openldap/servers/slapd/slapmodify.c

651 lines
15 KiB
C
Raw Normal View History

/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
2021-01-12 03:25:53 +08:00
* Copyright 1998-2021 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Pierangelo Masarati for inclusion
* in OpenLDAP Software.
*/
#include "portable.h"
#include <stdio.h>
#include "ac/stdlib.h"
#include "ac/ctype.h"
#include "ac/string.h"
#include "ac/socket.h"
#include "ac/unistd.h"
#include "lber.h"
#include "ldif.h"
#include "lutil.h"
#include "lutil_meter.h"
#include <sys/stat.h>
#include "slapcommon.h"
extern int slap_DN_strict; /* dn.c */
static char csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ];
int
slapmodify( int argc, char **argv )
{
char *buf = NULL;
const char *text;
char textbuf[SLAP_TEXT_BUFLEN] = { '\0' };
size_t textlen = sizeof textbuf;
const char *progname = "slapmodify";
struct berval csn;
unsigned long sid;
struct berval bvtext;
ID id;
OperationBuffer opbuf;
Operation *op;
int checkvals, ldifrc;
unsigned long lineno, nextline;
int lmax;
int rc = EXIT_SUCCESS;
int enable_meter = 0;
lutil_meter_t meter;
struct stat stat_buf;
/* default "000" */
csnsid = 0;
if ( isatty (2) ) enable_meter = 1;
slap_tool_init( progname, SLAPMODIFY, argc, argv );
memset( &opbuf, 0, sizeof(opbuf) );
op = &opbuf.ob_op;
op->o_hdr = &opbuf.ob_hdr;
op->o_bd = be;
if ( !be->be_entry_open ||
!be->be_entry_close ||
!be->be_entry_put ||
!be->be_dn2id_get ||
!be->be_entry_get ||
!be->be_entry_modify )
{
fprintf( stderr, "%s: database doesn't support necessary operations.\n",
progname );
if ( dryrun ) {
fprintf( stderr, "\t(dry) continuing...\n" );
} else {
exit( EXIT_FAILURE );
}
}
checkvals = (slapMode & SLAP_TOOL_QUICK) ? 0 : 1;
lmax = 0;
nextline = 0;
/* enforce schema checking unless not disabled and allow unknown
* attributes otherwise */
if ( (slapMode & SLAP_TOOL_NO_SCHEMA_CHECK) == 0) {
SLAP_DBFLAGS(be) &= ~(SLAP_DBFLAG_NO_SCHEMA_CHECK);
} else {
slap_DN_strict = 0;
}
if( !dryrun && be->be_entry_open( be, 1 ) != 0 ) {
fprintf( stderr, "%s: could not open database.\n",
progname );
exit( EXIT_FAILURE );
}
(void)slap_tool_update_ctxcsn_init();
if ( enable_meter
#ifdef LDAP_DEBUG
/* tools default to "none" */
&& slap_debug == LDAP_DEBUG_NONE
#endif
&& !fstat ( fileno ( ldiffp->fp ), &stat_buf )
&& S_ISREG(stat_buf.st_mode) ) {
enable_meter = !lutil_meter_open(
&meter,
&lutil_meter_text_display,
&lutil_meter_linear_estimator,
stat_buf.st_size);
} else {
enable_meter = 0;
}
/* nextline is the line number of the end of the current entry */
for( lineno=1; ( ldifrc = ldif_read_record( ldiffp, &nextline, &buf, &lmax )) > 0;
lineno=nextline+1 )
{
BackendDB *bd;
Entry *e_orig = NULL, *e = NULL;
struct berval rbuf;
LDIFRecord lr;
struct berval ndn = BER_BVNULL;
int n;
int is_oc = 0;
int local_rc;
int mod_err = 0;
char *request = "(unknown)";
ber_str2bv( buf, 0, 0, &rbuf );
if ( lineno < jumpline )
continue;
if ( enable_meter )
lutil_meter_update( &meter,
ftell( ldiffp->fp ),
0);
/*
* Initialize text buffer
*/
bvtext.bv_len = textlen;
bvtext.bv_val = textbuf;
bvtext.bv_val[0] = '\0';
local_rc = ldap_parse_ldif_record( &rbuf, lineno, &lr,
"slapmodify", LDIF_NO_CONTROLS );
if ( local_rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: could not parse entry (line=%lu)\n",
progname, lineno );
rc = EXIT_FAILURE;
if( continuemode ) continue;
break;
}
switch ( lr.lr_op ) {
case LDAP_REQ_ADD:
request = "add";
break;
case LDAP_REQ_MODIFY:
request = "modify";
break;
case LDAP_REQ_DELETE:
2012-04-19 21:58:27 +08:00
if ( be->be_entry_delete )
{
request = "delete";
break;
}
ITS#8605 - spelling fixes * javascript * kernel * ldap * length * macros * maintained * manager * matching * maximum * mechanism * memory * method * mimic * minimum * modifiable * modifiers * modifying * multiple * necessary * normalized * objectclass * occurrence * occurring * offered * operation * original * overridden * parameter * permanent * preemptively * printable * protocol * provider * really * redistribution * referenced * refresh * regardless * registered * request * reserved * resource * response * sanity * separated * setconcurrency * should * specially * specifies * structure * structures * subordinates * substitution * succeed * successful * successfully * sudoers * sufficient * superiors * supported * synchronization * terminated * they're * through * traffic * transparent * unsigned * unsupported * version * absence * achieves * adamson * additional * address * against * appropriate * architecture * associated * async * attribute * authentication * authorized * auxiliary * available * begin * beginning * buffered * canonical * certificate * charray * check * class * compatibility * compilation * component * configurable * configuration * configure * conjunction * constraints * constructor * contained * containing * continued * control * convenience * correspond * credentials * cyrillic * database * definitions * deloldrdn * dereferencing * destroy * distinguish * documentation * emmanuel * enabled * entry * enumerated * everything * exhaustive * existence * existing * explicitly * extract * fallthru * fashion * february * finally * function * generically * groupname * happened * implementation * including * initialization * initializes * insensitive * instantiated * instantiation * integral * internal * iterate
2017-02-26 15:49:31 +08:00
/* backend does not support delete, fallthru */
2012-04-19 21:58:27 +08:00
case LDAP_REQ_MODRDN:
fprintf( stderr, "%s: request 0x%lx not supported (line=%lu)\n",
progname, (unsigned long)lr.lr_op, lineno );
rc = EXIT_FAILURE;
goto cleanup;
default:
/* record skipped e.g. version: or comment or something we don't handle yet */
goto cleanup;
}
local_rc = dnNormalize( 0, NULL, NULL, &lr.lr_dn, &ndn, NULL );
if ( local_rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: DN=\"%s\" normalization failed (line=%lu)\n",
progname, lr.lr_dn.bv_val, lineno );
rc = EXIT_FAILURE;
goto cleanup;
}
/* make sure the DN is not empty */
if( BER_BVISEMPTY( &ndn ) &&
!BER_BVISEMPTY( be->be_nsuffix ))
{
fprintf( stderr, "%s: line %lu: "
"%s entry with empty dn=\"\"",
progname, lineno, request );
bd = select_backend( &ndn, nosubordinates );
if ( bd ) {
BackendDB *bdtmp;
int dbidx = 0;
LDAP_STAILQ_FOREACH( bdtmp, &backendDB, be_next ) {
if ( bdtmp == bd ) break;
dbidx++;
}
assert( bdtmp != NULL );
fprintf( stderr, "; did you mean to use database #%d (%s)?",
dbidx,
bd->be_suffix[0].bv_val );
}
fprintf( stderr, "\n" );
rc = EXIT_FAILURE;
goto cleanup;
}
/* check backend */
bd = select_backend( &ndn, nosubordinates );
