| blob | 2935b95c4ddce0e230d4e9a142b614043993e677 |
1 /*
2 ldb database library
4 Copyright (C) Andrew Tridgell 2004-2009
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
8 ** under the LGPL
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 */
24 /*
25 * Name: ldb
26 *
27 * Component: ldb key value backend - indexing
28 *
29 * Description: indexing routines for ldb key value backend
30 *
31 * Author: Andrew Tridgell
32 */
34 /*
36 LDB Index design and choice of key:
37 =======================================
39 LDB has index records held as LDB objects with a special record like:
41 dn: @INDEX:attr:value
43 value may be base64 encoded, if it is deemed not printable:
45 dn: @INDEX:attr::base64-value
47 In each record, there is two possible formats:
49 The original format is:
50 -----------------------
52 dn: @INDEX:NAME:DNSUPDATEPROXY
53 @IDXVERSION: 2
54 @IDX: CN=DnsUpdateProxy,CN=Users,DC=addom,DC=samba,DC=example,DC=com
56 In this format, @IDX is multi-valued, one entry for each match
58 The corrosponding entry is stored in a TDB record with key:
60 DN=CN=DNSUPDATEPROXY,CN=USERS,DC=ADDOM,DC=SAMBA,DC=EXAMPLE,DC=COM
62 (This allows a scope BASE search to directly find the record via
63 a simple casefold of the DN).
65 The original mixed-case DN is stored in the entry iself.
68 The new 'GUID index' format is:
69 -------------------------------
71 dn: @INDEX:NAME:DNSUPDATEPROXY
72 @IDXVERSION: 3
73 @IDX: <binary GUID>[<binary GUID>[...]]
75 The binary guid is 16 bytes, as bytes and not expanded as hexidecimal
76 or pretty-printed. The GUID is chosen from the message to be stored
77 by the @IDXGUID attribute on @INDEXLIST.
79 If there are multiple values the @IDX value simply becomes longer,
80 in multiples of 16.
82 The corrosponding entry is stored in a TDB record with key:
84 GUID=<binary GUID>
86 This allows a very quick translation between the fixed-length index
87 values and the TDB key, while seperating entries from other data
88 in the TDB, should they be unlucky enough to start with the bytes of
89 the 'DN=' prefix.
91 Additionally, this allows a scope BASE search to directly find the
92 record via a simple match on a GUID= extended DN, controlled via
93 @IDX_DN_GUID on @INDEXLIST
95 Exception for special @ DNs:
97 @BASEINFO, @INDEXLIST and all other special DNs are stored as per the
98 original format, as they are never referenced in an index and are used
99 to bootstrap the database.
102 Control points for choice of index mode
103 ---------------------------------------
105 The choice of index and TDB key mode is made based (for example, from
106 Samba) on entries in the @INDEXLIST DN:
108 dn: @INDEXLIST
109 @IDXGUID: objectGUID
110 @IDX_DN_GUID: GUID
112 By default, the original DN format is used.
115 Control points for choosing indexed attributes
116 ----------------------------------------------
118 @IDXATTR controls if an attribute is indexed
120 dn: @INDEXLIST
121 @IDXATTR: samAccountName
122 @IDXATTR: nETBIOSName
125 C Override functions
126 --------------------
128 void ldb_schema_set_override_GUID_index(struct ldb_context *ldb,
129 const char *GUID_index_attribute,
130 const char *GUID_index_dn_component)
132 This is used, particularly in combination with the below, instead of
133 the @IDXGUID and @IDX_DN_GUID values in @INDEXLIST.
135 void ldb_schema_set_override_indexlist(struct ldb_context *ldb,
136 bool one_level_indexes);
137 void ldb_schema_attribute_set_override_handler(struct ldb_context *ldb,
138 ldb_attribute_handler_override_fn_t override,
139 void *private_data);
141 When the above two functions are called in combination, the @INDEXLIST
142 values are not read from the DB, so
143 ldb_schema_set_override_GUID_index() must be called.
145 */
156 /*
157 * Do not optimise the intersection of this list,
158 * we must never return an entry not in this
159 * list. This allows the index for
160 * SCOPE_ONELEVEL to be trusted.
