📄 modrdn.c
字号:
/* modrdn.c - ldbm backend modrdn routine *//* $OpenLDAP: pkg/ldap/servers/slapd/back-ldbm/modrdn.c,v 1.30.2.15 2001/12/07 16:15:05 kurt Exp $ *//* * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file *//* * LDAP v3 newSuperior support. Add new rdn as an attribute. * (Full support for v2 also used software/ideas contributed * by Roy Hooper rhooper@cyberus.ca, thanks to him for his * submission!.) * * Copyright 1999, Juan C. Gomez, All rights reserved. * This software is not subject to any license of Silicon Graphics * Inc. or Purdue University. * * Redistribution and use in source and binary forms are permitted * without restriction or fee of any kind as long as this notice * is preserved. * */#include "portable.h"#include <stdio.h>#include <ac/string.h>#include <ac/socket.h>#include "slap.h"#include "back-ldbm.h"#include "proto-back-ldbm.h"intldbm_back_modrdn( Backend *be, Connection *conn, Operation *op, const char *dn, const char *ndn, const char *newrdn, int deleteoldrdn, const char *newSuperior){ AttributeDescription *children = slap_schema.si_ad_children; struct ldbminfo *li = (struct ldbminfo *) be->be_private; char *p_dn = NULL, *p_ndn = NULL; char *new_dn = NULL, *new_ndn = NULL; Entry *e, *p = NULL; Entry *matched; int isroot = -1; int rootlock = 0;#define CAN_ROLLBACK -1#define MUST_DESTROY 1 int rc = CAN_ROLLBACK; int rc_id = 0; ID id = NOID; const char *text = NULL; char textbuf[SLAP_TEXT_BUFLEN]; size_t textlen = sizeof textbuf; /* Added to support LDAP v2 correctly (deleteoldrdn thing) */ char **new_rdn_vals = NULL; /* Vals of new rdn */ char **new_rdn_types = NULL; /* Types of new rdn */ int a_cnt, d_cnt; char *old_rdn = NULL; /* Old rdn's attr type & val */ char **old_rdn_types = NULL; /* Types of old rdn attrs. */ char **old_rdn_vals = NULL; /* Old rdn attribute values */ /* Added to support newSuperior */ Entry *np = NULL; /* newSuperior Entry */ char *np_dn = NULL; /* newSuperior dn */ char *np_ndn = NULL; /* newSuperior ndn */ char *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */ /* Used to interface with ldbm_modify_internal() */ Modifications *mod = NULL; /* Used to delete old/add new rdn */ int manageDSAit = get_manageDSAit( op ); Debug( LDAP_DEBUG_TRACE, "==>ldbm_back_modrdn(newSuperior=%s)\n", (newSuperior ? newSuperior : "NULL"), 0, 0 ); /* get entry with writer lock */ if ( (e = dn2entry_w( be, ndn, &matched )) == NULL ) { char* matched_dn = NULL; struct berval** refs = NULL; if( matched != NULL ) { matched_dn = strdup( matched->e_dn ); refs = is_entry_referral( matched ) ? get_entry_referrals( be, conn, op, matched ) : NULL; cache_return_entry_r( &li->li_cache, matched ); } else { refs = default_referral; } send_ldap_result( conn, op, LDAP_REFERRAL, matched_dn, NULL, refs, NULL ); if ( matched != NULL ) { ber_bvecfree( refs ); free( matched_dn ); } return( -1 ); } if (!manageDSAit && is_entry_referral( e ) ) { /* parent is a referral, don't allow add */ /* parent is an alias, don't allow add */ struct berval **refs = get_entry_referrals( be, conn, op, e ); Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 ); send_ldap_result( conn, op, LDAP_REFERRAL, e->e_dn, NULL, refs, NULL ); ber_bvecfree( refs ); goto return_results; } if ( has_children( be, e ) ) { Debug( LDAP_DEBUG_TRACE, "entry %s referral\n", e->e_dn, 0, 0 ); send_ldap_result( conn, op, LDAP_NOT_ALLOWED_ON_NONLEAF, NULL, "subtree rename not supported", NULL, NULL ); goto return_results; } if ( (p_ndn = dn_parent( be, e->e_ndn )) != NULL && p_ndn[0] != '\0' ) { /* Make sure parent entry exist and we can write its * children. */ if( (p = dn2entry_w( be, p_ndn, NULL )) == NULL) { Debug( LDAP_DEBUG_TRACE, "parent does not exist\n", 0, 0, 0); send_ldap_result( conn, op, LDAP_OTHER, NULL, "parent entry does not exist", NULL, NULL ); goto return_results; } /* check parent for "children" acl */ if ( ! access_allowed( be, conn, op, p, children, NULL, ACL_WRITE ) ) { Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0, 0, 0 ); send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL ); goto return_results; } Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: wr to children of entry %s OK\n", p_ndn, 0, 0 ); p_dn = dn_parent( be, e->e_dn ); Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: parent dn=%s\n", p_dn, 0, 0 ); } else { /* no parent, must be root to modify rdn */ isroot = be_isroot( be, op->o_ndn ); if ( ! be_isroot ) { if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) { static const Entry rootp = { NOID, "", "", NULL, NULL }; p = (Entry *)&rootp; rc = access_allowed( be, conn, op, p, children, NULL, ACL_WRITE ); p = NULL; /* check parent for "children" acl */ if ( ! rc ) { Debug( LDAP_DEBUG_TRACE, "<=- ldbm_back_modrdn: no " "access to parent\n", 0, 0, 0 ); send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL ); goto return_results; } } else { Debug( LDAP_DEBUG_TRACE, "<=- ldbm_back_modrdn: no parent & " "not root\n", 0, 0, 0); send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL ); goto return_results; } } ldap_pvt_thread_mutex_lock(&li->li_root_mutex); rootlock = 1; Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: no parent, locked root\n", 0, 0, 0 ); } new_parent_dn = p_dn; /* New Parent unless newSuperior given */ if ( newSuperior != NULL ) { Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new parent \"%s\" requested...\n", newSuperior, 0, 0 ); np_dn = ch_strdup( newSuperior ); np_ndn = ch_strdup( np_dn ); (void) dn_normalize( np_ndn ); /* newSuperior == oldParent? */ if ( strcmp( p_ndn, np_ndn ) == 0 ) { Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: new parent \"%s\" seems to be the same as old parent \"%s\"...\n", newSuperior, p_dn, 0 ); newSuperior = NULL; /* ignore newSuperior */ } } if ( newSuperior != NULL ) { /* newSuperior == entry being moved?, if so ==> ERROR */ /* Get Entry with dn=newSuperior. Does newSuperior exist? */ if ( newSuperior[ 0 ] != '\0' ) { if( (np = dn2entry_w( be, np_ndn, NULL )) == NULL) { Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: newSup(ndn=%s) not here!\n", np_ndn, 0, 0); send_ldap_result( conn, op, LDAP_OTHER, NULL, "newSuperior not found", NULL, NULL ); goto return_results; } Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: wr to new parent OK np=%p, id=%ld\n", np, np->e_id, 0 ); /* check newSuperior for "children" acl */ if ( !access_allowed( be, conn, op, np, children, NULL, ACL_WRITE ) ) { Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: no wr to newSup children\n", 0, 0, 0 ); send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL ); goto return_results; } if ( is_entry_alias( np ) ) { /* parent is an alias, don't allow add */ Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 ); send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, NULL, "newSuperior is an alias", NULL, NULL ); goto return_results; } if ( is_entry_referral( np ) ) { /* parent is a referral, don't allow add */ Debug( LDAP_DEBUG_TRACE, "entry (%s) is referral\n", np->e_dn, 0, 0 ); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, "newSuperior is a referral", NULL, NULL ); goto return_results; } } else { /* no parent, must be root to modify newSuperior */ if ( isroot == -1 ) { isroot = be_isroot( be, op->o_ndn ); } if ( ! be_isroot ) { if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) { static const Entry rootp = { NOID, "", "", NULL, NULL }; np = (Entry *)&rootp; rc = access_allowed( be, conn, op, np, children, NULL, ACL_WRITE ); np = NULL; /* check parent for "children" acl */ if ( ! rc ) { Debug( LDAP_DEBUG_TRACE, "<=- ldbm_back_modrdn: no " "access to new superior\n", 0, 0, 0 ); send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL ); goto return_results; } } else { Debug( LDAP_DEBUG_TRACE, "<=- ldbm_back_modrdn: \"\" " "not allowed as new superior\n", 0, 0, 0); send_ldap_result( conn, op, ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -