/* * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ /* * Copyright (c) 1995 Regents of the University of Michigan. * All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and that due credit is given * to the University of Michigan at Ann Arbor. The name of the University * may not be used to endorse or promote products derived from this * software without specific prior written permission. This software * is provided ``as is'' without express or implied warranty. */ #include "portable.h" #include "slap.h" int modify_check_duplicates( AttributeDescription *ad, MatchingRule *mr, BerVarray vals, BerVarray mods, int permissive, const char **text, char *textbuf, size_t textlen ) { int i, j, numvals = 0, nummods, rc = LDAP_SUCCESS, matched; #ifdef SLAP_NVALUES /* needs major reworking */ #else BerVarray nvals = NULL, nmods = NULL; /* * FIXME: better do the following * * - count the existing values * - count the new values * * - if the existing values are less than the new ones { * - normalize all the existing values * - for each new value { * - normalize * - check with existing * - cross-check with already normalized new vals * } * } else { * - for each new value { * - normalize * - cross-check with already normalized new vals * } * - for each existing value { * - normalize * - check with already normalized new values * } * } * * The first case is good when adding a lot of new values, * and significantly at first import of values (e.g. adding * a new group); the latter case seems to be quite important * as well, because it is likely to be the most frequently * used when administering the entry. The current * implementation will always normalize all the existing * values before checking. If there's no duplicate, the * performances should not change; they will in case of error. */ for ( nummods = 0; mods[ nummods ].bv_val != NULL; nummods++ ) /* count new values */ ; if ( vals ) { for ( numvals = 0; vals[ numvals ].bv_val != NULL; numvals++ ) /* count existing values */ ; if ( numvals < nummods ) { nvals = SLAP_CALLOC( numvals + 1, sizeof( struct berval ) ); if( nvals == NULL ) { #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ERR, "modify_check_duplicates: SLAP_CALLOC failed", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, "modify_check_duplicates: SLAP_CALLOC failed", 0, 0, 0 ); #endif goto return_results; } /* normalize the existing values first */ for ( j = 0; vals[ j ].bv_val != NULL; j++ ) { rc = value_normalize( ad, SLAP_MR_EQUALITY, &vals[ j ], &nvals[ j ], text ); /* existing attribute values must normalize */ assert( rc == LDAP_SUCCESS ); if ( rc != LDAP_SUCCESS ) { nvals[ j ].bv_val = NULL; goto return_results; } } nvals[ j ].bv_val = NULL; } } /* * If the existing values are less than the new values, * it is more convenient to normalize all the existing * values and test each new value against them first, * then to other already normalized values */ nmods = SLAP_CALLOC( nummods + 1, sizeof( struct berval ) ); if ( nmods == NULL ) { #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ERR, "modify_check_duplicates: SLAP_CALLOC failed", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, "modify_check_duplicates: SLAP_CALLOC failed", 0, 0, 0 ); #endif goto return_results; } for ( i=0; mods[i].bv_val != NULL; i++ ) { rc = value_normalize( ad, SLAP_MR_EQUALITY, &mods[i], &nmods[i], text ); if ( rc != LDAP_SUCCESS ) { nmods[i].bv_val = NULL; goto return_results; } if ( numvals > 0 && numvals < nummods ) { for ( matched=0, j=0; nvals[j].bv_val; j++ ) { int match; rc = (*mr->smr_match)( &match, SLAP_MR_ATTRIBUTE_SYNTAX_MATCH, ad->ad_type->sat_syntax, mr, &nmods[ i ], &nvals[ j ] ); if ( rc != LDAP_SUCCESS ) { nmods[ i + 1 ].bv_val = NULL; *text = textbuf; snprintf( textbuf, textlen, "%s: matching rule failed", ad->ad_cname.bv_val ); goto return_results; } if ( match == 0 ) { if ( permissive ) { matched++; continue; } *text = textbuf; snprintf( textbuf, textlen, "%s: value #%d provided more than once", ad->ad_cname.bv_val, i ); rc = LDAP_TYPE_OR_VALUE_EXISTS; nmods[ i + 1 ].bv_val = NULL; goto return_results; } } if ( permissive && matched == j ) { nmods[ i + 1 ].bv_val = NULL; rc = LDAP_TYPE_OR_VALUE_EXISTS; goto return_results; } } for ( matched = 0, j = 0; j < i; j++ ) { int match; rc = (*mr->smr_match)( &match, SLAP_MR_ATTRIBUTE_SYNTAX_MATCH, ad->ad_type->sat_syntax, mr, &nmods[ i ], &nmods[ j ] ); if ( rc != LDAP_SUCCESS ) { nmods[ i + 1 ].bv_val = NULL; *text = textbuf; snprintf( textbuf, textlen, "%s: matching rule failed", ad->ad_cname.bv_val ); goto return_results; } if ( match == 0 ) { if ( permissive ) { matched++; continue; } *text = textbuf; snprintf( textbuf, textlen, "%s: value #%d provided more than once", ad->ad_cname.bv_val, j ); rc = LDAP_TYPE_OR_VALUE_EXISTS; nmods[ i + 1 ].bv_val = NULL; goto return_results; } } if ( permissive && matched == j ) { nmods[ i + 1 ].bv_val = NULL; rc = LDAP_TYPE_OR_VALUE_EXISTS; goto return_results; } } nmods[ i ].bv_val = NULL; /* * if new values are more than existing values, it is more * convenient to normalize and check all new values first, * then check each new value against existing values, which * can be normalized in place */ if ( numvals >= nummods ) { for ( j = 0; vals[ j ].bv_val; j++ ) { struct berval asserted; rc = value_normalize( ad, SLAP_MR_EQUALITY, &vals[ j ], &asserted, text ); if ( rc != LDAP_SUCCESS ) { goto return_results; } for ( matched = 0, i = 0; nmods[ i ].bv_val; i++ ) { int match; rc = (*mr->smr_match)( &match, SLAP_MR_ATTRIBUTE_SYNTAX_MATCH, ad->ad_type->sat_syntax, mr, &nmods[ i ], &asserted ); if ( rc != LDAP_SUCCESS ) { *text = textbuf; snprintf( textbuf, textlen, "%s: matching rule failed", ad->ad_cname.bv_val ); goto return_results; } if ( match == 0 ) { if ( permissive ) { matched++; continue; } *text = textbuf; snprintf( textbuf, textlen, "%s: value #%d provided more than once", ad->ad_cname.bv_val, j ); rc = LDAP_TYPE_OR_VALUE_EXISTS; goto return_results; } } if ( permissive && matched == i ) { rc = LDAP_TYPE_OR_VALUE_EXISTS; goto return_results; } } } return_results:; if ( nvals ) { ber_bvarray_free( nvals ); } if ( nmods ) { ber_bvarray_free( nmods ); } #endif return rc; } int modify_add_values( Entry *e, Modification *mod, int permissive, const char **text, char *textbuf, size_t textlen ) { int i, j; int matched; Attribute *a; MatchingRule *mr = mod->sm_desc->ad_type->sat_equality; const char *op; switch( mod->sm_op ) { case LDAP_MOD_ADD: op = "add"; break; case LDAP_MOD_REPLACE: op = "replace"; break; default: op = "?"; assert( 0 ); } a = attr_find( e->e_attrs, mod->sm_desc ); /* * With permissive set, as long as the attribute being added * has the same value(s?) as the existing attribute, then the * modify will succeed. */ /* check if the values we're adding already exist */ if( mr == NULL || !mr->smr_match ) { #ifdef SLAP_NVALUES /* we should have no normalized values as there is no equality rule */ /* assert( mod->sm_nvalues[0].bv_val == NULL); */ #endif if ( a != NULL ) { /* do not allow add of