1 /* $NetBSD: modrdn.c,v 1.4 2025/09/05 21:16:25 christos Exp $ */ 2 3 /* $OpenLDAP$ */ 4 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 5 * 6 * Copyright 1998-2024 The OpenLDAP Foundation. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted only as authorized by the OpenLDAP 11 * Public License. 12 * 13 * A copy of this license is available in the file LICENSE in the 14 * top-level directory of the distribution or, alternatively, at 15 * <http://www.OpenLDAP.org/license.html>. 16 */ 17 /* Portions Copyright 1999, Juan C. Gomez, All rights reserved. 18 * This software is not subject to any license of Silicon Graphics 19 * Inc. or Purdue University. 20 * 21 * Redistribution and use in source and binary forms are permitted 22 * without restriction or fee of any kind as long as this notice 23 * is preserved. 24 */ 25 /* Portions Copyright (c) 1995 Regents of the University of Michigan. 26 * All rights reserved. 27 * 28 * Redistribution and use in source and binary forms are permitted 29 * provided that this notice is preserved and that due credit is given 30 * to the University of Michigan at Ann Arbor. The name of the University 31 * may not be used to endorse or promote products derived from this 32 * software without specific prior written permission. This software 33 * is provided ``as is'' without express or implied warranty. 34 */ 35 36 #include <sys/cdefs.h> 37 __RCSID("$NetBSD: modrdn.c,v 1.4 2025/09/05 21:16:25 christos Exp $"); 38 39 #include "portable.h" 40 41 #include <stdio.h> 42 43 #include <ac/socket.h> 44 #include <ac/string.h> 45 46 #include "slap.h" 47 48 int 49 do_modrdn( 50 Operation *op, 51 SlapReply *rs 52 ) 53 { 54 struct berval dn = BER_BVNULL; 55 struct berval newrdn = BER_BVNULL; 56 struct berval newSuperior = BER_BVNULL; 57 ber_int_t deloldrdn; 58 59 struct berval pnewSuperior = BER_BVNULL; 60 61 struct berval nnewSuperior = BER_BVNULL; 62 struct berval dest_pdn, dest_pndn; 63 64 ber_len_t length; 65 66 Debug( LDAP_DEBUG_TRACE, "%s do_modrdn\n", 67 op->o_log_prefix ); 68 /* 69 * Parse the modrdn request. It looks like this: 70 * 71 * ModifyRDNRequest := SEQUENCE { 72 * entry DistinguishedName, 73 * newrdn RelativeDistinguishedName 74 * deleteoldrdn BOOLEAN, 75 * newSuperior [0] LDAPDN OPTIONAL (v3 Only!) 76 * } 77 */ 78 79 if ( ber_scanf( op->o_ber, "{mmb", &dn, &newrdn, &deloldrdn ) 80 == LBER_ERROR ) 81 { 82 Debug( LDAP_DEBUG_ANY, "%s do_modrdn: ber_scanf failed\n", 83 op->o_log_prefix ); 84 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" ); 85 return SLAPD_DISCONNECT; 86 } 87 88 /* Check for newSuperior parameter, if present scan it */ 89 90 if ( ber_peek_tag( op->o_ber, &length ) == LDAP_TAG_NEWSUPERIOR ) { 91 if ( op->o_protocol < LDAP_VERSION3 ) { 92 /* Connection record indicates v2 but field 93 * newSuperior is present: report error. 94 */ 95 Debug( LDAP_DEBUG_ANY, 96 "%s do_modrdn: newSuperior requires LDAPv3\n", 97 op->o_log_prefix ); 98 99 send_ldap_discon( op, rs, 100 LDAP_PROTOCOL_ERROR, "newSuperior requires LDAPv3" ); 101 rs->sr_err = SLAPD_DISCONNECT; 102 goto cleanup; 103 } 104 105 if ( ber_scanf( op->o_ber, "m", &newSuperior ) 106 == LBER_ERROR ) { 107 108 Debug( LDAP_DEBUG_ANY, "%s do_modrdn: ber_scanf(\"m\") failed\n", 109 op->o_log_prefix ); 110 111 send_ldap_discon( op, rs, 112 LDAP_PROTOCOL_ERROR, "decoding error" ); 113 rs->sr_err = SLAPD_DISCONNECT; 114 goto