4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include "ldb_private.h"
57 prevent memory errors on callbacks
60 struct ltdb_context *ctx;
64 map a tdb error code to a ldb error code
66 int ltdb_err_map(enum TDB_ERROR tdb_code)
74 return LDB_ERR_OPERATIONS_ERROR;
76 return LDB_ERR_PROTOCOL_ERROR;
80 case TDB_ERR_LOCK_TIMEOUT:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED;
83 return LDB_ERR_ENTRY_ALREADY_EXISTS;
85 return LDB_ERR_NO_SUCH_OBJECT;
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
97 int ltdb_lock_read(struct ldb_module *module)
99 void *data = ldb_module_get_private(module);
100 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
104 if (ltdb->in_transaction == 0 &&
105 ltdb->read_lock_count == 0) {
106 tdb_ret = tdb_lockall_read(ltdb->tdb);
109 ltdb->read_lock_count++;
112 ret = ltdb_err_map(tdb_error(ltdb->tdb));
113 if (ret == LDB_SUCCESS) {
114 ret = LDB_ERR_OPERATIONS_ERROR;
116 ldb_debug_set(ldb_module_get_ctx(module),
118 "Failure during ltdb_lock_read(): %s -> %s",
119 tdb_errorstr(ltdb->tdb),
125 unlock the database after a ltdb_lock_read()
127 int ltdb_unlock_read(struct ldb_module *module)
129 void *data = ldb_module_get_private(module);
130 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
131 if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
132 tdb_unlockall_read(ltdb->tdb);
133 ltdb->read_lock_count--;
136 ltdb->read_lock_count--;
142 * Determine if this key could hold a record. We allow the new GUID
143 * index, the old DN index and a possible future ID=
145 bool ltdb_key_is_record(TDB_DATA key)
151 if (memcmp(key.dptr, "DN=", 3) == 0) {
155 if (memcmp(key.dptr, "ID=", 3) == 0) {
159 if (key.dsize < sizeof(LTDB_GUID_KEY_PREFIX)) {
163 if (memcmp(key.dptr, LTDB_GUID_KEY_PREFIX,
164 sizeof(LTDB_GUID_KEY_PREFIX) - 1) == 0) {
172 form a TDB_DATA for a record key
175 note that the key for a record can depend on whether the
176 dn refers to a case sensitive index record or not
178 TDB_DATA ltdb_key_dn(struct ldb_module *module, struct ldb_dn *dn)
180 struct ldb_context *ldb = ldb_module_get_ctx(module);
182 char *key_str = NULL;
183 const char *dn_folded = NULL;
186 most DNs are case insensitive. The exception is index DNs for
187 case sensitive attributes
189 there are 3 cases dealt with in this code:
191 1) if the dn doesn't start with @ then uppercase the attribute
192 names and the attributes values of case insensitive attributes
193 2) if the dn starts with @ then leave it alone -
194 the indexing code handles the rest
197 dn_folded = ldb_dn_get_casefold(dn);
202 key_str = talloc_strdup(ldb, "DN=");
207 key_str = talloc_strdup_append_buffer(key_str, dn_folded);
212 key.dptr = (uint8_t *)key_str;
213 key.dsize = strlen(key_str) + 1;
225 form a TDB_DATA for a record key
228 note that the key for a record can depend on whether the
229 dn refers to a case sensitive index record or not
231 TDB_DATA ltdb_key_msg(struct ldb_module *module,
232 const struct ldb_message *msg)
234 return ltdb_key_dn(module, msg->dn);
238 check special dn's have valid attributes
239 currently only @ATTRIBUTES is checked
241 static int ltdb_check_special_dn(struct ldb_module *module,
242 const struct ldb_message *msg)
244 struct ldb_context *ldb = ldb_module_get_ctx(module);
247 if (! ldb_dn_is_special(msg->dn) ||
248 ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
252 /* we have @ATTRIBUTES, let's check attributes are fine */
253 /* should we check that we deny multivalued attributes ? */
254 for (i = 0; i < msg->num_elements; i++) {
255 if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) continue;
257 for (j = 0; j < msg->elements[i].num_values; j++) {
258 if (ltdb_check_at_attributes_values(&msg->elements[i].values[j]) != 0) {
259 ldb_set_errstring(ldb, "Invalid attribute value in an @ATTRIBUTES entry");
260 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
270 we've made a modification to a dn - possibly reindex and
271 update sequence number
273 static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
275 int ret = LDB_SUCCESS;
276 struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
278 /* only allow modifies inside a transaction, otherwise the
280 if (ltdb->in_transaction == 0) {
281 ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
282 return LDB_ERR_OPERATIONS_ERROR;
285 if (ldb_dn_is_special(dn) &&
286 (ldb_dn_check_special(dn, LTDB_INDEXLIST) ||
287 ldb_dn_check_special(dn, LTDB_ATTRIBUTES)) )
289 if (ltdb->warn_reindex) {
290 ldb_debug(ldb_module_get_ctx(module),
291 LDB_DEBUG_ERROR, "Reindexing %s due to modification on %s",
292 tdb_name(ltdb->tdb), ldb_dn_get_linearized(dn));
294 ret = ltdb_reindex(module);
297 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
