if needed
*/
mt = mi->mi_targets[ candidate ];
dc.target = mt;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "modifyDN";
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
send_ldap_result( op, rs );
goto cleanup;
}
for ( i = 0, ml = op->orm_modlist; ml; i++ ,ml = ml->sml_next )
;
mods = ch_malloc( sizeof( LDAPMod )*i );
if ( mods == NULL ) {
rs->sr_err = LDAP_OTHER;
send_ldap_result( op, rs );
goto cleanup;
}
modv = ( LDAPMod ** )ch_malloc( ( i + 1 )*sizeof( LDAPMod * ) );
if ( modv == NULL ) {
rs->sr_err = LDAP_OTHER;
send_ldap_result( op, rs );
goto cleanup;
}
dc.ctx = "modifyAttrDN";
isupdate = be_shadow_update( op );
for ( i = 0, ml = op->orm_modlist; ml; ml = ml->sml_next ) {
int j, is_oc = 0;
if ( !isupdate && !get_relax( op ) && ml->sml_desc->ad_type->sat_no_user_mod )
{
continue;
}
if ( ml->sml_desc == slap_schema.si_ad_objectClass
|| ml->sml_desc == slap_schema.si_ad_structuralObjectClass )
{
is_oc = 1;
mapped = ml->sml_desc->ad_cname;
} else {
ldap_back_map( &mt->mt_rwmap.rwm_at,
&ml->sml_desc->ad_cname, &mapped,
BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
continue;
}
}
modv[ i ] = &mods[ i ];
mods[ i ].mod_op = ml->sml_op | LDAP_MOD_BVALUES;
mods[ i ].mod_type = mapped.bv_val;
/*
* FIXME: dn-valued attrs should be rewritten
* to allow their use in ACLs at the back-ldap
* level.
*/
if ( ml->sml_values != NULL ) {
if ( is_oc ) {
for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
;
mods[ i ].mod_bvalues =
(struct berval **)ch_malloc( ( j + 1 ) *
sizeof( struct berval * ) );
for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); ) {
struct ldapmapping *mapping;
ldap_back_mapping( &mt->mt_rwmap.rwm_oc,
&ml->sml_values[ j ], &mapping, BACKLDAP_MAP );
if ( mapping == NULL ) {
if ( mt->mt_rwmap.rwm_oc.drop_missing ) {
continue;
}
mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
} else {
mods[ i ].mod_bvalues[ j ] = &mapping->dst;
}
j++;
}
mods[ i ].mod_bvalues[ j ] = NULL;
} else {
if ( ml->sml_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName )
{
( void )ldap_dnattr_rewrite( &dc, ml->sml_values );
if ( ml->sml_values == NULL ) {
continue;
}
}
for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
;
mods[ i ].mod_bvalues =
(struct berval **)ch_malloc( ( j + 1 ) *
sizeof( struct berval * ) );
for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ ) {
mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
}
mods[ i ].mod_bvalues[ j ] = NULL;
}
} else {
mods[ i ].mod_bvalues = NULL;
}
i++;
}
modv[ i ] = 0;
retry:;
ctrls = op->o_ctrls;
rc = meta_back_controls_add( op, rs, mc, candidate, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = ldap_modify_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
modv, ctrls, NULL, &msgid );
rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
mt->mt_timeout[ SLAP_OP_MODIFY ], ( LDAP_BACK_SENDRESULT | retrying ) );
if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
BER_BVZERO( &mdn );
}
if ( modv != NULL ) {
for ( i = 0; modv[ i ]; i++ ) {
free( modv[ i ]->mod_bvalues );
}
}
free( mods );
free( modv );
if ( mc ) {
meta_back_release_conn( mi, mc );
}
return rs->sr_err;
}
int
bdb_add(Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
struct berval pdn;
Entry *p = NULL, *oe = op->ora_e;
EntryInfo *ei;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
DB_TXN *ltid = NULL, *lt2;
ID eid = NOID;
struct bdb_op_info opinfo = {{{ 0 }}};
int subentry;
DB_LOCK lock;
int num_retries = 0;
int success;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_add) ": %s\n",
op->ora_e->e_name.bv_val, 0, 0);
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = 0;
/* check entry's schema */
rs->sr_err = entry_schema_check( op, op->ora_e, NULL,
get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": entry failed schema check: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
/* add opattrs to shadow as well, only missing attrs will actually
* be added; helps compatibility with older OL versions */
rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": entry failed op attrs add: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
if ( get_assert( op ) &&
( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
subentry = is_entry_subentry( op->ora_e );
if( 0 ) {
retry: /* transaction retry */
if( p ) {
/* free parent and reader lock */
if ( p != (Entry *)&slap_entry_root ) {
bdb_unlocked_cache_return_entry_r( bdb, p );
}
p = NULL;
}
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
bdb_trans_backoff( ++num_retries );
}
/* begin transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": txn_begin failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": txn1 id: %x\n",
ltid->id(ltid), 0, 0 );
opinfo.boi_oe.oe_key = bdb;
opinfo.boi_txn = ltid;
opinfo.boi_err = 0;
opinfo.boi_acl_cache = op->o_do_not_cache;
LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
/*
* Get the parent dn and see if the corresponding entry exists.
*/
if ( be_issuffix( op->o_bd, &op->ora_e->e_nname ) ) {
pdn = slap_empty_bv;
} else {
dnParent( &op->ora_e->e_nname, &pdn );
}
/* get entry or parent */
rs->sr_err = bdb_dn2entry( op, ltid, &op->ora_e->e_nname, &ei,
1, &lock );
switch( rs->sr_err ) {
case 0:
rs->sr_err = LDAP_ALREADY_EXISTS;
goto return_results;
case DB_NOTFOUND:
break;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
p = ei->bei_e;
if ( !p )
p = (Entry *)&slap_entry_root;
if ( !bvmatch( &pdn, &p->e_nname ) ) {
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = is_entry_referral( p )
? get_entry_referrals( op, p )
: NULL;
if ( p != (Entry *)&slap_entry_root )
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent "
"does not exist\n", 0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
if ( p != (Entry *)&slap_entry_root )
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;;
}
if ( p != (Entry *)&slap_entry_root ) {
if ( is_entry_subentry( p ) ) {
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
/* parent is a subentry, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is subentry\n",
0, 0, 0 );
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
rs->sr_text = "parent is a subentry";
goto return_results;;
}
if ( is_entry_alias( p ) ) {
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is alias\n",
0, 0, 0 );
rs->sr_err = LDAP_ALIAS_PROBLEM;
rs->sr_text = "parent is an alias";
goto return_results;;
}
if ( is_entry_referral( p ) ) {
/* parent is a referral, don't allow add */
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = get_entry_referrals( op, p );
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
}
if ( subentry ) {
/* FIXME: */
/* parent must be an administrative point of the required kind */
}
/* free parent and reader lock */
if ( p != (Entry *)&slap_entry_root ) {
if ( p->e_nname.bv_len ) {
struct berval ppdn;
/* ITS#5326: use parent's DN if differs from provided one */
dnParent( &op->ora_e->e_name, &ppdn );
if ( !dn_match( &p->e_name, &ppdn ) ) {
struct berval rdn;
struct berval newdn;
dnRdn( &op->ora_e->e_name, &rdn );
build_new_dn( &newdn, &p->e_name, &rdn, NULL );
if ( op->ora_e->e_name.bv_val != op->o_req_dn.bv_val )
ber_memfree( op->ora_e->e_name.bv_val );
op->ora_e->e_name = newdn;
/* FIXME: should check whether
* dnNormalize(newdn) == e->e_nname ... */
}
}
bdb_unlocked_cache_return_entry_r( bdb, p );
}
p = NULL;
rs->sr_err = access_allowed( op, op->ora_e,
entry, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access to entry\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;;
}
/*
* Check ACL for attribute write access
*/
if (!acl_check_modlist(op, oe, op->ora_modlist)) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access to attribute\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to attribute";
goto return_results;;
}
if ( eid == NOID ) {
rs->sr_err = bdb_next_id( op->o_bd, &eid );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": next_id failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
op->ora_e->e_id = eid;
}
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": txn_begin(2) failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": txn2 id: %x\n",
lt2->id(lt2), 0, 0 );
/* dn2id index */
rs->sr_err = bdb_dn2id_add( op, lt2, ei, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": dn2id_add failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case DB_KEYEXIST:
rs->sr_err = LDAP_ALREADY_EXISTS;
break;
default:
rs->sr_err = LDAP_OTHER;
}
goto return_results;
}
/* attribute indexes */
rs->sr_err = bdb_index_entry_add( op, lt2, op->ora_e );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": index_entry_add failed\n",
0, 0, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
default:
rs->sr_err = LDAP_OTHER;
}
rs->sr_text = "index generation failed";
goto return_results;
}
/* id2entry index */
rs->sr_err = bdb_id2entry_add( op->o_bd, lt2, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": id2entry_add failed\n",
0, 0, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
default:
rs->sr_err = LDAP_OTHER;
}
rs->sr_text = "entry store failed";
goto return_results;
}
if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "txn_commit(2) failed";
goto return_results;
}
/* post-read */
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if ( slap_read_controls( op, rs, op->ora_e,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_add) ": post-read "
"failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if ( op->o_noop ) {
if (( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
goto return_results;
}
} else {
struct berval nrdn;
/* pick the RDN if not suffix; otherwise pick the entire DN */
if (pdn.bv_len) {
nrdn.bv_val = op->ora_e->e_nname.bv_val;
nrdn.bv_len = pdn.bv_val - op->ora_e->e_nname.bv_val - 1;
} else {
nrdn = op->ora_e->e_nname;
}
bdb_cache_add( bdb, ei, op->ora_e, &nrdn, ltid, &lock );
if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
rs->sr_err = LDAP_SUCCESS;
}
}
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": %s : %s (%d)\n",
rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": added%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
op->ora_e->e_id, op->ora_e->e_dn );
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
success = rs->sr_err;
send_ldap_result( op, rs );
if( ltid != NULL ) {
TXN_ABORT( ltid );
}
if ( opinfo.boi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
}
if( success == LDAP_SUCCESS ) {
/* We own the entry now, and it can be purged at will
* Check to make sure it's the same entry we entered with.
* Possibly a callback may have mucked with it, although
* in general callbacks should treat the entry as read-only.
