4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include "ldb_private.h"
57 prevent memory errors on callbacks
60 struct ltdb_context *ctx;
64 map a tdb error code to a ldb error code
66 int ltdb_err_map(enum TDB_ERROR tdb_code)
74 return LDB_ERR_OPERATIONS_ERROR;
76 return LDB_ERR_PROTOCOL_ERROR;
80 case TDB_ERR_LOCK_TIMEOUT:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED;
83 return LDB_ERR_ENTRY_ALREADY_EXISTS;
85 return LDB_ERR_NO_SUCH_OBJECT;
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
97 int ltdb_lock_read(struct ldb_module *module)
99 void *data = ldb_module_get_private(module);
100 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
103 if (ltdb->in_transaction == 0 &&
104 ltdb->read_lock_count == 0) {
105 ret = tdb_lockall_read(ltdb->tdb);
108 ltdb->read_lock_count++;
114 unlock the database after a ltdb_lock_read()
116 int ltdb_unlock_read(struct ldb_module *module)
118 void *data = ldb_module_get_private(module);
119 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
120 if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
121 tdb_unlockall_read(ltdb->tdb);
124 ltdb->read_lock_count--;
130 form a TDB_DATA for a record key
133 note that the key for a record can depend on whether the
134 dn refers to a case sensitive index record or not
136 TDB_DATA ltdb_key(struct ldb_module *module, struct ldb_dn *dn)
138 struct ldb_context *ldb = ldb_module_get_ctx(module);
140 char *key_str = NULL;
141 const char *dn_folded = NULL;
144 most DNs are case insensitive. The exception is index DNs for
145 case sensitive attributes
147 there are 3 cases dealt with in this code:
149 1) if the dn doesn't start with @ then uppercase the attribute
150 names and the attributes values of case insensitive attributes
151 2) if the dn starts with @ then leave it alone -
152 the indexing code handles the rest
155 dn_folded = ldb_dn_get_casefold(dn);
160 key_str = talloc_strdup(ldb, "DN=");
165 key_str = talloc_strdup_append_buffer(key_str, dn_folded);
170 key.dptr = (uint8_t *)key_str;
171 key.dsize = strlen(key_str) + 1;
183 check special dn's have valid attributes
184 currently only @ATTRIBUTES is checked
186 static int ltdb_check_special_dn(struct ldb_module *module,
187 const struct ldb_message *msg)
189 struct ldb_context *ldb = ldb_module_get_ctx(module);
192 if (! ldb_dn_is_special(msg->dn) ||
193 ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
197 /* we have @ATTRIBUTES, let's check attributes are fine */
198 /* should we check that we deny multivalued attributes ? */
199 for (i = 0; i < msg->num_elements; i++) {
200 if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) continue;
202 for (j = 0; j < msg->elements[i].num_values; j++) {
203 if (ltdb_check_at_attributes_values(&msg->elements[i].values[j]) != 0) {
204 ldb_set_errstring(ldb, "Invalid attribute value in an @ATTRIBUTES entry");
205 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
215 we've made a modification to a dn - possibly reindex and
216 update sequence number
218 static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
220 int ret = LDB_SUCCESS;
221 struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
223 /* only allow modifies inside a transaction, otherwise the
225 if (ltdb->in_transaction == 0) {
226 ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
227 return LDB_ERR_OPERATIONS_ERROR;
230 if (ldb_dn_is_special(dn) &&
231 (ldb_dn_check_special(dn, LTDB_INDEXLIST) ||
232 ldb_dn_check_special(dn, LTDB_ATTRIBUTES)) )
234 if (ltdb->warn_reindex) {
235 ldb_debug(ldb_module_get_ctx(module),
236 LDB_DEBUG_ERROR, "Reindexing %s due to modification on %s",
237 tdb_name(ltdb->tdb), ldb_dn_get_linearized(dn));
239 ret = ltdb_reindex(module);
242 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
243 if (ret == LDB_SUCCESS &&
244 !(ldb_dn_is_special(dn) &&
245 ldb_dn_check_special(dn, LTDB_BASEINFO)) ) {
246 ret = ltdb_increase_sequence_number(module);
249 /* If the modify was to @OPTIONS, reload the cache */
250 if (ret == LDB_SUCCESS &&
251 ldb_dn_is_special(dn) &&
252 (ldb_dn_check_special(dn, LTDB_OPTIONS)) ) {
253 ret = ltdb_cache_reload(module);
260 store a record into the db
262 int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
264 void *data = ldb_module_get_private(module);
265 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
266 TDB_DATA tdb_key, tdb_data;
267 struct ldb_val ldb_data;
268 int ret = LDB_SUCCESS;
270 tdb_key = ltdb_key(module, msg->dn);
271 if (tdb_key.dptr == NULL) {
272 return LDB_ERR_OTHER;
275 ret = ldb_pack_data(ldb_module_get_ctx(module),
278 talloc_free(tdb_key.dptr);
279 return LDB_ERR_OTHER;
282 tdb_data.dptr = ldb_data.data;
283 tdb_data.dsize = ldb_data.length;
285 ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
287 ret = ltdb_err_map(tdb_error(ltdb->tdb));
292 talloc_free(tdb_key.dptr);
293 talloc_free(ldb_data.data);
300 check if a attribute is a single valued, for a given element