298 if (ret == LDB_SUCCESS &&
299 !(ldb_dn_is_special(dn) &&
300 ldb_dn_check_special(dn, LTDB_BASEINFO)) ) {
301 ret = ltdb_increase_sequence_number(module);
304 /* If the modify was to @OPTIONS, reload the cache */
305 if (ret == LDB_SUCCESS &&
306 ldb_dn_is_special(dn) &&
307 (ldb_dn_check_special(dn, LTDB_OPTIONS)) ) {
308 ret = ltdb_cache_reload(module);
315 store a record into the db
317 int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
319 void *data = ldb_module_get_private(module);
320 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
321 TDB_DATA tdb_key, tdb_data;
322 struct ldb_val ldb_data;
323 int ret = LDB_SUCCESS;
325 if (ltdb->read_only) {
326 return LDB_ERR_UNWILLING_TO_PERFORM;
329 tdb_key = ltdb_key_msg(module, msg);
330 if (tdb_key.dptr == NULL) {
331 return LDB_ERR_OTHER;
334 ret = ldb_pack_data(ldb_module_get_ctx(module),
337 talloc_free(tdb_key.dptr);
338 return LDB_ERR_OTHER;
341 tdb_data.dptr = ldb_data.data;
342 tdb_data.dsize = ldb_data.length;
344 ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
346 ret = ltdb_err_map(tdb_error(ltdb->tdb));
351 talloc_free(tdb_key.dptr);
352 talloc_free(ldb_data.data);
359 check if a attribute is a single valued, for a given element
361 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute *a,
362 struct ldb_message_element *el)
364 if (!a) return false;
366 if (el->flags & LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK) {
367 /* override from a ldb module, for example
368 used for the description field, which is
369 marked multi-valued in the schema but which
370 should not actually accept multiple
374 if (el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK) {
375 /* override from a ldb module, for example used for
376 deleted linked attribute entries */
380 if (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
386 static int ltdb_add_internal(struct ldb_module *module,
387 struct ltdb_private *ltdb,
388 const struct ldb_message *msg,
389 bool check_single_value)
391 struct ldb_context *ldb = ldb_module_get_ctx(module);
392 int ret = LDB_SUCCESS;
395 for (i=0;i<msg->num_elements;i++) {
396 struct ldb_message_element *el = &msg->elements[i];
397 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
399 if (el->num_values == 0) {
400 ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
401 el->name, ldb_dn_get_linearized(msg->dn));
402 return LDB_ERR_CONSTRAINT_VIOLATION;
404 if (check_single_value &&
405 el->num_values > 1 &&
406 ldb_tdb_single_valued(a, el)) {
407 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
408 el->name, ldb_dn_get_linearized(msg->dn));
409 return LDB_ERR_CONSTRAINT_VIOLATION;
412 /* Do not check "@ATTRIBUTES" for duplicated values */
413 if (ldb_dn_is_special(msg->dn) &&
414 ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
418 if (check_single_value &&
420 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
421 struct ldb_val *duplicate = NULL;
423 ret = ldb_msg_find_duplicate_val(ldb, discard_const(msg),
425 if (ret != LDB_SUCCESS) {
428 if (duplicate != NULL) {
429 ldb_asprintf_errstring(
431 "attribute '%s': value '%.*s' on '%s' "
432 "provided more than once in ADD object",
434 (int)duplicate->length,
436 ldb_dn_get_linearized(msg->dn));
437 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
442 ret = ltdb_store(module, msg, TDB_INSERT);
443 if (ret != LDB_SUCCESS) {
444 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
445 ldb_asprintf_errstring(ldb,
446 "Entry %s already exists",
447 ldb_dn_get_linearized(msg->dn));
452 ret = ltdb_index_add_new(module, ltdb, msg);
453 if (ret != LDB_SUCCESS) {
457 ret = ltdb_modified(module, msg->dn);
463 add a record to the database
465 static int ltdb_add(struct ltdb_context *ctx)
467 struct ldb_module *module = ctx->module;
468 struct ldb_request *req = ctx->req;
469 void *data = ldb_module_get_private(module);
470 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
471 int ret = LDB_SUCCESS;
473 ret = ltdb_check_special_dn(module, req->op.add.message);
474 if (ret != LDB_SUCCESS) {
478 ldb_request_set_state(req, LDB_ASYNC_PENDING);
480 if (ltdb_cache_load(module) != 0) {
481 return LDB_ERR_OPERATIONS_ERROR;
484 ret = ltdb_add_internal(module, ltdb,
485 req->op.add.message, true);
491 delete a record from the database, not updating indexes (used for deleting
494 int ltdb_delete_noindex(struct ldb_module *module,
495 const struct ldb_message *msg)
497 void *data = ldb_module_get_private(module);
498 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
502 if (ltdb->read_only) {
503 return LDB_ERR_UNWILLING_TO_PERFORM;
506 tdb_key = ltdb_key_dn(module, msg->dn);
508 return LDB_ERR_OTHER;
511 ret = tdb_delete(ltdb->tdb, tdb_key);
512 talloc_free(tdb_key.dptr);