if ( bd != be ) {
fprintf( stderr, "%s: line %lu: "
"database #%d (%s) not configured to hold \"%s\"",
progname, lineno,
dbnum,
be->be_suffix[0].bv_val,
lr.lr_dn.bv_val );
if ( bd ) {
BackendDB *bdtmp;
int dbidx = 0;
LDAP_STAILQ_FOREACH( bdtmp, &backendDB, be_next ) {
if ( bdtmp == bd ) break;
dbidx++;
}
assert( bdtmp != NULL );
fprintf( stderr, "; did you mean to use database #%d (%s)?",
dbidx,
bd->be_suffix[0].bv_val );
} else {
fprintf( stderr, "; no database configured for that naming context" );
}
fprintf( stderr, "\n" );
rc = EXIT_FAILURE;
goto cleanup;
}
/* get id and/or entry */
switch ( lr.lr_op ) {
case LDAP_REQ_ADD:
e = entry_alloc();
ber_dupbv( &e->e_name, &lr.lr_dn );
ber_dupbv( &e->e_nname, &ndn );
break;
//case LDAP_REQ_MODRDN:
case LDAP_REQ_DELETE:
case LDAP_REQ_MODIFY:
id = be->be_dn2id_get( be, &ndn );
rc = (id == NOID);
if ( rc == LDAP_SUCCESS && lr.lr_op != LDAP_REQ_DELETE ) {
e_orig = be->be_entry_get( be, id );
2016-06-12 14:35:25 +08:00
if ( e_orig )
e = entry_dup( e_orig );
rc = (e == NULL);
}
break;
}
if ( rc != LDAP_SUCCESS ) {
2015-01-14 02:11:49 +08:00
fprintf( stderr, "%s: no such entry \"%s\" in database (lineno=%lu)\n",
progname, ndn.bv_val, lineno );
rc = EXIT_FAILURE;
goto cleanup;
}
2012-04-23 21:28:41 +08:00
if ( lr.lrop_mods ) {
for ( n = 0; lr.lrop_mods && lr.lrop_mods[ n ] != NULL; n++ ) {
LDAPMod *mod = lr.lrop_mods[ n ];
Modification mods = { 0 };
unsigned i = 0;
int bin = (mod->mod_op & LDAP_MOD_BVALUES);
int pretty = 0;
int normalize = 0;
local_rc = slap_str2ad( mod->mod_type, &mods.sm_desc, &text );
/*
* Usually this would be a bad idea (way too dangerous, risks
* corrupting the DB), but ITS#7786 documents this as a last
* resort to fix cn=config and missing attributes are one of
* the possible issues we might encounter.
*/
if ( local_rc == LDAP_UNDEFINED_TYPE &&
(slapMode & SLAP_TOOL_NO_SCHEMA_CHECK) ) {
local_rc = slap_str2undef_ad( mod->mod_type, &mods.sm_desc, &text, 0 );
}
2012-04-23 21:28:41 +08:00
if ( local_rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: slap_str2ad(\"%s\") failed for entry \"%s\" (%d: %s, lineno=%lu)\n",
progname, mod->mod_type, lr.lr_dn.bv_val, local_rc, text, lineno );
rc = EXIT_FAILURE;
goto cleanup;
2012-04-23 21:28:41 +08:00
}
2012-04-23 21:28:41 +08:00
mods.sm_type = mods.sm_desc->ad_cname;
2012-04-23 21:28:41 +08:00
if ( mods.sm_desc->ad_type->sat_syntax->ssyn_pretty ) {
pretty = 1;
2012-04-23 21:28:41 +08:00
} else {
assert( mods.sm_desc->ad_type->sat_syntax->ssyn_validate != NULL );
}
2012-04-23 21:28:41 +08:00
if ( mods.sm_desc->ad_type->sat_equality &&
mods.sm_desc->ad_type->sat_equality->smr_normalize )
{
normalize = 1;
}
2012-04-23 21:28:41 +08:00
if ( bin && mod->mod_bvalues ) {
for ( i = 0; mod->mod_bvalues[ i ] != NULL; i++ )
;
2012-04-23 21:28:41 +08:00
} else if ( !bin && mod->mod_values ) {
for ( i = 0; mod->mod_values[ i ] != NULL; i++ )
;
}
2012-04-23 21:28:41 +08:00
if ( i != 0 )
{
2020-01-30 17:01:32 +08:00
mods.sm_values = ch_calloc( sizeof( struct berval ), i + 1 );
2012-04-23 21:28:41 +08:00
if ( normalize ) {
2020-01-30 17:01:32 +08:00
mods.sm_nvalues = ch_calloc( sizeof( struct berval ), i + 1 );
2012-04-23 21:28:41 +08:00
} else {
mods.sm_nvalues = NULL;
}
}
2012-04-23 21:28:41 +08:00
mods.sm_numvals = i;
2012-04-23 21:28:41 +08:00
for ( i = 0; i < mods.sm_numvals; i++ ) {
struct berval bv;
2012-04-23 21:28:41 +08:00
if ( bin ) {
bv = *mod->mod_bvalues[ i ];
} else {
ber_str2bv( mod->mod_values[ i ], 0, 0, &bv );
}
2012-04-23 21:28:41 +08:00
if ( pretty ) {
local_rc = ordered_value_pretty( mods.sm_desc,
&bv, &mods.sm_values[i], NULL );
2012-04-23 21:28:41 +08:00
} else {
local_rc = ordered_value_validate( mods.sm_desc,
&bv, 0 );
}
if ( local_rc != LDAP_SUCCESS ) {
2012-04-23 21:28:41 +08:00
fprintf( stderr, "%s: DN=\"%s\": unable to %s attr=%s value #%d\n",
progname, e->e_dn, pretty ? "prettify" : "validate",
mods.sm_desc->ad_cname.bv_val, i );
/* handle error */
rc = EXIT_FAILURE;
ber_bvarray_free( mods.sm_values );
ber_bvarray_free( mods.sm_nvalues );
goto cleanup;
}
2012-04-23 21:28:41 +08:00
if ( !pretty ) {
ber_dupbv( &mods.sm_values[i], &bv );
}
2012-04-23 21:28:41 +08:00
if ( normalize ) {
local_rc = ordered_value_normalize(
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
mods.sm_desc,
mods.sm_desc->ad_type->sat_equality,
&mods.sm_values[i], &mods.sm_nvalues[i],
NULL );
if ( local_rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: DN=\"%s\": unable to normalize attr=%s value #%d\n",
progname, e->e_dn, mods.sm_desc->ad_cname.bv_val, i );
/* handle error */
rc = EXIT_FAILURE;
ber_bvarray_free( mods.sm_values );
ber_bvarray_free( mods.sm_nvalues );
goto cleanup;
2012-04-23 21:28:41 +08:00
}
}
}
2012-04-23 21:28:41 +08:00
mods.sm_op = (mod->mod_op & ~LDAP_MOD_BVALUES);
mods.sm_flags = 0;
2012-04-23 21:28:41 +08:00
if ( mods.sm_desc == slap_schema.si_ad_objectClass ) {
is_oc = 1;
}
2012-04-23 21:28:41 +08:00
switch ( mods.sm_op ) {
case LDAP_MOD_ADD:
local_rc = modify_add_values( e, &mods,
0, &text, textbuf, textlen );
break;
case LDAP_MOD_DELETE:
local_rc = modify_delete_values( e, &mods,
0, &text, textbuf, textlen );
break;
case LDAP_MOD_REPLACE:
local_rc = modify_replace_values( e, &mods,
0, &text, textbuf, textlen );
break;
case LDAP_MOD_INCREMENT:
local_rc = modify_increment_values( e, &mods,
0, &text, textbuf, textlen );
break;
}
2015-08-11 20:26:39 +08:00
ber_bvarray_free( mods.sm_values );
ber_bvarray_free( mods.sm_nvalues );
2012-04-23 21:28:41 +08:00
if ( local_rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: DN=\"%s\": unable to modify attr=%s\n",
progname, e->e_dn, mods.sm_desc->ad_cname.bv_val );
rc = EXIT_FAILURE;
goto cleanup;
2012-04-23 21:28:41 +08:00
}
}
2012-04-23 21:28:41 +08:00
rc = slap_tool_entry_check( progname, op, e, lineno, &text, textbuf, textlen );
if ( rc != LDAP_SUCCESS ) {
rc = EXIT_FAILURE;
goto cleanup;
}
}
if ( SLAP_LASTMOD(be) && e != NULL ) {
time_t now = slap_get_time();
char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
struct berval vals[ 2 ];
struct berval name, timestamp;
struct berval nvals[ 2 ];
struct berval nname;
char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
Attribute *a;
vals[1].bv_len = 0;
vals[1].bv_val = NULL;
nvals[1].bv_len = 0;
nvals[1].bv_val = NULL;
csn.bv_len = ldap_pvt_csnstr( csnbuf, sizeof( csnbuf ), csnsid, 0 );
csn.bv_val = csnbuf;
timestamp.bv_val = timebuf;
timestamp.bv_len = sizeof(timebuf);
slap_timestamp( &now, &timestamp );
if ( BER_BVISEMPTY( &be->be_rootndn ) ) {
BER_BVSTR( &name, SLAPD_ANONYMOUS );
nname = name;
} else {
