xref: /netbsd-src/external/bsd/openldap/dist/servers/slapd/back-mdb/modrdn.c (revision 549b59ed3ccf0d36d3097190a0db27b770f3a839) 
1 /*	$NetBSD: modrdn.c,v 1.3 2021/08/14 16:15:00 christos Exp $	*/
2 
3 /* modrdn.c - mdb backend modrdn routine */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6  *
7  * Copyright 2000-2021 The OpenLDAP Foundation.
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted only as authorized by the OpenLDAP
12  * Public License.
13  *
14  * A copy of this license is available in the file LICENSE in the
15  * top-level directory of the distribution or, alternatively, at
16  * <http://www.OpenLDAP.org/license.html>.
17  */
18 
19 #include <sys/cdefs.h>
20 __RCSID("$NetBSD: modrdn.c,v 1.3 2021/08/14 16:15:00 christos Exp $");
21 
22 #include "portable.h"
23 
24 #include <stdio.h>
25 #include <ac/string.h>
26 
27 #include "back-mdb.h"
28 
29 int
mdb_modrdn(Operation * op,SlapReply * rs)30 mdb_modrdn( Operation	*op, SlapReply *rs )
31 {
32 	struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
33 	AttributeDescription *children = slap_schema.si_ad_children;
34 	AttributeDescription *entry = slap_schema.si_ad_entry;
35 	struct berval	p_dn, p_ndn;
36 	struct berval	new_dn = {0, NULL}, new_ndn = {0, NULL};
37 	Entry		*e = NULL;
38 	Entry		*p = NULL;
39 	/* LDAP v2 supporting correct attribute handling. */
40 	char textbuf[SLAP_TEXT_BUFLEN];
41 	size_t textlen = sizeof textbuf;
42 	MDB_txn		*txn = NULL;
43 	MDB_cursor	*mc;
44 	struct mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo;
45 	Entry dummy = {0};
46 
47 	Entry		*np = NULL;			/* newSuperior Entry */
48 	struct berval	*np_dn = NULL;			/* newSuperior dn */
49 	struct berval	*np_ndn = NULL;			/* newSuperior ndn */
50 	struct berval	*new_parent_dn = NULL;	/* np_dn, p_dn, or NULL */
51 
52 	int		manageDSAit = get_manageDSAit( op );
53 
54 	ID nid, nsubs;
55 	LDAPControl **preread_ctrl = NULL;
56 	LDAPControl **postread_ctrl = NULL;
57 	LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
58 	int num_ctrls = 0;
59 
60 	int parent_is_glue = 0;
61 	int parent_is_leaf = 0;
62 
63 	Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(mdb_modrdn) "(%s,%s,%s)\n",
64 		op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
65 		op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
66 
67 	ctrls[num_ctrls] = NULL;
68 
69 	/* begin transaction */
70 	rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi );
71 	rs->sr_text = NULL;
72 	if( rs->sr_err != 0 ) {
73 		Debug( LDAP_DEBUG_TRACE,
74 			LDAP_XSTRING(mdb_modrdn) ": txn_begin failed: "
75 			"%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err );
76 		rs->sr_err = LDAP_OTHER;
77 		rs->sr_text = "internal error";
78 		goto return_results;
79 	}
80 	txn = moi->moi_txn;
81 
82 	slap_mods_opattrs( op, &op->orr_modlist, 1 );
83 
84 	if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
85 #ifdef MDB_MULTIPLE_SUFFIXES
86 		/* Allow renaming one suffix entry to another */
87 		p_ndn = slap_empty_bv;
88 #else
89 		/* There can only be one suffix entry */
90 		rs->sr_err = LDAP_NAMING_VIOLATION;
91 		rs->sr_text = "cannot rename suffix entry";
92 		goto return_results;
93 #endif
94 	} else {
95 		dnParent( &op->o_req_ndn, &p_ndn );
96 	}
97 	np_ndn = &p_ndn;
98 	/* Make sure parent entry exist and we can write its
99 	 * children.