515 ret = ltdb_err_map(tdb_error(ltdb->tdb));
521 static int ltdb_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
523 struct ldb_message *msg;
524 int ret = LDB_SUCCESS;
526 msg = ldb_msg_new(module);
528 return LDB_ERR_OPERATIONS_ERROR;
531 /* in case any attribute of the message was indexed, we need
532 to fetch the old record */
533 ret = ltdb_search_dn1(module, dn, msg, LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
534 if (ret != LDB_SUCCESS) {
535 /* not finding the old record is an error */
539 ret = ltdb_delete_noindex(module, msg);
540 if (ret != LDB_SUCCESS) {
544 /* remove any indexed attributes */
545 ret = ltdb_index_delete(module, msg);
546 if (ret != LDB_SUCCESS) {
550 ret = ltdb_modified(module, dn);
551 if (ret != LDB_SUCCESS) {
561 delete a record from the database
563 static int ltdb_delete(struct ltdb_context *ctx)
565 struct ldb_module *module = ctx->module;
566 struct ldb_request *req = ctx->req;
567 int ret = LDB_SUCCESS;
569 ldb_request_set_state(req, LDB_ASYNC_PENDING);
571 if (ltdb_cache_load(module) != 0) {
572 return LDB_ERR_OPERATIONS_ERROR;
575 ret = ltdb_delete_internal(module, req->op.del.dn);
581 find an element by attribute name. At the moment this does a linear search,
582 it should be re-coded to use a binary search once all places that modify
583 records guarantee sorted order
585 return the index of the first matching element if found, otherwise -1
587 static int find_element(const struct ldb_message *msg, const char *name)
590 for (i=0;i<msg->num_elements;i++) {
591 if (ldb_attr_cmp(msg->elements[i].name, name) == 0) {
600 add an element to an existing record. Assumes a elements array that we
601 can call re-alloc on, and assumed that we can re-use the data pointers from
602 the passed in additional values. Use with care!
604 returns 0 on success, -1 on failure (and sets errno)
606 static int ltdb_msg_add_element(struct ldb_message *msg,
607 struct ldb_message_element *el)
609 struct ldb_message_element *e2;
612 if (el->num_values == 0) {
613 /* nothing to do here - we don't add empty elements */
617 e2 = talloc_realloc(msg, msg->elements, struct ldb_message_element,
618 msg->num_elements+1);
626 e2 = &msg->elements[msg->num_elements];
629 e2->flags = el->flags;
630 e2->values = talloc_array(msg->elements,
631 struct ldb_val, el->num_values);
636 for (i=0;i<el->num_values;i++) {
637 e2->values[i] = el->values[i];
639 e2->num_values = el->num_values;
647 delete all elements having a specified attribute name
649 static int msg_delete_attribute(struct ldb_module *module,
650 struct ltdb_private *ltdb,
651 struct ldb_message *msg, const char *name)
655 struct ldb_message_element *el;
656 bool is_special = ldb_dn_is_special(msg->dn);
659 && ltdb->cache->GUID_index_attribute != NULL
660 && ldb_attr_cmp(name, ltdb->cache->GUID_index_attribute) == 0) {
661 struct ldb_context *ldb = ldb_module_get_ctx(module);
662 ldb_asprintf_errstring(ldb, "Must not modify GUID "
663 "attribute %s (used as DB index)",
664 ltdb->cache->GUID_index_attribute);
665 return LDB_ERR_CONSTRAINT_VIOLATION;
668 el = ldb_msg_find_element(msg, name);
670 return LDB_ERR_NO_SUCH_ATTRIBUTE;
672 i = el - msg->elements;
674 ret = ltdb_index_del_element(module, ltdb, msg->dn, el);
675 if (ret != LDB_SUCCESS) {
679 talloc_free(el->values);
680 if (msg->num_elements > (i+1)) {
681 memmove(el, el+1, sizeof(*el) * (msg->num_elements - (i+1)));
684 msg->elements = talloc_realloc(msg, msg->elements,
685 struct ldb_message_element,
691 delete all elements matching an attribute name/value
693 return LDB Error on failure
695 static int msg_delete_element(struct ldb_module *module,
696 struct ltdb_private *ltdb,
697 struct ldb_message *msg,
699 const struct ldb_val *val)
701 struct ldb_context *ldb = ldb_module_get_ctx(module);
704 struct ldb_message_element *el;
705 const struct ldb_schema_attribute *a;
707 found = find_element(msg, name);
709 return LDB_ERR_NO_SUCH_ATTRIBUTE;
712 i = (unsigned int) found;
713 el = &(msg->elements[i]);
715 a = ldb_schema_attribute_by_name(ldb, el->name);
717 for (i=0;i<el->num_values;i++) {
719 if (a->syntax->operator_fn) {
720 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
721 &el->values[i], val, &matched);
722 if (ret != LDB_SUCCESS) return ret;
724 matched = (a->syntax->comparison_fn(ldb, ldb,
725 &el->values[i], val) == 0);
728 if (el->num_values == 1) {
729 return msg_delete_attribute(module,
733 ret = ltdb_index_del_value(module, ltdb, msg->dn, el, i);
734 if (ret != LDB_SUCCESS) {
738 if (i<el->num_values-1) {
739 memmove(&el->values[i], &el->values[i+1],
740 sizeof(el->values[i])*
741 (el->num_values-(i+1)));
745 /* per definition we find in a canonicalised message an
