4 Copyright (C) Andrew Tridgell 2004
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb search functions
29 * Description: functions to search ldb+tdb databases
31 * Author: Andrew Tridgell
38 add one element to a message
40 static int msg_add_element(struct ldb_message *ret,
41 const struct ldb_message_element *el,
45 struct ldb_message_element *e2, *elnew;
47 if (check_duplicates && ldb_msg_find_element(ret, el->name)) {
48 /* its already there */
52 e2 = talloc_realloc(ret, ret->elements, struct ldb_message_element, ret->num_elements+1);
58 elnew = &e2[ret->num_elements];
60 elnew->name = talloc_strdup(ret->elements, el->name);
66 elnew->values = talloc_array(ret->elements, struct ldb_val, el->num_values);
74 for (i=0;i<el->num_values;i++) {
75 elnew->values[i] = ldb_val_dup(elnew->values, &el->values[i]);
76 if (elnew->values[i].length != el->values[i].length) {
81 elnew->num_values = el->num_values;
82 elnew->flags = el->flags;
90 add the special distinguishedName element
92 static int msg_add_distinguished_name(struct ldb_message *msg)
94 struct ldb_message_element el;
99 el.name = "distinguishedName";
103 val.data = (uint8_t *)ldb_dn_alloc_linearized(msg, msg->dn);
104 val.length = strlen((char *)val.data);
106 ret = msg_add_element(msg, &el, 1);
111 add all elements from one message into another
113 static int msg_add_all_elements(struct ldb_module *module, struct ldb_message *ret,
114 const struct ldb_message *msg)
116 struct ldb_context *ldb;
118 int check_duplicates = (ret->num_elements != 0);
120 ldb = ldb_module_get_ctx(module);
122 if (msg_add_distinguished_name(ret) != 0) {
126 for (i=0;i<msg->num_elements;i++) {
127 const struct ldb_schema_attribute *a;
128 a = ldb_schema_attribute_by_name(ldb, msg->elements[i].name);
129 if (a->flags & LDB_ATTR_FLAG_HIDDEN) {
132 if (msg_add_element(ret, &msg->elements[i],
133 check_duplicates) != 0) {
143 pull the specified list of attributes from a message
145 static struct ldb_message *ltdb_pull_attrs(struct ldb_module *module,
147 const struct ldb_message *msg,
148 const char * const *attrs)
150 struct ldb_message *ret;
153 ret = talloc(mem_ctx, struct ldb_message);
158 ret->dn = ldb_dn_copy(ret, msg->dn);
164 ret->num_elements = 0;
165 ret->elements = NULL;
168 if (msg_add_all_elements(module, ret, msg) != 0) {
175 for (i=0;attrs[i];i++) {
176 struct ldb_message_element *el;
178 if (strcmp(attrs[i], "*") == 0) {
179 if (msg_add_all_elements(module, ret, msg) != 0) {
186 if (ldb_attr_cmp(attrs[i], "distinguishedName") == 0) {
187 if (msg_add_distinguished_name(ret) != 0) {
193 el = ldb_msg_find_element(msg, attrs[i]);
197 if (msg_add_element(ret, el, 1) != 0) {
207 search the database for a single simple dn.