*/
bdb_cache_deref( oe->e_private );
if ( op->ora_e == oe )
op->ora_e = NULL;
if ( bdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
}
slap_graduate_commit_csn( op );
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
return rs->sr_err;
}
int
ldap_back_modify(
Operation *op,
SlapReply *rs )
{
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
ldapconn_t *lc = NULL;
LDAPMod **modv = NULL,
*mods = NULL;
Modifications *ml;
int i, j, rc;
ber_int_t msgid;
int isupdate;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
LDAPControl **ctrls = NULL;
if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
for ( i = 0, ml = op->orm_modlist; ml; i++, ml = ml->sml_next )
/* just count mods */ ;
modv = (LDAPMod **)ch_malloc( ( i + 1 )*sizeof( LDAPMod * )
+ i*sizeof( LDAPMod ) );
if ( modv == NULL ) {
rc = LDAP_NO_MEMORY;
goto cleanup;
}
mods = (LDAPMod *)&modv[ i + 1 ];
isupdate = be_shadow_update( op );
for ( i = 0, ml = op->orm_modlist; ml; ml = ml->sml_next ) {
if ( !isupdate && !get_relax( op ) && ml->sml_desc->ad_type->sat_no_user_mod )
{
continue;
}
modv[ i ] = &mods[ i ];
mods[ i ].mod_op = ( ml->sml_op | LDAP_MOD_BVALUES );
mods[ i ].mod_type = ml->sml_desc->ad_cname.bv_val;
if ( ml->sml_values != NULL ) {
if ( ml->sml_values == NULL ) {
continue;
}
for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
/* just count mods */ ;
mods[ i ].mod_bvalues =
(struct berval **)ch_malloc( ( j + 1 )*sizeof( struct berval * ) );
for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
{
mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
}
mods[ i ].mod_bvalues[ j ] = NULL;
} else {
mods[ i ].mod_bvalues = NULL;
}
i++;
}
modv[ i ] = 0;
retry:;
ctrls = op->o_ctrls;
rc = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rc = -1;
goto cleanup;
}
rs->sr_err = ldap_modify_ext( lc->lc_ld, op->o_req_dn.bv_val, modv,
ctrls, NULL, &msgid );
rc = ldap_back_op_result( lc, op, rs, msgid,
li->li_timeout[ SLAP_OP_MODIFY ],
( LDAP_BACK_SENDRESULT | retrying ) );
if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)ldap_back_controls_free( op, rs, &ctrls );
for ( i = 0; modv[ i ]; i++ ) {
ch_free( modv[ i ]->mod_bvalues );
}
ch_free( modv );
if ( lc != NULL ) {
ldap_back_release_conn( li, lc );
}
return rc;
}
int ndb_modify_internal(
Operation *op,
NdbArgs *NA,
const char **text,
char *textbuf,
size_t textlen )
{
struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
Modification *mod;
Modifications *ml;
Modifications *modlist = op->orm_modlist;
NdbAttrInfo **modai, *atmp;
const NdbDictionary::Dictionary *myDict;
const NdbDictionary::Table *myTable;
int got_oc = 0, nmods = 0, nai = 0, i, j;
int rc, indexed = 0;
Attribute *old = NULL;
Debug( LDAP_DEBUG_TRACE, "ndb_modify_internal: 0x%08lx: %s\n",
NA->e->e_id, NA->e->e_dn, 0);
if ( !acl_check_modlist( op, NA->e, modlist )) {
return LDAP_INSUFFICIENT_ACCESS;
}
old = attrs_dup( NA->e->e_attrs );
for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
mod = &ml->sml_mod;
nmods++;
switch ( mod->sm_op ) {
case LDAP_MOD_ADD:
Debug(LDAP_DEBUG_ARGS,
"ndb_modify_internal: add %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
rc = modify_add_values( NA->e, mod, get_permissiveModify(op),
text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
rc, *text, 0);
}
break;
case LDAP_MOD_DELETE:
Debug(LDAP_DEBUG_ARGS,
"ndb_modify_internal: delete %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
rc = ndb_modify_delete( NA->e, mod, get_permissiveModify(op),
text, textbuf, textlen, NULL );
assert( rc != LDAP_TYPE_OR_VALUE_EXISTS );
if( rc != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
rc, *text, 0);
}
break;
case LDAP_MOD_REPLACE:
Debug(LDAP_DEBUG_ARGS,
"ndb_modify_internal: replace %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
rc = modify_replace_values( NA->e, mod, get_permissiveModify(op),
text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
rc, *text, 0);
}
break;
case LDAP_MOD_INCREMENT:
Debug(LDAP_DEBUG_ARGS,
"ndb_modify_internal: increment %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
rc = modify_increment_values( NA->e, mod, get_permissiveModify(op),
text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS,
"ndb_modify_internal: %d %s\n",
rc, *text, 0);
}
break;
case SLAP_MOD_SOFTADD:
Debug(LDAP_DEBUG_ARGS,
"ndb_modify_internal: softadd %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
mod->sm_op = LDAP_MOD_ADD;
rc = modify_add_values( NA->e, mod, get_permissiveModify(op),
text, textbuf, textlen );
mod->sm_op = SLAP_MOD_SOFTADD;
if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
rc = LDAP_SUCCESS;
}
if( rc != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
rc, *text, 0);
}
break;
case SLAP_MOD_SOFTDEL:
Debug(LDAP_DEBUG_ARGS,
"ndb_modify_internal: softdel %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
mod->sm_op = LDAP_MOD_DELETE;
rc = modify_delete_values( NA->e, mod, get_permissiveModify(op),
text, textbuf, textlen );
mod->sm_op = SLAP_MOD_SOFTDEL;
if ( rc == LDAP_NO_SUCH_ATTRIBUTE) {
rc = LDAP_SUCCESS;
}
if( rc != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
rc, *text, 0);
}
break;
case SLAP_MOD_ADD_IF_NOT_PRESENT:
Debug(LDAP_DEBUG_ARGS,
"ndb_modify_internal: add_if_not_present %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
if ( attr_find( NA->e->e_attrs, mod->sm_desc ) ) {
rc = LDAP_SUCCESS;
break;
}
mod->sm_op = LDAP_MOD_ADD;
rc = modify_add_values( NA->e, mod, get_permissiveModify(op),
text, textbuf, textlen );
mod->sm_op = SLAP_MOD_ADD_IF_NOT_PRESENT;
if( rc != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
rc, *text, 0);
}
break;
default:
Debug(LDAP_DEBUG_ANY, "ndb_modify_internal: invalid op %d\n",
mod->sm_op, 0, 0);
*text = "Invalid modify operation";
rc = LDAP_OTHER;
Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
rc, *text, 0);
}
if ( rc != LDAP_SUCCESS ) {
attrs_free( old );
return rc;
}
/* If objectClass was modified, reset the flags */
if ( mod->sm_desc == slap_schema.si_ad_objectClass ) {
NA->e->e_ocflags = 0;
got_oc = 1;
}
}
/* check that the entry still obeys the schema */
rc = entry_schema_check( op, NA->e, NULL, get_relax(op), 0, NULL,
text, textbuf, textlen );
if ( rc != LDAP_SUCCESS || op->o_noop ) {
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"entry failed schema check: %s\n",
*text, 0, 0 );
}
attrs_free( old );
return rc;
}
if ( got_oc ) {
rc = ndb_entry_put_info( op->o_bd, NA, 1 );
if ( rc ) {
attrs_free( old );
return rc;
}
}
/* apply modifications to DB */
modai = (NdbAttrInfo **)op->o_tmpalloc( nmods * sizeof(NdbAttrInfo*), op->o_tmpmemctx );
/* Get the unique list of modified attributes */
ldap_pvt_thread_rdwr_rlock( &ni->ni_ai_rwlock );
for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
/* Already took care of objectclass */
if ( ml->sml_desc == slap_schema.si_ad_objectClass )
continue;
for ( i=0; i<nai; i++ ) {
if ( ml->sml_desc->ad_type == modai[i]->na_attr )
break;
}
/* This attr was already updated */
if ( i < nai )
continue;
modai[nai] = ndb_ai_find( ni, ml->sml_desc->ad_type );
if ( modai[nai]->na_flag & NDB_INFO_INDEX )
indexed++;
nai++;
}
ldap_pvt_thread_rdwr_runlock( &ni->ni_ai_rwlock );
/* If got_oc, this was already done above */
if ( indexed && !got_oc) {
rc = ndb_entry_put_info( op->o_bd, NA, 1 );
if ( rc ) {
attrs_free( old );
return rc;
}
}
myDict = NA->ndb->getDictionary();
/* sort modai so that OcInfo's are contiguous */
{
int j, k;
for ( i=0; i<nai; i++ ) {
for ( j=i+1; j<nai; j++ ) {
if ( modai[i]->na_oi == modai[j]->na_oi )
continue;
for ( k=j+1; k<nai; k++ ) {
if ( modai[i]->na_oi == modai[k]->na_oi ) {
atmp = modai[j];
modai[j] = modai[k];
modai[k] = atmp;
break;
}
}
/* there are no more na_oi's that match modai[i] */
if ( k == nai ) {
i = j;
}
}
}
}
/* One call per table... */
for ( i=0; i<nai; i += j ) {
atmp = modai[i];
for ( j=i+1; j<nai; j++ )
if ( atmp->na_oi != modai[j]->na_oi )
break;
j -= i;
myTable = myDict->getTable( atmp->na_oi->no_table.bv_val );
if ( !myTable )
continue;
rc = ndb_oc_attrs( NA->txn, myTable, NA->e, atmp->na_oi, &modai[i], j, old );
if ( rc ) break;
}
attrs_free( old );
return rc;
}
static int
pblock_get( Slapi_PBlock *pb, int param, void **value )
{
int rc = PBLOCK_SUCCESS;
pblock_lock( pb );
switch ( param ) {
case SLAPI_OPERATION:
*value = pb->pb_op;
break;
case SLAPI_OPINITIATED_TIME:
PBLOCK_ASSERT_OP( pb, 0 );
*((long *)value) = pb->pb_op->o_time;
break;
case SLAPI_OPERATION_ID:
PBLOCK_ASSERT_OP( pb, 0 );
*((long *)value) = pb->pb_op->o_opid;
break;
case SLAPI_OPERATION_TYPE:
PBLOCK_ASSERT_OP( pb, 0 );
*((ber_tag_t *)value) = pb->pb_op->o_tag;
break;
case SLAPI_OPERATION_MSGID:
PBLOCK_ASSERT_OP( pb, 0 );
*((long *)value) = pb->pb_op->o_msgid;
break;
case SLAPI_X_OPERATION_DELETE_GLUE_PARENT:
PBLOCK_ASSERT_OP( pb, 0 );
*((int *)value) = pb->pb_op->o_delete_glue_parent;
break;
case SLAPI_X_OPERATION_NO_SCHEMA_CHECK:
PBLOCK_ASSERT_OP( pb, 0 );
*((int *)value) = get_no_schema_check( pb->pb_op );
break;
case SLAPI_X_ADD_STRUCTURAL_CLASS:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_ADD ) {
struct berval tmpval = BER_BVNULL;
rc = mods_structural_class( pb->pb_op->ora_modlist,
&tmpval, &pb->pb_rs->sr_text,
pb->pb_textbuf, sizeof( pb->pb_textbuf ),
pb->pb_op->o_tmpmemctx );
*((char **)value) = tmpval.bv_val;
} else {
rc = PBLOCK_ERROR;
}
break;
case SLAPI_X_OPERATION_NO_SUBORDINATE_GLUE:
PBLOCK_ASSERT_OP( pb, 0 );
*((int *)value) = pb->pb_op->o_no_subordinate_glue;
break;
case SLAPI_REQCONTROLS:
PBLOCK_ASSERT_OP( pb, 0 );
*((LDAPControl ***)value) = pb->pb_op->o_ctrls;
break;
case SLAPI_REQUESTOR_DN:
PBLOCK_ASSERT_OP( pb, 0 );
*((char **)value) = pb->pb_op->o_dn.bv_val;
break;
case SLAPI_MANAGEDSAIT:
PBLOCK_ASSERT_OP( pb, 0 );
*((int *)value) = get_manageDSAit( pb->pb_op );