746 attribute value only once. So we are finished here */
752 return LDB_ERR_NO_SUCH_ATTRIBUTE;
757 modify a record - internal interface
759 yuck - this is O(n^2). Luckily n is usually small so we probably
760 get away with it, but if we ever have really large attribute lists
761 then we'll need to look at this again
763 'req' is optional, and is used to specify controls if supplied
765 int ltdb_modify_internal(struct ldb_module *module,
766 const struct ldb_message *msg,
767 struct ldb_request *req)
769 struct ldb_context *ldb = ldb_module_get_ctx(module);
770 void *data = ldb_module_get_private(module);
771 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
772 struct ldb_message *msg2;
774 int ret = LDB_SUCCESS, idx;
775 struct ldb_control *control_permissive = NULL;
776 TALLOC_CTX *mem_ctx = talloc_new(req);
778 if (mem_ctx == NULL) {
779 return ldb_module_oom(module);
783 control_permissive = ldb_request_get_control(req,
784 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
787 msg2 = ldb_msg_new(mem_ctx);
793 ret = ltdb_search_dn1(module, msg->dn,
795 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
796 if (ret != LDB_SUCCESS) {
800 for (i=0; i<msg->num_elements; i++) {
801 struct ldb_message_element *el = &msg->elements[i], *el2;
802 struct ldb_val *vals;
803 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
805 uint32_t options = 0;
806 if (control_permissive != NULL) {
807 options |= LDB_MSG_FIND_COMMON_REMOVE_DUPLICATES;
810 switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
811 case LDB_FLAG_MOD_ADD:
813 if (el->num_values == 0) {
814 ldb_asprintf_errstring(ldb,
815 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
816 el->name, ldb_dn_get_linearized(msg2->dn));
817 ret = LDB_ERR_CONSTRAINT_VIOLATION;
821 /* make a copy of the array so that a permissive
822 * control can remove duplicates without changing the
823 * original values, but do not copy data as we do not
824 * need to keep it around once the operation is
826 if (control_permissive) {
827 el = talloc(msg2, struct ldb_message_element);
832 *el = msg->elements[i];
833 el->values = talloc_array(el, struct ldb_val, el->num_values);
834 if (el->values == NULL) {
838 for (j = 0; j < el->num_values; j++) {
839 el->values[j] = msg->elements[i].values[j];
843 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
844 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
845 el->name, ldb_dn_get_linearized(msg2->dn));
846 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
850 /* Checks if element already exists */
851 idx = find_element(msg2, el->name);
853 if (ltdb_msg_add_element(msg2, el) != 0) {
857 ret = ltdb_index_add_element(module, ltdb,
860 if (ret != LDB_SUCCESS) {
864 j = (unsigned int) idx;
865 el2 = &(msg2->elements[j]);
867 /* We cannot add another value on a existing one
868 if the attribute is single-valued */
869 if (ldb_tdb_single_valued(a, el)) {
870 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
871 el->name, ldb_dn_get_linearized(msg2->dn));
872 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
876 /* Check that values don't exist yet on multi-
877 valued attributes or aren't provided twice */
879 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
880 struct ldb_val *duplicate = NULL;
881 ret = ldb_msg_find_common_values(ldb,
888 LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
889 ldb_asprintf_errstring(ldb,
890 "attribute '%s': value "
891 "#%u on '%s' already "
892 "exists", el->name, j,
893 ldb_dn_get_linearized(msg2->dn));
895 } else if (ret != LDB_SUCCESS) {
899 ret = ldb_msg_find_duplicate_val(
900 ldb, msg2, el, &duplicate, 0);
901 if (ret != LDB_SUCCESS) {
904 if (duplicate != NULL) {
905 ldb_asprintf_errstring(
907 "attribute '%s': value "
909 "provided more than "
912 (int)duplicate->length,
914 ldb_dn_get_linearized(msg->dn));
915 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
920 /* Now combine existing and new values to a new
922 vals = talloc_realloc(msg2->elements,
923 el2->values, struct ldb_val,
924 el2->num_values + el->num_values);
931 for (j=0; j<el->num_values; j++) {
932 vals[el2->num_values + j] =
933 ldb_val_dup(vals, &el->values[j]);
937 el2->num_values += el->num_values;
939 ret = ltdb_index_add_element(module, ltdb,
941 if (ret != LDB_SUCCESS) {
948 case LDB_FLAG_MOD_REPLACE:
950 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
951 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
952 el->name, ldb_dn_get_linearized(msg2->dn));
953 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
958 * We don't need to check this if we have been
959 * pre-screened by the repl_meta_data module
960 * in Samba, or someone else who can claim to
961 * know what they are doing.
