source4/dsdb/samdb/ldb_modules/subtree_delete.c

   1 /*
   2    ldb database library
   3
   4    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2007
   5    Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 /*
  22  *  Name: ldb
  23  *
  24  *  Component: ldb subtree delete (prevention) module
  25  *
  26  *  Description: Prevent deletion of a subtree in LDB
  27  *
  28  *  Author: Andrew Bartlett
  29  */
  30
  31 #include "ldb_includes.h"
  32
  33 struct subtree_delete_context {
  34         enum sd_step {SD_SEARCH, SD_DO_DEL} step;
  35
  36         struct ldb_module *module;
  37         struct ldb_handle *handle;
  38         struct ldb_request *orig_req;
  39
  40         struct ldb_request *search_req;
  41         struct ldb_request *down_req;
  42
  43         int num_children;
  44 };
  45
  46 static struct subtree_delete_context *subtree_delete_init_handle(struct ldb_request *req,
  47                                                                  struct ldb_module *module)
  48 {
  49         struct subtree_delete_context *ac;
  50         struct ldb_handle *h;
  51
  52         h = talloc_zero(req, struct ldb_handle);
  53         if (h == NULL) {
  54                 ldb_set_errstring(module->ldb, "Out of Memory");
  55                 return NULL;
  56         }
  57
  58         h->module = module;
  59
  60         ac = talloc_zero(h, struct subtree_delete_context);
  61         if (ac == NULL) {
  62                 ldb_set_errstring(module->ldb, "Out of Memory");
  63                 talloc_free(h);
  64                 return NULL;
  65         }
  66
  67         h->private_data = ac;
  68
  69         ac->module = module;
  70         ac->handle = h;
  71         ac->orig_req = req;
  72
  73         req->handle = h;
  74
  75         return ac;
  76 }
  77
  78 static int subtree_delete_check_for_children(struct subtree_delete_context *ac)
  79 {
  80         if (ac->num_children > 0) {
  81                 ldb_asprintf_errstring(ac->module->ldb, "Cannot delete %s, not a leaf node (has %d children)\n",
  82                                        ldb_dn_get_linearized(ac->orig_req->op.del.dn), ac->num_children);
  83                 return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF;
  84         } else {
  85                 struct ldb_request *req = talloc(ac, struct ldb_request);
  86                 if (!req) {
  87                         ldb_oom(ac->module->ldb);
  88                         return LDB_ERR_OPERATIONS_ERROR;
  89                 }
  90                 *req = *ac->orig_req;
  91
  92                 /* Ensure any (io) errors during the search for
  93                  * children don't propgate back in the error string */
  94                 ldb_set_errstring(ac->module->ldb, NULL);
  95
  96                 ac->down_req = req;
  97                 ac->step = SD_DO_DEL;
  98                 return ldb_next_request(ac->module, req);
  99         }
 100 }
 101
 102 static int subtree_delete_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares)
 103 {
 104         struct subtree_delete_context *ac = talloc_get_type(context, struct subtree_delete_context);
 105         TALLOC_CTX *mem_ctx = talloc_new(ac);
 106
 107         if (!mem_ctx) {
 108                 ldb_oom(ac->module->ldb);
 109                 return LDB_ERR_OPERATIONS_ERROR;
 110         }
 111         /* OK, we have one of *many* search results here:
 112
 113            We should also get the entry we tried to rename.  This
 114            callback handles this and everything below it.