additional attribute if no equality rule exists */ *text = textbuf; snprintf( textbuf, textlen, "modify/%s: %s: no equality matching rule", op, mod->sm_desc->ad_cname.bv_val ); return LDAP_INAPPROPRIATE_MATCHING; } for ( i = 0; mod->sm_bvalues[i].bv_val != NULL; i++ ) { /* test asserted values against existing values */ if( a ) { #ifdef SLAP_NVALUES /* we should have no normalized values as there is no equality rule */ assert( a->a_nvals == NULL); #endif for( matched = 0, j = 0; a->a_vals[j].bv_val != NULL; j++ ) { if ( bvmatch( &mod->sm_bvalues[i], &a->a_vals[j] ) ) { if ( permissive ) { matched++; continue; } /* value exists already */ *text = textbuf; snprintf( textbuf, textlen, "modify/%s: %s: value #%i already exists", op, mod->sm_desc->ad_cname.bv_val, j ); return LDAP_TYPE_OR_VALUE_EXISTS; } } if ( permissive && matched == j ) { /* values already exist; do nothing */ return LDAP_SUCCESS; } } /* test asserted values against themselves */ for( j = 0; j < i; j++ ) { if ( bvmatch( &mod->sm_bvalues[i], &mod->sm_bvalues[j] ) ) { /* value exists already */ *text = textbuf; snprintf( textbuf, textlen, "modify/%s: %s: value #%i already exists", op, mod->sm_desc->ad_cname.bv_val, j ); return LDAP_TYPE_OR_VALUE_EXISTS; } } } } else { #ifdef SLAP_NVALUES /* no normalization is done in this routine nor * in the matching routines called by this routine. * values are now normalized once on input to the * server (whether from LDAP or from the underlying * database). * This should outperform the old code. No numbers * are available yet. */ #else /* * The original code performs ( n ) normalizations * and ( n * ( n - 1 ) / 2 ) matches, which hide * the same number of normalizations. The new code * performs the same number of normalizations ( n ) * and ( n * ( n - 1 ) / 2 ) mem compares, far less * expensive than an entire match, if a match is * equivalent to a normalization and a mem compare ... * * This is far more memory expensive than the previous, * but it can heavily improve performances when big * chunks of data are added (typical example is a group * with thousands of DN-syntax members; on my system: * for members of 5-RDN DNs, members orig bvmatch (dirty) new 1000 0m38.456s 0m0.553s 0m0.608s 2000 2m33.341s 0m0.851s 0m1.003s * Moreover, 100 groups with 10000 members each were * added in 37m27.933s (an analogous LDIF file was * loaded into Active Directory in 38m28.682s, BTW). * * Maybe we could switch to the new algorithm when * the number of values overcomes a given threshold? */ #endif int rc; if ( mod->sm_bvalues[1].bv_val == 0 ) { if ( a != NULL ) { int i; #ifndef SLAP_NVALUES struct berval asserted; rc = value_normalize( mod->sm_desc, SLAP_MR_EQUALITY, &mod->sm_bvalues[ 0 ], &asserted, text ); if ( rc != LDAP_SUCCESS ) { return rc; } #endif for ( matched = 0, i = 0; a->a_vals[ i ].bv_val; i++ ) { int match; #ifdef SLAP_NVALUES if( mod->sm_nvalues ) { rc = value_match( &match, mod->sm_desc, mr, SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ASSERTION_SYNTAX | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH, &a->a_nvals[i], &mod->sm_nvalues[0], text ); } else { rc = value_match( &match, mod->sm_desc, mr, SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX, &a->a_vals[i], &mod->sm_values[0], text ); } #else rc = value_match( &match, mod->sm_desc, mr, SLAP_MR_ATTRIBUTE_SYNTAX_MATCH, &a->a_vals[i], &asserted, text ); #endif if( rc == LDAP_SUCCESS && match == 0 ) { if ( permissive ) { matched++; continue; } #ifndef SLAP_NVALUES free( asserted.bv_val ); #endif *text = textbuf; snprintf( textbuf, textlen, "modify/%s: %s: value #0 already exists", op, mod->sm_desc->ad_cname.bv_val, 0 ); return LDAP_TYPE_OR_VALUE_EXISTS; } } #ifndef SLAP_NVALUES free( asserted.bv_val ); #endif if ( permissive && matched == i ) { /* values already exist; do nothing */ return LDAP_SUCCESS; } } } else { rc = modify_check_duplicates( mod->sm_desc, mr, a ? a->a_vals : NULL, mod->sm_bvalues, permissive, text, textbuf, textlen ); if ( permissive && rc == LDAP_TYPE_OR_VALUE_EXISTS ) { return LDAP_SUCCESS; } if ( rc != LDAP_SUCCESS ) { return rc; } } } /* no - add them */ #ifdef SLAP_NVALUES if( attr_merge( e, mod->sm_desc, mod->sm_values, mod->sm_nvalues ) != 0 ) #else if( attr_merge( e, mod->sm_desc, mod->sm_bvalues ) != 0 ) #endif { /* this should return result of attr_merge */ *text = textbuf; snprintf( textbuf, textlen, "modify/%s: %s: merge error", op, mod->sm_desc->ad_cname.bv_val ); return LDAP_OTHER; } return LDAP_SUCCESS; } int modify_delete_values( Entry *e, Modification *mod, int permissive, const char **text, char *textbuf, size_t textlen ) { int i, j, k, rc = LDAP_SUCCESS; Attribute *a; MatchingRule *mr = mod->sm_desc->ad_type->sat_equality; #ifndef SLAP_NVALUES BerVarray nvals = NULL; #endif char dummy = '\0'; /* * If permissive is set, then the non-existence of an * attribute is not treated as an error. */ /* delete the entire attribute */ if ( mod->sm_bvalues == NULL ) { rc = attr_delete( &e->e_attrs, mod->sm_desc ); if( permissive ) { rc = LDAP_SUCCESS; } else if( rc != LDAP_SUCCESS ) { *text = textbuf; snprintf( textbuf, textlen, "modify/delete: %s: no such attribute", mod->sm_desc->ad_cname.bv_val ); rc = LDAP_NO_SUCH_ATTRIBUTE; } return rc; } if( mr == NULL || !mr->smr_match ) { /* disallow specific attributes from being deleted if no equality rule */ *text = textbuf; snprintf( textbuf, textlen, "modify/delete: %s: no equality matching rule", mod->sm_desc->ad_cname.bv_val ); return LDAP_INAPPROPRIATE_MATCHING; } /* delete specific values - find the attribute first */ if ( (a = attr_find( e->e_attrs, mod->sm_desc )) == NULL ) { if( permissive ) { return LDAP_SUCCESS; } *text = textbuf; snprintf( textbuf, textlen, "modify/delete: %s: no such attribute", mod->sm_desc->ad_cname.bv_val ); return LDAP_NO_SUCH_ATTRIBUTE; } #ifndef SLAP_NVALUES /* find each value to delete */ for ( j = 0; a->a_vals[ j ].bv_val != NULL; j++ ) /* count existing values */ ; nvals = (BerVarray)SLAP_CALLOC( j + 1, sizeof ( struct berval ) ); if( nvals == NULL ) { #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ERR, "modify_delete_values: SLAP_CALLOC failed", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, "modify_delete_values: SLAP_CALLOC failed", 0, 0, 0 ); #endif goto return_results; } /* normalize existing values */ for ( j = 0; a->a_vals[ j ].bv_val != NULL; j++ ) { rc = value_normalize( a->a_desc, SLAP_MR_EQUALITY, &a->a_vals[ j ], &nvals[ j ], text ); if ( rc != LDAP_SUCCESS ) { nvals[ j ].bv_val = NULL; goto return_results; } } #endif for ( i = 0; mod->sm_values[i].bv_val != NULL; i++ ) { int found = 0; #ifndef SLAP_NVALUES struct berval asserted; /* normalize the value to be deleted */ rc = value_normalize( mod->sm_desc, SLAP_MR_EQUALITY, &mod->sm_bvalues[ i ], &asserted, text ); if( rc != LDAP_SUCCESS ) { goto return_results; } /* search it */ for ( j = 0; nvals[ j ].bv_val != NULL; j++ ) #else for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) #endif { int match; #ifndef SLAP_NVALUES if ( nvals[j].bv_val == &dummy ) { continue; } #endif #ifdef SLAP_NVALUES if( mod->sm_nvalues ) { assert( a->a_nvals ); rc = (*mr->smr_match)( &match, SLAP_MR_VALUE_OF_ASSERTION_SYNTAX | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH, a->a_desc->ad_type->sat_syntax, mr, &a->a_nvals[j], &mod->sm_nvalues[i] ); } else { assert( a->a_nvals == NULL ); rc = (*mr->smr_match)( &match, SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX, a->a_desc->ad_type->sat_syntax, mr, &a->a_nvals[j], &mod->sm_values[i] ); } #else rc = (*mr->smr_match)( &match, SLAP_MR_ATTRIBUTE_SYNTAX_MATCH, a->a_desc->ad_type->sat_syntax, mr, &nvals[ j ], &asserted ); #endif if ( rc != LDAP_SUCCESS ) { #ifndef SLAP_NVALUES free( asserted.bv_val ); #endif *text = textbuf; snprintf( textbuf, textlen, "%s: matching rule failed", mod->sm_desc->ad_cname.bv_val ); goto return_results; } if ( match != 0 ) { continue; } found = 1; /* delete value and mark it as dummy */ #ifdef SLAP_NVALUES free( a->a_vals[j].bv_val ); a->a_vals[j].bv_val = &dummy; if( a->a_nvals ) { free( a->a_nvals[j].bv_val ); a->a_nvals[j].bv_val = &dummy; } #else free( nvals[ j ].bv_val ); nvals[ j ].bv_val = &dummy; #endif break; } #ifndef SLAP_NVALUES free( asserted.bv_val ); #endif if ( found == 0 ) { *text = textbuf; snprintf( textbuf, textlen, "modify/delete: %s: no such value", mod->sm_desc->ad_cname.bv_val ); rc = LDAP_NO_SUCH_ATTRIBUTE; goto return_results; } } /* compact array skipping dummies */ #ifdef SLAP_NVALUES for ( k = 0, j = 0; a->a_vals[k].bv_val != NULL; k++ ) #else for ( k = 0, j = 0; nvals[k].bv_val != NULL; j++, k++ ) #endif { #ifdef SLAP_NVALUES /* skip dummies */ if( a->a_vals[k].bv_val == &dummy ) { assert( a->a_nvals == NULL || a->a_nvals[k].bv_val == &dummy ); continue; } #else /* delete and skip dummies */ ; for ( ; nvals[ k ].bv_val == &dummy; k++ ) { free( a->a_vals[ k ].bv_val ); } #endif if ( j != k ) { a->a_vals[ j ] = a->a_vals[ k ]; #ifdef SLAP_NVALUES if (a->a_nvals) { a->a_nvals[ j ] = a->a_nvals[ k ]; } #endif } #ifndef SLAP_NVALUES if ( a->a_vals[ k ].bv_val == NULL ) { break; } #else j++; #endif } a->a_vals[j].bv_val = NULL; #ifdef SLAP_NVALUES if (a->a_nvals) a->a_nvals[j].bv_val = NULL; #else assert( i == k - j ); #endif /* if no values remain, delete the entire attribute */ if ( a->a_vals[0].bv_val == NULL ) { if ( attr_delete( &e->e_attrs, mod->sm_desc ) ) { *text = textbuf; snprintf( textbuf, textlen, "modify/delete: %s: no such attribute", mod->sm_desc->ad_cname.bv_val ); rc = LDAP_NO_SUCH_ATTRIBUTE; } } return_results:; #ifndef SLAP_NVALUES if ( nvals ) { /* delete the remaining normalized values */ for ( j = 0; nvals[ j ].bv_val != NULL; j++ ) { if ( nvals[ j ].bv_val != &dummy ) { ber_memfree( nvals[ j ].bv_val ); } } ber_memfree( nvals ); } #endif return rc; } int modify_replace_values( Entry *e, Modification *mod, int permissive, const char **text, char *textbuf, size_t textlen ) { (void) attr_delete( &e->e_attrs, mod->sm_desc ); if ( mod->sm_bvalues ) { return modify_add_values( e, mod, permissive, text, textbuf, textlen ); } return LDAP_SUCCESS; } void slap_mod_free( Modification *mod, int freeit ) { if ( mod->sm_values != NULL ) ber_bvarray_free( mod->sm_values ); mod->sm_values = NULL; #ifdef SLAP_NVALUES if ( mod->sm_nvalues != NULL ) ber_bvarray_free( mod->sm_nvalues ); mod->sm_nvalues = NULL; #endif if( freeit ) free( mod ); } void slap_mods_free( Modifications *ml ) { Modifications *next; for ( ; ml != NULL; ml = next ) { next = ml->sml_next; slap_mod_free( &ml->sml_mod, 0 ); free( ml ); } }