963 if (!(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
964 struct ldb_val *duplicate = NULL;
966 ret = ldb_msg_find_duplicate_val(ldb, msg2, el,
968 if (ret != LDB_SUCCESS) {
971 if (duplicate != NULL) {
972 ldb_asprintf_errstring(
974 "attribute '%s': value '%.*s' "
975 "on '%s' provided more than "
978 (int)duplicate->length,
980 ldb_dn_get_linearized(msg2->dn));
981 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
986 /* Checks if element already exists */
987 idx = find_element(msg2, el->name);
989 j = (unsigned int) idx;
990 el2 = &(msg2->elements[j]);
992 /* we consider two elements to be
993 * equal only if the order
994 * matches. This allows dbcheck to
995 * fix the ordering on attributes
996 * where order matters, such as
999 if (ldb_msg_element_equal_ordered(el, el2)) {
1003 /* Delete the attribute if it exists in the DB */
1004 if (msg_delete_attribute(module, ltdb,
1007 ret = LDB_ERR_OTHER;
1012 /* Recreate it with the new values */
1013 if (ltdb_msg_add_element(msg2, el) != 0) {
1014 ret = LDB_ERR_OTHER;
1018 ret = ltdb_index_add_element(module, ltdb,
1020 if (ret != LDB_SUCCESS) {
1026 case LDB_FLAG_MOD_DELETE:
1027 dn = ldb_dn_get_linearized(msg2->dn);
1029 ret = LDB_ERR_OTHER;
1033 if (msg->elements[i].num_values == 0) {
1034 /* Delete the whole attribute */
1035 ret = msg_delete_attribute(module,
1038 msg->elements[i].name);
1039 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
1040 control_permissive) {
1043 ldb_asprintf_errstring(ldb,
1044 "attribute '%s': no such attribute for delete on '%s'",
1045 msg->elements[i].name, dn);
1047 if (ret != LDB_SUCCESS) {
1051 /* Delete specified values from an attribute */
1052 for (j=0; j < msg->elements[i].num_values; j++) {
1053 ret = msg_delete_element(module,
1056 msg->elements[i].name,
1057 &msg->elements[i].values[j]);
1058 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
1059 control_permissive) {
1061 } else if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
1062 ldb_asprintf_errstring(ldb,
1063 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
1064 msg->elements[i].name, dn);
1066 if (ret != LDB_SUCCESS) {
1073 ldb_asprintf_errstring(ldb,
1074 "attribute '%s': invalid modify flags on '%s': 0x%x",
1075 msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
1076 msg->elements[i].flags & LDB_FLAG_MOD_MASK);
1077 ret = LDB_ERR_PROTOCOL_ERROR;
1082 ret = ltdb_store(module, msg2, TDB_MODIFY);
1083 if (ret != LDB_SUCCESS) {
1087 ret = ltdb_modified(module, msg2->dn);
1088 if (ret != LDB_SUCCESS) {
1093 TALLOC_FREE(mem_ctx);
1100 static int ltdb_modify(struct ltdb_context *ctx)
1102 struct ldb_module *module = ctx->module;
1103 struct ldb_request *req = ctx->req;
1104 int ret = LDB_SUCCESS;
1106 ret = ltdb_check_special_dn(module, req->op.mod.message);
1107 if (ret != LDB_SUCCESS) {
1111 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1113 if (ltdb_cache_load(module) != 0) {
1114 return LDB_ERR_OPERATIONS_ERROR;
1117 ret = ltdb_modify_internal(module, req->op.mod.message, req);
1125 static int ltdb_rename(struct ltdb_context *ctx)
1127 struct ldb_module *module = ctx->module;
1128 void *data = ldb_module_get_private(module);
1129 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1130 struct ldb_request *req = ctx->req;
1131 struct ldb_message *msg;
1132 int ret = LDB_SUCCESS;
1133 TDB_DATA tdb_key, tdb_key_old;
1135 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1137 if (ltdb_cache_load(ctx->module) != 0) {
1138 return LDB_ERR_OPERATIONS_ERROR;
1141 msg = ldb_msg_new(ctx);
1143 return LDB_ERR_OPERATIONS_ERROR;
1146 /* we need to fetch the old record to re-add under the new name */
1147 ret = ltdb_search_dn1(module, req->op.rename.olddn, msg,
1148 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
1149 if (ret != LDB_SUCCESS) {
1150 /* not finding the old record is an error */
1154 /* We need to, before changing the DB, check if the new DN
1155 * exists, so we can return this error to the caller with an
1157 tdb_key = ltdb_key_dn(module, req->op.rename.newdn);
1158 if (!tdb_key.dptr) {
1160 return LDB_ERR_OPERATIONS_ERROR;
1163 tdb_key_old = ltdb_key_dn(module, req->op.rename.olddn);
1164 if (!tdb_key_old.dptr) {
1166 talloc_free(tdb_key.dptr);
1167 return LDB_ERR_OPERATIONS_ERROR;
