diff options
author | Noriko Hosoi <nhosoi@redhat.com> | 2010-01-29 17:27:52 -0800 |
---|---|---|
committer | Noriko Hosoi <nhosoi@redhat.com> | 2010-01-29 17:27:52 -0800 |
commit | 1378b056d9662a5667e86f3834e0d82c1610e6a6 (patch) | |
tree | da3d46ed2e899fac0aab47661fcf0ace4490be63 /ldap/servers/slapd/mapping_tree.c | |
parent | 246527f4c01d32289e0082083d364563af59635a (diff) | |
download | ds-1378b056d9662a5667e86f3834e0d82c1610e6a6.tar.gz ds-1378b056d9662a5667e86f3834e0d82c1610e6a6.tar.xz ds-1378b056d9662a5667e86f3834e0d82c1610e6a6.zip |
559016 - Attempting to rename suffix returns inappropriate errors
https://bugzilla.redhat.com/show_bug.cgi?id=559016
[Fix Description] If the target dn of the modrdn operation is a suffix,
check if the new dn already exists or not. If it exists, it returns
LDAP_ALREADY_EXISTS. If the backend associated with the new dn does
not exist, it returns LDAP_NO_SUCH_OBJECT. Otherwise, it returns
LDAP_NAMING_VIOLATION.
If the target dn of the modrdn is attempted to move across backends,
it returns LDAP_AFFECTS_MULTIPLE_DSAS instead of LDAP_UNWILLING_TO_PERFORM.
Modrdn (op_shared_rename) was logging the parameter errors in the
clients request as SLAPI_LOG_FATAL. Reduced the level to SLAPI_LOG_ARGS.
Also, replaced ldap_explode_dn with slapi_dn_syntax_check to verify
the newsuperior.
By the replacement, 2 bugs in slapi_dn_syntax_check were found.
1) The key for the DN in the hashtable of the attribute syntax has
to be "distinguishedName". 2) Argument type for plg_syntax_validate
was not correct.
Diffstat (limited to 'ldap/servers/slapd/mapping_tree.c')
-rw-r--r-- | ldap/servers/slapd/mapping_tree.c | 51 |
1 files changed, 47 insertions, 4 deletions
diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c index 3b082074..8b4c541b 100644 --- a/ldap/servers/slapd/mapping_tree.c +++ b/ldap/servers/slapd/mapping_tree.c @@ -2262,11 +2262,54 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back if (ret) goto unlock_and_return; - if ((*be) && ((*be != new_be) || mtn_sdn_has_child(target_sdn))) + if (*be) { - ret = LDAP_UNWILLING_TO_PERFORM; - PR_snprintf(errorbuf, BUFSIZ, "Cannot move entries accross backends\n"); - goto unlock_and_return; + /* suffix is a part of mapping tree. We should not free it */ + const Slapi_DN *suffix = slapi_get_suffix_by_dn(target_sdn); + if (NULL == suffix) + { + ret = LDAP_NO_SUCH_OBJECT; + PR_snprintf(errorbuf, BUFSIZ, + "Target entry \"%s\" does not exist\n", + slapi_sdn_get_dn(target_sdn)); + goto unlock_and_return; + } + if (0 == slapi_sdn_compare(target_sdn, suffix)) + { + /* target_sdn is a suffix */ + const Slapi_DN *new_suffix = NULL; + /* new_suffix is a part of mapping tree. We should not free it */ + new_suffix = slapi_get_suffix_by_dn(&dn_newdn); + if (!slapi_be_exist((const Slapi_DN *)&dn_newdn)) + { + /* new_be is an empty backend */ + ret = LDAP_NO_SUCH_OBJECT; + PR_snprintf(errorbuf, BUFSIZ, + "Backend for suffix \"%s\" does not exist\n", newdn); + goto unlock_and_return; + } + if (0 == slapi_sdn_compare(&dn_newdn, new_suffix)) + { + ret = LDAP_ALREADY_EXISTS; + PR_snprintf(errorbuf, BUFSIZ, + "Suffix \"%s\" already exists\n", newdn); + goto unlock_and_return; + } + ret = LDAP_NAMING_VIOLATION; + PR_snprintf(errorbuf, BUFSIZ, "Cannot rename suffix \"%s\"\n", + slapi_sdn_get_dn(target_sdn)); + goto unlock_and_return; + } + else + { + if ((*be != new_be) || mtn_sdn_has_child(target_sdn)) + { + ret = LDAP_AFFECTS_MULTIPLE_DSAS; + PR_snprintf(errorbuf, BUFSIZ, + "Cannot move entries accross backends\n"); + goto unlock_and_return; + } + } } unlock_and_return: |