break;
case SLAPI_X_RELAX:
PBLOCK_ASSERT_OP( pb, 0 );
*((int *)value) = get_relax( pb->pb_op );
break;
case SLAPI_BACKEND:
PBLOCK_ASSERT_OP( pb, 0 );
*((BackendDB **)value) = select_backend( &pb->pb_op->o_req_ndn, 0 );
break;
case SLAPI_BE_TYPE:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_bd != NULL )
*((char **)value) = pb->pb_op->o_bd->bd_info->bi_type;
else
*value = NULL;
break;
case SLAPI_CONNECTION:
*value = pb->pb_conn;
break;
case SLAPI_X_CONN_SSF:
PBLOCK_ASSERT_OP( pb, 0 );
*((slap_ssf_t *)value) = pb->pb_conn->c_ssf;
break;
case SLAPI_X_CONN_SASL_CONTEXT:
PBLOCK_ASSERT_CONN( pb );
if ( pb->pb_conn->c_sasl_authctx != NULL )
*value = pb->pb_conn->c_sasl_authctx;
else
*value = pb->pb_conn->c_sasl_sockctx;
break;
case SLAPI_TARGET_DN:
PBLOCK_ASSERT_OP( pb, 0 );
*((char **)value) = pb->pb_op->o_req_dn.bv_val;
break;
case SLAPI_REQUESTOR_ISROOT:
*((int *)value) = pblock_be_call( pb, be_isroot );
break;
case SLAPI_IS_REPLICATED_OPERATION:
*((int *)value) = pblock_be_call( pb, be_slurp_update );
break;
case SLAPI_CONN_AUTHTYPE:
case SLAPI_CONN_AUTHMETHOD: /* XXX should return SASL mech */
PBLOCK_ASSERT_CONN( pb );
*((char **)value) = pblock_get_authtype( &pb->pb_conn->c_authz,
#ifdef HAVE_TLS
pb->pb_conn->c_is_tls
#else
0
#endif
);
break;
case SLAPI_IS_INTERNAL_OPERATION:
*((int *)value) = pb->pb_intop;
break;
case SLAPI_X_CONN_IS_UDP:
PBLOCK_ASSERT_CONN( pb );
#ifdef LDAP_CONNECTIONLESS
*((int *)value) = pb->pb_conn->c_is_udp;
#else
*((int *)value) = 0;
#endif
break;
case SLAPI_CONN_ID:
PBLOCK_ASSERT_CONN( pb );
*((long *)value) = pb->pb_conn->c_connid;
break;
case SLAPI_CONN_DN:
PBLOCK_ASSERT_CONN( pb );
#if 0
/* This would be necessary to keep plugin compat after the fix in ITS#4158 */
if ( pb->pb_op->o_tag == LDAP_REQ_BIND && pb->pb_rs->sr_err == LDAP_SUCCESS )
*((char **)value) = pb->pb_op->orb_edn.bv_val;
else
#endif
*((char **)value) = pb->pb_conn->c_dn.bv_val;
break;
case SLAPI_CONN_CLIENTIP:
PBLOCK_ASSERT_CONN( pb );
if ( strncmp( pb->pb_conn->c_peer_name.bv_val, "IP=", 3 ) == 0 )
*((char **)value) = &pb->pb_conn->c_peer_name.bv_val[3];
else
*value = NULL;
break;
case SLAPI_X_CONN_CLIENTPATH:
PBLOCK_ASSERT_CONN( pb );
if ( strncmp( pb->pb_conn->c_peer_name.bv_val, "PATH=", 3 ) == 0 )
*((char **)value) = &pb->pb_conn->c_peer_name.bv_val[5];
else
*value = NULL;
break;
case SLAPI_CONN_SERVERIP:
PBLOCK_ASSERT_CONN( pb );
if ( strncmp( pb->pb_conn->c_sock_name.bv_val, "IP=", 3 ) == 0 )
*((char **)value) = &pb->pb_conn->c_sock_name.bv_val[3];
else
*value = NULL;
break;
case SLAPI_X_CONN_SERVERPATH:
PBLOCK_ASSERT_CONN( pb );
if ( strncmp( pb->pb_conn->c_sock_name.bv_val, "PATH=", 3 ) == 0 )
*((char **)value) = &pb->pb_conn->c_sock_name.bv_val[5];
else
*value = NULL;
break;
case SLAPI_RESULT_CODE:
case SLAPI_PLUGIN_INTOP_RESULT:
PBLOCK_ASSERT_OP( pb, 0 );
*((int *)value) = pb->pb_rs->sr_err;
break;
case SLAPI_RESULT_TEXT:
PBLOCK_ASSERT_OP( pb, 0 );
*((const char **)value) = pb->pb_rs->sr_text;
break;
case SLAPI_RESULT_MATCHED:
PBLOCK_ASSERT_OP( pb, 0 );
*((const char **)value) = pb->pb_rs->sr_matched;
break;
case SLAPI_ADD_ENTRY:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_ADD )
*((Slapi_Entry **)value) = pb->pb_op->ora_e;
else
*value = NULL;
break;
case SLAPI_MODIFY_MODS: {
LDAPMod **mods = NULL;
Modifications *ml = NULL;
pblock_get_default( pb, param, (void **)&mods );
if ( mods == NULL && pb->pb_intop == 0 ) {
switch ( pb->pb_op->o_tag ) {
case LDAP_REQ_MODIFY:
ml = pb->pb_op->orm_modlist;
break;
case LDAP_REQ_MODRDN:
ml = pb->pb_op->orr_modlist;
break;
default:
rc = PBLOCK_ERROR;
break;
}
if ( rc != PBLOCK_ERROR ) {
mods = slapi_int_modifications2ldapmods( ml );
pblock_set_default( pb, param, (void *)mods );
}
}
*((LDAPMod ***)value) = mods;
break;
}
case SLAPI_MODRDN_NEWRDN:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN )
*((char **)value) = pb->pb_op->orr_newrdn.bv_val;
else
*value = NULL;
break;
case SLAPI_MODRDN_NEWSUPERIOR:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN && pb->pb_op->orr_newSup != NULL )
*((char **)value) = pb->pb_op->orr_newSup->bv_val;
else
*value = NULL;
break;
case SLAPI_MODRDN_DELOLDRDN:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN )
*((int *)value) = pb->pb_op->orr_deleteoldrdn;
else
*((int *)value) = 0;
break;
case SLAPI_SEARCH_SCOPE:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
*((int *)value) = pb->pb_op->ors_scope;
else
*((int *)value) = 0;
break;
case SLAPI_SEARCH_DEREF:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
*((int *)value) = pb->pb_op->ors_deref;
else
*((int *)value) = 0;
break;
case SLAPI_SEARCH_SIZELIMIT:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
*((int *)value) = pb->pb_op->ors_slimit;
else
*((int *)value) = 0;
break;
case SLAPI_SEARCH_TIMELIMIT:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
*((int *)value) = pb->pb_op->ors_tlimit;
else
*((int *)value) = 0;
break;
case SLAPI_SEARCH_FILTER:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
*((Slapi_Filter **)value) = pb->pb_op->ors_filter;
else
*((Slapi_Filter **)value) = NULL;
break;
case SLAPI_SEARCH_STRFILTER:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
*((char **)value) = pb->pb_op->ors_filterstr.bv_val;
else
*((char **)value) = NULL;
break;
case SLAPI_SEARCH_ATTRS: {
char **attrs = NULL;
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag != LDAP_REQ_SEARCH ) {
rc = PBLOCK_ERROR;
break;
}
pblock_get_default( pb, param, (void **)&attrs );
if ( attrs == NULL && pb->pb_intop == 0 ) {
attrs = anlist2charray_x( pb->pb_op->ors_attrs, 0, pb->pb_op->o_tmpmemctx );
pblock_set_default( pb, param, (void *)attrs );
}
*((char ***)value) = attrs;
break;
}
case SLAPI_SEARCH_ATTRSONLY:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
*((int *)value) = pb->pb_op->ors_attrsonly;
else
*((int *)value) = 0;
break;
case SLAPI_SEARCH_RESULT_ENTRY:
PBLOCK_ASSERT_OP( pb, 0 );
*((Slapi_Entry **)value) = pb->pb_rs->sr_entry;
break;
case SLAPI_BIND_RET_SASLCREDS:
PBLOCK_ASSERT_OP( pb, 0 );
*((struct berval **)value) = pb->pb_rs->sr_sasldata;
break;
case SLAPI_EXT_OP_REQ_OID:
*((const char **)value) = pb->pb_op->ore_reqoid.bv_val;
break;
case SLAPI_EXT_OP_REQ_VALUE:
*((struct berval **)value) = pb->pb_op->ore_reqdata;
break;
case SLAPI_EXT_OP_RET_OID:
PBLOCK_ASSERT_OP( pb, 0 );
*((const char **)value) = pb->pb_rs->sr_rspoid;
break;
case SLAPI_EXT_OP_RET_VALUE:
PBLOCK_ASSERT_OP( pb, 0 );
*((struct berval **)value) = pb->pb_rs->sr_rspdata;
break;
case SLAPI_BIND_METHOD:
if ( pb->pb_op->o_tag == LDAP_REQ_BIND )
*((int *)value) = pb->pb_op->orb_method;
else
*((int *)value) = 0;
break;
case SLAPI_BIND_CREDENTIALS:
if ( pb->pb_op->o_tag == LDAP_REQ_BIND )
*((struct berval **)value) = &pb->pb_op->orb_cred;
else
*value = NULL;
break;
case SLAPI_COMPARE_TYPE:
if ( pb->pb_op->o_tag == LDAP_REQ_COMPARE )
*((char **)value) = pb->pb_op->orc_ava->aa_desc->ad_cname.bv_val;
else
*value = NULL;
break;
case SLAPI_COMPARE_VALUE:
if ( pb->pb_op->o_tag == LDAP_REQ_COMPARE )
*((struct berval **)value) = &pb->pb_op->orc_ava->aa_value;
else
*value = NULL;
break;
case SLAPI_ABANDON_MSGID:
if ( pb->pb_op->o_tag == LDAP_REQ_ABANDON )
*((int *)value) = pb->pb_op->orn_msgid;
else
*((int *)value) = 0;
break;
default:
rc = pblock_get_default( pb, param, value );
break;
}
pblock_unlock( pb );
return rc;
}
int
meta_back_add( Operation *op, SlapReply *rs )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt;
metaconn_t *mc;
int i, candidate = -1;
int isupdate;
Attribute *a;
LDAPMod **attrs;
struct berval mdn = BER_BVNULL, mapped;
dncookie dc;
int msgid;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
LDAPControl **ctrls = NULL;
Debug(LDAP_DEBUG_ARGS, "==> meta_back_add: %s\n",
op->o_req_dn.bv_val );
/*
* get the current connection
*/
mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
assert( mc->mc_conns[ candidate ].msc_ld != NULL );
/*
* Rewrite the add dn, if needed
*/
mt = mi->mi_targets[ candidate ];
dc.target = mt;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "addDN";
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
send_ldap_result( op, rs );
goto done;
}
/* Count number of attributes in entry ( +1 ) */
for ( i = 1, a = op->ora_e->e_attrs; a; i++, a = a->a_next );
/* Create array of LDAPMods for ldap_add() */
attrs = ch_malloc( sizeof( LDAPMod * )*i );
dc.ctx = "addAttrDN";
isupdate = be_shadow_update( op );
for ( i = 0, a = op->ora_e->e_attrs; a; a = a->a_next ) {
int j, is_oc = 0;
if ( !isupdate && !get_relax( op ) && a->a_desc->ad_type->sat_no_user_mod )
{
continue;
}
if ( a->a_desc == slap_schema.si_ad_objectClass
|| a->a_desc == slap_schema.si_ad_structuralObjectClass )
{
is_oc = 1;
mapped = a->a_desc->ad_cname;
} else {
ldap_back_map( &mt->mt_rwmap.rwm_at,
&a->a_desc->ad_cname, &mapped, BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
continue;
}
}
attrs[ i ] = ch_malloc( sizeof( LDAPMod ) );
if ( attrs[ i ] == NULL ) {
continue;
}
attrs[ i ]->mod_op = LDAP_MOD_BVALUES;
attrs[ i ]->mod_type = mapped.bv_val;
if ( is_oc ) {
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ )
;
attrs[ i ]->mod_bvalues =
(struct berval **)ch_malloc( ( j + 1 ) *
sizeof( struct berval * ) );
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); ) {
struct ldapmapping *mapping;
ldap_back_mapping( &mt->mt_rwmap.rwm_oc,
&a->a_vals[ j ], &mapping, BACKLDAP_MAP );
if ( mapping == NULL ) {
if ( mt->mt_rwmap.rwm_oc.drop_missing ) {
continue;
}
attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];
} else {
attrs[ i ]->mod_bvalues[ j ] = &mapping->dst;
}
j++;
}
attrs[ i ]->mod_bvalues[ j ] = NULL;
} else {
/*
* FIXME: dn-valued attrs should be rewritten
* to allow their use in ACLs at the back-ldap
* level.