1170 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1171 if (tdb_key_old.dsize != tdb_key.dsize || memcmp(tdb_key.dptr, tdb_key_old.dptr, tdb_key.dsize) != 0) {
1172 if (tdb_exists(ltdb->tdb, tdb_key)) {
1173 talloc_free(tdb_key_old.dptr);
1174 talloc_free(tdb_key.dptr);
1175 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1176 "Entry %s already exists",
1177 ldb_dn_get_linearized(req->op.rename.newdn));
1178 /* finding the new record already in the DB is an error */
1180 return LDB_ERR_ENTRY_ALREADY_EXISTS;
1183 talloc_free(tdb_key_old.dptr);
1184 talloc_free(tdb_key.dptr);
1186 /* Always delete first then add, to avoid conflicts with
1187 * unique indexes. We rely on the transaction to make this
1190 ret = ltdb_delete_internal(module, msg->dn);
1191 if (ret != LDB_SUCCESS) {
1196 msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
1197 if (msg->dn == NULL) {
1199 return LDB_ERR_OPERATIONS_ERROR;
1202 /* We don't check single value as we can have more than 1 with
1203 * deleted attributes. We could go through all elements but that's
1204 * maybe not the most efficient way
1206 ret = ltdb_add_internal(module, ltdb, msg, false);
1213 static int ltdb_start_trans(struct ldb_module *module)
1215 void *data = ldb_module_get_private(module);
1216 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1218 /* Do not take out the transaction lock on a read-only DB */
1219 if (ltdb->read_only) {
1220 return LDB_ERR_UNWILLING_TO_PERFORM;
1223 if (tdb_transaction_start(ltdb->tdb) != 0) {
1224 return ltdb_err_map(tdb_error(ltdb->tdb));
1227 ltdb->in_transaction++;
1229 ltdb_index_transaction_start(module);
1234 static int ltdb_prepare_commit(struct ldb_module *module)
1237 void *data = ldb_module_get_private(module);
1238 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1240 if (ltdb->in_transaction != 1) {
1244 ret = ltdb_index_transaction_commit(module);
1245 if (ret != LDB_SUCCESS) {
1246 tdb_transaction_cancel(ltdb->tdb);
1247 ltdb->in_transaction--;
1251 if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
1252 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1253 ltdb->in_transaction--;
1254 ldb_debug_set(ldb_module_get_ctx(module),
1257 "tdb_transaction_prepare_commit(): %s -> %s",
1258 tdb_errorstr(ltdb->tdb),
1263 ltdb->prepared_commit = true;
1268 static int ltdb_end_trans(struct ldb_module *module)
1271 void *data = ldb_module_get_private(module);
1272 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1274 if (!ltdb->prepared_commit) {
1275 ret = ltdb_prepare_commit(module);
1276 if (ret != LDB_SUCCESS) {
1281 ltdb->in_transaction--;
1282 ltdb->prepared_commit = false;
1284 if (tdb_transaction_commit(ltdb->tdb) != 0) {
1285 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1286 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1287 "Failure during tdb_transaction_commit(): %s -> %s",
1288 tdb_errorstr(ltdb->tdb),
1296 static int ltdb_del_trans(struct ldb_module *module)
1298 void *data = ldb_module_get_private(module);
1299 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1301 ltdb->in_transaction--;
1303 if (ltdb_index_transaction_cancel(module) != 0) {
1304 tdb_transaction_cancel(ltdb->tdb);
1305 return ltdb_err_map(tdb_error(ltdb->tdb));
1308 tdb_transaction_cancel(ltdb->tdb);
1313 return sequenceNumber from @BASEINFO
1315 static int ltdb_sequence_number(struct ltdb_context *ctx,
1316 struct ldb_extended **ext)
1318 struct ldb_context *ldb;
1319 struct ldb_module *module = ctx->module;
1320 struct ldb_request *req = ctx->req;
1321 TALLOC_CTX *tmp_ctx = NULL;
1322 struct ldb_seqnum_request *seq;
1323 struct ldb_seqnum_result *res;
1324 struct ldb_message *msg = NULL;
1327 int ret = LDB_SUCCESS;
1329 ldb = ldb_module_get_ctx(module);
1331 seq = talloc_get_type(req->op.extended.data,
1332 struct ldb_seqnum_request);
1334 return LDB_ERR_OPERATIONS_ERROR;
1337 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1339 if (ltdb_lock_read(module) != 0) {
1340 return LDB_ERR_OPERATIONS_ERROR;
1343 res = talloc_zero(req, struct ldb_seqnum_result);
1345 ret = LDB_ERR_OPERATIONS_ERROR;
1349 tmp_ctx = talloc_new(req);
1350 if (tmp_ctx == NULL) {
1351 ret = LDB_ERR_OPERATIONS_ERROR;
1355 dn = ldb_dn_new(tmp_ctx, ldb, LTDB_BASEINFO);
1357 ret = LDB_ERR_OPERATIONS_ERROR;
1361 msg = ldb_msg_new(tmp_ctx);
1363 ret = LDB_ERR_OPERATIONS_ERROR;