302 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute *a,
303 struct ldb_message_element *el)
305 if (!a) return false;
307 if (el->flags & LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK) {
308 /* override from a ldb module, for example
309 used for the description field, which is
310 marked multi-valued in the schema but which
311 should not actually accept multiple
315 if (el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK) {
316 /* override from a ldb module, for example used for
317 deleted linked attribute entries */
321 if (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
327 static int ltdb_add_internal(struct ldb_module *module,
328 const struct ldb_message *msg,
329 bool check_single_value)
331 struct ldb_context *ldb = ldb_module_get_ctx(module);
332 int ret = LDB_SUCCESS;
335 for (i=0;i<msg->num_elements;i++) {
336 struct ldb_message_element *el = &msg->elements[i];
337 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
339 if (el->num_values == 0) {
340 ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
341 el->name, ldb_dn_get_linearized(msg->dn));
342 return LDB_ERR_CONSTRAINT_VIOLATION;
344 if (check_single_value &&
345 el->num_values > 1 &&
346 ldb_tdb_single_valued(a, el)) {
347 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
348 el->name, ldb_dn_get_linearized(msg->dn));
349 return LDB_ERR_CONSTRAINT_VIOLATION;
352 /* Do not check "@ATTRIBUTES" for duplicated values */
353 if (ldb_dn_is_special(msg->dn) &&
354 ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
358 /* TODO: This is O(n^2) - replace with more efficient check */
359 for (j=0; j<el->num_values; j++) {
360 if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
361 ldb_asprintf_errstring(ldb,
362 "attribute '%s': value #%u on '%s' provided more than once",
363 el->name, j, ldb_dn_get_linearized(msg->dn));
364 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
369 ret = ltdb_store(module, msg, TDB_INSERT);
370 if (ret != LDB_SUCCESS) {
371 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
372 ldb_asprintf_errstring(ldb,
373 "Entry %s already exists",
374 ldb_dn_get_linearized(msg->dn));
379 ret = ltdb_index_add_new(module, msg);
380 if (ret != LDB_SUCCESS) {
384 ret = ltdb_modified(module, msg->dn);
390 add a record to the database
392 static int ltdb_add(struct ltdb_context *ctx)
394 struct ldb_module *module = ctx->module;
395 struct ldb_request *req = ctx->req;
396 int ret = LDB_SUCCESS;
398 ret = ltdb_check_special_dn(module, req->op.add.message);
399 if (ret != LDB_SUCCESS) {
403 ldb_request_set_state(req, LDB_ASYNC_PENDING);
405 if (ltdb_cache_load(module) != 0) {
406 return LDB_ERR_OPERATIONS_ERROR;
409 ret = ltdb_add_internal(module, req->op.add.message, true);
415 delete a record from the database, not updating indexes (used for deleting
418 int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
420 void *data = ldb_module_get_private(module);
421 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
425 tdb_key = ltdb_key(module, dn);
427 return LDB_ERR_OTHER;
430 ret = tdb_delete(ltdb->tdb, tdb_key);
431 talloc_free(tdb_key.dptr);
434 ret = ltdb_err_map(tdb_error(ltdb->tdb));
440 static int ltdb_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
442 struct ldb_message *msg;
443 int ret = LDB_SUCCESS;
445 msg = ldb_msg_new(module);
447 return LDB_ERR_OPERATIONS_ERROR;
450 /* in case any attribute of the message was indexed, we need
451 to fetch the old record */
452 ret = ltdb_search_dn1(module, dn, msg);
453 if (ret != LDB_SUCCESS) {
454 /* not finding the old record is an error */
458 ret = ltdb_delete_noindex(module, dn);
459 if (ret != LDB_SUCCESS) {
463 /* remove any indexed attributes */
464 ret = ltdb_index_delete(module, msg);
465 if (ret != LDB_SUCCESS) {
469 ret = ltdb_modified(module, dn);
470 if (ret != LDB_SUCCESS) {
480 delete a record from the database
482 static int ltdb_delete(struct ltdb_context *ctx)
484 struct ldb_module *module = ctx->module;
485 struct ldb_request *req = ctx->req;
486 int ret = LDB_SUCCESS;
488 ldb_request_set_state(req, LDB_ASYNC_PENDING);
490 if (ltdb_cache_load(module) != 0) {
491 return LDB_ERR_OPERATIONS_ERROR;
494 ret = ltdb_delete_internal(module, req->op.del.dn);
500 find an element by attribute name. At the moment this does a linear search,
501 it should be re-coded to use a binary search once all places that modify
502 records guarantee sorted order
504 return the index of the first matching element if found, otherwise -1
506 static int find_element(const struct ldb_message *msg, const char *name)
509 for (i=0;i<msg->num_elements;i++) {
510 if (ldb_attr_cmp(msg->elements[i].name, name) == 0) {
519 add an element to an existing record. Assumes a elements array that we
520 can call re-alloc on, and assumed that we can re-use the data pointers from
521 the passed in additional values. Use with care!