*/
if ( a->a_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName )
{
(void)ldap_dnattr_rewrite( &dc, a->a_vals );
if ( a->a_vals == NULL ) {
continue;
}
}
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ )
;
attrs[ i ]->mod_bvalues = ch_malloc( ( j + 1 ) * sizeof( struct berval * ) );
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];
}
attrs[ i ]->mod_bvalues[ j ] = NULL;
}
i++;
}
attrs[ i ] = NULL;
retry:;
ctrls = op->o_ctrls;
if ( meta_back_controls_add( op, rs, mc, candidate, &ctrls ) != LDAP_SUCCESS )
{
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = ldap_add_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
attrs, ctrls, NULL, &msgid );
rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
mt->mt_timeout[ SLAP_OP_ADD ], ( LDAP_BACK_SENDRESULT | retrying ) );
if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
for ( --i; i >= 0; --i ) {
free( attrs[ i ]->mod_bvalues );
free( attrs[ i ] );
}
free( attrs );
if ( mdn.bv_val != op->ora_e->e_dn ) {
free( mdn.bv_val );
BER_BVZERO( &mdn );
}
done:;
if ( mc ) {
meta_back_release_conn( mi, mc );
}
return rs->sr_err;
}
int mdb_modify_internal(
Operation *op,
MDB_txn *tid,
Modifications *modlist,
Entry *e,
const char **text,
char *textbuf,
size_t textlen )
{
int rc, err;
Modification *mod;
Modifications *ml;
Attribute *save_attrs;
Attribute *ap;
int glue_attr_delete = 0;
int got_delete;
Debug( LDAP_DEBUG_TRACE, "mdb_modify_internal: 0x%08lx: %s\n",
e->e_id, e->e_dn, 0);
if ( !acl_check_modlist( op, e, modlist )) {
return LDAP_INSUFFICIENT_ACCESS;
}
/* save_attrs will be disposed of by caller */
save_attrs = e->e_attrs;
e->e_attrs = attrs_dup( e->e_attrs );
for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
int match;
mod = &ml->sml_mod;
switch( mod->sm_op ) {
case LDAP_MOD_ADD:
case LDAP_MOD_REPLACE:
if ( mod->sm_desc == slap_schema.si_ad_structuralObjectClass ) {
value_match( &match, slap_schema.si_ad_structuralObjectClass,
slap_schema.si_ad_structuralObjectClass->
ad_type->sat_equality,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
&mod->sm_values[0], &scbva[0], text );
if ( !match ) glue_attr_delete = 1;
}
}
if ( glue_attr_delete )
break;
}
if ( glue_attr_delete ) {
Attribute **app = &e->e_attrs;
while ( *app != NULL ) {
if ( !is_at_operational( (*app)->a_desc->ad_type )) {
Attribute *save = *app;
*app = (*app)->a_next;
attr_free( save );
continue;
}
app = &(*app)->a_next;
}
}
for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
mod = &ml->sml_mod;
got_delete = 0;
switch ( mod->sm_op ) {
case LDAP_MOD_ADD:
Debug(LDAP_DEBUG_ARGS,
"mdb_modify_internal: add %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
err = modify_add_values( e, mod, get_permissiveModify(op),
text, textbuf, textlen );
if( err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
err, *text, 0);
}
break;
case LDAP_MOD_DELETE:
if ( glue_attr_delete ) {
err = LDAP_SUCCESS;
break;
}
Debug(LDAP_DEBUG_ARGS,
"mdb_modify_internal: delete %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
err = modify_delete_values( e, mod, get_permissiveModify(op),
text, textbuf, textlen );
if( err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
err, *text, 0);
} else {
got_delete = 1;
}
break;
case LDAP_MOD_REPLACE:
Debug(LDAP_DEBUG_ARGS,
"mdb_modify_internal: replace %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
err = modify_replace_values( e, mod, get_permissiveModify(op),
text, textbuf, textlen );
if( err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
err, *text, 0);
} else {
got_delete = 1;
}
break;
case LDAP_MOD_INCREMENT:
Debug(LDAP_DEBUG_ARGS,
"mdb_modify_internal: increment %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
err = modify_increment_values( e, mod, get_permissiveModify(op),
text, textbuf, textlen );
if( err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS,
"mdb_modify_internal: %d %s\n",
err, *text, 0);
} else {
got_delete = 1;
}
break;
case SLAP_MOD_SOFTADD:
Debug(LDAP_DEBUG_ARGS,
"mdb_modify_internal: softadd %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
/* Avoid problems in index_add_mods()
* We need to add index if necessary.
*/
mod->sm_op = LDAP_MOD_ADD;
err = modify_add_values( e, mod, get_permissiveModify(op),
text, textbuf, textlen );
mod->sm_op = SLAP_MOD_SOFTADD;
if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) {
err = LDAP_SUCCESS;
}
if( err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
err, *text, 0);
}
break;
case SLAP_MOD_SOFTDEL:
Debug(LDAP_DEBUG_ARGS,
"mdb_modify_internal: softdel %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
/* Avoid problems in index_delete_mods()
* We need to add index if necessary.
*/
mod->sm_op = LDAP_MOD_DELETE;
err = modify_delete_values( e, mod, get_permissiveModify(op),
text, textbuf, textlen );
mod->sm_op = SLAP_MOD_SOFTDEL;
if ( err == LDAP_NO_SUCH_ATTRIBUTE ) {
err = LDAP_SUCCESS;
}
if( err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
err, *text, 0);
}
break;
case SLAP_MOD_ADD_IF_NOT_PRESENT:
if ( attr_find( e->e_attrs, mod->sm_desc ) != NULL ) {
/* skip */
err = LDAP_SUCCESS;
break;
}
Debug(LDAP_DEBUG_ARGS,
"mdb_modify_internal: add_if_not_present %s\n",
mod->sm_desc->ad_cname.bv_val, 0, 0);
/* Avoid problems in index_add_mods()
* We need to add index if necessary.