100 	 */
101 	rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mc );
102 	if ( rs->sr_err != 0 ) {
103 		Debug(LDAP_DEBUG_TRACE,
104 			"<=- " LDAP_XSTRING(mdb_modrdn)
105 			": cursor_open failed: %s (%d)\n",
106 			mdb_strerror(rs->sr_err), rs->sr_err );
107 		rs->sr_err = LDAP_OTHER;
108 		rs->sr_text = "DN cursor_open failed";
109 		goto return_results;
110 	}
111 	rs->sr_err = mdb_dn2entry( op, txn, mc, &p_ndn, &p, NULL, 0 );
112 	switch( rs->sr_err ) {
113 	case MDB_NOTFOUND:
114 		Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn)
115 			": parent does not exist\n" );
116 		rs->sr_ref = referral_rewrite( default_referral, NULL,
117 					&op->o_req_dn, LDAP_SCOPE_DEFAULT );
118 		rs->sr_err = LDAP_REFERRAL;
119 
120 		send_ldap_result( op, rs );
121 
122 		ber_bvarray_free( rs->sr_ref );
123 		goto done;
124 	case 0:
125 		break;
126 	case LDAP_BUSY:
127 		rs->sr_text = "ldap server busy";
128 		goto return_results;
129 	default:
130 		rs->sr_err = LDAP_OTHER;
131 		rs->sr_text = "internal error";
132 		goto return_results;
133 	}
134 
135 	/* check parent for "children" acl */
136 	rs->sr_err = access_allowed( op, p,
137 		children, NULL,
138 		op->oq_modrdn.rs_newSup == NULL ?
139 			ACL_WRITE : ACL_WDEL,
140 		NULL );
141 
142 	if ( ! rs->sr_err ) {
143 		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
144 		Debug( LDAP_DEBUG_TRACE, "no access to parent\n" );
145 		rs->sr_text = "no write access to parent's children";
146 		goto return_results;
147 	}
148 
149 	Debug( LDAP_DEBUG_TRACE,
150 		LDAP_XSTRING(mdb_modrdn) ": wr to children "
151 		"of entry %s OK\n", p_ndn.bv_val );
152 
153 	if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
154 		p_dn = slap_empty_bv;
155 	} else {
156 		dnParent( &op->o_req_dn, &p_dn );
157 	}
158 
159 	Debug( LDAP_DEBUG_TRACE,
160 		LDAP_XSTRING(mdb_modrdn) ": parent dn=%s\n",
161 		p_dn.bv_val );
162 
163 	/* get entry */
164 	rs->sr_err = mdb_dn2entry( op, txn, mc, &op->o_req_ndn, &e, &nsubs, 0 );
165 	switch( rs->sr_err ) {
166 	case MDB_NOTFOUND:
167 		e = p;
168 		p = NULL;
169 	case 0:
170 		break;
171 	case LDAP_BUSY:
172 		rs->sr_text = "ldap server busy";
173 		goto return_results;
174 	default:
175 		rs->sr_err = LDAP_OTHER;
176 		rs->sr_text = "internal error";
177 		goto return_results;
178 	}
179 
180 	/* FIXME: dn2entry() should return non-glue entry */
181 	if (( rs->sr_err == MDB_NOTFOUND ) ||
182 		( !manageDSAit && e && is_entry_glue( e )))
183 	{
184 		if( e != NULL ) {
185 			rs->sr_matched = ch_strdup( e->e_dn );
186 			if ( is_entry_referral( e )) {
187 				BerVarray ref = get_entry_referrals( op, e );
188 				rs->sr_ref = referral_rewrite( ref, &e->e_name,
189 					&op->o_req_dn, LDAP_SCOPE_DEFAULT );
190 				ber_bvarray_free( ref );
191 			} else {
192 				rs->sr_ref = NULL;
193 			}
194 			mdb_entry_return( op, e );
195 			e = NULL;
196 
197 		} else {
198 			rs->sr_ref = referral_rewrite( default_referral, NULL,
199 					&op->o_req_dn, LDAP_SCOPE_DEFAULT );
200 		}
201 
202 		rs->sr_err = LDAP_REFERRAL;
203 		send_ldap_result( op, rs );
204 
205 		ber_bvarray_free( rs->sr_ref );
206 		free( (char *)rs->sr_matched );
207 		rs->sr_ref = NULL;
208 		rs->sr_matched = NULL;
209 
210 		goto done;
211 	}
212 
213 	if ( get_assert( op ) &&
214 		( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
215 	{
216 		rs->sr_err = LDAP_ASSERTION_FAILED;
217 		goto return_results;