523 returns 0 on success, -1 on failure (and sets errno)
525 static int ltdb_msg_add_element(struct ldb_context *ldb,
526 struct ldb_message *msg,
527 struct ldb_message_element *el)
529 struct ldb_message_element *e2;
532 if (el->num_values == 0) {
533 /* nothing to do here - we don't add empty elements */
537 e2 = talloc_realloc(msg, msg->elements, struct ldb_message_element,
538 msg->num_elements+1);
546 e2 = &msg->elements[msg->num_elements];
549 e2->flags = el->flags;
550 e2->values = talloc_array(msg->elements,
551 struct ldb_val, el->num_values);
556 for (i=0;i<el->num_values;i++) {
557 e2->values[i] = el->values[i];
559 e2->num_values = el->num_values;
567 delete all elements having a specified attribute name
569 static int msg_delete_attribute(struct ldb_module *module,
570 struct ldb_context *ldb,
571 struct ldb_message *msg, const char *name)
575 struct ldb_message_element *el;
577 el = ldb_msg_find_element(msg, name);
579 return LDB_ERR_NO_SUCH_ATTRIBUTE;
581 i = el - msg->elements;
583 ret = ltdb_index_del_element(module, msg->dn, el);
584 if (ret != LDB_SUCCESS) {
588 talloc_free(el->values);
589 if (msg->num_elements > (i+1)) {
590 memmove(el, el+1, sizeof(*el) * (msg->num_elements - (i+1)));
593 msg->elements = talloc_realloc(msg, msg->elements,
594 struct ldb_message_element,
600 delete all elements matching an attribute name/value
602 return LDB Error on failure
604 static int msg_delete_element(struct ldb_module *module,
605 struct ldb_message *msg,
607 const struct ldb_val *val)
609 struct ldb_context *ldb = ldb_module_get_ctx(module);
612 struct ldb_message_element *el;
613 const struct ldb_schema_attribute *a;
615 found = find_element(msg, name);
617 return LDB_ERR_NO_SUCH_ATTRIBUTE;
620 i = (unsigned int) found;
621 el = &(msg->elements[i]);
623 a = ldb_schema_attribute_by_name(ldb, el->name);
625 for (i=0;i<el->num_values;i++) {
627 if (a->syntax->operator_fn) {
628 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
629 &el->values[i], val, &matched);
630 if (ret != LDB_SUCCESS) return ret;
632 matched = (a->syntax->comparison_fn(ldb, ldb,
633 &el->values[i], val) == 0);
636 if (el->num_values == 1) {
637 return msg_delete_attribute(module, ldb, msg, name);
640 ret = ltdb_index_del_value(module, msg->dn, el, i);
641 if (ret != LDB_SUCCESS) {
645 if (i<el->num_values-1) {
646 memmove(&el->values[i], &el->values[i+1],
647 sizeof(el->values[i])*
648 (el->num_values-(i+1)));
652 /* per definition we find in a canonicalised message an
653 attribute value only once. So we are finished here */
659 return LDB_ERR_NO_SUCH_ATTRIBUTE;
664 modify a record - internal interface
666 yuck - this is O(n^2). Luckily n is usually small so we probably
667 get away with it, but if we ever have really large attribute lists
668 then we'll need to look at this again
670 'req' is optional, and is used to specify controls if supplied
672 int ltdb_modify_internal(struct ldb_module *module,
673 const struct ldb_message *msg,
674 struct ldb_request *req)
676 struct ldb_context *ldb = ldb_module_get_ctx(module);
677 void *data = ldb_module_get_private(module);
678 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
679 TDB_DATA tdb_key, tdb_data;
680 struct ldb_val ldb_data;
681 struct ldb_message *msg2;
682 unsigned int i, j, k;
683 int ret = LDB_SUCCESS, idx;
684 struct ldb_control *control_permissive = NULL;
687 control_permissive = ldb_request_get_control(req,
688 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
691 tdb_key = ltdb_key(module, msg->dn);
693 return LDB_ERR_OTHER;
696 tdb_data = tdb_fetch(ltdb->tdb, tdb_key);
697 if (!tdb_data.dptr) {
698 talloc_free(tdb_key.dptr);
699 return ltdb_err_map(tdb_error(ltdb->tdb));
702 msg2 = ldb_msg_new(tdb_key.dptr);
709 ldb_data.data = tdb_data.dptr;
710 ldb_data.length = tdb_data.dsize;