 115          */
 116
 117         /* Only entries are interesting, and we handle the case of the parent seperatly */
 118         if (ares->type == LDB_REPLY_ENTRY
 119             && ldb_dn_compare(ares->message->dn, ac->orig_req->op.del.dn) != 0) {
 120                 /* And it is an actual entry: now object bitterly that we are not a leaf node */
 121                 ac->num_children++;
 122         }
 123         talloc_free(ares);
 124         return LDB_SUCCESS;
 125 }
 126
 127 /* rename */
 128 static int subtree_delete(struct ldb_module *module, struct ldb_request *req)
 129 {
 130         const char *attrs[] = { NULL };
 131         struct ldb_request *new_req;
 132         struct subtree_delete_context *ac;
 133         int ret;
 134         if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */
 135                 return ldb_next_request(module, req);
 136         }
 137
 138         /* This gets complex:  We need to:
 139            - Do a search for all entires under this entry
 140            - Wait for these results to appear
 141            - In the callback for each result, count the children (if any)
 142            - return an error if there are any
 143         */
 144
 145         ac = subtree_delete_init_handle(req, module);
 146         if (!ac) {
 147                 return LDB_ERR_OPERATIONS_ERROR;
 148         }
 149
 150         ret = ldb_build_search_req(&new_req, module->ldb, req,
 151                                    req->op.del.dn,
 152                                    LDB_SCOPE_SUBTREE,
 153                                    "(objectClass=*)",
 154                                    attrs,
 155                                    req->controls,
 156                                    ac,
 157                                    subtree_delete_search_callback);
 158
 159         if (ret != LDB_SUCCESS) {
 160                 return ret;
 161         }
 162
 163         ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
 164
 165         if (ret != LDB_SUCCESS) {
 166                 return ret;
 167         }
 168
 169         ac->search_req = new_req;
 170         if (req == NULL) {
 171                 ldb_oom(ac->module->ldb);
 172                 return LDB_ERR_OPERATIONS_ERROR;
 173         }
 174         return ldb_next_request(module, new_req);
 175 }
 176
 177
 178 static int subtree_delete_wait_none(struct ldb_handle *handle) {
 179         struct subtree_delete_context *ac;
 180         int ret = LDB_ERR_OPERATIONS_ERROR;
 181         if (!handle || !handle->private_data) {
 182                 return LDB_ERR_OPERATIONS_ERROR;
 183         }
 184
 185         if (handle->state == LDB_ASYNC_DONE) {
 186                 return handle->status;
 187         }
 188
 189         handle->state = LDB_ASYNC_PENDING;
 190         handle->status = LDB_SUCCESS;
 191
 192         ac = talloc_get_type(handle->private_data, struct subtree_delete_context);
 193
 194         switch (ac->step) {
 195         case SD_SEARCH:
 196                 ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE);
 197
 198                 if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) {
 199                         handle->status = ret;
 200                         goto done;
 201                 }
 202                 if (ac->search_req->handle->status != LDB_SUCCESS
 203                         && ac->search_req->handle->status != LDB_ERR_NO_SUCH_OBJECT) {
 204                         handle->status = ac->search_req->handle->status;
 205                         goto done;
 206                 }
 207
 208                 return subtree_delete_check_for_children(ac);
 209
 210         case SD_DO_DEL:
 211                 ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE);
 212
 213                 if (ret != LDB_SUCCESS) {
 214                         handle->status = ret;
 215                         goto done;
 216                 }
 217                 if (ac->down_req->handle->status != LDB_SUCCESS) {
 218                         handle->status = ac->down_req->handle->status;
 219                         goto done;
 220                 }
 221
 222                 if (ac->down_req->handle->state != LDB_ASYNC_DONE) {
 223                         return LDB_SUCCESS;
 224                 }
 225
 226                 break;
 227         }
 228 done:
 229         handle->state = LDB_ASYNC_DONE;
 230         return ret;
 231 }
 232
 233 static int subtree_delete_wait_all(struct ldb_handle *handle) {
 234
 235         int ret;
 236
 237         while (handle->state != LDB_ASYNC_DONE) {
 238                 ret = subtree_delete_wait_none(handle);
 239                 if (ret != LDB_SUCCESS) {
 240                         return ret;
 241                 }
 242         }
 243
 244         return handle->status;
 245 }
 246
 247 static int subtree_delete_wait(struct ldb_handle *handle, enum ldb_wait_type type)
 248 {
 249         if (type == LDB_WAIT_ALL) {
 250                 return subtree_delete_wait_all(handle);
 251         } else {
 252                 return subtree_delete_wait_none(handle);
 253         }
 254 }
 255
 256 const struct ldb_module_ops ldb_subtree_delete_module_ops = {
 257         .name              = "subtree_delete",
 258         .del               = subtree_delete,
 259         .wait              = subtree_delete_wait,
 260 };