*/
mod->sm_op = LDAP_MOD_ADD;
err = modify_add_values( e, mod, get_permissiveModify(op),
text, textbuf, textlen );
mod->sm_op = SLAP_MOD_ADD_IF_NOT_PRESENT;
if( err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
err, *text, 0);
}
break;
default:
Debug(LDAP_DEBUG_ANY, "mdb_modify_internal: invalid op %d\n",
mod->sm_op, 0, 0);
*text = "Invalid modify operation";
err = LDAP_OTHER;
Debug(LDAP_DEBUG_ARGS, "mdb_modify_internal: %d %s\n",
err, *text, 0);
}
if ( err != LDAP_SUCCESS ) {
attrs_free( e->e_attrs );
e->e_attrs = save_attrs;
/* unlock entry, delete from cache */
return err;
}
/* If objectClass was modified, reset the flags */
if ( mod->sm_desc == slap_schema.si_ad_objectClass ) {
e->e_ocflags = 0;
}
if ( glue_attr_delete ) e->e_ocflags = 0;
/* check if modified attribute was indexed
* but not in case of NOOP... */
if ( !op->o_noop ) {
mdb_modify_idxflags( op, mod->sm_desc, got_delete, e->e_attrs, save_attrs );
}
}
/* check that the entry still obeys the schema */
ap = NULL;
rc = entry_schema_check( op, e, save_attrs, get_relax(op), 0, &ap,
text, textbuf, textlen );
if ( rc != LDAP_SUCCESS || op->o_noop ) {
attrs_free( e->e_attrs );
/* clear the indexing flags */
for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
ap->a_flags &= ~(SLAP_ATTR_IXADD|SLAP_ATTR_IXDEL);
}
e->e_attrs = save_attrs;
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"entry failed schema check: %s\n",
*text, 0, 0 );
}
/* if NOOP then silently revert to saved attrs */
return rc;
}
/* structuralObjectClass modified! */
if ( ap ) {
assert( ap->a_desc == slap_schema.si_ad_structuralObjectClass );
if ( !op->o_noop ) {
mdb_modify_idxflags( op, slap_schema.si_ad_structuralObjectClass,
1, e->e_attrs, save_attrs );
}
}
/* update the indices of the modified attributes */
/* start with deleting the old index entries */
for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
if ( ap->a_flags & SLAP_ATTR_IXDEL ) {
struct berval *vals;
Attribute *a2;
ap->a_flags &= ~SLAP_ATTR_IXDEL;
a2 = attr_find( e->e_attrs, ap->a_desc );
if ( a2 ) {
/* need to detect which values were deleted */
int i, j;
vals = op->o_tmpalloc( (ap->a_numvals + 1) *
sizeof(struct berval), op->o_tmpmemctx );
j = 0;
for ( i=0; i < ap->a_numvals; i++ ) {
rc = attr_valfind( a2, SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
&ap->a_nvals[i], NULL, op->o_tmpmemctx );
/* Save deleted values */
if ( rc == LDAP_NO_SUCH_ATTRIBUTE )
vals[j++] = ap->a_nvals[i];
}
BER_BVZERO(vals+j);
} else {
/* attribute was completely deleted */
vals = ap->a_nvals;
}
rc = 0;
if ( !BER_BVISNULL( vals )) {
rc = mdb_index_values( op, tid, ap->a_desc,
vals, e->e_id, SLAP_INDEX_DELETE_OP );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"%s: attribute \"%s\" index delete failure\n",
op->o_log_prefix, ap->a_desc->ad_cname.bv_val, 0 );
attrs_free( e->e_attrs );
e->e_attrs = save_attrs;
}
}
if ( vals != ap->a_nvals )
op->o_tmpfree( vals, op->o_tmpmemctx );
if ( rc ) return rc;
}
}
/* add the new index entries */
for ( ap = e->e_attrs; ap != NULL; ap = ap->a_next ) {
if (ap->a_flags & SLAP_ATTR_IXADD) {
ap->a_flags &= ~SLAP_ATTR_IXADD;
rc = mdb_index_values( op, tid, ap->a_desc,
ap->a_nvals,
e->e_id, SLAP_INDEX_ADD_OP );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"%s: attribute \"%s\" index add failure\n",
op->o_log_prefix, ap->a_desc->ad_cname.bv_val, 0 );
attrs_free( e->e_attrs );
e->e_attrs = save_attrs;
return rc;
}
}
}
return rc;
}
int
mdb_add(Operation *op, SlapReply *rs )
{
struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
struct berval pdn;
Entry *p = NULL, *oe = op->ora_e;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
MDB_txn *txn = NULL;
MDB_cursor *mc = NULL;
MDB_cursor *mcd;
ID eid, pid = 0;
mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo;
int subentry;
int numads = mdb->mi_numads;
int success;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(mdb_add) ": %s\n",
op->ora_e->e_name.bv_val, 0, 0);
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = 0;
/* check entry's schema */
rs->sr_err = entry_schema_check( op, op->ora_e, NULL,
get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": entry failed schema check: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
/* begin transaction */
rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": txn_begin failed: %s (%d)\n",
mdb_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
txn = moi->moi_txn;
/* add opattrs to shadow as well, only missing attrs will actually
* be added; helps compatibility with older OL versions */
rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": entry failed op attrs add: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
if ( get_assert( op ) &&
( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
subentry = is_entry_subentry( op->ora_e );
/*
* Get the parent dn and see if the corresponding entry exists.
*/
if ( be_issuffix( op->o_bd, &op->ora_e->e_nname ) ) {
pdn = slap_empty_bv;
} else {
dnParent( &op->ora_e->e_nname, &pdn );
}
rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mcd );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": mdb_cursor_open failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* get entry or parent */
rs->sr_err = mdb_dn2entry( op, txn, mcd, &op->ora_e->e_nname, &p, NULL, 1 );
switch( rs->sr_err ) {
case 0:
rs->sr_err = LDAP_ALREADY_EXISTS;
mdb_entry_return( op, p );
p = NULL;
goto return_results;
case MDB_NOTFOUND:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( !p )
p = (Entry *)&slap_entry_root;
if ( !bvmatch( &pdn, &p->e_nname ) ) {
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
if ( p != (Entry *)&slap_entry_root && is_entry_referral( p )) {
BerVarray ref = get_entry_referrals( op, p );
rs->sr_ref = referral_rewrite( ref, &p->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
} else {
rs->sr_ref = NULL;
}
if ( p != (Entry *)&slap_entry_root )
mdb_entry_return( op, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent "
"does not exist\n", 0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
if ( p != (Entry *)&slap_entry_root )
mdb_entry_return( op, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": no write access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;;
}
if ( p != (Entry *)&slap_entry_root ) {
if ( is_entry_subentry( p ) ) {
mdb_entry_return( op, p );
p = NULL;
/* parent is a subentry, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent is subentry\n",
0, 0, 0 );
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
rs->sr_text = "parent is a subentry";
goto return_results;;
}
if ( is_entry_alias( p ) ) {
mdb_entry_return( op, p );
p = NULL;
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent is alias\n",
0, 0, 0 );
rs->sr_err = LDAP_ALIAS_PROBLEM;
rs->sr_text = "parent is an alias";
goto return_results;;
}
if ( is_entry_referral( p ) ) {
BerVarray ref = get_entry_referrals( op, p );
/* parent is a referral, don't allow add */
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = referral_rewrite( ref, &p->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
mdb_entry_return( op, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
}
if ( subentry ) {
/* FIXME: */
/* parent must be an administrative point of the required kind */
}
/* free parent */
if ( p != (Entry *)&slap_entry_root ) {
pid = p->e_id;
if ( p->e_nname.bv_len ) {
struct berval ppdn;
/* ITS#5326: use parent's DN if differs from provided one */
dnParent( &op->ora_e->e_name, &ppdn );
if ( !dn_match( &p->e_name, &ppdn ) ) {
struct berval rdn;
struct berval newdn;
dnRdn( &op->ora_e->e_name, &rdn );
build_new_dn( &newdn, &p->e_name, &rdn, NULL );
if ( op->ora_e->e_name.bv_val != op->o_req_dn.bv_val )
ber_memfree( op->ora_e->e_name.bv_val );
op->ora_e->e_name = newdn;
/* FIXME: should check whether
* dnNormalize(newdn) == e->e_nname ... */
}
}
mdb_entry_return( op, p );
}
p = NULL;
rs->sr_err = access_allowed( op, op->ora_e,
entry, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": no write access to entry\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;;
}
/*
* Check ACL for attribute write access
*/
if (!acl_check_modlist(op, oe, op->ora_modlist)) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": no write access to attribute\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to attribute";
goto return_results;;
}
rs->sr_err = mdb_cursor_open( txn, mdb->mi_id2entry, &mc );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": mdb_cursor_open failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
rs->sr_err = mdb_next_id( op->o_bd, mc, &eid );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": next_id failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
op->ora_e->e_id = eid;
/* dn2id index */
rs->sr_err = mdb_dn2id_add( op, mcd, mcd, pid, 1, 1, op->ora_e );
mdb_cursor_close( mcd );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": dn2id_add failed: %s (%d)\n",
mdb_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case MDB_KEYEXIST:
rs->sr_err = LDAP_ALREADY_EXISTS;
break;
default:
rs->sr_err = LDAP_OTHER;
}
goto return_results;
}
/* attribute indexes */
rs->sr_err = mdb_index_entry_add( op, txn, op->ora_e );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": index_entry_add failed\n",
0, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "index generation failed";
goto return_results;
}
/* id2entry index */
rs->sr_err = mdb_id2entry_add( op, txn, mc, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": id2entry_add failed\n",
0, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "entry store failed";
goto return_results;
}
/* post-read */
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if ( slap_read_controls( op, rs, op->ora_e,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_add) ": post-read "
"failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if ( moi == &opinfo ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
opinfo.moi_oe.oe_key = NULL;
if ( op->o_noop ) {
mdb->mi_numads = numads;
mdb_txn_abort( txn );
rs->sr_err = LDAP_X_NO_OPERATION;
txn = NULL;
goto return_results;
}
rs->sr_err = mdb_txn_commit( txn );
txn = NULL;
if ( rs->sr_err != 0 ) {
mdb->mi_numads = numads;
rs->sr_text = "txn_commit failed";
Debug( LDAP_DEBUG_ANY,
LDAP_XSTRING(mdb_add) ": %s : %s (%d)\n",
rs->sr_text, mdb_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
}
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": added%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