712 ret = ldb_unpack_data(ldb_module_get_ctx(module), &ldb_data, msg2);
723 for (i=0; i<msg->num_elements; i++) {
724 struct ldb_message_element *el = &msg->elements[i], *el2;
725 struct ldb_val *vals;
726 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
729 switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
730 case LDB_FLAG_MOD_ADD:
732 if (el->num_values == 0) {
733 ldb_asprintf_errstring(ldb,
734 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
735 el->name, ldb_dn_get_linearized(msg2->dn));
736 ret = LDB_ERR_CONSTRAINT_VIOLATION;
740 /* make a copy of the array so that a permissive
741 * control can remove duplicates without changing the
742 * original values, but do not copy data as we do not
743 * need to keep it around once the operation is
745 if (control_permissive) {
746 el = talloc(msg2, struct ldb_message_element);
751 *el = msg->elements[i];
752 el->values = talloc_array(el, struct ldb_val, el->num_values);
753 if (el->values == NULL) {
757 for (j = 0; j < el->num_values; j++) {
758 el->values[j] = msg->elements[i].values[j];
762 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
763 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
764 el->name, ldb_dn_get_linearized(msg2->dn));
765 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
769 /* Checks if element already exists */
770 idx = find_element(msg2, el->name);
772 if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
776 ret = ltdb_index_add_element(module, msg2->dn,
778 if (ret != LDB_SUCCESS) {
782 j = (unsigned int) idx;
783 el2 = &(msg2->elements[j]);
785 /* We cannot add another value on a existing one
786 if the attribute is single-valued */
787 if (ldb_tdb_single_valued(a, el)) {
788 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
789 el->name, ldb_dn_get_linearized(msg2->dn));
790 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
794 /* Check that values don't exist yet on multi-
795 valued attributes or aren't provided twice */
796 /* TODO: This is O(n^2) - replace with more efficient check */
797 for (j = 0; j < el->num_values; j++) {
798 if (ldb_msg_find_val(el2, &el->values[j]) != NULL) {
799 if (control_permissive) {
800 /* remove this one as if it was never added */
802 for (k = j; k < el->num_values; k++) {
803 el->values[k] = el->values[k + 1];
810 ldb_asprintf_errstring(ldb,
811 "attribute '%s': value #%u on '%s' already exists",
812 el->name, j, ldb_dn_get_linearized(msg2->dn));
813 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
816 if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
817 ldb_asprintf_errstring(ldb,
818 "attribute '%s': value #%u on '%s' provided more than once",
819 el->name, j, ldb_dn_get_linearized(msg2->dn));
820 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
825 /* Now combine existing and new values to a new
827 vals = talloc_realloc(msg2->elements,
828 el2->values, struct ldb_val,
829 el2->num_values + el->num_values);
836 for (j=0; j<el->num_values; j++) {
837 vals[el2->num_values + j] =
838 ldb_val_dup(vals, &el->values[j]);
842 el2->num_values += el->num_values;
844 ret = ltdb_index_add_element(module, msg2->dn, el);
845 if (ret != LDB_SUCCESS) {
852 case LDB_FLAG_MOD_REPLACE:
854 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
855 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
856 el->name, ldb_dn_get_linearized(msg2->dn));
857 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
861 /* TODO: This is O(n^2) - replace with more efficient check */
862 for (j=0; j<el->num_values; j++) {
863 if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
864 ldb_asprintf_errstring(ldb,
865 "attribute '%s': value #%u on '%s' provided more than once",
866 el->name, j, ldb_dn_get_linearized(msg2->dn));
867 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
872 /* Checks if element already exists */
873 idx = find_element(msg2, el->name);