cleanup; 115 } 116 op->orr_newSup = &pnewSuperior; 117 op->orr_nnewSup = &nnewSuperior; 118 } 119 120 Debug( LDAP_DEBUG_ARGS, 121 "do_modrdn: dn (%s) newrdn (%s) newsuperior (%s)\n", 122 dn.bv_val, newrdn.bv_val, 123 newSuperior.bv_len ? newSuperior.bv_val : "" ); 124 125 if ( ber_scanf( op->o_ber, /*{*/ "}") == LBER_ERROR ) { 126 Debug( LDAP_DEBUG_ANY, "%s do_modrdn: ber_scanf failed\n", 127 op->o_log_prefix ); 128 send_ldap_discon( op, rs, 129 LDAP_PROTOCOL_ERROR, "decoding error" ); 130 rs->sr_err = SLAPD_DISCONNECT; 131 goto cleanup; 132 } 133 134 if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) { 135 Debug( LDAP_DEBUG_ANY, "%s do_modrdn: get_ctrls failed\n", 136 op->o_log_prefix ); 137 /* get_ctrls has sent results. Now clean up. */ 138 goto cleanup; 139 } 140 141 rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx ); 142 if( rs->sr_err != LDAP_SUCCESS ) { 143 Debug( LDAP_DEBUG_ANY, "%s do_modrdn: invalid dn (%s)\n", 144 op->o_log_prefix, dn.bv_val ); 145 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" ); 146 goto cleanup; 147 } 148 149 /* FIXME: should have/use rdnPretty / rdnNormalize routines */ 150 151 rs->sr_err = dnPrettyNormal( NULL, &newrdn, &op->orr_newrdn, &op->orr_nnewrdn, op->o_tmpmemctx ); 152 if( rs->sr_err != LDAP_SUCCESS ) { 153 Debug( LDAP_DEBUG_ANY, "%s do_modrdn: invalid newrdn (%s)\n", 154 op->o_log_prefix, newrdn.bv_val ); 155 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid new RDN" ); 156 goto cleanup; 157 } 158 159 if( rdn_validate( &op->orr_newrdn ) != LDAP_SUCCESS ) { 160 Debug( LDAP_DEBUG_ANY, "%s do_modrdn: invalid rdn (%s)\n", 161 op->o_log_prefix, op->orr_newrdn.bv_val ); 162 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid new RDN" ); 163 goto cleanup; 164 } 165 166 if( op->orr_newSup ) { 167 rs->sr_err = dnPrettyNormal( NULL, &newSuperior, &pnewSuperior, 168 &nnewSuperior, op->o_tmpmemctx ); 169 if( rs->sr_err != LDAP_SUCCESS ) { 170 Debug( LDAP_DEBUG_ANY, 171 "%s do_modrdn: invalid newSuperior (%s)\n", 172 op->o_log_prefix, newSuperior.bv_val ); 173 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid newSuperior" ); 174 goto cleanup; 175 } 176 177 dest_pdn = pnewSuperior; 178 dest_pndn = nnewSuperior; 179 } else { 180 dnParent( &op->o_req_dn, &dest_pdn ); 181 dnParent( &op->o_req_ndn, &dest_pndn ); 182 } 183 build_new_dn( &op->orr_newDN, &dest_pdn, &op->orr_newrdn, op->o_tmpmemctx ); 184 build_new_dn( &op->orr_nnewDN, &dest_pndn, &op->orr_nnewrdn, op->o_tmpmemctx ); 185 186 Debug( LDAP_DEBUG_STATS, "%s MODRDN dn=\"%s\"\n", 187 op->o_log_prefix, op->o_req_dn.bv_val ); 188 189 op->orr_deleteoldrdn = deloldrdn; 190 op->orr_modlist = NULL; 191 192 /* prepare modlist of modifications from old/new RDN */ 193 rs->sr_err = slap_modrdn2mods( op, rs ); 194 if ( rs->sr_err != LDAP_SUCCESS ) { 195 send_ldap_result( op, rs ); 196 goto cleanup; 197 } 198 199 op->o_bd = frontendDB; 200 rs->sr_err = frontendDB->be_modrdn( op, rs ); 201 202 if ( rs->sr_err == SLAPD_ASYNCOP ) { 203 /* skip cleanup */ 204 return rs->sr_err; 205 } 206 if( rs->sr_err == LDAP_TXN_SPECIFY_OKAY ) { 207 /* skip cleanup */ 208 return rs->sr_err; 209 } 210 211 cleanup: 212 op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx ); 213 op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx ); 214 215 op->o_tmpfree( op->orr_newrdn.bv_val, op->o_tmpmemctx ); 216 op->o_tmpfree( op->orr_nnewrdn.bv_val, op->o_tmpmemctx ); 217 218 op->o_tmpfree( op->orr_newDN.bv_val, op->o_tmpmemctx ); 219 op->o_tmpfree( op->orr_nnewDN.bv_val, op->o_tmpmemctx ); 220 221 if ( op->orr_modlist != NULL ) 222 slap_mods_free( op->orr_modlist, 1 ); 223 224 if ( !BER_BVISNULL( &pnewSuperior ) ) { 225 op->o_tmpfree( pnewSuperior.bv_val, op->o_tmpmemctx ); 226 } 227 if ( !BER_BVISNULL( &nnewSuperior ) ) { 228 op->o_tmpfree( nnewSuperior.bv_val, op->o_tmpmemctx ); 229 } 230 231 return rs->sr_err; 232 } 233 234 int 235 fe_op_modrdn( Operation *op, SlapReply *rs ) 236 { 237 struct berval pdn = BER_BVNULL; 238 BackendDB *op_be, *bd = op->o_bd; 239 ber_slen_t diff; 240 241 if( op->o_req_ndn.bv_len == 0 ) { 242 Debug( LDAP_DEBUG_ANY, "%s do_modrdn: root dse!\n", 243 op->o_log_prefix ); 244 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 245 "cannot rename the root DSE" ); 246 goto cleanup; 247 248 } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) { 249 Debug( LDAP_DEBUG_ANY, "%s do_modrdn: subschema subentry: %s (%ld)\n", 250 op->o_log_prefix, frontendDB->be_schemandn.bv_val, (long)frontendDB->be_schemandn.bv_len ); 251 252 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 253 "cannot rename subschema subentry" ); 254 goto cleanup; 255 } 256 257 diff = (ber_slen_t) op->orr_nnewDN.bv_len - (ber_slen_t) op->o_req_ndn.bv_len; 258 if ( diff > 0 ? dnIsSuffix( &op->orr_nnewDN, &op->o_req_ndn ) 259 : diff < 0 && dnIsSuffix( &op->o_req_ndn, &op->orr_nnewDN ) ) 260 { 261 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 262 diff > 0 ? "cannot place an entry below itself" 263 : "cannot place an entry above itself" ); 264 goto cleanup; 265 } 266 267 /* 268 * We could be serving multiple database backends. Select the 269 * appropriate one, or send a referral to our "referral server" 270 * if we don't hold it. 271 */ 272 op->o_bd = select_backend( &op->o_req_ndn, 1 ); 273 if ( op->o_bd == NULL ) { 274 op->o_bd = bd; 275 rs->sr_ref = referral_rewrite( default_referral, 276 NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); 277 if (!rs->sr_ref) rs->sr_ref = default_referral; 278 279 if ( rs->sr_ref != NULL ) { 280 rs->sr_err = LDAP_REFERRAL; 281 send_ldap_result( op, rs ); 282 283 if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref ); 284 } else { 285 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 286 "no global superior knowledge" ); 287 } 288 goto cleanup; 289 } 290 291 /* If we've got a glued backend, check the real backend */ 292 op_be = op->o_bd; 293 if ( SLAP_GLUE_INSTANCE( op->o_bd )) { 294 op->o_bd = select_backend( &op->o_req_ndn, 0 ); 295 } 296 297 /* check restrictions */ 298 if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { 299 send_ldap_result( op, rs ); 300 goto cleanup; 301 } 302 303 /* check for referrals */ 304 if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) { 305 goto cleanup; 306 } 307 308 /* check that destination DN is in the same backend as source DN */ 309 if ( select_backend( &op->orr_nnewDN, 0 ) != op->o_bd ) { 310 send_ldap_error( op, rs, LDAP_AFFECTS_MULTIPLE_DSAS, 311 "cannot rename between DSAs" ); 312 goto cleanup; 313 } 314 315 /* 316 * do the modrdn if 1 && (2 || 3) 317 * 1) there is a modrdn function implemented in this backend; 318 * 2) this backend is the provider for what it holds; 319 * 3) it's a replica and the dn supplied is the update_ndn. 320 */ 321 if ( op->o_bd->be_modrdn ) { 322 /* do the update here */ 323 int repl_user = be_isupdate( op ); 324 if ( !SLAP_SINGLE_SHADOW(op->o_bd) || repl_user ) 325 { 326 if ( op->o_txnSpec ) { 327 txn_preop( op, rs ); 328 goto cleanup; 329 } 330 331 op->o_bd = op_be; 332 op->o_bd->be_modrdn( op, rs ); 333 334 if ( op->o_bd->be_delete ) { 335 struct berval org_req_dn = BER_BVNULL; 336 struct berval org_req_ndn = BER_BVNULL; 337 struct berval org_dn = BER_BVNULL; 338 struct berval org_ndn = BER_BVNULL; 339 int org_managedsait; 340 341 org_req_dn = op->o_req_dn; 342 org_req_ndn = op->o_req_ndn; 343 org_dn = op->o_dn; 344 org_ndn = op->o_ndn; 345 org_managedsait = get_manageDSAit( op ); 346 op->o_dn = op->o_bd->be_rootdn; 347 op->o_ndn = op->o_bd->be_rootndn; 348 op->o_managedsait = SLAP_CONTROL_NONCRITICAL; 349 350 while ( rs->sr_err == LDAP_SUCCESS && 351 op->o_delete_glue_parent ) { 352 op->o_delete_glue_parent = 0; 353 if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) { 354 slap_callback cb = { NULL }; 355 cb.sc_response = slap_null_cb; 356 dnParent( &op->o_req_ndn, &pdn ); 357 op->o_req_dn = pdn; 358 op->o_req_ndn = pdn; 359 op->o_callback = &cb; 360 op->o_bd->be_delete( op, rs ); 361 } else { 362 break; 363 } 364 } 365 op->o_managedsait = org_managedsait; 366 op->o_dn = org_dn; 367 op->o_ndn = org_ndn; 368 op->o_req_dn = org_req_dn; 369 op->o_req_ndn = org_req_ndn; 370 op->o_delete_glue_parent = 0; 371 } 372 373 } else { 374 BerVarray defref = op->o_bd->be_update_refs 375 ? op->o_bd->be_update_refs : default_referral; 376 377 if ( defref != NULL ) { 378 rs->sr_ref = referral_rewrite( defref, 379 NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); 380 if (!rs->sr_ref) rs->sr_ref = defref; 381 382 rs->sr_err = LDAP_REFERRAL; 383 send_ldap_result( op, rs ); 384 385 if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref ); 386 } else { 387 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 388 "shadow context; no update referral" ); 389 } 390 } 391 } else { 392 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, 393 "operation not supported within namingContext" ); 394 } 395 396 cleanup:; 397 op->o_bd = bd; 398 return rs->sr_err; 399 } 400 401 /* extracted from slap_modrdn2mods() */ 402 static int 403 mod_op_add_val( 404 Operation *op, 405 AttributeDescription * const desc, 406 struct berval * const val, 407 short const sm_op ) 408 { 409 int rv = LDAP_SUCCESS; 410 Modifications *mod_tmp; 411 mod_tmp = ( Modifications * )ch_malloc( sizeof( Modifications ) ); 412 mod_tmp->sml_desc = desc; 413 BER_BVZERO( &mod_tmp->sml_type ); 414 mod_tmp->sml_numvals = 1; 415 mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); 416 ber_dupbv( &mod_tmp->sml_values[0], val ); 417 mod_tmp->sml_values[1].bv_val = NULL; 418 if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) { 419 mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); 420 rv = desc->ad_type->sat_equality->smr_normalize( 421 SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, 422 desc->ad_type->sat_syntax, 423 desc->ad_type->sat_equality, 424 &mod_tmp->sml_values[0], 425 &mod_tmp->sml_nvalues[0], NULL ); 426 if (rv != LDAP_SUCCESS) { 427 ch_free(mod_tmp->sml_nvalues); 428 ch_free(mod_tmp->sml_values[0].bv_val); 429 ch_free(mod_tmp->sml_values); 430 ch_free(mod_tmp); 431 goto done; 432 } 433 mod_tmp->sml_nvalues[1].bv_val = NULL; 434 } else { 435 mod_tmp->sml_nvalues = NULL; 