218 	}
219 
220 	/* check write on old entry */
221 	rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL );
222 	if ( ! rs->sr_err ) {
223 		Debug( LDAP_DEBUG_TRACE, "no access to entry\n" );
224 		rs->sr_text = "no write access to old entry";
225 		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
226 		goto return_results;
227 	}
228 
229 	if (!manageDSAit && is_entry_referral( e ) ) {
230 		/* entry is a referral, don't allow rename */
231 		rs->sr_ref = get_entry_referrals( op, e );
232 
233 		Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn)
234 			": entry %s is referral\n", e->e_dn );
235 
236 		rs->sr_err = LDAP_REFERRAL,
237 		rs->sr_matched = e->e_name.bv_val;
238 		send_ldap_result( op, rs );
239 
240 		ber_bvarray_free( rs->sr_ref );
241 		rs->sr_ref = NULL;
242 		rs->sr_matched = NULL;
243 		goto done;
244 	}
245 
246 	new_parent_dn = &p_dn;	/* New Parent unless newSuperior given */
247 
248 	if ( op->oq_modrdn.rs_newSup != NULL ) {
249 		Debug( LDAP_DEBUG_TRACE,
250 			LDAP_XSTRING(mdb_modrdn)
251 			": new parent \"%s\" requested...\n",
252 			op->oq_modrdn.rs_newSup->bv_val );
253 
254 		/*  newSuperior == oldParent? */
255 		if( dn_match( &p_ndn, op->oq_modrdn.rs_nnewSup ) ) {
256 			Debug( LDAP_DEBUG_TRACE, "mdb_back_modrdn: "
257 				"new parent \"%s\" same as the old parent \"%s\"\n",
258 				op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val );
259 			op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
260 		}
261 	}
262 
263 	/* There's a MDB_MULTIPLE_SUFFIXES case here that this code doesn't
264 	 * support. E.g., two suffixes dc=foo,dc=com and dc=bar,dc=net.
265 	 * We do not allow modDN
266 	 *   dc=foo,dc=com
267 	 *    newrdn dc=bar
268 	 *    newsup dc=net
269 	 * and we probably should. But since MULTIPLE_SUFFIXES is deprecated
270 	 * I'm ignoring this problem for now.
271 	 */
272 	if ( op->oq_modrdn.rs_newSup != NULL ) {
273 		if ( op->oq_modrdn.rs_newSup->bv_len ) {
274 			np_dn = op->oq_modrdn.rs_newSup;
275 			np_ndn = op->oq_modrdn.rs_nnewSup;
276 
277 			/* newSuperior == oldParent? - checked above */
278 			/* newSuperior == entry being moved?, if so ==> ERROR */
279 			if ( dnIsSuffix( np_ndn, &e->e_nname )) {
280 				rs->sr_err = LDAP_NO_SUCH_OBJECT;
281 				rs->sr_text = "new superior not found";
282 				goto return_results;
283 			}
284 			/* Get Entry with dn=newSuperior. Does newSuperior exist? */
285 			rs->sr_err = mdb_dn2entry( op, txn, NULL, np_ndn, &np, NULL, 0 );
286 
287 			switch( rs->sr_err ) {
288 			case 0:
289 				break;
290 			case MDB_NOTFOUND:
291 				Debug( LDAP_DEBUG_TRACE,
292 					LDAP_XSTRING(mdb_modrdn)
293 					": newSup(ndn=%s) not here!\n",
294 					np_ndn->bv_val );
295 				rs->sr_text = "new superior not found";
296 				rs->sr_err = LDAP_NO_SUCH_OBJECT;
297 				goto return_results;
298 			case LDAP_BUSY:
299 				rs->sr_text = "ldap server busy";
300 				goto return_results;
301 			default:
302 				rs->sr_err = LDAP_OTHER;
303 				rs->sr_text = "internal error";
304 				goto return_results;
305 			}
306 
307 			/* check newSuperior for "children" acl */
308 			rs->sr_err = access_allowed( op, np, children,
309 				NULL, ACL_WADD, NULL );
310 
311 			if( ! rs->sr_err ) {
312 				Debug( LDAP_DEBUG_TRACE,
313 					LDAP_XSTRING(mdb_modrdn)
314 					": no wr to newSup children\n" );
315 				rs->sr_text = "no write access to new superior's children";