875 j = (unsigned int) idx;
876 el2 = &(msg2->elements[j]);
878 /* we consider two elements to be
879 * equal only if the order
880 * matches. This allows dbcheck to
881 * fix the ordering on attributes
882 * where order matters, such as
885 if (ldb_msg_element_equal_ordered(el, el2)) {
889 /* Delete the attribute if it exists in the DB */
890 if (msg_delete_attribute(module, ldb, msg2,
897 /* Recreate it with the new values */
898 if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
903 ret = ltdb_index_add_element(module, msg2->dn, el);
904 if (ret != LDB_SUCCESS) {
910 case LDB_FLAG_MOD_DELETE:
911 dn = ldb_dn_get_linearized(msg2->dn);
917 if (msg->elements[i].num_values == 0) {
918 /* Delete the whole attribute */
919 ret = msg_delete_attribute(module, ldb, msg2,
920 msg->elements[i].name);
921 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
922 control_permissive) {
925 ldb_asprintf_errstring(ldb,
926 "attribute '%s': no such attribute for delete on '%s'",
927 msg->elements[i].name, dn);
929 if (ret != LDB_SUCCESS) {
933 /* Delete specified values from an attribute */
934 for (j=0; j < msg->elements[i].num_values; j++) {
935 ret = msg_delete_element(module,
937 msg->elements[i].name,
938 &msg->elements[i].values[j]);
939 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
940 control_permissive) {
943 ldb_asprintf_errstring(ldb,
944 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
945 msg->elements[i].name, dn);
947 if (ret != LDB_SUCCESS) {
954 ldb_asprintf_errstring(ldb,
955 "attribute '%s': invalid modify flags on '%s': 0x%x",
956 msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
957 msg->elements[i].flags & LDB_FLAG_MOD_MASK);
958 ret = LDB_ERR_PROTOCOL_ERROR;
963 ret = ltdb_store(module, msg2, TDB_MODIFY);
964 if (ret != LDB_SUCCESS) {
968 ret = ltdb_modified(module, msg2->dn);
969 if (ret != LDB_SUCCESS) {
974 talloc_free(tdb_key.dptr);
981 static int ltdb_modify(struct ltdb_context *ctx)
983 struct ldb_module *module = ctx->module;
984 struct ldb_request *req = ctx->req;
985 int ret = LDB_SUCCESS;
987 ret = ltdb_check_special_dn(module, req->op.mod.message);
988 if (ret != LDB_SUCCESS) {
992 ldb_request_set_state(req, LDB_ASYNC_PENDING);
994 if (ltdb_cache_load(module) != 0) {
995 return LDB_ERR_OPERATIONS_ERROR;
998 ret = ltdb_modify_internal(module, req->op.mod.message, req);
1006 static int ltdb_rename(struct ltdb_context *ctx)
1008 struct ldb_module *module = ctx->module;
1009 void *data = ldb_module_get_private(module);
1010 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1011 struct ldb_request *req = ctx->req;
1012 struct ldb_message *msg;
1013 int ret = LDB_SUCCESS;
1014 TDB_DATA tdb_key, tdb_key_old;
1016 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1018 if (ltdb_cache_load(ctx->module) != 0) {
1019 return LDB_ERR_OPERATIONS_ERROR;
1022 msg = ldb_msg_new(ctx);
1024 return LDB_ERR_OPERATIONS_ERROR;
1027 /* we need to fetch the old record to re-add under the new name */
1028 ret = ltdb_search_dn1(module, req->op.rename.olddn, msg);
1029 if (ret != LDB_SUCCESS) {
1030 /* not finding the old record is an error */
1034 /* We need to, before changing the DB, check if the new DN
1035 * exists, so we can return this error to the caller with an
1037 tdb_key = ltdb_key(module, req->op.rename.newdn);
1038 if (!tdb_key.dptr) {
1040 return LDB_ERR_OPERATIONS_ERROR;
1043 tdb_key_old = ltdb_key(module, req->op.rename.olddn);
1044 if (!tdb_key_old.dptr) {
1046 talloc_free(tdb_key.dptr);
1047 return LDB_ERR_OPERATIONS_ERROR;
1050 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1051 if (tdb_key_old.dsize != tdb_key.dsize || memcmp(tdb_key.dptr, tdb_key_old.dptr, tdb_key.dsize) != 0) {
1052 if (tdb_exists(ltdb->tdb, tdb_key)) {
1053 talloc_free(tdb_key_old.dptr);
1054 talloc_free(tdb_key.dptr);