208 return LDB_ERR_NO_SUCH_OBJECT on record-not-found
209 and LDB_SUCCESS on success
211 static int ltdb_search_base(struct ldb_module *module, struct ldb_dn *dn)
213 void *data = ldb_module_get_private(module);
214 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
218 if (ldb_dn_is_null(dn)) {
219 return LDB_ERR_NO_SUCH_OBJECT;
223 tdb_key = ltdb_key(module, dn);
225 return LDB_ERR_OPERATIONS_ERROR;
228 exists = tdb_exists(ltdb->tdb, tdb_key);
229 talloc_free(tdb_key.dptr);
234 return LDB_ERR_NO_SUCH_OBJECT;
237 struct ltdb_parse_data_unpack_ctx {
238 struct ldb_message *msg;
239 struct ldb_module *module;
242 static int ltdb_parse_data_unpack(TDB_DATA key, TDB_DATA data,
245 struct ltdb_parse_data_unpack_ctx *ctx = private_data;
247 struct ldb_context *ldb = ldb_module_get_ctx(ctx->module);
248 int ret = ltdb_unpack_data(ldb, &data, ctx->msg);
250 ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index %*.*s\n",
251 (int)key.dsize, (int)key.dsize, key.dptr);
252 return LDB_ERR_OPERATIONS_ERROR;
258 search the database for a single simple dn, returning all attributes
261 return LDB_ERR_NO_SUCH_OBJECT on record-not-found
262 and LDB_SUCCESS on success
264 int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_message *msg)
266 void *data = ldb_module_get_private(module);
267 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
270 struct ltdb_parse_data_unpack_ctx ctx = {
276 tdb_key = ltdb_key(module, dn);
278 return LDB_ERR_OPERATIONS_ERROR;
281 memset(msg, 0, sizeof(*msg));
283 msg->num_elements = 0;
284 msg->elements = NULL;
286 ret = tdb_parse_record(ltdb->tdb, tdb_key,
287 ltdb_parse_data_unpack, &ctx);
288 talloc_free(tdb_key.dptr);
291 if (tdb_error(ltdb->tdb) == TDB_ERR_NOEXIST) {
292 return LDB_ERR_NO_SUCH_OBJECT;
294 return LDB_ERR_OPERATIONS_ERROR;
295 } else if (ret != LDB_SUCCESS) {
300 msg->dn = ldb_dn_copy(msg, dn);
303 return LDB_ERR_OPERATIONS_ERROR;
310 add a set of attributes from a record to a set of results
311 return 0 on success, -1 on failure
313 int ltdb_add_attr_results(struct ldb_module *module,
315 struct ldb_message *msg,
316 const char * const attrs[],
318 struct ldb_message ***res)
320 struct ldb_message *msg2;
321 struct ldb_message **res2;
323 /* pull the attributes that the user wants */
324 msg2 = ltdb_pull_attrs(module, mem_ctx, msg, attrs);
329 /* add to the results list */
330 res2 = talloc_realloc(mem_ctx, *res, struct ldb_message *, (*count)+2);
338 (*res)[*count] = talloc_move(*res, &msg2);
339 (*res)[(*count)+1] = NULL;
348 filter the specified list of attributes from a message
349 removing not requested attrs.
351 int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs)
355 struct ldb_message_element *el2;
356 uint32_t num_elements;
359 /* check for special attrs */
360 for (i = 0; attrs[i]; i++) {
361 if (strcmp(attrs[i], "*") == 0) {
366 if (ldb_attr_cmp(attrs[i], "distinguishedName") == 0) {
367 if (msg_add_distinguished_name(msg) != 0) {
377 if (msg_add_distinguished_name(msg) != 0) {
383 el2 = talloc_array(msg, struct ldb_message_element, msg->num_elements);
389 for (i = 0; i < msg->num_elements; i++) {
393 for (j = 0; attrs[j]; j++) {
394 if (ldb_attr_cmp(msg->elements[i].name, attrs[j]) == 0) {
401 el2[num_elements] = msg->elements[i];
402 talloc_steal(el2, el2[num_elements].name);
403 talloc_steal(el2, el2[num_elements].values);
408 talloc_free(msg->elements);
409 msg->elements = talloc_realloc(msg, el2, struct ldb_message_element, msg->num_elements);
410 if (msg->elements == NULL) {
413 msg->num_elements = num_elements;
419 search function for a non-indexed search
421 static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state)
423 struct ldb_context *ldb;
424 struct ltdb_context *ac;
425 struct ldb_message *msg;
429 ac = talloc_get_type(state, struct ltdb_context);
430 ldb = ldb_module_get_ctx(ac->module);
433 strncmp((char *)key.dptr, "DN=", 3) != 0) {
437 msg = ldb_msg_new(ac);
442 /* unpack the record */
443 ret = ltdb_unpack_data(ldb, &data, msg);
450 msg->dn = ldb_dn_new(msg, ldb,
451 (char *)key.dptr + 3);
452 if (msg->dn == NULL) {
458 /* see if it matches the given expression */
459 ret = ldb_match_msg_error(ldb, msg,
460 ac->tree, ac->base, ac->scope, &matched);
461 if (ret != LDB_SUCCESS) {
470 /* filter the attributes that the user wants */
471 ret = ltdb_filter_attrs(msg, ac->attrs);
478 ret = ldb_module_send_entry(ac->req, msg, NULL);
479 if (ret != LDB_SUCCESS) {
480 ac->request_terminated = true;
481 /* the callback failed, abort the operation */
490 search the database with a LDAP-like expression.