316 				rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
317 				goto return_results;
318 			}
319 
320 			Debug( LDAP_DEBUG_TRACE,
321 				LDAP_XSTRING(mdb_modrdn)
322 				": wr to new parent OK np=%p, id=%ld\n",
323 				(void *) np, (long) np->e_id );
324 
325 			if ( is_entry_alias( np ) ) {
326 				/* parent is an alias, don't allow add */
327 				Debug( LDAP_DEBUG_TRACE,
328 					LDAP_XSTRING(mdb_modrdn)
329 					": entry is alias\n" );
330 				rs->sr_text = "new superior is an alias";
331 				rs->sr_err = LDAP_ALIAS_PROBLEM;
332 				goto return_results;
333 			}
334 
335 			if ( is_entry_referral( np ) ) {
336 				/* parent is a referral, don't allow add */
337 				Debug( LDAP_DEBUG_TRACE,
338 					LDAP_XSTRING(mdb_modrdn)
339 					": entry is referral\n" );
340 				rs->sr_text = "new superior is a referral";
341 				rs->sr_err = LDAP_OTHER;
342 				goto return_results;
343 			}
344 			np_dn = &np->e_name;
345 
346 		} else {
347 			np_dn = NULL;
348 
349 			/* no parent, modrdn entry directly under root */
350 			if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
351 				|| be_isupdate( op ) ) {
352 				np = (Entry *)&slap_entry_root;
353 
354 				/* check parent for "children" acl */
355 				rs->sr_err = access_allowed( op, np,
356 					children, NULL, ACL_WADD, NULL );
357 
358 				np = NULL;
359 
360 				if ( ! rs->sr_err ) {
361 					rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
362 					Debug( LDAP_DEBUG_TRACE,
363 						"no access to new superior\n" );
364 					rs->sr_text =
365 						"no write access to new superior's children";
366 					goto return_results;
367 				}
368 			}
369 		}
370 
371 		Debug( LDAP_DEBUG_TRACE,
372 			LDAP_XSTRING(mdb_modrdn)
373 			": wr to new parent's children OK\n" );
374 
375 		new_parent_dn = np_dn;
376 	}
377 
378 	/* Build target dn and make sure target entry doesn't exist already. */
379 	if (!new_dn.bv_val) {
380 		build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, op->o_tmpmemctx );
381 	}
382 
383 	if (!new_ndn.bv_val) {
384 		dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, op->o_tmpmemctx );
385 	}
386 
387 	Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_modrdn) ": new ndn=%s\n",
388 		new_ndn.bv_val );
389 
390 	/* Shortcut the search */
391 	rs->sr_err = mdb_dn2id ( op, txn, NULL, &new_ndn, &nid, NULL, NULL, NULL );
392 	switch( rs->sr_err ) {
393 	case MDB_NOTFOUND:
394 		break;
395 	case 0:
396 		/* Allow rename to same DN */
397 		if ( nid == e->e_id )
398 			break;
399 		rs->sr_err = LDAP_ALREADY_EXISTS;
400 		goto return_results;
401 	default:
402 		rs->sr_err = LDAP_OTHER;
403 		rs->sr_text = "internal error";
404 		goto return_results;
405 	}
406 
407 	if( op->o_preread ) {
408 		if( preread_ctrl == NULL ) {
409 			preread_ctrl = &ctrls[num_ctrls++];
410 			ctrls[num_ctrls] = NULL;
411 		}
412 		if( slap_read_controls( op, rs, e,
413 			&slap_pre_read_bv, preread_ctrl ) )
414 		{
415 			Debug( LDAP_DEBUG_TRACE,
416 				"<=- " LDAP_XSTRING(mdb_modrdn)
417 				": pre-read failed!\n" );
418 			if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
419 				/* FIXME: is it correct to abort
420 				 * operation if control fails? */
421 				goto return_results;
422 			}
423 		}
424 	}
425 
426 	/* delete old DN
427 	 * If moving to a new parent, must delete current subtree count,
428 	 * otherwise leave it unchanged since we'll be adding it right back.