op->ora_e->e_id, op->ora_e->e_dn );
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
success = rs->sr_err;
send_ldap_result( op, rs );
if( moi == &opinfo ) {
if( txn != NULL ) {
mdb->mi_numads = numads;
mdb_txn_abort( txn );
}
if ( opinfo.moi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
}
} else {
moi->moi_ref--;
}
if( success == LDAP_SUCCESS ) {
#if 0
if ( mdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( mdb->bi_dbenv,
mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 );
}
#endif
}
slap_graduate_commit_csn( op );
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
return rs->sr_err;
}
int
ldap_back_add(
Operation *op,
SlapReply *rs )
{
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
ldapconn_t *lc = NULL;
int i = 0,
j = 0;
Attribute *a;
LDAPMod **attrs = NULL,
*attrs2 = NULL;
ber_int_t msgid;
int isupdate;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
LDAPControl **ctrls = NULL;
rs->sr_err = LDAP_SUCCESS;
Debug( LDAP_DEBUG_ARGS, "==> ldap_back_add(\"%s\")\n",
op->o_req_dn.bv_val, 0, 0 );
if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
lc = NULL;
goto cleanup;
}
/* Count number of attributes in entry */
for ( i = 1, a = op->oq_add.rs_e->e_attrs; a; i++, a = a->a_next )
/* just count attrs */ ;
/* Create array of LDAPMods for ldap_add() */
attrs = (LDAPMod **)ch_malloc( sizeof( LDAPMod * )*i
+ sizeof( LDAPMod )*( i - 1 ) );
attrs2 = ( LDAPMod * )&attrs[ i ];
isupdate = be_shadow_update( op );
for ( i = 0, a = op->oq_add.rs_e->e_attrs; a; a = a->a_next ) {
if ( !isupdate && !get_relax( op ) && a->a_desc->ad_type->sat_no_user_mod )
{
continue;
}
attrs[ i ] = &attrs2[ i ];
attrs[ i ]->mod_op = LDAP_MOD_BVALUES;
attrs[ i ]->mod_type = a->a_desc->ad_cname.bv_val;
for ( j = 0; a->a_vals[ j ].bv_val; j++ )
/* just count vals */ ;
attrs[i]->mod_vals.modv_bvals =
ch_malloc( ( j + 1 )*sizeof( struct berval * ) );
for ( j = 0; a->a_vals[ j ].bv_val; j++ ) {
attrs[ i ]->mod_vals.modv_bvals[ j ] = &a->a_vals[ j ];
}
attrs[ i ]->mod_vals.modv_bvals[ j ] = NULL;
i++;
}
attrs[ i ] = NULL;
retry:
ctrls = op->o_ctrls;
rs->sr_err = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = ldap_add_ext( lc->lc_ld, op->o_req_dn.bv_val, attrs,
ctrls, NULL, &msgid );
rs->sr_err = ldap_back_op_result( lc, op, rs, msgid,
li->li_timeout[ SLAP_OP_ADD ],
( LDAP_BACK_SENDRESULT | retrying ) );
if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
ldap_pvt_thread_mutex_lock( &li->li_counter_mutex );
ldap_pvt_mp_add( li->li_ops_completed[ SLAP_OP_ADD ], 1 );
ldap_pvt_thread_mutex_unlock( &li->li_counter_mutex );
cleanup:
(void)ldap_back_controls_free( op, rs, &ctrls );
if ( attrs ) {
for ( --i; i >= 0; --i ) {
ch_free( attrs[ i ]->mod_vals.modv_bvals );
}
ch_free( attrs );
}
if ( lc ) {
ldap_back_release_conn( li, lc );
}
Debug( LDAP_DEBUG_ARGS, "<== ldap_back_add(\"%s\"): %d\n",
op->o_req_dn.bv_val, rs->sr_err, 0 );
return rs->sr_err;
}
static int
constraint_update( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
Backend *be = op->o_bd;
constraint *c = on->on_bi.bi_private, *cp;
Entry *target_entry = NULL, *target_entry_copy = NULL;
Modifications *modlist, *m;
BerVarray b = NULL;
int i;
struct berval rsv = BER_BVC("modify breaks constraint");
int rc;
char *msg = NULL;
if (get_relax(op)) {
return SLAP_CB_CONTINUE;
}
switch ( op->o_tag ) {
case LDAP_REQ_MODIFY:
modlist = op->orm_modlist;
break;
case LDAP_REQ_MODRDN:
modlist = op->orr_modlist;
break;
default:
/* impossible! assert? */
return LDAP_OTHER;
}
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "constraint_update()\n", 0,0,0);
if ((m = modlist) == NULL) {
op->o_bd->bd_info = (BackendInfo *)(on->on_info);
send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
"constraint_update() got null modlist");
return(rs->sr_err);
}
/* Do we need to count attributes? */
for(cp = c; cp; cp = cp->ap_next) {
if (cp->count != 0 || cp->set || cp->restrict_lud != 0) {
op->o_bd = on->on_info->oi_origdb;
rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &target_entry );
op->o_bd = be;
if (rc != 0 || target_entry == NULL) {
Debug(LDAP_DEBUG_TRACE,
"==> constraint_update rc = %d DN=\"%s\"%s\n",
rc, op->o_req_ndn.bv_val,
target_entry ? "" : " not found" );
if ( rc == 0 )
rc = LDAP_CONSTRAINT_VIOLATION;
goto mod_violation;
}
break;
}
}
rc = LDAP_CONSTRAINT_VIOLATION;
for(;m; m = m->sml_next) {
unsigned ce = 0;
if (is_at_operational( m->sml_desc->ad_type )) continue;
if ((( m->sml_op & LDAP_MOD_OP ) != LDAP_MOD_ADD) &&
(( m->sml_op & LDAP_MOD_OP ) != LDAP_MOD_REPLACE) &&
(( m->sml_op & LDAP_MOD_OP ) != LDAP_MOD_DELETE))
continue;
/* we only care about ADD and REPLACE modifications */
/* and DELETE are used to track attribute count */
if ((( b = m->sml_values ) == NULL ) || (b[0].bv_val == NULL))
continue;
/* Get this attribute count, if needed */
if (target_entry)
ce = constraint_count_attr(target_entry, m->sml_desc);
for(cp = c; cp; cp = cp->ap_next) {
int j;
for (j = 0; cp->ap[j]; j++) {
if (cp->ap[j] == m->sml_desc) {
break;
}
}
if (cp->ap[j] == NULL) continue;
if (cp->restrict_lud != NULL && constraint_check_restrict(op, cp, target_entry) == 0) {
continue;
}
if (cp->count != 0) {
unsigned ca;
if (m->sml_op == LDAP_MOD_DELETE)
ce = 0;
for (ca = 0; b[ca].bv_val; ++ca);
Debug(LDAP_DEBUG_TRACE,
"==> constraint_update ce = %u, "
"ca = %u, cp->count = %lu\n",
ce, ca, (unsigned long) cp->count);
if (m->sml_op == LDAP_MOD_ADD) {
if (ca + ce > cp->count) {
rc = LDAP_CONSTRAINT_VIOLATION;
goto mod_violation;
}
}
if (m->sml_op == LDAP_MOD_REPLACE) {
if (ca > cp->count) {
rc = LDAP_CONSTRAINT_VIOLATION;
goto mod_violation;
}
ce = ca;
}
}
/* DELETE are to be ignored beyond this point */
if (( m->sml_op & LDAP_MOD_OP ) == LDAP_MOD_DELETE)
continue;
for ( i = 0; b[i].bv_val; i++ ) {
rc = constraint_violation( cp, &b[i], op, rs );
if ( rc ) {
goto mod_violation;
}
}
if (cp->set && target_entry) {
if (target_entry_copy == NULL) {
Modifications *ml;
target_entry_copy = entry_dup(target_entry);
/* if rename, set the new entry's name
* (in normalized form only) */
if ( op->o_tag == LDAP_REQ_MODRDN ) {
struct berval pdn, ndn = BER_BVNULL;
if ( op->orr_nnewSup ) {
pdn = *op->orr_nnewSup;
} else {
dnParent( &target_entry_copy->e_nname, &pdn );
}
build_new_dn( &ndn, &pdn, &op->orr_nnewrdn, NULL );
ber_memfree( target_entry_copy->e_nname.bv_val );
target_entry_copy->e_nname = ndn;
ber_bvreplace( &target_entry_copy->e_name, &ndn );
}
/* apply modifications, in an attempt
* to estimate what the entry would
* look like in case all modifications
* pass */
for ( ml = modlist; ml; ml = ml->sml_next ) {
Modification *mod = &ml->sml_mod;
const char *text;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof(textbuf);
int err;
switch ( mod->sm_op ) {
case LDAP_MOD_ADD:
err = modify_add_values( target_entry_copy,
mod, get_permissiveModify(op),
&text, textbuf, textlen );
break;
case LDAP_MOD_DELETE:
err = modify_delete_values( target_entry_copy,
mod, get_permissiveModify(op),
&text, textbuf, textlen );
break;
case LDAP_MOD_REPLACE:
err = modify_replace_values( target_entry_copy,
mod, get_permissiveModify(op),
&text, textbuf, textlen );
break;
case LDAP_MOD_INCREMENT:
err = modify_increment_values( target_entry_copy,
mod, get_permissiveModify(op),
&text, textbuf, textlen );
break;
case SLAP_MOD_SOFTADD:
mod->sm_op = LDAP_MOD_ADD;
err = modify_add_values( target_entry_copy,
mod, get_permissiveModify(op),
&text, textbuf, textlen );
mod->sm_op = SLAP_MOD_SOFTADD;
if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) {
err = LDAP_SUCCESS;
}
break;
case SLAP_MOD_SOFTDEL:
mod->sm_op = LDAP_MOD_ADD;
err = modify_delete_values( target_entry_copy,
mod, get_permissiveModify(op),
&text, textbuf, textlen );
mod->sm_op = SLAP_MOD_SOFTDEL;
if ( err == LDAP_NO_SUCH_ATTRIBUTE ) {
err = LDAP_SUCCESS;
}
break;
case SLAP_MOD_ADD_IF_NOT_PRESENT:
if ( attr_find( target_entry_copy->e_attrs, mod->sm_desc ) ) {
err = LDAP_SUCCESS;
break;
}
mod->sm_op = LDAP_MOD_ADD;
err = modify_add_values( target_entry_copy,
mod, get_permissiveModify(op),
&text, textbuf, textlen );
mod->sm_op = SLAP_MOD_ADD_IF_NOT_PRESENT;
break;
default:
err = LDAP_OTHER;
break;
}
if ( err != LDAP_SUCCESS ) {
rc = err;
goto mod_violation;
}
}
}
if ( acl_match_set(&cp->val, op, target_entry_copy, NULL) == 0) {
rc = LDAP_CONSTRAINT_VIOLATION;
goto mod_violation;
}
}
}
}
if (target_entry) {
op->o_bd = on->on_info->oi_origdb;
be_entry_release_r(op, target_entry);
op->o_bd = be;
}
if (target_entry_copy) {
entry_free(target_entry_copy);
}
return SLAP_CB_CONTINUE;
mod_violation:
/* violation */
if (target_entry) {
op->o_bd = on->on_info->oi_origdb;
be_entry_release_r(op, target_entry);
op->o_bd = be;
}
if (target_entry_copy) {
entry_free(target_entry_copy);
}
op->o_bd->bd_info = (BackendInfo *)(on->on_info);
if ( rc == LDAP_CONSTRAINT_VIOLATION ) {
msg = print_message( &rsv, m->sml_desc );
}
send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION, msg );
ch_free(msg);
return (rs->sr_err);
}
static int
constraint_add( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
Attribute *a;
constraint *c = on->on_bi.bi_private, *cp;
BerVarray b = NULL;
int i;
struct berval rsv = BER_BVC("add breaks constraint");
int rc;
char *msg = NULL;
if (get_relax(op)) {
return SLAP_CB_CONTINUE;
}
if ((a = op->ora_e->e_attrs) == NULL) {
op->o_bd->bd_info = (BackendInfo *)(on->on_info);
send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
"constraint_add: no attrs");
return(rs->sr_err);
}
for(; a; a = a->a_next ) {
/* we don't constrain operational attributes */
if (is_at_operational(a->a_desc->ad_type)) continue;
for(cp = c; cp; cp = cp->ap_next) {
int j;
for (j = 0; cp->ap[j]; j++) {
if (cp->ap[j] == a->a_desc) break;
}
if (cp->ap[j] == NULL) continue;
if ((b = a->a_vals) == NULL) continue;
if (cp->restrict_lud != NULL && constraint_check_restrict(op, cp, op->ora_e) == 0) {
continue;
}
Debug(LDAP_DEBUG_TRACE,
"==> constraint_add, "
"a->a_numvals = %u, cp->count = %lu\n",
a->a_numvals, (unsigned long) cp->count, 0);
if ((cp->count != 0) && (a->a_numvals > cp->count)) {
rc = LDAP_CONSTRAINT_VIOLATION;
goto add_violation;
}
for ( i = 0; b[i].bv_val; i++ ) {
rc = constraint_violation( cp, &b[i], op, rs );
if ( rc ) {
goto add_violation;
}
}
if (cp->set && acl_match_set(&cp->val, op, op->ora_e, NULL) == 0) {
rc = LDAP_CONSTRAINT_VIOLATION;
goto add_violation; /* constraint violation */