161 */
163 };
166 /*
167 * In memory tdb to cache the index updates performed during a
168 * transaction. This improves the performance of operations like
169 * re-index and join
170 */
173 };
176 KEY_NOT_TRUNCATED,
177 KEY_TRUNCATED,
178 };
192 /* we put a @IDXVERSION attribute on index entries. This
193 allows us to tell if it was written by an older version
194 */
195 #define LDB_KV_INDEXING_VERSION 2
197 #define LDB_KV_GUID_INDEXING_VERSION 3
200 {
203 }
205 }
207 /* enable the idxptr mode when transactions start */
211 {
217 }
220 NULL,
221 cache_size,
222 TDB_INTERNAL,
223 O_RDWR,
227 }
230 }
232 /*
233 see if two ldb_val structures contain exactly the same data
234 return -1 or 1 for a mismatch, 0 for match
235 */
238 {
241 }
244 }
246 }
248 /*
249 see if two ldb_val structures contain exactly the same data
250 return -1 or 1 for a mismatch, 0 for match
251 */
254 {
257 }
260 }
262 }
265 /*
266 find a entry in a dn_list, using a ldb_val. Uses a case sensitive
267 binary-safe comparison for the 'dn' returns -1 if not found
269 This is therefore safe when the value is a GUID in the future
270 */
274 {
282 }
283 }
285 }
292 }
293 /* Not required, but keeps the compiler quiet */
296 }
300 }
302 /*
303 find a entry in a dn_list. Uses a case sensitive comparison with the dn
304 returns -1 if not found
305 */
309 {
321 }
323 }
325 }
327 /*
328 this is effectively a cast function, but with lots of paranoia
329 checks and also copes with CPUs that are fussy about pointer
330 alignment
331 */
333 TDB_DATA rec)
334 {
340 }
341 /* note that we can't just use a cast here, as rec.dptr may
342 not be aligned sufficiently for a pointer. A cast would cause
343 platforms like some ARM CPUs to crash */
351 }
353 }
358 };
360 /*
361 return the @IDX list in an index entry for a dn as a
362 struct dn_list
363 */
369 {
382 /*
383 * See if we have an in memory index cache
384 */
387 }
392 /*
393 * Have we cached this index record?
394 * If we have a nested transaction cache try that first.
395 * then try the transaction cache.
396 * if the record is not cached it will need to be read from disk.
397 */
400 }
404 }
407 }
409 /* we've found an in-memory index entry */
414 }
417 /*
418 * If this is a read only transaction the indexes will not be
419 * changed so we don't need a copy in the event of a rollback
420 *
421 * In this case make an early return
422 */
426 }
428 /*
429 * record was read from the sub transaction cache, so we have
430 * already copied the primary cache record
431 */
435 }
437 /*
438 * No index sub transaction active, so no need to cache a copy
439 */
443 }
445 /*
446 * There is an active index sub transaction, and the record was
447 * found in the primary index transaction cache. A copy of the
448 * record needs be taken to prevent the original entry being
449 * altered, until the index sub transaction is committed.
450 */
452 {
457 list,
462 }
466 dns,
472 }
473 }
476 }
479 /*
480 * Index record not found in the caches, read it from the
481 * database.
482 */
483 normal_index:
487 }
490 dn,
491 msg,
492 LDB_UNPACK_DATA_FLAG_NO_DN |
493 /*
494 * The entry point ldb_kv_search_indexed is
495 * only called from the read-locked
496 * ldb_kv_search.
497 */
498 LDB_UNPACK_DATA_FLAG_READ_LOCKED);
502 }
508 }
512 /*
513 * we avoid copying the strings by stealing the list. We have
514 * to steal msg onto el->values (which looks odd) because
515 * the memory is allocated on msg, not on each value.
516 */
518 /* check indexing version number */
521 LDB_DEBUG_ERROR,
522 "Wrong DN index version %d "
528 }
536 /* This is quite likely during the DB startup
537 on first upgrade to using a GUID index */
539 LDB_DEBUG_ERROR,
540 "Wrong GUID index version %d "
546 }
551 }
556 }
563 }
565 /*
566 * The actual data is on msg.
567 */
573 }
574 }
576 /* We don't need msg->elements any more */
579 }
586 {
595 }
601 }
606 }
611 __location__
612 ": Failed to read DN index "
613 "against %s for %s: too many "
616 dn_str,
620 }
623 /*
624 * DN key has been truncated, need to inspect the actual
625 * records to locate the actual DN
626 */
634 };
640 }
648 }
650 ret =
654 }
656 /*
657 * the record has disappeared?
658 * yes, this can happen
659 */
662 }
665 /* an internal error */
669 }
671 /*
672 * We found the actual DN that we wanted from in the
673 * multiple values that matched the index
674 * (due to truncation), so return that.
675 *
676 */
681 }
682 }
684 /*
685 * We matched the index but the actual DN we wanted
686 * was not here.
687 */
691 }
692 }
694 /* The ldb_key memory is allocated by the caller */
700 }
703 }
707 /*
708 save a dn_list into a full @IDX style record
709 */
714 {
721 }
729 }
732 }
736 LDB_KV_INDEXING_VERSION);
740 }
743 LDB_KV_GUID_INDEXING_VERSION);
747 }
748 }
757 }
770 }
774 LDB_KV_GUID_SIZE);
778 }
784 LDB_KV_GUID_SIZE) {
787 }
790 LDB_KV_GUID_SIZE);
791 }
794 }
795 }
800 }
802 /*
803 save a dn_list into the database, in either @IDX or internal format
804 */
808 {
821 }
824 /*
825 * If there is an index sub transaction active, update the
826 * sub transaction index cache. Otherwise update the
827 * primary index cache
828 */
833 }
834 /*
835 * Get the cache entry for the index
836 *
837 * As the value in the cache is a pointer to a dn_list we update
838 * the dn_list directly.