1367 ret = ltdb_search_dn1(module, dn, msg, 0);
1368 if (ret != LDB_SUCCESS) {
1372 switch (seq->type) {
1373 case LDB_SEQ_HIGHEST_SEQ:
1374 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1377 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1380 case LDB_SEQ_HIGHEST_TIMESTAMP:
1381 date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL);
1383 res->seq_num = ldb_string_to_time(date);
1386 /* zero is as good as anything when we don't know */
1391 *ext = talloc_zero(req, struct ldb_extended);
1393 ret = LDB_ERR_OPERATIONS_ERROR;
1396 (*ext)->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
1397 (*ext)->data = talloc_steal(*ext, res);
1400 talloc_free(tmp_ctx);
1401 ltdb_unlock_read(module);
1405 static void ltdb_request_done(struct ltdb_context *ctx, int error)
1407 struct ldb_context *ldb;
1408 struct ldb_request *req;
1409 struct ldb_reply *ares;
1411 ldb = ldb_module_get_ctx(ctx->module);
1414 /* if we already returned an error just return */
1415 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1419 ares = talloc_zero(req, struct ldb_reply);
1422 req->callback(req, NULL);
1425 ares->type = LDB_REPLY_DONE;
1426 ares->error = error;
1428 req->callback(req, ares);
1431 static void ltdb_timeout(struct tevent_context *ev,
1432 struct tevent_timer *te,
1436 struct ltdb_context *ctx;
1437 ctx = talloc_get_type(private_data, struct ltdb_context);
1439 if (!ctx->request_terminated) {
1440 /* request is done now */
1441 ltdb_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED);
1445 /* neutralize the spy */
1446 ctx->spy->ctx = NULL;
1452 static void ltdb_request_extended_done(struct ltdb_context *ctx,
1453 struct ldb_extended *ext,
1456 struct ldb_context *ldb;
1457 struct ldb_request *req;
1458 struct ldb_reply *ares;
1460 ldb = ldb_module_get_ctx(ctx->module);
1463 /* if we already returned an error just return */
1464 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1468 ares = talloc_zero(req, struct ldb_reply);
1471 req->callback(req, NULL);
1474 ares->type = LDB_REPLY_DONE;
1475 ares->response = ext;
1476 ares->error = error;
1478 req->callback(req, ares);
1481 static void ltdb_handle_extended(struct ltdb_context *ctx)
1483 struct ldb_extended *ext = NULL;
1486 if (strcmp(ctx->req->op.extended.oid,
1487 LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
1488 /* get sequence number */
1489 ret = ltdb_sequence_number(ctx, &ext);
1491 /* not recognized */
1492 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1495 ltdb_request_extended_done(ctx, ext, ret);
1498 static void ltdb_callback(struct tevent_context *ev,
1499 struct tevent_timer *te,
1503 struct ltdb_context *ctx;
1506 ctx = talloc_get_type(private_data, struct ltdb_context);
1508 if (ctx->request_terminated) {
1512 switch (ctx->req->operation) {
1514 ret = ltdb_search(ctx);
1517 ret = ltdb_add(ctx);
1520 ret = ltdb_modify(ctx);
1523 ret = ltdb_delete(ctx);
1526 ret = ltdb_rename(ctx);
1529 ltdb_handle_extended(ctx);
1532 /* no other op supported */
1533 ret = LDB_ERR_PROTOCOL_ERROR;
1536 if (!ctx->request_terminated) {
1537 /* request is done now */
1538 ltdb_request_done(ctx, ret);
1543 /* neutralize the spy */
1544 ctx->spy->ctx = NULL;
1550 static int ltdb_request_destructor(void *ptr)
1552 struct ltdb_req_spy *spy = talloc_get_type(ptr, struct ltdb_req_spy);
1554 if (spy->ctx != NULL) {
1555 spy->ctx->spy = NULL;
1556 spy->ctx->request_terminated = true;
1563 static int ltdb_handle_request(struct ldb_module *module,
1564 struct ldb_request *req)
1566 struct ldb_control *control_permissive;
1567 struct ldb_context *ldb;
1568 struct tevent_context *ev;
1569 struct ltdb_context *ac;
1570 struct tevent_timer *te;
1574 ldb = ldb_module_get_ctx(module);
1576 control_permissive = ldb_request_get_control(req,
1577 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1579 for (i = 0; req->controls && req->controls[i]; i++) {
1580 if (req->controls[i]->critical &&
1581 req->controls[i] != control_permissive) {
1582 ldb_asprintf_errstring(ldb, "Unsupported critical extension %s",
1583 req->controls[i]->oid);
1584 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1588 if (req->starttime == 0 || req->timeout == 0) {
1589 ldb_set_errstring(ldb, "Invalid timeout settings");
1590 return LDB_ERR_TIME_LIMIT_EXCEEDED;