}
}
}
/* Default is to just fall through to the normal processing */
return SLAP_CB_CONTINUE;
add_violation:
op->o_bd->bd_info = (BackendInfo *)(on->on_info);
if (rc == LDAP_CONSTRAINT_VIOLATION ) {
msg = print_message( &rsv, a->a_desc );
}
send_ldap_error(op, rs, rc, msg );
ch_free(msg);
return (rs->sr_err);
}
meta_search_candidate_t
asyncmeta_back_add_start(Operation *op,
SlapReply *rs,
a_metaconn_t *mc,
bm_context_t *bc,
int candidate)
{
int isupdate;
Attribute *a;
int i;
LDAPMod **attrs;
struct berval mapped;
a_dncookie dc;
a_metainfo_t *mi = mc->mc_info;
a_metatarget_t *mt = mi->mi_targets[ candidate ];
struct berval mdn;
meta_search_candidate_t retcode = META_SEARCH_CANDIDATE;
BerElement *ber = NULL;
a_metasingleconn_t *msc = &mc->mc_conns[ candidate ];
SlapReply *candidates = bc->candidates;
ber_int_t msgid;
LDAPControl **ctrls = NULL;
int rc, nretries = 1;
dc.target = mt;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "addDN";
mdn.bv_len = 0;
switch (asyncmeta_dn_massage( &dc, &bc->op->o_req_dn, &mdn ) )
{
case LDAP_SUCCESS:
break;
case LDAP_UNWILLING_TO_PERFORM:
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "Operation not allowed";
retcode = META_SEARCH_ERR;
goto doreturn;
default:
rs->sr_err = LDAP_NO_SUCH_OBJECT;
retcode = META_SEARCH_NOT_CANDIDATE;
goto doreturn;
}
/* Count number of attributes in entry ( +1 ) */
for ( i = 1, a = op->ora_e->e_attrs; a; i++, a = a->a_next );
/* Create array of LDAPMods for ldap_add() */
attrs = ch_malloc( sizeof( LDAPMod * )*i );
dc.ctx = "addAttrDN";
isupdate = be_shadow_update( op );
for ( i = 0, a = op->ora_e->e_attrs; a; a = a->a_next ) {
int j, is_oc = 0;
if ( !isupdate && !get_relax( op ) && a->a_desc->ad_type->sat_no_user_mod )
{
continue;
}
if ( a->a_desc == slap_schema.si_ad_objectClass
|| a->a_desc == slap_schema.si_ad_structuralObjectClass )
{
is_oc = 1;
mapped = a->a_desc->ad_cname;
} else {
asyncmeta_map( &mt->mt_rwmap.rwm_at,
&a->a_desc->ad_cname, &mapped, BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
continue;
}
}
attrs[ i ] = ch_malloc( sizeof( LDAPMod ) );
if ( attrs[ i ] == NULL ) {
continue;
}
attrs[ i ]->mod_op = LDAP_MOD_BVALUES;
attrs[ i ]->mod_type = mapped.bv_val;
if ( is_oc ) {
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ );
attrs[ i ]->mod_bvalues =
(struct berval **)ch_malloc( ( j + 1 ) *
sizeof( struct berval * ) );
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); ) {
struct ldapmapping *mapping;
asyncmeta_mapping( &mt->mt_rwmap.rwm_oc,
&a->a_vals[ j ], &mapping, BACKLDAP_MAP );
if ( mapping == NULL ) {
if ( mt->mt_rwmap.rwm_oc.drop_missing ) {
continue;
}
attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];
} else {
attrs[ i ]->mod_bvalues[ j ] = &mapping->dst;
}
j++;
}
attrs[ i ]->mod_bvalues[ j ] = NULL;
} else {
/*
* FIXME: dn-valued attrs should be rewritten
* to allow their use in ACLs at the back-ldap
* level.
*/
if ( a->a_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName )
{
(void)asyncmeta_dnattr_rewrite( &dc, a->a_vals );
if ( a->a_vals == NULL ) {
continue;
}
}
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ )
;
attrs[ i ]->mod_bvalues = ch_malloc( ( j + 1 ) * sizeof( struct berval * ) );
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];
}
attrs[ i ]->mod_bvalues[ j ] = NULL;
}
i++;
}
attrs[ i ] = NULL;
retry:;
ctrls = op->o_ctrls;
if ( asyncmeta_controls_add( op, rs, mc, candidate, &ctrls ) != LDAP_SUCCESS )
{
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
retcode = META_SEARCH_ERR;
goto done;
}
ber = ldap_build_add_req( msc->msc_ld, mdn.bv_val, attrs, ctrls, NULL, &msgid);
if (ber) {
candidates[ candidate ].sr_msgid = msgid;
rc = ldap_send_initial_request( msc->msc_ld, LDAP_REQ_ADD,
mdn.bv_val, ber, msgid );
if (rc == msgid)
rc = LDAP_SUCCESS;
else
rc = LDAP_SERVER_DOWN;
switch ( rc ) {
case LDAP_SUCCESS:
retcode = META_SEARCH_CANDIDATE;
asyncmeta_set_msc_time(msc);
break;
case LDAP_SERVER_DOWN:
ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex);
asyncmeta_clear_one_msc(NULL, mc, candidate);
ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex);
if ( nretries && asyncmeta_retry( op, rs, &mc, candidate, LDAP_BACK_DONTSEND ) ) {
nretries = 0;
/* if the identity changed, there might be need to re-authz */
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
default:
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
retcode = META_SEARCH_ERR;
}
}
done:
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
for ( --i; i >= 0; --i ) {
free( attrs[ i ]->mod_bvalues );
free( attrs[ i ] );
}
free( attrs );
if ( mdn.bv_val != op->ora_e->e_dn ) {
free( mdn.bv_val );
BER_BVZERO( &mdn );
}
doreturn:;
Debug( LDAP_DEBUG_TRACE, "%s <<< asyncmeta_back_add_start[%p]=%d\n", op->o_log_prefix, msc, candidates[candidate].sr_msgid );
return retcode;
}
static int
dds_op_modify( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
dds_info_t *di = (dds_info_t *)on->on_bi.bi_private;
Modifications *mod;
Entry *e = NULL;
BackendInfo *bi = op->o_bd->bd_info;
int was_dynamicObject = 0,
is_dynamicObject = 0;
struct berval bv_entryTtl = BER_BVNULL;
time_t entryTtl = 0;
char textbuf[ SLAP_TEXT_BUFLEN ];
if ( DDS_OFF( di ) ) {
return SLAP_CB_CONTINUE;
}
/* bv_entryTtl stores the string representation of the entryTtl
* across modifies for consistency checks of the final value;
* the bv_val points to a static buffer; the bv_len is zero when
* the attribute is deleted.
* entryTtl stores the integer representation of the entryTtl;
* its value is -1 when the attribute is deleted; it is 0 only
* if no modifications of the entryTtl occurred, as an entryTtl
* of 0 is invalid. */
bv_entryTtl.bv_val = textbuf;
op->o_bd->bd_info = (BackendInfo *)on->on_info;
rs->sr_err = be_entry_get_rw( op, &op->o_req_ndn,
slap_schema.si_oc_dynamicObject, slap_schema.si_ad_entryTtl, 0, &e );
if ( rs->sr_err == LDAP_SUCCESS && e != NULL ) {
Attribute *a = attr_find( e->e_attrs, slap_schema.si_ad_entryTtl );
/* the value of the entryTtl is saved for later checks */
if ( a != NULL ) {
unsigned long ttl;
int rc;
bv_entryTtl.bv_len = a->a_nvals[ 0 ].bv_len;
memcpy( bv_entryTtl.bv_val, a->a_nvals[ 0 ].bv_val, bv_entryTtl.bv_len );
bv_entryTtl.bv_val[ bv_entryTtl.bv_len ] = '\0';
rc = lutil_atoul( &ttl, bv_entryTtl.bv_val );
assert( rc == 0 );
entryTtl = (time_t)ttl;
}
be_entry_release_r( op, e );
e = NULL;
was_dynamicObject = is_dynamicObject = 1;
}
op->o_bd->bd_info = bi;
rs->sr_err = LDAP_SUCCESS;
for ( mod = op->orm_modlist; mod; mod = mod->sml_next ) {
if ( mod->sml_desc == slap_schema.si_ad_objectClass ) {
int i;
ObjectClass *oc;
switch ( mod->sml_op ) {
case LDAP_MOD_DELETE:
if ( mod->sml_values == NULL ) {
is_dynamicObject = 0;
break;
}
for ( i = 0; !BER_BVISNULL( &mod->sml_values[ i ] ); i++ ) {
oc = oc_bvfind( &mod->sml_values[ i ] );
if ( oc == slap_schema.si_oc_dynamicObject ) {
is_dynamicObject = 0;
break;
}
}
break;
case LDAP_MOD_REPLACE:
if ( mod->sml_values == NULL ) {
is_dynamicObject = 0;
break;
}
/* fallthru */
case LDAP_MOD_ADD:
for ( i = 0; !BER_BVISNULL( &mod->sml_values[ i ] ); i++ ) {
oc = oc_bvfind( &mod->sml_values[ i ] );
if ( oc == slap_schema.si_oc_dynamicObject ) {
is_dynamicObject = 1;
break;
}
}
break;
}
} else if ( mod->sml_desc == slap_schema.si_ad_entryTtl ) {
unsigned long uttl;
time_t ttl;
int rc;
switch ( mod->sml_op ) {
case LDAP_MOD_DELETE:
case SLAP_MOD_SOFTDEL: /* FIXME? */
if ( mod->sml_values != NULL ) {
if ( BER_BVISEMPTY( &bv_entryTtl )
|| !bvmatch( &bv_entryTtl, &mod->sml_values[ 0 ] ) )
{
rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
if ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
}
goto done;
}
}
bv_entryTtl.bv_len = 0;
entryTtl = -1;
break;
case LDAP_MOD_REPLACE:
bv_entryTtl.bv_len = 0;
entryTtl = -1;
/* fallthru */
case LDAP_MOD_ADD:
case SLAP_MOD_SOFTADD: /* FIXME? */
case SLAP_MOD_ADD_IF_NOT_PRESENT: /* FIXME? */
assert( mod->sml_values != NULL );
assert( BER_BVISNULL( &mod->sml_values[ 1 ] ) );
if ( !BER_BVISEMPTY( &bv_entryTtl ) ) {
rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
if ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_text = "attribute 'entryTtl' cannot have multiple values";
rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
}
goto done;
}
rc = lutil_atoul( &uttl, mod->sml_values[ 0 ].bv_val );
ttl = (time_t)uttl;
assert( rc == 0 );
if ( ttl > DDS_RF2589_MAX_TTL ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
rs->sr_text = "invalid time-to-live for dynamicObject";
goto done;
}
if ( ttl <= 0 || ttl > di->di_max_ttl ) {
/* FIXME: I don't understand if this has to be an error,
* or an indication that the requested Ttl has been
* shortened to di->di_max_ttl >= 1 day */
rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
rs->sr_text = "time-to-live for dynamicObject exceeds administrative limit";
goto done;
}
entryTtl = ttl;
bv_entryTtl.bv_len = mod->sml_values[ 0 ].bv_len;
memcpy( bv_entryTtl.bv_val, mod->sml_values[ 0 ].bv_val, bv_entryTtl.bv_len );
bv_entryTtl.bv_val[ bv_entryTtl.bv_len ] = '\0';
break;
case LDAP_MOD_INCREMENT:
if ( BER_BVISEMPTY( &bv_entryTtl ) ) {
rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
if ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
rs->sr_text = "modify/increment: entryTtl: no such attribute";
}
goto done;
}
entryTtl++;
if ( entryTtl > DDS_RF2589_MAX_TTL ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
rs->sr_text = "invalid time-to-live for dynamicObject";
} else if ( entryTtl <= 0 || entryTtl > di->di_max_ttl ) {
/* FIXME: I don't understand if this has to be an error,
* or an indication that the requested Ttl has been
* shortened to di->di_max_ttl >= 1 day */
rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
rs->sr_text = "time-to-live for dynamicObject exceeds administrative limit";
}
if ( rs->sr_err != LDAP_SUCCESS ) {
rc = backend_attribute( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
if ( rc == LDAP_INSUFFICIENT_ACCESS ) {
rs->sr_text = NULL;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
goto done;
}
bv_entryTtl.bv_len = snprintf( textbuf, sizeof( textbuf ), "%ld", entryTtl );
break;
default:
LDAP_BUG();
break;
}
} else if ( mod->sml_desc == ad_entryExpireTimestamp ) {
/* should have been trapped earlier */
assert( mod->sml_flags & SLAP_MOD_INTERNAL );
}
}
done:;
if ( rs->sr_err == LDAP_SUCCESS ) {
int rc;
/* FIXME: this could be allowed when the Relax control is used...