1055 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1056 "Entry %s already exists",
1057 ldb_dn_get_linearized(req->op.rename.newdn));
1058 /* finding the new record already in the DB is an error */
1060 return LDB_ERR_ENTRY_ALREADY_EXISTS;
1063 talloc_free(tdb_key_old.dptr);
1064 talloc_free(tdb_key.dptr);
1066 /* Always delete first then add, to avoid conflicts with
1067 * unique indexes. We rely on the transaction to make this
1070 ret = ltdb_delete_internal(module, msg->dn);
1071 if (ret != LDB_SUCCESS) {
1076 msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
1077 if (msg->dn == NULL) {
1079 return LDB_ERR_OPERATIONS_ERROR;
1082 /* We don't check single value as we can have more than 1 with
1083 * deleted attributes. We could go through all elements but that's
1084 * maybe not the most efficient way
1086 ret = ltdb_add_internal(module, msg, false);
1093 static int ltdb_start_trans(struct ldb_module *module)
1095 void *data = ldb_module_get_private(module);
1096 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1098 if (tdb_transaction_start(ltdb->tdb) != 0) {
1099 return ltdb_err_map(tdb_error(ltdb->tdb));
1102 ltdb->in_transaction++;
1104 ltdb_index_transaction_start(module);
1109 static int ltdb_prepare_commit(struct ldb_module *module)
1111 void *data = ldb_module_get_private(module);
1112 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1114 if (ltdb->in_transaction != 1) {
1118 if (ltdb_index_transaction_commit(module) != 0) {
1119 tdb_transaction_cancel(ltdb->tdb);
1120 ltdb->in_transaction--;
1121 return ltdb_err_map(tdb_error(ltdb->tdb));
1124 if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
1125 ltdb->in_transaction--;
1126 return ltdb_err_map(tdb_error(ltdb->tdb));
1129 ltdb->prepared_commit = true;
1134 static int ltdb_end_trans(struct ldb_module *module)
1136 void *data = ldb_module_get_private(module);
1137 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1139 if (!ltdb->prepared_commit) {
1140 int ret = ltdb_prepare_commit(module);
1141 if (ret != LDB_SUCCESS) {
1146 ltdb->in_transaction--;
1147 ltdb->prepared_commit = false;
1149 if (tdb_transaction_commit(ltdb->tdb) != 0) {
1150 return ltdb_err_map(tdb_error(ltdb->tdb));
1156 static int ltdb_del_trans(struct ldb_module *module)
1158 void *data = ldb_module_get_private(module);
1159 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1161 ltdb->in_transaction--;
1163 if (ltdb_index_transaction_cancel(module) != 0) {
1164 tdb_transaction_cancel(ltdb->tdb);
1165 return ltdb_err_map(tdb_error(ltdb->tdb));
1168 tdb_transaction_cancel(ltdb->tdb);
1173 return sequenceNumber from @BASEINFO
1175 static int ltdb_sequence_number(struct ltdb_context *ctx,
1176 struct ldb_extended **ext)
1178 struct ldb_context *ldb;
1179 struct ldb_module *module = ctx->module;
1180 struct ldb_request *req = ctx->req;
1181 TALLOC_CTX *tmp_ctx = NULL;
1182 struct ldb_seqnum_request *seq;
1183 struct ldb_seqnum_result *res;
1184 struct ldb_message *msg = NULL;
1187 int ret = LDB_SUCCESS;
1189 ldb = ldb_module_get_ctx(module);
1191 seq = talloc_get_type(req->op.extended.data,
1192 struct ldb_seqnum_request);
1194 return LDB_ERR_OPERATIONS_ERROR;
1197 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1199 if (ltdb_lock_read(module) != 0) {
1200 return LDB_ERR_OPERATIONS_ERROR;
1203 res = talloc_zero(req, struct ldb_seqnum_result);
1205 ret = LDB_ERR_OPERATIONS_ERROR;
1209 tmp_ctx = talloc_new(req);
1210 if (tmp_ctx == NULL) {
1211 ret = LDB_ERR_OPERATIONS_ERROR;
1215 dn = ldb_dn_new(tmp_ctx, ldb, LTDB_BASEINFO);
1217 ret = LDB_ERR_OPERATIONS_ERROR;
1221 msg = ldb_msg_new(tmp_ctx);
1223 ret = LDB_ERR_OPERATIONS_ERROR;
1227 ret = ltdb_search_dn1(module, dn, msg);
1228 if (ret != LDB_SUCCESS) {
1232 switch (seq->type) {
1233 case LDB_SEQ_HIGHEST_SEQ:
1234 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1237 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1240 case LDB_SEQ_HIGHEST_TIMESTAMP:
1241 date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL);
1243 res->seq_num = ldb_string_to_time(date);
1246 /* zero is as good as anything when we don't know */
1251 *ext = talloc_zero(req, struct ldb_extended);
1253 ret = LDB_ERR_OPERATIONS_ERROR;
1256 (*ext)->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
1257 (*ext)->data = talloc_steal(*ext, res);
1260 talloc_free(tmp_ctx);
1261 ltdb_unlock_read(module);
1265 static void ltdb_request_done(struct ltdb_context *ctx, int error)
1267 struct ldb_context *ldb;
1268 struct ldb_request *req;
1269 struct ldb_reply *ares;
1271 ldb = ldb_module_get_ctx(ctx->module);
1274 /* if we already returned an error just return */
1275 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1279 ares = talloc_zero(req, struct ldb_reply);
1282 req->callback(req, NULL);
1285 ares->type = LDB_REPLY_DONE;
1286 ares->error = error;
1288 req->callback(req, ares);
1291 static void ltdb_timeout(struct tevent_context *ev,
1292 struct tevent_timer *te,
1296 struct ltdb_context *ctx;
1297 ctx = talloc_get_type(private_data, struct ltdb_context);
1299 if (!ctx->request_terminated) {
1300 /* request is done now */
1301 ltdb_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED);
1305 /* neutralize the spy */
1306 ctx->spy->ctx = NULL;
1312 static void ltdb_request_extended_done(struct ltdb_context *ctx,
1313 struct ldb_extended *ext,
1316 struct ldb_context *ldb;
1317 struct ldb_request *req;
1318 struct ldb_reply *ares;
1320 ldb = ldb_module_get_ctx(ctx->module);
1323 /* if we already returned an error just return */
1324 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1328 ares = talloc_zero(req, struct ldb_reply);
1331 req->callback(req, NULL);
1334 ares->type = LDB_REPLY_DONE;
1335 ares->response = ext;
1336 ares->error = error;
1338 req->callback(req, ares);
1341 static void ltdb_handle_extended(struct ltdb_context *ctx)
1343 struct ldb_extended *ext = NULL;
1346 if (strcmp(ctx->req->op.extended.oid,
1347 LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
1348 /* get sequence number */
1349 ret = ltdb_sequence_number(ctx, &ext);
1351 /* not recognized */
1352 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1355 ltdb_request_extended_done(ctx, ext, ret);
1358 static void ltdb_callback(struct tevent_context *ev,
1359 struct tevent_timer *te,
1363 struct ltdb_context *ctx;
1366 ctx = talloc_get_type(private_data, struct ltdb_context);
1368 if (ctx->request_terminated) {
1372 switch (ctx->req->operation) {
1374 ret = ltdb_search(ctx);
1377 ret = ltdb_add(ctx);
1380 ret = ltdb_modify(ctx);
1383 ret = ltdb_delete(ctx);
1386 ret = ltdb_rename(ctx);
1389 ltdb_handle_extended(ctx);
1392 /* no other op supported */
1393 ret = LDB_ERR_PROTOCOL_ERROR;
1396 if (!ctx->request_terminated) {
1397 /* request is done now */
1398 ltdb_request_done(ctx, ret);
1403 /* neutralize the spy */
1404 ctx->spy->ctx = NULL;
1410 static int ltdb_request_destructor(void *ptr)
1412 struct ltdb_req_spy *spy = talloc_get_type(ptr, struct ltdb_req_spy);
1414 if (spy->ctx != NULL) {
1415 spy->ctx->spy = NULL;
1416 spy->ctx->request_terminated = true;
1423 static int ltdb_handle_request(struct ldb_module *module,
1424 struct ldb_request *req)
1426 struct ldb_control *control_permissive;
1427 struct ldb_context *ldb;
1428 struct tevent_context *ev;
1429 struct ltdb_context *ac;
1430 struct tevent_timer *te;
1434 ldb = ldb_module_get_ctx(module);
1436 control_permissive = ldb_request_get_control(req,
1437 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1439 for (i = 0; req->controls && req->controls[i]; i++) {
1440 if (req->controls[i]->critical &&
1441 req->controls[i] != control_permissive) {
1442 ldb_asprintf_errstring(ldb, "Unsupported critical extension %s",
1443 req->controls[i]->oid);