1593 ev = ldb_handle_get_event_context(req->handle);
1595 ac = talloc_zero(ldb, struct ltdb_context);
1598 return LDB_ERR_OPERATIONS_ERROR;
1601 ac->module = module;
1606 te = tevent_add_timer(ev, ac, tv, ltdb_callback, ac);
1609 return LDB_ERR_OPERATIONS_ERROR;
1612 if (req->timeout > 0) {
1613 tv.tv_sec = req->starttime + req->timeout;
1615 ac->timeout_event = tevent_add_timer(ev, ac, tv,
1617 if (NULL == ac->timeout_event) {
1619 return LDB_ERR_OPERATIONS_ERROR;
1623 /* set a spy so that we do not try to use the request context
1624 * if it is freed before ltdb_callback fires */
1625 ac->spy = talloc(req, struct ltdb_req_spy);
1626 if (NULL == ac->spy) {
1628 return LDB_ERR_OPERATIONS_ERROR;
1632 talloc_set_destructor((TALLOC_CTX *)ac->spy, ltdb_request_destructor);
1637 static int ltdb_init_rootdse(struct ldb_module *module)
1639 /* ignore errors on this - we expect it for non-sam databases */
1640 ldb_mod_register_control(module, LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1642 /* there can be no module beyond the backend, just return */
1646 static const struct ldb_module_ops ltdb_ops = {
1648 .init_context = ltdb_init_rootdse,
1649 .search = ltdb_handle_request,
1650 .add = ltdb_handle_request,
1651 .modify = ltdb_handle_request,
1652 .del = ltdb_handle_request,
1653 .rename = ltdb_handle_request,
1654 .extended = ltdb_handle_request,
1655 .start_transaction = ltdb_start_trans,
1656 .end_transaction = ltdb_end_trans,
1657 .prepare_commit = ltdb_prepare_commit,
1658 .del_transaction = ltdb_del_trans,
1659 .read_lock = ltdb_lock_read,
1660 .read_unlock = ltdb_unlock_read,
1664 connect to the database
1666 static int ltdb_connect(struct ldb_context *ldb, const char *url,
1667 unsigned int flags, const char *options[],
1668 struct ldb_module **_module)
1670 struct ldb_module *module;
1672 int tdb_flags, open_flags;
1673 struct ltdb_private *ltdb;
1676 * We hold locks, so we must use a private event context
1677 * on each returned handle
1680 ldb_set_require_private_event_context(ldb);
1683 if (strchr(url, ':')) {
1684 if (strncmp(url, "tdb://", 6) != 0) {
1685 ldb_debug(ldb, LDB_DEBUG_ERROR,
1686 "Invalid tdb URL '%s'", url);
1687 return LDB_ERR_OPERATIONS_ERROR;
1694 tdb_flags = TDB_DEFAULT | TDB_SEQNUM;
1696 /* check for the 'nosync' option */
1697 if (flags & LDB_FLG_NOSYNC) {
1698 tdb_flags |= TDB_NOSYNC;
1701 /* and nommap option */
1702 if (flags & LDB_FLG_NOMMAP) {
1703 tdb_flags |= TDB_NOMMAP;
1706 ltdb = talloc_zero(ldb, struct ltdb_private);
1709 return LDB_ERR_OPERATIONS_ERROR;
1712 if (flags & LDB_FLG_RDONLY) {
1714 * This is weird, but because we can only have one tdb
1715 * in this process, and the other one could be
1716 * read-write, we can't use the tdb readonly. Plus a
1717 * read only tdb prohibits the all-record lock.
1719 open_flags = O_RDWR;
1721 ltdb->read_only = true;
1723 } else if (flags & LDB_FLG_DONT_CREATE_DB) {
1725 * This is used by ldbsearch to prevent creation of the database
1726 * if the name is wrong
1728 open_flags = O_RDWR;
1731 * This is the normal case
1733 open_flags = O_CREAT | O_RDWR;
1736 /* note that we use quite a large default hash size */
1737 ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
1738 tdb_flags, open_flags,
1739 ldb_get_create_perms(ldb), ldb);
1741 ldb_asprintf_errstring(ldb,
1742 "Unable to open tdb '%s': %s", path, strerror(errno));
1743 ldb_debug(ldb, LDB_DEBUG_ERROR,
1744 "Unable to open tdb '%s': %s", path, strerror(errno));
1746 if (errno == EACCES || errno == EPERM) {
1747 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
1749 return LDB_ERR_OPERATIONS_ERROR;
1752 if (getenv("LDB_WARN_UNINDEXED")) {
1753 ltdb->warn_unindexed = true;
1756 if (getenv("LDB_WARN_REINDEX")) {
1757 ltdb->warn_reindex = true;
1760 ltdb->sequence_number = 0;
1762 module = ldb_module_new(ldb, ldb, "ldb_tdb backend", <db_ops);
1766 return LDB_ERR_OPERATIONS_ERROR;
1768 ldb_module_set_private(module, ltdb);
1769 talloc_steal(module, ltdb);
1771 if (ltdb_cache_load(module) != 0) {
1772 ldb_asprintf_errstring(ldb,
1773 "Unable to load ltdb cache records of tdb '%s'", path);
1774 talloc_free(module);
1775 return LDB_ERR_OPERATIONS_ERROR;
1782 int ldb_tdb_init(const char *version)
1784 LDB_MODULE_CHECK_VERSION(version);
1785 return ldb_register_backend("tdb", ltdb_connect, false);