491 this is the "full search" non-indexed variant
493 static int ltdb_search_full(struct ltdb_context *ctx)
495 void *data = ldb_module_get_private(ctx->module);
496 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
499 if (ltdb->in_transaction != 0) {
500 ret = tdb_traverse(ltdb->tdb, search_func, ctx);
502 ret = tdb_traverse_read(ltdb->tdb, search_func, ctx);
506 return LDB_ERR_OPERATIONS_ERROR;
513 search the database with a LDAP-like expression.
514 choses a search method
516 int ltdb_search(struct ltdb_context *ctx)
518 struct ldb_context *ldb;
519 struct ldb_module *module = ctx->module;
520 struct ldb_request *req = ctx->req;
521 void *data = ldb_module_get_private(module);
522 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
525 ldb = ldb_module_get_ctx(module);
527 ldb_request_set_state(req, LDB_ASYNC_PENDING);
529 if (ltdb_lock_read(module) != 0) {
530 return LDB_ERR_OPERATIONS_ERROR;
533 if (ltdb_cache_load(module) != 0) {
534 ltdb_unlock_read(module);
535 return LDB_ERR_OPERATIONS_ERROR;
538 if (req->op.search.tree == NULL) {
539 ltdb_unlock_read(module);
540 return LDB_ERR_OPERATIONS_ERROR;
543 if ((req->op.search.base == NULL) || (ldb_dn_is_null(req->op.search.base) == true)) {
545 /* Check what we should do with a NULL dn */
546 switch (req->op.search.scope) {
548 ldb_asprintf_errstring(ldb,
549 "NULL Base DN invalid for a base search");
550 ret = LDB_ERR_INVALID_DN_SYNTAX;
552 case LDB_SCOPE_ONELEVEL:
553 ldb_asprintf_errstring(ldb,
554 "NULL Base DN invalid for a one-level search");
555 ret = LDB_ERR_INVALID_DN_SYNTAX;
557 case LDB_SCOPE_SUBTREE:
559 /* We accept subtree searches from a NULL base DN, ie over the whole DB */
562 } else if (ldb_dn_is_valid(req->op.search.base) == false) {
564 /* We don't want invalid base DNs here */
565 ldb_asprintf_errstring(ldb,
566 "Invalid Base DN: %s",
567 ldb_dn_get_linearized(req->op.search.base));
568 ret = LDB_ERR_INVALID_DN_SYNTAX;
570 } else if (ltdb->check_base) {
571 /* This database has been marked as 'checkBaseOnSearch', so do a spot check of the base dn */
572 ret = ltdb_search_base(module, req->op.search.base);
574 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
575 ldb_asprintf_errstring(ldb,
576 "No such Base DN: %s",
577 ldb_dn_get_linearized(req->op.search.base));
581 /* If we are not checking the base DN life is easy */
585 ctx->tree = req->op.search.tree;
586 ctx->scope = req->op.search.scope;
587 ctx->base = req->op.search.base;
588 ctx->attrs = req->op.search.attrs;
590 if (ret == LDB_SUCCESS) {
591 uint32_t match_count = 0;
593 ret = ltdb_search_indexed(ctx, &match_count);
594 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
595 /* Not in the index, therefore OK! */
599 /* Check if we got just a normal error.
600 * In that case proceed to a full search unless we got a
602 if ( ! ctx->request_terminated && ret != LDB_SUCCESS) {
603 /* Not indexed, so we need to do a full scan */
604 if (ltdb->warn_unindexed) {
605 /* useful for debugging when slow performance
606 * is caused by unindexed searches */
607 char *expression = ldb_filter_from_tree(ctx, ctx->tree);
608 ldb_debug(ldb, LDB_DEBUG_WARNING, "ldb FULL SEARCH: %s SCOPE: %s DN: %s\n",
610 req->op.search.scope==LDB_SCOPE_BASE?"base":
611 req->op.search.scope==LDB_SCOPE_ONELEVEL?"one":
612 req->op.search.scope==LDB_SCOPE_SUBTREE?"sub":"UNKNOWN",
613 ldb_dn_get_linearized(req->op.search.base));
615 talloc_free(expression);
617 if (match_count != 0) {
618 /* the indexing code gave an error
619 * after having returned at least one
620 * entry. This means the indexes are
621 * corrupt or a database record is
622 * corrupt. We cannot continue with a
623 * full search or we may return
626 ltdb_unlock_read(module);
627 return LDB_ERR_OPERATIONS_ERROR;
629 ret = ltdb_search_full(ctx);
630 if (ret != LDB_SUCCESS) {
631 ldb_set_errstring(ldb, "Indexed and full searches both failed!\n");
636 ltdb_unlock_read(module);