839 *
840 */
847 }
849 /* Now put the updated pointer back in the cache */
856 }
858 }
863 }
871 /*
872 * This is not a store into the main DB, but into an in-memory
873 * TDB, so we don't need a guard on ltdb->read_only
874 *
875 * Also as we directly update the in memory dn_list for existing
876 * cache entries we must be adding a new entry to the cache.
877 */
881 }
883 }
885 /*
886 traverse function for storing the in-memory index entries on disk
887 */
889 TDB_DATA key,
890 TDB_DATA data,
892 {
905 }
912 ldb_asprintf_errstring(ldb, "Failed to parse index key %*.*s as an LDB DN", (int)v.length, (int)v.length, (const char *)v.data);
915 }
922 }
924 }
926 /* cleanup the idxptr mode when transaction commits */
928 {
941 }
947 }
948 ldb_asprintf_errstring(ldb, "Failed to store index records in transaction commit: %s", ldb_errstring(ldb));
949 }
954 }
956 /* cleanup the idxptr mode when transaction cancels */
958 {
963 }
967 }
970 }
973 /*
974 return the dn key to be used for an index
975 the caller is responsible for freeing
976 */
983 {
1004 /*
1005 * Accept a NULL value as a request for a key with no value. This is
1006 * different from passing an empty value, which might be given
1007 * significance by some canonicalise functions.
1008 */
1014 }
1021 }
1026 }
1033 }
1038 ldb_attr_handler_t fn;
1044 }
1048 /* canonicalisation can be refused. For
1049 example, a attribute that takes wildcards
1050 will refuse to canonicalise if the value
1051 contains a wildcard */
1053 "Failed to create "
1054 "index key for "
1061 }
1062 }
1063 }
1066 /*
1067 * Check if there is any hope this will fit into the DB.
1068 * Overflow here is not actually critical the code below
1069 * checks again to make the printf and the DB does another
1070 * check for too long keys
1071 */
1074 ldb,
1075 __location__ ": max_key_length "
1077 max_key_length,
1081 }
1083 /*
1084 * ltdb_key_dn() makes something 4 bytes longer, it adds a leading
1085 * "DN=" and a trailing string terminator
1086 */
1089 /*
1090 * We do not base 64 encode a DN in a key, it has already been
1091 * casefold and lineraized, that is good enough. That already
1092 * avoids embedded NUL etc.
1093 */
1098 /*
1099 * We can only change the behaviour for IDXONE
1100 * when the GUID index is enabled
1101 */
1104 should_b64_encode
1106 }
1109 }
1117 }
1119 /*
1120 * Overflow here is not critical as we only use this
1121 * to choose the printf truncation
1122 */
1128 /*
1129 * Truncated keys are placed in a separate key space
1130 * from the non truncated keys
1131 * Note: the double hash "##" is not a typo and
1132 * indicates that the following value is base64 encoded
1133 */
1140 /*
1141 * Note: the double colon "::" is not a typo and
1142 * indicates that the following value is base64 encoded
1143 */
1147 }
1150 /* Only need two seperators */
1153 /*
1154 * Overflow here is not critical as we only use this
1155 * to choose the printf truncation
1156 */
1162 /*
1163 * Truncated keys are placed in a separate key space
1164 * from the non truncated keys
1165 */
1175 }
1176 }
1180 }
1184 }
1186 /*
1187 see if a attribute value is in the list of indexed attributes
1188 */
1192 {
1199 /* Implicity covered, this is the index key */
1201 }
1208 }
1214 }
1215 }
1219 }
1224 }
1226 /* TODO: this is too expensive! At least use a binary search */
1230 }
1231 }
1233 }
1235 /*
1236 in the following logic functions, the return value is treated as
1237 follows:
1239 LDB_SUCCESS: we found some matching index values
1241 LDB_ERR_NO_SUCH_OBJECT: we know for sure that no object matches
1243 LDB_ERR_OPERATIONS_ERROR: indexing could not answer the call,
1244 we'll need a full search
1245 */
1247 /*
1248 return a list of dn's that might match a simple indexed search (an
1249 equality search only)
1250 */
1255 {
1266 /* if the attribute isn't in the list of indexed attributes then
1267 this node needs a full search */
1270 }
1272 /* the attribute is indexed. Pull the list of DNs that match the
1273 search criterion */
1275 ldb_kv,
1278 NULL,
1280 /*
1281 * We ignore truncation here and allow multi-valued matches
1282 * as ltdb_search_indexed will filter out the wrong one in
1283 * ltdb_index_filter() which calls ldb_match_message().