1444 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1448 if (req->starttime == 0 || req->timeout == 0) {
1449 ldb_set_errstring(ldb, "Invalid timeout settings");
1450 return LDB_ERR_TIME_LIMIT_EXCEEDED;
1453 ev = ldb_get_event_context(ldb);
1455 ac = talloc_zero(ldb, struct ltdb_context);
1458 return LDB_ERR_OPERATIONS_ERROR;
1461 ac->module = module;
1466 te = tevent_add_timer(ev, ac, tv, ltdb_callback, ac);
1469 return LDB_ERR_OPERATIONS_ERROR;
1472 if (req->timeout > 0) {
1473 tv.tv_sec = req->starttime + req->timeout;
1475 ac->timeout_event = tevent_add_timer(ev, ac, tv,
1477 if (NULL == ac->timeout_event) {
1479 return LDB_ERR_OPERATIONS_ERROR;
1483 /* set a spy so that we do not try to use the request context
1484 * if it is freed before ltdb_callback fires */
1485 ac->spy = talloc(req, struct ltdb_req_spy);
1486 if (NULL == ac->spy) {
1488 return LDB_ERR_OPERATIONS_ERROR;
1492 talloc_set_destructor((TALLOC_CTX *)ac->spy, ltdb_request_destructor);
1497 static int ltdb_init_rootdse(struct ldb_module *module)
1499 /* ignore errors on this - we expect it for non-sam databases */
1500 ldb_mod_register_control(module, LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1502 /* there can be no module beyond the backend, just return */
1506 static const struct ldb_module_ops ltdb_ops = {
1508 .init_context = ltdb_init_rootdse,
1509 .search = ltdb_handle_request,
1510 .add = ltdb_handle_request,
1511 .modify = ltdb_handle_request,
1512 .del = ltdb_handle_request,
1513 .rename = ltdb_handle_request,
1514 .extended = ltdb_handle_request,
1515 .start_transaction = ltdb_start_trans,
1516 .end_transaction = ltdb_end_trans,
1517 .prepare_commit = ltdb_prepare_commit,
1518 .del_transaction = ltdb_del_trans,
1522 connect to the database
1524 static int ltdb_connect(struct ldb_context *ldb, const char *url,
1525 unsigned int flags, const char *options[],
1526 struct ldb_module **_module)
1528 struct ldb_module *module;
1530 int tdb_flags, open_flags;
1531 struct ltdb_private *ltdb;
1534 if (strchr(url, ':')) {
1535 if (strncmp(url, "tdb://", 6) != 0) {
1536 ldb_debug(ldb, LDB_DEBUG_ERROR,
1537 "Invalid tdb URL '%s'", url);
1538 return LDB_ERR_OPERATIONS_ERROR;
1545 tdb_flags = TDB_DEFAULT | TDB_SEQNUM;
1547 /* check for the 'nosync' option */
1548 if (flags & LDB_FLG_NOSYNC) {
1549 tdb_flags |= TDB_NOSYNC;
1552 /* and nommap option */
1553 if (flags & LDB_FLG_NOMMAP) {
1554 tdb_flags |= TDB_NOMMAP;
1557 if (flags & LDB_FLG_RDONLY) {
1558 open_flags = O_RDONLY;
1560 open_flags = O_CREAT | O_RDWR;
1563 ltdb = talloc_zero(ldb, struct ltdb_private);
1566 return LDB_ERR_OPERATIONS_ERROR;
1569 /* note that we use quite a large default hash size */
1570 ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
1571 tdb_flags, open_flags,
1572 ldb_get_create_perms(ldb), ldb);
1574 ldb_asprintf_errstring(ldb,
1575 "Unable to open tdb '%s': %s", path, strerror(errno));
1576 ldb_debug(ldb, LDB_DEBUG_ERROR,
1577 "Unable to open tdb '%s': %s", path, strerror(errno));
1579 if (errno == EACCES || errno == EPERM) {
1580 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
1582 return LDB_ERR_OPERATIONS_ERROR;
1585 if (getenv("LDB_WARN_UNINDEXED")) {
1586 ltdb->warn_unindexed = true;
1589 if (getenv("LDB_WARN_REINDEX")) {
1590 ltdb->warn_reindex = true;
1593 ltdb->sequence_number = 0;
1595 module = ldb_module_new(ldb, ldb, "ldb_tdb backend", <db_ops);
1599 return LDB_ERR_OPERATIONS_ERROR;
1601 ldb_module_set_private(module, ltdb);
1602 talloc_steal(module, ltdb);
1604 if (ltdb_cache_load(module) != 0) {
1605 ldb_asprintf_errstring(ldb,
1606 "Unable to load ltdb cache records of tdb '%s'", path);
1607 talloc_free(module);
1608 return LDB_ERR_OPERATIONS_ERROR;
1615 int ldb_tdb_init(const char *version)
1617 LDB_MODULE_CHECK_VERSION(version);
1618 return ldb_register_backend("tdb", ltdb_connect, false);