diff options
author | Noriko Hosoi <nhosoi@redhat.com> | 2010-01-29 17:27:52 -0800 |
---|---|---|
committer | Noriko Hosoi <nhosoi@redhat.com> | 2010-01-29 17:27:52 -0800 |
commit | 1378b056d9662a5667e86f3834e0d82c1610e6a6 (patch) | |
tree | da3d46ed2e899fac0aab47661fcf0ace4490be63 /ldap/servers/slapd/modrdn.c | |
parent | 246527f4c01d32289e0082083d364563af59635a (diff) | |
download | ds-1378b056d9662a5667e86f3834e0d82c1610e6a6.tar.gz ds-1378b056d9662a5667e86f3834e0d82c1610e6a6.tar.xz ds-1378b056d9662a5667e86f3834e0d82c1610e6a6.zip |
559016 - Attempting to rename suffix returns inappropriate errors
https://bugzilla.redhat.com/show_bug.cgi?id=559016
[Fix Description] If the target dn of the modrdn operation is a suffix,
check if the new dn already exists or not. If it exists, it returns
LDAP_ALREADY_EXISTS. If the backend associated with the new dn does
not exist, it returns LDAP_NO_SUCH_OBJECT. Otherwise, it returns
LDAP_NAMING_VIOLATION.
If the target dn of the modrdn is attempted to move across backends,
it returns LDAP_AFFECTS_MULTIPLE_DSAS instead of LDAP_UNWILLING_TO_PERFORM.
Modrdn (op_shared_rename) was logging the parameter errors in the
clients request as SLAPI_LOG_FATAL. Reduced the level to SLAPI_LOG_ARGS.
Also, replaced ldap_explode_dn with slapi_dn_syntax_check to verify
the newsuperior.
By the replacement, 2 bugs in slapi_dn_syntax_check were found.
1) The key for the DN in the hashtable of the attribute syntax has
to be "distinguishedName". 2) Argument type for plg_syntax_validate
was not correct.
Diffstat (limited to 'ldap/servers/slapd/modrdn.c')
-rw-r--r-- | ldap/servers/slapd/modrdn.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/ldap/servers/slapd/modrdn.c b/ldap/servers/slapd/modrdn.c index 8f332a10..38d13000 100644 --- a/ldap/servers/slapd/modrdn.c +++ b/ldap/servers/slapd/modrdn.c @@ -352,7 +352,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args) { if ( !internal_op ) { - slapi_log_access(LDAP_DEBUG_STATS, + slapi_log_access(SLAPI_LOG_ARGS, "conn=%" NSPRIu64 " op=%d MODRDN dn=\"%s\" newrdn=\"%s\" newsuperior=\"%s\"\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, @@ -362,7 +362,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args) } else { - slapi_log_access(LDAP_DEBUG_ARGS, + slapi_log_access(SLAPI_LOG_ARGS, "conn=%s op=%d MODRDN dn=\"%s\" newrdn=\"%s\" newsuperior=\"%s\"\n", LOG_INTERNAL_OP_CON_ID, LOG_INTERNAL_OP_OP_ID, @@ -376,13 +376,13 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args) if ((rdns = ldap_explode_rdn(newrdn, 0)) == NULL) { if ( !internal_op ) { - slapi_log_error(SLAPI_LOG_FATAL, NULL, + slapi_log_error(SLAPI_LOG_ARGS, NULL, "conn=%" NSPRIu64 " op=%d MODRDN invalid new RDN (\"%s\")\n", pb->pb_conn->c_connid, pb->pb_op->o_opid, (NULL == newrdn) ? "(null)" : newrdn); } else { - slapi_log_error(SLAPI_LOG_FATAL, NULL, + slapi_log_error(SLAPI_LOG_ARGS, NULL, "conn=%" NSPRIu64 " op=%d MODRDN invalid new RDN (\"%s\")\n", LOG_INTERNAL_OP_CON_ID, LOG_INTERNAL_OP_OP_ID, @@ -403,30 +403,27 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args) } /* check that the dn is formatted correctly */ - if ((rdns = ldap_explode_dn(newsuperior, 0)) == NULL) + err = slapi_dn_syntax_check(pb, newsuperior, 1); + if (err) { - LDAPDebug(LDAP_DEBUG_ARGS, "ldap_explode_dn of newSuperior failed\n", 0, 0, 0); + LDAPDebug0Args(LDAP_DEBUG_ARGS, "Syntax check of newSuperior failed\n"); if (!internal_op) { - slapi_log_error(SLAPI_LOG_FATAL, NULL, + slapi_log_error(SLAPI_LOG_ARGS, NULL, "conn=%" NSPRIu64 " op=%d MODRDN invalid new superior (\"%s\")", pb->pb_conn->c_connid, pb->pb_op->o_opid, (NULL == newsuperior) ? "(null)" : newsuperiorbuf); } else { - slapi_log_error(SLAPI_LOG_FATAL, NULL, + slapi_log_error(SLAPI_LOG_ARGS, NULL, "conn=%" NSPRIu64 " op=%d MODRDN invalid new superior (\"%s\")", LOG_INTERNAL_OP_CON_ID, LOG_INTERNAL_OP_OP_ID, (NULL == newsuperior) ? "(null)" : newsuperiorbuf); } - send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, + send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL, "newSuperior does not look like a DN", 0, NULL); goto free_and_return_nolock; } - else - { - slapi_ldap_value_free(rdns); - } if (newsuperior != NULL) { @@ -448,7 +445,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args) * if we don't hold it. */ if ((err = slapi_mapping_tree_select_and_check(pb, newdn, &be, &referral, errorbuf)) != LDAP_SUCCESS) - { + { send_ldap_result(pb, err, NULL, errorbuf, 0, NULL); goto free_and_return_nolock; } |