1284 */
1287 }
1290 DN_LIST_WILL_BE_READ_ONLY);
1293 }
1300 /*
1301 return a list of dn's that might match a leaf indexed search
1302 */
1307 {
1310 /* in AD mode we do not support "(dn=...)" search filters */
1314 }
1316 /* Do not allow a indexed search against an @ */
1320 }
1329 /* If we can't parse it, no match */
1333 }
1337 /* If we can't parse it, no match */
1341 }
1343 /*
1344 * Re-use the same code we use for a SCOPE_BASE
1345 * search
1346 *
1347 * We can't call TALLOC_FREE(dn) as this must belong
1348 * to list for the memory to remain valid.
1349 */
1352 /*
1353 * We ignore truncation here and allow multi-valued matches
1354 * as ltdb_search_indexed will filter out the wrong one in
1355 * ltdb_index_filter() which calls ldb_match_message().
1356 */
1367 }
1368 /*
1369 * We need to go via the canonicalise_fn() to
1370 * ensure we get the index in binary, rather
1371 * than a string
1372 */
1377 }
1380 }
1383 }
1386 /*
1387 list intersection
1388 list = list & list2
1389 */
1393 {
1399 /* 0 & X == 0 */
1401 }
1403 /* X & 0 == 0 */
1407 }
1409 /*
1410 * In both of the below we check for strict and in that
1411 * case do not optimise the intersection of this list,
1412 * we must never return an entry not in this
1413 * list. This allows the index for
1414 * SCOPE_ONELEVEL to be trusted.
1415 */
1417 /* the indexing code is allowed to return a longer list than
1418 what really matches, as all results are filtered by the
1419 full expression at the end - this shortcut avoids a lot of
1420 work in some cases */
1423 }
1427 /* note that list2 may not be the parent of list2->dn,
1428 as list2->dn may be owned by ltdb->idxptr. In that
1429 case we expect this reparent call to fail, which is
1430 OK */
1433 }
1441 }
1446 }
1453 }
1457 /* For the GUID index case, this is a binary search */
1462 }
1463 }
1471 }
1474 /*
1475 list union
1476 list = list | list2
1477 */
1482 {
1487 /* X | 0 == X */
1489 }
1492 /* 0 | X == X */
1495 /* note that list2 may not be the parent of list2->dn,
1496 as list2->dn may be owned by ltdb->idxptr. In that
1497 case we expect this reparent call to fail, which is
1498 OK */
1501 }
1503 /*
1504 * Sort the lists (if not in GUID DN mode) so we can do
1505 * the de-duplication during the merge
1506 *
1507 * NOTE: This can sort the in-memory index values, as list or
1508 * list2 might not be a copy!
1509 */
1517 }
1528 }
1531 /* Take list */
1533 i++;
1534 k++;
1536 /* Take list2 */
1538 j++;
1539 k++;
1541 /* Equal, take list */
1543 i++;
1544 j++;
1545 k++;
1546 }
1547 }
1553 }
1560 /*
1561 process an OR list (a union)
1562 */
1567 {
1583 }
1589 /* X || 0 == X */
1592 }
1595 /* X || * == * */
1598 }
1603 }
1604 }
1608 }
1611 }
1614 /*
1615 NOT an index results
1616 */
1621 {
1622 /* the only way to do an indexed not would be if we could
1623 negate the not via another not or if we knew the total
1624 number of database elements so we could know that the
1625 existing expression covered the whole database.
1627 instead, we just give up, and rely on a full index scan
1628 (unless an outer & manages to reduce the list)
1629 */
1631 }
1633 /*
1634 * These things are unique, so avoid a full scan if this is a search
1635 * by GUID, DN or a unique attribute
1636 */
1640 {
1646 }
1647 }
1650 }
1655 }
1657 }
1659 /*
1660 process an AND expression (intersection)
1661 */
1666 {
1676 /* in the first pass we only look for unique simple
1677 equality tests, in the hope of avoiding having to look
1678 at any others */
1687 }
1691 /* 0 && X == 0 */
1693 }
1695 /* a unique index match means we can
1696 * stop. Note that we don't care if we return
1697 * a few too many objects, due to later
1698 * filtering */
1700 }
1701 }
1703 /* now do a full intersection */
1714 }
1719 /* X && 0 == 0 */
1724 }
1727 /* this didn't adding anything */
1730 }
1740 }
1745 }
1748 /* it isn't worth loading the next part of the tree */
1750 }
1751 }
1754 /* none of the attributes were indexed */
1756 }
1759 }
1765 };
1771 {
1788 LDB_UNPACK_DATA_FLAG_NO_DN);
1793 }
1799 }
1803 /*
1804 * we avoid copying the strings by stealing the list. We have
1805 * to steal msg onto el->values (which looks odd) because
1806 * the memory is allocated on msg, not on each value.
1807 */
1809 /* This is quite likely during the DB startup
1810 on first upgrade to using a GUID index */
1812 LDB_DEBUG_ERROR, __location__
1818 }
1824 }
1831 }
1841 }
1850 }
1858 new_array_length);
1859 }
1865 }
1867 /*
1868 * The actual data is on msg.