429 	 */
430 	rs->sr_err = mdb_dn2id_delete( op, mc, e->e_id, np ? nsubs : 0 );
431 	if ( rs->sr_err != 0 ) {
432 		Debug(LDAP_DEBUG_TRACE,
433 			"<=- " LDAP_XSTRING(mdb_modrdn)
434 			": dn2id del failed: %s (%d)\n",
435 			mdb_strerror(rs->sr_err), rs->sr_err );
436 		rs->sr_err = LDAP_OTHER;
437 		rs->sr_text = "DN index delete fail";
438 		goto return_results;
439 	}
440 
441 	/* copy the entry, then override some fields */
442 	dummy = *e;
443 	dummy.e_name = new_dn;
444 	dummy.e_nname = new_ndn;
445 	dummy.e_attrs = NULL;
446 
447 	/* add new DN */
448 	rs->sr_err = mdb_dn2id_add( op, mc, mc, np ? np->e_id : p->e_id,
449 		nsubs, np != NULL, &dummy );
450 	if ( rs->sr_err != 0 ) {
451 		Debug(LDAP_DEBUG_TRACE,
452 			"<=- " LDAP_XSTRING(mdb_modrdn)
453 			": dn2id add failed: %s (%d)\n",
454 			mdb_strerror(rs->sr_err), rs->sr_err );
455 		rs->sr_err = LDAP_OTHER;
456 		rs->sr_text = "DN index add failed";
457 		goto return_results;
458 	}
459 
460 	dummy.e_attrs = e->e_attrs;
461 
462 	if ( op->orr_modlist != NULL ) {
463 		/* modify entry */
464 		rs->sr_err = mdb_modify_internal( op, txn, op->orr_modlist, &dummy,
465 			&rs->sr_text, textbuf, textlen );
466 		if( rs->sr_err != LDAP_SUCCESS ) {
467 			Debug(LDAP_DEBUG_TRACE,
468 				"<=- " LDAP_XSTRING(mdb_modrdn)
469 				": modify failed: %s (%d)\n",
470 				mdb_strerror(rs->sr_err), rs->sr_err );
471 			goto return_results;
472 		}
473 	}
474 
475 	/* id2entry index */
476 	rs->sr_err = mdb_id2entry_update( op, txn, NULL, &dummy );
477 	if ( rs->sr_err != 0 ) {
478 		Debug(LDAP_DEBUG_TRACE,
479 			"<=- " LDAP_XSTRING(mdb_modrdn)
480 			": id2entry failed: %s (%d)\n",
481 			mdb_strerror(rs->sr_err), rs->sr_err );
482 		if ( rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED ) {
483 			rs->sr_text = "entry too big";
484 		} else {
485 			rs->sr_err = LDAP_OTHER;
486 			rs->sr_text = "entry update failed";
487 		}
488 		goto return_results;
489 	}
490 
491 	if ( p_ndn.bv_len != 0 ) {
492 		if ((parent_is_glue = is_entry_glue(p))) {
493 			rs->sr_err = mdb_dn2id_children( op, txn, p );
494 			if ( rs->sr_err != MDB_NOTFOUND ) {
495 				switch( rs->sr_err ) {
496 				case 0:
497 					break;
498 				default:
499 					Debug(LDAP_DEBUG_ARGS,
500 						"<=- " LDAP_XSTRING(mdb_modrdn)
501 						": has_children failed: %s (%d)\n",
502 						mdb_strerror(rs->sr_err), rs->sr_err );
503 					rs->sr_err = LDAP_OTHER;
504 					rs->sr_text = "internal error";
505 					goto return_results;
506 				}
507 			} else {
508 				parent_is_leaf = 1;
509 			}
510 		}
511 		mdb_entry_return( op, p );
512 		p = NULL;
513 	}
514 
515 	if( op->o_postread ) {
516 		if( postread_ctrl == NULL ) {
517 			postread_ctrl = &ctrls[num_ctrls++];
518 			ctrls[num_ctrls] = NULL;
519 		}
520 		if( slap_read_controls( op, rs, &dummy,
521 			&slap_post_read_bv, postread_ctrl ) )
522 		{
523 			Debug( LDAP_DEBUG_TRACE,
