1 /* $NetBSD: modify.c,v 1.3 2021/08/14 16:15:00 christos Exp $ */
2
3 /* $OpenLDAP$ */
4 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 *
6 * Copyright 1999-2021 The OpenLDAP Foundation.
7 * Portions Copyright 2001-2003 Pierangelo Masarati.
8 * Portions Copyright 1999-2003 Howard Chu.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted only as authorized by the OpenLDAP
13 * Public License.
14 *
15 * A copy of this license is available in the file LICENSE in the
16 * top-level directory of the distribution or, alternatively, at
17 * <http://www.OpenLDAP.org/license.html>.
18 */
19 /* ACKNOWLEDGEMENTS:
20 * This work was initially developed by the Howard Chu for inclusion
21 * in OpenLDAP Software and subsequently enhanced by Pierangelo
22 * Masarati.
23 */
24
25 #include <sys/cdefs.h>
26 __RCSID("$NetBSD: modify.c,v 1.3 2021/08/14 16:15:00 christos Exp $");
27
28 #include "portable.h"
29
30 #include <stdio.h>
31
32 #include <ac/string.h>
33 #include <ac/socket.h>
34
35 #include "slap.h"
36 #include "../back-ldap/back-ldap.h"
37 #include "back-meta.h"
38
39 int
meta_back_modify(Operation * op,SlapReply * rs)40 meta_back_modify( Operation *op, SlapReply *rs )
41 {
42 metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
43 metatarget_t *mt;
44 metaconn_t *mc;
45 int rc = 0;
46 LDAPMod **modv = NULL;
47 LDAPMod *mods = NULL;
48 Modifications *ml;
49 int candidate = -1, i;
50 int isupdate;
51 struct berval mdn = BER_BVNULL;
52 struct berval mapped;
53 dncookie dc;
54 int msgid;
55 ldap_back_send_t retrying = LDAP_BACK_RETRYING;
56 LDAPControl **ctrls = NULL;
57
58 mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
59 if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
60 return rs->sr_err;
61 }
62
63 assert( mc->mc_conns[ candidate ].msc_ld != NULL );
64
65 /*
66 * Rewrite the modify dn, if needed
67 */
68 mt = mi->mi_targets[ candidate ];
69 dc.target = mt;
70 dc.conn = op->o_conn;
71 dc.rs = rs;
72 dc.ctx = "modifyDN";
73
74 if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
75 send_ldap_result( op, rs );
76 goto cleanup;
77 }
78
79 for ( i = 0, ml = op->orm_modlist; ml; i++ ,ml = ml->sml_next )
80 ;
81
82 mods = ch_malloc( sizeof( LDAPMod )*i );
83 if ( mods == NULL ) {
84 rs->sr_err = LDAP_OTHER;
85 send_ldap_result( op, rs );
86 goto cleanup;
87 }
88 modv = ( LDAPMod ** )ch_malloc( ( i + 1 )*sizeof( LDAPMod * ) );
89 if ( modv == NULL ) {
90 rs->sr_err = LDAP_OTHER;
91 send_ldap_result( op, rs );
92 goto cleanup;
93 }
94
95 dc.ctx = "modifyAttrDN";
96 isupdate = be_shadow_update( op );
97 for ( i = 0, ml = op->orm_modlist; ml; ml = ml->sml_next ) {
98 int j, is_oc = 0;
99
100 if ( !isupdate && !get_relax( op ) && ml->sml_desc->ad_type->sat_no_user_mod )
101 {
102 continue;
103 }
104
105 if ( ml->sml_desc == slap_schema.si_ad_objectClass
106 || ml->sml_desc == slap_schema.si_ad_structuralObjectClass )
107 {
108 is_oc = 1;
109 mapped = ml->sml_desc->ad_cname;
110
111 } else {
112 ldap_back_map( &mt->mt_rwmap.rwm_at,
113 &ml->sml_desc->ad_cname, &mapped,
114 BACKLDAP_MAP );
115 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
116 continue;
117 }
118 }
119
120 modv[ i ] = &mods[ i ];
121 mods[ i ].mod_op = ml->sml_op | LDAP_MOD_BVALUES;
122 mods[ i ].mod_type = mapped.bv_val;
123
124 /*
125 * FIXME: dn-valued attrs should be rewritten
126 * to allow their use in ACLs at the back-ldap
127 * level.
128 */
129 if ( ml->sml_values != NULL ) {
130 if ( is_oc ) {
131 for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
132 ;
133 mods[ i ].mod_bvalues =
134 (struct berval **)ch_malloc( ( j + 1 ) *
135 sizeof( struct berval * ) );
136 for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); ) {
137 struct ldapmapping *mapping;
138
139 ldap_back_mapping( &mt->mt_rwmap.rwm_oc,
140 &ml->sml_values[ j ], &mapping, BACKLDAP_MAP );
141
142 if ( mapping == NULL ) {
143 if ( mt->mt_rwmap.rwm_oc.drop_missing ) {
144 continue;
145 }
146 mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
147
148 } else {
149 mods[ i ].mod_bvalues[ j ] = &mapping->dst;
150 }
151 j++;
152 }
153 mods[ i ].mod_bvalues[ j ] = NULL;
154
155 } else {
156 if ( ml->sml_desc->ad_type->sat_syntax ==
157 slap_schema.si_syn_distinguishedName )
158 {
159 ( void )ldap_dnattr_rewrite( &dc, ml->sml_values );
160 if ( ml->sml_values == NULL ) {
161 continue;
162 }
163 }
164
165 for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
166 ;
167 mods[ i ].mod_bvalues =
168 (struct berval **)ch_malloc( ( j + 1 ) *
169 sizeof( struct berval * ) );
170 for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ ) {
171 mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
172 }
173 mods[ i ].mod_bvalues[ j ] = NULL;
174 }
175
176 } else {
177 mods[ i ].mod_bvalues = NULL;
178 }
179
180 i++;
181 }
182 modv[ i ] = 0;
183
184 retry:;
185 ctrls = op->o_ctrls;
186 rc = meta_back_controls_add( op, rs, mc, candidate, &ctrls );
187 if ( rc != LDAP_SUCCESS ) {
188 send_ldap_result( op, rs );
189 goto cleanup;
190 }
191
192 rs->sr_err = ldap_modify_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
193 modv, ctrls, NULL, &msgid );
194 rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
195 mt->mt_timeout[ SLAP_OP_MODIFY ], ( LDAP_BACK_SENDRESULT | retrying ) );
196 if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
197 retrying &= ~LDAP_BACK_RETRYING;
198 if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
199 /* if the identity changed, there might be need to re-authz */
200 (void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
201 goto retry;
202 }
203 }
204
205 cleanup:;
206 (void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
207
208 if ( mdn.bv_val != op->o_req_dn.bv_val ) {
209 free( mdn.bv_val );
210 BER_BVZERO( &mdn );
211 }
212 if ( modv != NULL ) {
213 for ( i = 0; modv[ i ]; i++ ) {
214 free( modv[ i ]->mod_bvalues );
215 }
216 }
217 free( mods );
218 free( modv );
219
220 if ( mc ) {
221 meta_back_release_conn( mi, mc );
222 }
223
224 return rs->sr_err;
225 }
226
227