1869 */
1876 }
1883 }
1885 /*
1886 * >= and <= indexing implemented using lexicographically sorted keys
1887 *
1888 * We only run this in GUID indexing mode and when there is no write
1889 * transaction (only implicit read locks are being held). Otherwise, we would
1890 * have to deal with the in-memory index cache.
1891 *
1892 * We rely on the implementation of index_format_fn on a schema syntax which
1893 * will can help us to construct keys which can be ordered correctly, and we
1894 * terminate using schema agnostic start and end keys.
1895 *
1896 * index_format_fn must output values which can be memcmp-able to produce the
1897 * correct ordering as defined by the schema syntax class.
1898 */
1903 {
1919 }
1923 }
1925 /* bail out if we're in a transaction, full search instead. */
1928 }
1932 /* in AD mode we do not support "(dn=...)" search filters */
1936 }
1938 /* Do not allow a indexed search against an @ */
1942 }
1946 /*
1947 * If there's no index format function defined for this attr, then
1948 * the lexicographic order in the database doesn't correspond to the
1949 * attr's ordering, so we can't use the iterate_range op.
1950 */
1953 }
1958 }
1968 __location__
1973 }
1979 }
1988 __location__
1993 }
2000 }
2002 /*
2003 * In order to avoid defining a start and end key for the search, we
2004 * notice that each index key is of the form:
2005 *
2006 * DN=@INDEX:<ATTRIBUTE>:<VALUE>\0.
2007 *
2008 * We can simply make our start key DN=@INDEX:<ATTRIBUTE>: and our end
2009 * key DN=@INDEX:<ATTRIBUTE>; to return all index entries for a
2010 * particular attribute.
2011 *
2012 * Our LMDB backend uses the default memcmp for key comparison.
2013 */
2015 /* Eliminate NUL byte at the end of the empty key */
2019 /* : becomes ; for pseudo end-key */
2026 }
2040 }
2043 ldb_val_equal_exact_for_qsort);
2048 }
2054 {
2056 ldb_kv,
2057 tree,
2059 }
2065 {
2067 ldb_kv,
2068 tree,
2070 }
2072 /*
2073 return a list of matching objects using a one-level index
2074 */
2081 {
2089 /* work out the index key from the parent DN */
2094 __location__
2095 ": Failed to get casefold DN "
2097 dn_str);
2099 }
2105 }
2108 DN_LIST_WILL_BE_READ_ONLY);
2112 }
2116 }
2119 }
2121 /*
2122 return a list of matching objects using a one-level index
2123 */
2129 {
2133 /*
2134 * Ensure we do not shortcut on intersection for this
2135 * list. We must never be lazy and return an entry
2136 * not in this list. This allows the index for
2137 * SCOPE_ONELEVEL to be trusted.
2138 */
2141 }
2143 }
2145 /*
2146 return a list of matching objects using the DN index
2147 */
2153 {
2159 }
2165 }
2170 }
2175 }
2181 }
2187 }
2191 }
2193 /*
2194 return a list of dn's that might match a indexed search or
2195 an error. return LDB_ERR_NO_SUCH_OBJECT for no matches, or LDB_SUCCESS for matches
2196 */
2201 {
2233 /* we can't index with fancy bitops yet */
2236 }
2239 }
2241 /*
2242 filter a candidate dn_list from an indexed search into a set of results
2243 extracting just the given attributes
2244 */
2250 {
2259 /*
2260 * We have to allocate the key list (rather than just walk the
2261 * caller supplied list) as the callback could change the list
2262 * (by modifying an indexed attribute hosted in the in-memory
2263 * index cache!)
2264 */
2268 }
2271 /*
2272 * We speculate that the keys will be GUID based and so
2273 * pre-fill in enough space for a GUID (avoiding a pile of
2274 * small allocations)
2275 */
2287 }
2291 }
2296 }
2297 }
2307 }
2310 /*
2311 * If we are in GUID index mode, then the dn_list is
2312 * sorted. If we got a duplicate, forget about it, as
2313 * otherwise we would send the same entry back more
2314 * than once.
2315 *
2316 * This is needed in the truncated DN case, or if a
2317 * duplicate was forced in via
2318 * LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
2319 */
2325 }
2330 }
2331 num_keys++;
2332 }
2335 /*
2336 * Now that the list is a safe copy, send the callbacks
2337 */
2345 }
2347 ret =
2349 ldb_kv,
2351 msg,
2352 LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC |
2353 /*
2354 * The entry point ldb_kv_search_indexed is
2355 * only called from the read-locked
2356 * ldb_kv_search.
2357 */
2358 LDB_UNPACK_DATA_FLAG_READ_LOCKED);
2360 /*
2361 * the record has disappeared? yes, this can
2362 * happen if the entry is deleted by something
2363 * operating in the callback (not another
2364 * process, as we have a read lock)
2365 */
2368 }
2371 /* an internal error */
2375 }
2377 /*
2378 * We trust the index for LDB_SCOPE_ONELEVEL
2379 * unless the index key has been truncated.