524 				"<=- " LDAP_XSTRING(mdb_modrdn)
525 				": post-read failed!\n" );
526 			if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
527 				/* FIXME: is it correct to abort
528 				 * operation if control fails? */
529 				goto return_results;
530 			}
531 		}
532 	}
533 
534 	if( moi == &opinfo ) {
535 		LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
536 		opinfo.moi_oe.oe_key = NULL;
537 		if( op->o_noop ) {
538 			mdb_txn_abort( txn );
539 			rs->sr_err = LDAP_X_NO_OPERATION;
540 			txn = NULL;
541 			goto return_results;
542 
543 		} else {
544 			if(( rs->sr_err=mdb_txn_commit( txn )) != 0 ) {
545 				rs->sr_text = "txn_commit failed";
546 			} else {
547 				rs->sr_err = LDAP_SUCCESS;
548 			}
549 			txn = NULL;
550 		}
551 	}
552 
553 	if( rs->sr_err != LDAP_SUCCESS ) {
554 		Debug( LDAP_DEBUG_ANY,
555 			LDAP_XSTRING(mdb_modrdn) ": %s : %s (%d)\n",
556 			rs->sr_text, mdb_strerror(rs->sr_err), rs->sr_err );
557 		rs->sr_err = LDAP_OTHER;
558 
559 		goto return_results;
560 	}
561 
562 	Debug(LDAP_DEBUG_TRACE,
563 		LDAP_XSTRING(mdb_modrdn)
564 		": rdn modified%s id=%08lx dn=\"%s\"\n",
565 		op->o_noop ? " (no-op)" : "",
566 		dummy.e_id, op->o_req_dn.bv_val );
567 	rs->sr_text = NULL;
568 	if( num_ctrls ) rs->sr_ctrls = ctrls;
569 
570 return_results:
571 	if ( e != NULL && dummy.e_attrs != e->e_attrs ) {
572 		attrs_free( dummy.e_attrs );
573 	}
574 	send_ldap_result( op, rs );
575 
576 #if 0
577 	if( rs->sr_err == LDAP_SUCCESS && mdb->bi_txn_cp_kbyte ) {
578 		TXN_CHECKPOINT( mdb->bi_dbenv,
579 			mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 );
580 	}
581 #endif
582 
583 	if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
584 		op->o_delete_glue_parent = 1;
585 	}
586 
587 done:
588 	slap_graduate_commit_csn( op );
589 
590 	if( new_ndn.bv_val != NULL ) op->o_tmpfree( new_ndn.bv_val, op->o_tmpmemctx );
591 	if( new_dn.bv_val != NULL ) op->o_tmpfree( new_dn.bv_val, op->o_tmpmemctx );
592 
593 	/* LDAP v3 Support */
594 	if( np != NULL ) {
595 		/* free new parent */
596 		mdb_entry_return( op, np );
597 	}
598 
599 	if( p != NULL ) {
600 		/* free parent */
601 		mdb_entry_return( op, p );
602 	}
603 
604 	/* free entry */
605 	if( e != NULL ) {
606 		mdb_entry_return( op, e );
607 	}
608 
609 	if( moi == &opinfo ) {
610 		if( txn != NULL ) {
611 			mdb_txn_abort( txn );
612 		}
613 		if ( opinfo.moi_oe.oe_key ) {
614 			LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
615 		}
616 	} else {
617 		moi->moi_ref--;
618 	}
619 
620 	if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
621 		slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
622 		slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
623 	}
624 	if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
625 		slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
626 		slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
627 	}
628 	return rs->sr_err;
629 }
630