436 } 437 mod_tmp->sml_op = sm_op; 438 mod_tmp->sml_flags = 0; 439 mod_tmp->sml_next = op->orr_modlist; 440 op->orr_modlist = mod_tmp; 441 done: 442 return rv; 443 } 444 445 int 446 slap_modrdn2mods( 447 Operation *op, 448 SlapReply *rs ) 449 { 450 int a_cnt, d_cnt; 451 LDAPRDN old_rdn = NULL; 452 LDAPRDN new_rdn = NULL; 453 454 assert( !BER_BVISEMPTY( &op->oq_modrdn.rs_newrdn ) ); 455 456 /* if requestDN is empty, silently reset deleteOldRDN */ 457 if ( BER_BVISEMPTY( &op->o_req_dn ) ) op->orr_deleteoldrdn = 0; 458 459 if ( ldap_bv2rdn_x( &op->oq_modrdn.rs_newrdn, &new_rdn, 460 (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) ) { 461 Debug( LDAP_DEBUG_TRACE, 462 "%s slap_modrdn2mods: can't figure out " 463 "type(s)/value(s) of newrdn\n", 464 op->o_log_prefix ); 465 rs->sr_err = LDAP_INVALID_DN_SYNTAX; 466 rs->sr_text = "unknown type(s)/value(s) used in RDN"; 467 goto done; 468 } 469 470 if ( op->oq_modrdn.rs_deleteoldrdn ) { 471 if ( ldap_bv2rdn_x( &op->o_req_dn, &old_rdn, 472 (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) ) { 473 Debug( LDAP_DEBUG_TRACE, 474 "%s slap_modrdn2mods: can't figure out " 475 "type(s)/value(s) of oldrdn\n", 476 op->o_log_prefix ); 477 rs->sr_err = LDAP_OTHER; 478 rs->sr_text = "cannot parse RDN from old DN"; 479 goto done; 480 } 481 } 482 rs->sr_text = NULL; 483 484 /* Add new attribute values to the entry */ 485 for ( a_cnt = 0; new_rdn[a_cnt]; a_cnt++ ) { 486 AttributeDescription *desc = NULL; 487 488 rs->sr_err = slap_bv2ad( &new_rdn[a_cnt]->la_attr, &desc, &rs->sr_text ); 489 490 if ( rs->sr_err != LDAP_SUCCESS ) { 491 Debug( LDAP_DEBUG_TRACE, 492 "%s slap_modrdn2mods: %s: %s (new)\n", 493 op->o_log_prefix, 494 rs->sr_text, 495 new_rdn[ a_cnt ]->la_attr.bv_val ); 496 goto done; 497 } 498 499 if ( !desc->ad_type->sat_equality ) { 500 Debug( LDAP_DEBUG_TRACE, 501 "%s slap_modrdn2mods: %s: %s (new)\n", 502 op->o_log_prefix, 503 rs->sr_text, 504 new_rdn[ a_cnt ]->la_attr.bv_val ); 505 rs->sr_text = "naming attribute has no equality matching rule"; 506 rs->sr_err = LDAP_NAMING_VIOLATION; 507 goto done; 508 } 509 510 /* Apply modification */ 511 rs->sr_err = mod_op_add_val( op, desc, &new_rdn[a_cnt]->la_value, SLAP_MOD_SOFTADD ); 512 if (rs->sr_err != LDAP_SUCCESS) 513 goto done; 514 } 515 516 /* Remove old rdn value if required */ 517 if ( op->orr_deleteoldrdn ) { 518 for ( d_cnt = 0; old_rdn[d_cnt]; d_cnt++ ) { 519 AttributeDescription *desc = NULL; 520 521 rs->sr_err = slap_bv2ad( &old_rdn[d_cnt]->la_attr, &desc, &rs->sr_text ); 522 if ( rs->sr_err != LDAP_SUCCESS ) { 523 Debug( LDAP_DEBUG_TRACE, 524 "%s slap_modrdn2mods: %s: %s (old)\n", 525 op->o_log_prefix, 526 rs->sr_text, 527 old_rdn[d_cnt]->la_attr.bv_val ); 528 goto done; 529 } 530 531 /* Apply modification */ 532 rs->sr_err = mod_op_add_val( op, desc, &old_rdn[d_cnt]->la_value, LDAP_MOD_DELETE ); 533 if (rs->sr_err != LDAP_SUCCESS) 534 goto done; 535 } 536 } 537 538 done: 539 540 /* LDAP v2 supporting correct attribute handling. */ 541 if ( rs->sr_err != LDAP_SUCCESS && op->orr_modlist != NULL ) { 542 slap_mods_free( op->orr_modlist, 1 ); 543 op->orr_modlist = NULL; 544 } 545 546 if ( new_rdn != NULL ) { 547 ldap_rdnfree_x( new_rdn, op->o_tmpmemctx ); 548 } 549 if ( old_rdn != NULL ) { 550 ldap_rdnfree_x( old_rdn, op->o_tmpmemctx ); 551 } 552 553 return rs->sr_err; 554 } 555 556
Indexes created Thu Jun 11 00:25:07 UTC 2026