2380 *
2381 * LDB_SCOPE_BASE is not passed in by our only caller.
2382 */
2392 }
2398 }
2402 }
2409 }
2413 /* filter the attributes that the user wants */
2422 }
2426 /* Regardless of success or failure, the msg
2427 * is the callbacks responsiblity, and should
2428 * not be talloc_free()'ed */
2432 }
2435 }
2439 }
2441 /*
2442 sort a DN list
2443 */
2446 {
2449 }
2451 /* We know the list is sorted when using the GUID index */
2454 }
2457 ldb_val_equal_exact_for_qsort);
2458 }
2460 /*
2461 search the database with a LDAP-like expression using indexes
2462 returns -1 if an indexed search is not possible, in which
2463 case the caller should call ltdb_search_full()
2464 */
2466 {
2475 /* see if indexing is enabled */
2478 /* fallback to a full search */
2480 }
2485 }
2487 /*
2488 * For the purposes of selecting the switch arm below, if we
2489 * don't have a one-level index then treat it like a subtree
2490 * search
2491 */
2497 }
2501 /*
2502 * The only caller will have filtered the operation out
2503 * so we should never get here
2504 */
2509 /*
2510 * First, load all the one-level child objects (regardless of
2511 * whether they match the search filter or not). The database
2512 * maintains a one-level index, so retrieving this is quick.
2513 */
2515 ldb_kv,
2517 dn_list,
2522 }
2524 /*
2525 * If we have too many children, running ldb_kv_index_filter()
2526 * over all the child objects can be quite expensive. So next
2527 * we do a separate indexed query using the search filter.
2528 *
2529 * This should be quick, but it may return objects that are not
2530 * the direct one-level child objects we're interested in.
2531 *
2532 * We only do this in the GUID index mode, which is
2533 * O(n*log(m)) otherwise the intersection below will
2534 * be too costly at O(n*m).
2535 *
2536 * We don't set a heuristic for 'too many' but instead
2537 * do it always and rely on the index lookup being
2538 * fast enough in the small case.
2539 */
2546 }
2552 }
2554 /*
2555 * Try to do an indexed database search
2556 */
2559 indexed_search_result);
2561 /*
2562 * We can stop if we're sure the object doesn't exist
2563 */
2568 }
2570 /*
2571 * Once we have a successful search result, we
2572 * intersect it with the one-level children (dn_list).
2573 * This should give us exactly the result we're after
2574 * (we still need to run ldb_kv_index_filter() to
2575 * handle potential index truncation cases).
2576 *
2577 * The indexed search may fail because we don't support
2578 * indexing on that type of search operation, e.g.
2579 * matching against '*'. In which case we fall through
2580 * and run ldb_kv_index_filter() over all the one-level
2581 * children (which is still better than bailing out here
2582 * and falling back to a full DB scan).
2583 */
2586 dn_list,
2587 indexed_search_result)) {
2591 }
2592 }
2593 }
2601 }
2602 /*
2603 * Here we load the index for the tree. We have no
2604 * index for the subtree.
2605 */
2610 }
2612 }
2614 /*
2615 * It is critical that this function do the re-filter even
2616 * on things found by the index as the index can over-match
2617 * in cases of truncation (as well as when it decides it is
2618 * not worth further filtering)
2619 *
2620 * If this changes, then the index code above would need to
2621 * pass up a flag to say if any index was truncated during
2622 * processing as the truncation here refers only to the
2623 * SCOPE_ONELEVEL index.
2624 */
2629 }
2631 /**
2632 * @brief Add a DN in the index list of a given attribute name/value pair
2633 *
2634 * This function will add the DN in the index list for the index for
2635 * the given attribute name and value.
2636 *
2637 * @param[in] module A ldb_module structure
2638 *
2639 * @param[in] dn The string representation of the DN as it
2640 * will be stored in the index entry
2641 *
2642 * @param[in] el A ldb_message_element array, one of the entry
2643 * referred by the v_idx is the attribute name and
2644 * value pair which will be used to construct the
2645 * index name
2646 *
2647 * @param[in] v_idx The index of element in the el array to use
2648 *
2649 * @return An ldb error code
2650 */
2656 {
2671 }
2678 }
2679 /*
2680 * Samba only maintains unique indexes on the objectSID and objectGUID
2681 * so if a unique index key exceeds the maximum length there is a
2682 * problem.
2683 */
2689 ldb,
2690 __location__ ": unique index key on %s in %s, "
2697 }
2701 DN_LIST_MUTABLE);
2705 }
2707 /*
2708 * Check for duplicates in the @IDXDN DN -> GUID record
2709 *
2710 * This is very normal, it just means a duplicate DN creation
2711 * was attempted, so don't set the error string or print scary
2712 * messages.
2713 */
2724 /*
2725 * At least one existing entry in the DN->GUID index, which
2726 * arises when the DN indexes have been truncated
2727 *
2728 * So need to pull the DN's to check if it's really a duplicate
2729 */
2736 };
2741 }
2749 }
2751 ret =
2755 }
2757 /*
2758 * the record has disappeared?