name = be->be_rootdn;
nname = be->be_rootndn;
}
a = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID );
if ( a != NULL ) {
if ( a->a_vals != a->a_nvals ) {
SLAP_FREE( a->a_nvals[0].bv_val );
SLAP_FREE( a->a_nvals );
}
SLAP_FREE( a->a_vals[0].bv_val );
SLAP_FREE( a->a_vals );
a->a_vals = NULL;
a->a_nvals = NULL;
a->a_numvals = 0;
}
vals[0].bv_len = lutil_uuidstr( uuidbuf, sizeof( uuidbuf ) );
vals[0].bv_val = uuidbuf;
attr_merge_normalize_one( e, slap_schema.si_ad_entryUUID, vals, NULL );
a = attr_find( e->e_attrs, slap_schema.si_ad_creatorsName );
if ( a == NULL ) {
vals[0] = name;
nvals[0] = nname;
attr_merge( e, slap_schema.si_ad_creatorsName, vals, nvals );
} else {
ber_bvreplace( &a->a_vals[0], &name );
ber_bvreplace( &a->a_nvals[0], &nname );
}
a = attr_find( e->e_attrs, slap_schema.si_ad_createTimestamp );
if ( a == NULL ) {
vals[0] = timestamp;
attr_merge( e, slap_schema.si_ad_createTimestamp, vals, NULL );
} else {
ber_bvreplace( &a->a_vals[0], &timestamp );
}
a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
if ( a == NULL ) {
vals[0] = csn;
attr_merge( e, slap_schema.si_ad_entryCSN, vals, NULL );
} else {
ber_bvreplace( &a->a_vals[0], &csn );
}
a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
if ( a == NULL ) {
vals[0] = name;
nvals[0] = nname;
attr_merge( e, slap_schema.si_ad_modifiersName, vals, nvals );
} else {
ber_bvreplace( &a->a_vals[0], &name );
ber_bvreplace( &a->a_nvals[0], &nname );
}
a = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp );
if ( a == NULL ) {
vals[0] = timestamp;
attr_merge( e, slap_schema.si_ad_modifyTimestamp, vals, NULL );
} else {
ber_bvreplace( &a->a_vals[0], &timestamp );
}
}
/* check schema, objectClass etc */
if ( !dryrun ) {
switch ( lr.lr_op ) {
case LDAP_REQ_ADD:
id = be->be_entry_put( be, e, &bvtext );
2012-04-19 21:58:27 +08:00
rc = (id == NOID);
break;
case LDAP_REQ_MODIFY:
id = be->be_entry_modify( be, e, &bvtext );
2012-04-19 21:58:27 +08:00
rc = (id == NOID);
break;
case LDAP_REQ_DELETE:
rc = be->be_entry_delete( be, &ndn, &bvtext );
break;
}
2012-04-19 21:58:27 +08:00
if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: could not %s entry dn=\"%s\" "
"(line=%lu): %s\n", progname, request, ndn.bv_val,
lineno, bvtext.bv_val );
rc = EXIT_FAILURE;
goto cleanup;
}
sid = slap_tool_update_ctxcsn_check( progname, e );
if ( verbose )
fprintf( stderr, "%s: \"%s\" (%08lx)\n",
request, ndn.bv_val, (long) id );
} else {
if ( verbose )
fprintf( stderr, "%s: \"%s\"\n",
request, ndn.bv_val );
}
cleanup:;
ldap_ldif_record_done( &lr );
SLAP_FREE( ndn.bv_val );
if ( e ) entry_free( e );
if ( e_orig ) be_entry_release_w( op, e_orig );
if ( rc != LDAP_SUCCESS && !continuemode ) break;
}
if ( ldifrc < 0 )
rc = EXIT_FAILURE;
bvtext.bv_len = textlen;
bvtext.bv_val = textbuf;
bvtext.bv_val[0] = '\0';
if ( enable_meter ) {
lutil_meter_update( &meter, ftell( ldiffp->fp ), 1);
lutil_meter_close( &meter );
}
if ( rc == EXIT_SUCCESS ) {
rc = slap_tool_update_ctxcsn( progname, sid, &bvtext );
}
ch_free( buf );
if ( !dryrun ) {
if ( enable_meter ) {
fprintf( stderr, "Closing DB..." );
}
if( be->be_entry_close( be ) ) {
rc = EXIT_FAILURE;
}
if( be->be_sync ) {
be->be_sync( be );
}
if ( enable_meter ) {
fprintf( stderr, "\n" );
}
}
if ( slap_tool_destroy())
rc = EXIT_FAILURE;
return rc;
}