* in that case:
*
* TODO
*
* static => dynamic:
* entryTtl must be provided; add
* entryExpireTimestamp accordingly
*
* dynamic => static:
* entryTtl must be removed; remove
* entryTimestamp accordingly
*
* ... but we need to make sure that there are no subordinate
* issues...
*/
rc = is_dynamicObject - was_dynamicObject;
if ( rc ) {
#if 0 /* fix subordinate issues first */
if ( get_relax( op ) ) {
switch ( rc ) {
case -1:
/* need to delete entryTtl to have a consistent entry */
if ( entryTtl != -1 ) {
rs->sr_text = "objectClass modification from dynamicObject to static entry requires entryTtl deletion";
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
}
break;
case 1:
/* need to add entryTtl to have a consistent entry */
if ( entryTtl <= 0 ) {
rs->sr_text = "objectClass modification from static entry to dynamicObject requires entryTtl addition";
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
}
break;
}
} else
#endif
{
switch ( rc ) {
case -1:
rs->sr_text = "objectClass modification cannot turn dynamicObject into static entry";
break;
case 1:
rs->sr_text = "objectClass modification cannot turn static entry into dynamicObject";
break;
}
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
}
if ( rc != LDAP_SUCCESS ) {
rc = backend_attribute( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry, NULL, ACL_DISCLOSE );
if ( rc == LDAP_INSUFFICIENT_ACCESS ) {
rs->sr_text = NULL;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
}
}
}
if ( rs->sr_err == LDAP_SUCCESS && entryTtl != 0 ) {
Modifications *tmpmod = NULL, **modp;
for ( modp = &op->orm_modlist; *modp; modp = &(*modp)->sml_next )
;
tmpmod = ch_calloc( 1, sizeof( Modifications ) );
tmpmod->sml_flags = SLAP_MOD_INTERNAL;
tmpmod->sml_type = ad_entryExpireTimestamp->ad_cname;
tmpmod->sml_desc = ad_entryExpireTimestamp;
*modp = tmpmod;
if ( entryTtl == -1 ) {
/* delete entryExpireTimestamp */
tmpmod->sml_op = LDAP_MOD_DELETE;
} else {
time_t expire;
char tsbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
struct berval bv;
/* keep entryExpireTimestamp consistent
* with entryTtl */
expire = slap_get_time() + entryTtl;
bv.bv_val = tsbuf;
bv.bv_len = sizeof( tsbuf );
slap_timestamp( &expire, &bv );
tmpmod->sml_op = LDAP_MOD_REPLACE;
value_add_one( &tmpmod->sml_values, &bv );
value_add_one( &tmpmod->sml_nvalues, &bv );
tmpmod->sml_numvals = 1;
}
}
if ( rs->sr_err ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
send_ldap_result( op, rs );
return rs->sr_err;
}
return SLAP_CB_CONTINUE;
}
extern "C" int
ndb_back_add(Operation *op, SlapReply *rs )
{
struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
Entry p = {0};
Attribute poc;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
NdbArgs NA;
NdbRdns rdns;
struct berval matched;
struct berval pdn, pndn;
int num_retries = 0;
int success;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(ndb_back_add) ": %s\n",
op->oq_add.rs_e->e_name.bv_val, 0, 0);
ctrls[num_ctrls] = 0;
/* check entry's schema */
rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": entry failed schema check: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
/* add opattrs to shadow as well, only missing attrs will actually
* be added; helps compatibility with older OL versions */
rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": entry failed op attrs add: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
/* Get our NDB handle */
rs->sr_err = ndb_thread_handle( op, &NA.ndb );
/*
* Get the parent dn and see if the corresponding entry exists.
*/
if ( be_issuffix( op->o_bd, &op->oq_add.rs_e->e_nname ) ) {
pdn = slap_empty_bv;
pndn = slap_empty_bv;
} else {
dnParent( &op->ora_e->e_name, &pdn );
dnParent( &op->ora_e->e_nname, &pndn );
}
p.e_name = op->ora_e->e_name;
p.e_nname = op->ora_e->e_nname;
op->ora_e->e_id = NOID;
rdns.nr_num = 0;
NA.rdns = &rdns;
if( 0 ) {
retry: /* transaction retry */
NA.txn->close();
NA.txn = NULL;
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
ndb_trans_backoff( ++num_retries );
}
NA.txn = NA.ndb->startTransaction();
rs->sr_text = NULL;
if( !NA.txn ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": startTransaction failed: %s (%d)\n",
NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* get entry or parent */
NA.e = &p;
NA.ocs = NULL;
rs->sr_err = ndb_entry_get_info( op, &NA, 0, &matched );
switch( rs->sr_err ) {
case 0:
rs->sr_err = LDAP_ALREADY_EXISTS;
goto return_results;
case LDAP_NO_SUCH_OBJECT:
break;
#if 0
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
#endif
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( NA.ocs ) {
int i;
for ( i=0; !BER_BVISNULL( &NA.ocs[i] ); i++ );
poc.a_numvals = i;
poc.a_desc = slap_schema.si_ad_objectClass;
poc.a_vals = NA.ocs;
poc.a_nvals = poc.a_vals;
poc.a_next = NULL;
p.e_attrs = &poc;
}
if ( ber_bvstrcasecmp( &pndn, &matched ) ) {
rs->sr_matched = matched.bv_val;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": parent "
"does not exist\n", 0, 0, 0 );
rs->sr_text = "parent does not exist";
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( p.e_attrs && is_entry_referral( &p )) {
is_ref: p.e_attrs = NULL;
ndb_entry_get_data( op, &NA, 0 );
rs->sr_ref = get_entry_referrals( op, &p );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_REF_MUSTBEFREED;
attrs_free( p.e_attrs );
p.e_attrs = NULL;
}
goto return_results;
}
p.e_name = pdn;
p.e_nname = pndn;
rs->sr_err = access_allowed( op, &p,
children, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": no write access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
if ( NA.ocs ) {
if ( is_entry_subentry( &p )) {
/* parent is a subentry, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": parent is subentry\n",
0, 0, 0 );
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
rs->sr_text = "parent is a subentry";
goto return_results;
}
if ( is_entry_alias( &p ) ) {
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": parent is alias\n",
0, 0, 0 );
rs->sr_err = LDAP_ALIAS_PROBLEM;
rs->sr_text = "parent is an alias";
goto return_results;
}
if ( is_entry_referral( &p ) ) {
/* parent is a referral, don't allow add */
rs->sr_matched = p.e_name.bv_val;
goto is_ref;
}
}
rs->sr_err = access_allowed( op, op->ora_e,
entry, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": no write access to entry\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;;
}
/*
* Check ACL for attribute write access
*/
if (!acl_check_modlist(op, op->ora_e, op->ora_modlist)) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access to attribute\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to attribute";
goto return_results;;
}
/* acquire entry ID */
if ( op->ora_e->e_id == NOID ) {
rs->sr_err = ndb_next_id( op->o_bd, NA.ndb, &op->ora_e->e_id );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": next_id failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
}
if ( matched.bv_val )
rdns.nr_num++;
NA.e = op->ora_e;
/* dn2id index */
rs->sr_err = ndb_entry_put_info( op->o_bd, &NA, 0 );
if ( rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": ndb_entry_put_info failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_text = "internal error";
goto return_results;
}
/* id2entry index */
rs->sr_err = ndb_entry_put_data( op->o_bd, &NA );
if ( rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": ndb_entry_put_data failed (%d) %s(%d)\n",
rs->sr_err, NA.txn->getNdbError().message, NA.txn->getNdbError().code );
rs->sr_text = "internal error";
goto return_results;
}
/* post-read */
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if ( slap_read_controls( op, rs, op->oq_add.rs_e,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_add) ": post-read "
"failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if ( op->o_noop ) {
if (( rs->sr_err=NA.txn->execute( NdbTransaction::Rollback,
NdbOperation::AbortOnError, 1 )) != 0 ) {
rs->sr_text = "txn (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
}
} else {
if(( rs->sr_err=NA.txn->execute( NdbTransaction::Commit,
NdbOperation::AbortOnError, 1 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
rs->sr_err = LDAP_SUCCESS;
}
}
if ( rs->sr_err != LDAP_SUCCESS && rs->sr_err != LDAP_X_NO_OPERATION ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": %s : %s (%d)\n",
rs->sr_text, NA.txn->getNdbError().message, NA.txn->getNdbError().code );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
NA.txn->close();
NA.txn = NULL;
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_add) ": added%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
op->oq_add.rs_e->e_id, op->oq_add.rs_e->e_dn );
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
success = rs->sr_err;
send_ldap_result( op, rs );
slap_graduate_commit_csn( op );
if( NA.txn != NULL ) {
NA.txn->execute( Rollback );
NA.txn->close();
}
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
return rs->sr_err;
}
