static int
_usn_mod_next_usn(LDAPMod ***mods, Slapi_Backend *be)
{
Slapi_Mods smods = {0};
struct berval *bvals[2];
struct berval usn_berval = {0};
char counter_buf[USN_COUNTER_BUF_LEN];
if (NULL == be->be_usn_counter) {
/* USN plugin is not enabled */
return LDAP_UNWILLING_TO_PERFORM;
}
slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM,
"--> _usn_mod_next_usn\n");
/* add next USN to the mods; "be" contains the usn counter */
usn_berval.bv_val = counter_buf;
PR_snprintf(usn_berval.bv_val, USN_COUNTER_BUF_LEN, "%" NSPRIu64,
slapi_counter_get_value(be->be_usn_counter));
usn_berval.bv_len = strlen(usn_berval.bv_val);
bvals[0] = &usn_berval;
bvals[1] = NULL;
slapi_mods_init_passin(&smods, *mods);
/* bvals is duplicated by ber_bvdup in slapi_mods_add_modbvps */
slapi_mods_add_modbvps(&smods, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
SLAPI_ATTR_ENTRYUSN, bvals);
*mods = slapi_mods_get_ldapmods_passout(&smods);
slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM,
"<-- _usn_mod_next_usn\n");
return LDAP_SUCCESS;
}
/**
Apply the mods to the ec entry. Check for syntax, schema problems.
Check for abandon.
Return code:
-1 - error - result code and message are set appropriately
0 - successfully applied and checked
1 - not an error - no mods to apply or op abandoned
*/
static int
modify_apply_check_expand(
Slapi_PBlock *pb,
Slapi_Operation *operation,
LDAPMod **mods, /* list of mods to apply */
struct backentry *e, /* original "before" entry */
struct backentry *ec, /* "after" entry with mods applied */
Slapi_Entry **postentry,
int *ldap_result_code,
char **ldap_result_message
)
{
int rc = 0;
int i;
int repl_op;
int change_entry = 0;
Slapi_Mods smods = {0};
CSN *csn = operation_get_csn(operation);
slapi_pblock_get (pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op);
slapi_mods_init_byref( &smods, mods );
if ( (change_entry = mods_have_effect (ec->ep_entry, &smods)) ) {
*ldap_result_code = entry_apply_mods_wsi(ec->ep_entry, &smods, csn,
operation_is_flag_set(operation, OP_FLAG_REPLICATED));
/*
* XXXmcs: it would be nice to get back an error message from
* the above call so we could pass it along to the client, e.g.,
* "duplicate value for attribute givenName."
*/
} else {
Slapi_Entry *epostop = NULL;
/* If the entry was not actually changed, we still need to
* set the SLAPI_ENTRY_POST_OP field in the pblock (post-op
* plugins expect that field to be present for all modify
* operations that return LDAP_SUCCESS).
*/
slapi_pblock_get ( pb, SLAPI_ENTRY_POST_OP, &epostop );
slapi_entry_free ( epostop ); /* free existing one, if any */
slapi_pblock_set ( pb, SLAPI_ENTRY_POST_OP, slapi_entry_dup( e->ep_entry ) );
*postentry = NULL; /* to avoid free in main error cleanup code */
}
if ( !change_entry || *ldap_result_code != 0 ) {
/* change_entry == 0 is not an error just a no-op */
rc = change_entry ? -1 : 1;
goto done;
}
/*
* If the objectClass attribute type was modified in any way, expand
* the objectClass values to reflect the inheritance hierarchy.
*/
for ( i = 0; mods && mods[i]; ++i ) {
if ( 0 == strcasecmp( SLAPI_ATTR_OBJECTCLASS, mods[i]->mod_type )) {
slapi_schema_expand_objectclasses( ec->ep_entry );
break;
}
}
/*
* We are about to pass the last abandon test, so from now on we are
* committed to finish this operation. Set status to "will complete"
* before we make our last abandon check to avoid race conditions in
* the code that processes abandon operations.
*/
operation->o_status = SLAPI_OP_STATUS_WILL_COMPLETE;
if ( slapi_op_abandoned( pb ) ) {
rc = 1;
goto done;
}
/* multimaster replication can result in a schema violation,
* although the individual operations on each master were valid
* It is too late to resolve this. But we can check schema and
* add a replication conflict attribute.
*/
/* check that the entry still obeys the schema */
if ((operation_is_flag_set(operation,OP_FLAG_ACTION_SCHEMA_CHECK)) &&
slapi_entry_schema_check_ext( pb, ec->ep_entry, 1 ) != 0 ) {
if(repl_op){
Slapi_Attr *attr;
Slapi_Mods smods;
LDAPMod **lmods;
if (slapi_entry_attr_find (ec->ep_entry, ATTR_NSDS5_REPLCONFLICT, &attr) == 0)
{
/* add value */
Slapi_Value *val = slapi_value_new_string("Schema violation");
slapi_attr_add_value(attr,val);
slapi_value_free(&val);
} else {
/* Add new attribute */
slapi_entry_add_string (ec->ep_entry, ATTR_NSDS5_REPLCONFLICT, "Schema violation");
}
/* the replconflict attribute is indexed and the index is built from the mods,
* so we need to extend the mods */
slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &lmods);
slapi_mods_init_passin(&smods, lmods);
slapi_mods_add_string (&smods, LDAP_MOD_ADD, ATTR_NSDS5_REPLCONFLICT, "Schema violation");
lmods = slapi_mods_get_ldapmods_passout(&smods);
slapi_pblock_set(pb, SLAPI_MODIFY_MODS, lmods);
slapi_mods_done(&smods);
} else {
*ldap_result_code = LDAP_OBJECT_CLASS_VIOLATION;
slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, ldap_result_message);
rc = -1;
goto done;
}
}
if(!repl_op){
/* check attribute syntax for the new values */
if (slapi_mods_syntax_check(pb, mods, 0) != 0) {
*ldap_result_code = LDAP_INVALID_SYNTAX;
slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, ldap_result_message);
rc = -1;
goto done;
}
/*
* make sure the entry contains all values in the RDN.
* if not, the modification must have removed them.
*/
if ( ! slapi_entry_rdn_values_present( ec->ep_entry ) ) {
*ldap_result_code= LDAP_NOT_ALLOWED_ON_RDN;
rc = -1;
goto done;
}
}
done:
slapi_mods_done( &smods );
return rc;
}