2759 * yes, this can happen
2760 */
2763 }
2766 /* an internal error */
2770 }
2771 /*
2772 * The DN we are trying to add to the DB and index
2773 * is already here, so we must deny the addition
2774 */
2779 }
2780 }
2781 }
2783 /*
2784 * Check for duplicates in unique indexes
2785 *
2786 * We don't need to do a loop test like the @IDXDN case
2787 * above as we have a ban on long unique index values
2788 * at the start of this function.
2789 */
2794 /*
2795 * We do not want to print info about a possibly
2796 * confidential DN that the conflict was with in the
2797 * user-visible error string
2798 */
2802 __location__
2803 ": unique index violation on %s in %s, "
2811 /* This can't fail, gives a default at worst */
2820 LDB_DEBUG_WARNING,
2821 __location__
2822 ": unique index violation on %s in "
2831 }
2832 }
2834 __location__ ": unique index violation "
2840 }
2842 /* overallocate the list a bit, to reduce the number of
2843 * realloc trigered copies */
2849 }
2858 }
2868 }
2873 }
2879 /*
2880 * Give a warning rather than fail, this could be a
2881 * duplicate value in the record allowed by a caller
2882 * forcing in the value with
2883 * LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
2884 */
2886 /* This can't fail, gives a default at worst */
2895 LDB_DEBUG_WARNING,
2896 __location__
2897 ": duplicate attribute value in %s "
2898 "for index on %s, "
2907 }
2908 }
2915 }
2920 }
2921 }
2929 }
2931 /*
2932 add index entries for one elements in a message
2933 */
2938 {
2944 }
2945 }
2948 }
2950 /*
2951 add index entries for all elements in a message
2952 */
2956 {
2964 }
2969 }
2974 }
2977 /* no indexed fields */
2979 }
2984 }
2993 }
2994 }
2997 }
3000 /*
3001 insert a DN index for a message
3002 */
3009 {
3018 __location__ ": Failed to modify %s "
3019 "against %s in %s: failed "
3021 index,
3023 dn_str);
3025 }
3036 }
3042 __location__ ": Failed to modify %s "
3044 index,
3046 dn_str,
3049 }
3051 }
3053 /*
3054 insert a one level index for a message
3055 */
3059 {
3065 /* We index for ONE Level only if requested */
3068 }
3073 }
3074 ret =
3080 }
3082 /*
3083 insert a one level index for a message
3084 */
3088 {
3093 /* We index for DN only if using a GUID index */
3096 }
3106 }
3108 }
3110 /*
3111 add the index entries for a new element in a record
3112 The caller guarantees that these element values are not yet indexed
3113 */
3118 {
3121 }
3124 }
3126 }
3128 /*
3129 add the index entries for a new record
3130 */
3134 {
3139 }
3143 /*
3144 * Because we can't trust the caller to be doing
3145 * transactions properly, clean up any index for this
3146 * entry rather than relying on a transaction
3147 * cleanup
3148 */
3152 }
3156 /*
3157 * Because we can't trust the caller to be doing
3158 * transactions properly, clean up any index for this
3159 * entry rather than relying on a transaction
3160 * cleanup
3161 */
3164 }
3166 }
3169 /*
3170 delete an index entry for one message element
3171 */
3177 {
3192 }
3196 }
3200 /*
3201 * We ignore key truncation in ltdb_index_add1() so
3202 * match that by ignoring it here as well
3203 *
3204 * Multiple values are legitimate and accepted
3205 */
3208 }
3214 }
3217 DN_LIST_MUTABLE);
3219 /* it wasn't indexed. Did we have an earlier error? If we did then
3220 its gone now */
3223 }
3228 }
3230 /*
3231 * Find one of the values matching this message to remove
3232 */
3235 /* nothing to delete */
3238 }
3243 }
3250 }
3257 }
3259 /*
3260 delete the index entries for a element
3261 return -1 on failure
3262 */
3267 {
3273 /* no indexed fields */
3275 }
3280 }
3284 }
3288 }
3293 }
3294 }
3297 }
3299 /*
3300 delete the index entries for a record
3301 return -1 on failure
3302 */
3305 {
3313 }
3318 }
3323 }
3326 /* no indexed fields */
3328 }
3335 }
3336 }
3339 }
3342 /*
3343 traversal function that deletes all @INDEX records in the in-memory
3344 TDB.
3346 This does not touch the actual DB, that is done at transaction
3347 commit, which in turn greatly reduces DB churn as we will likely
3348 be able to do a direct update into the old record.
3349 */
3354 {
3364 }
3365 /* we need to put a empty list in the internal tdb for this
3366 * index entry */
3370 /* the offset of 3 is to remove the DN= prefix. */
3376 /*
3377 * This does not actually touch the DB quite yet, just
3378 * the in-memory index cache
3379 */
3387 }
3390 }
3392 /*
3393 traversal function that adds @INDEX records during a re index TODO wrong comment
3394 */
3399 {
3414 }
3419 }
3428 }
3432 "Refusing to re-index as GUID "
3438 }
3440 /* check if the DN key has changed, perhaps due to the case
3441 insensitivity of an element changing, or a change from DN
3442 to GUID keys */
3445 /* probably a corrupt record ... darn */
3450 }
3455 }
3465 }
3468 }
3470 /*
3471 traversal function that adds @INDEX records during a re index
3472 */
3477 {
3491 }
3496 }
3505 }
3509 "Refusing to re-index as GUID "
3515 }
3524 }
3532 }
3541 }
3544 }
3546 /*
3547 * Convert the 4-byte pack format version to a number that's slightly
3548 * more intelligible to a user e.g. version 0, 1, 2, etc.
3549 */
3553 }
3556 }
3562 {
3575 }
3584 }
3593 }
3595 /*
3596 * Warn the user that we're repacking the first time we see a normal
3597 * record. This means we never warn if we're repacking a database with
3598 * only @ records. This is because during database initialisation,
3599 * we might repack as initial settings are written out, and we don't
3600 * want to spam the log.
3601 */
3604 "Repacking database from v%u to v%u format "
3610 }
3617 }
3621 }
3624 {
3638 /* Iterate all database records and repack them in the new format */
3644 }
3650 }
3653 }
3655 /*
3656 force a complete reindex of the database
3657 */
3659 {
3666 /*
3667 * Only triggered after a modification, but make clear we do
3668 * not re-index a read-only DB
3669 */
3672 }
3676 }
3678 /*
3679 * Ensure we read (and so remove) the entries from the real
3680 * DB, no values stored so far are any use as we want to do a
3681 * re-index
3682 */
3686 }
3688 /*
3689 * Calculate the size of the index cache needed for
3690 * the re-index. If specified always use the
3691 * ldb_kv->index_transaction_cache_size otherwise use the maximum
3692 * of the size estimate or the DEFAULT_INDEX_CACHE_SIZE
3693 */
3700 }
3701 }
3703 /*
3704 * Note that we don't start an index sub transaction for re-indexing
3705 */
3709 }
3711 /* first traverse the database deleting any @INDEX records by
3712 * putting NULL entries in the in-memory tdb
3713 */
3720 }
3731 }
3737 }
3742 /* now traverse adding any indexes for normal LDB records */
3749 }
3755 }
3759 LDB_DEBUG_WARNING,
3760 "Reindexing: re_index successful on %s, "
3763 }
3765 }
3767 /*
3768 * Copy the contents of the nested transaction index cache record to the
3769 * transaction index cache.
3770 *
3771 * During this 'commit' of the subtransaction to the main transaction
3772 * (cache), care must be taken to free any existing index at the top
3773 * level because otherwise we would leak memory.
3774 */
3777 TDB_DATA key,
3778 TDB_DATA data,
3780 {
3789 /*
3790 * This unwraps the pointer in the DB into a pointer in
3791 * memory, we are abusing TDB as a hash map, not a linearised
3792 * database store
3793 */
3798 }
3800 /*
3801 * Do we already have an entry in the primary transaction cache
3802 * If so free it's dn_list and replace it with the dn_list from
3803 * the secondary cache
3804 *
3805 * The TDB and so the fetched rec contains NO DATA, just a
3806 * pointer to data held in memory.
3807 */
3814 }
3815 /*
3816 * We had this key at the top level. However we made a copy
3817 * at the sub-transaction level so that we could possibly
3818 * roll back. We have to free the top level index memory
3819 * otherwise we would leak
3820 */
3823 }
3824 index_in_top_level->dn
3829 }
3835 }
3836 index_in_top_level->dn
3845 /*
3846 * This is not a store into the main DB, but into an in-memory
3847 * TDB, so we don't need a guard on ltdb->read_only
3848 */
3854 }
3856 }
3858 /*
3859 * Initialise the index cache for a sub transaction.
3860 */
3862 {
3866 }
3868 /*
3869 * We use a tiny hash size for the sub-database (11).
3870 *
3871 * The sub-transaction is only for one record at a time, we
3872 * would use a linked list but that would make the code even
3873 * more complex when manipulating the index, as it would have
3874 * to know if we were in a nested transaction (normal
3875 * operations) or the top one (a reindex).
3876 */
3881 }
3883 }
3885 /*
3886 * Clear the contents of the nested transaction index cache when the nested
3887 * transaction is cancelled.
3888 */
3890 {
3894 }
3896 }
3898 /*
3899 * Commit a nested transaction,
3900 * Copy the contents of the nested transaction index cache to the
3901 * transaction index cache.
3902 */
3904 {
3909 }
3912 }
3915 ldb_kv_sub_transaction_traverse,
3925 }
3927 ldb,
3928 __location__": Failed to update index records in "
3931 }
3934 }