4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include "ldb_private.h"
57 prevent memory errors on callbacks
60 struct ltdb_context
*ctx
;
64 map a tdb error code to a ldb error code
66 int ltdb_err_map(enum TDB_ERROR tdb_code
)
74 return LDB_ERR_OPERATIONS_ERROR
;
76 return LDB_ERR_PROTOCOL_ERROR
;
80 case TDB_ERR_LOCK_TIMEOUT
:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED
;
83 return LDB_ERR_ENTRY_ALREADY_EXISTS
;
85 return LDB_ERR_NO_SUCH_OBJECT
;
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS
;
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
97 int ltdb_lock_read(struct ldb_module
*module
)
99 void *data
= ldb_module_get_private(module
);
100 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
103 if (ltdb
->in_transaction
== 0 &&
104 ltdb
->read_lock_count
== 0) {
105 ret
= tdb_lockall_read(ltdb
->tdb
);
108 ltdb
->read_lock_count
++;
114 unlock the database after a ltdb_lock_read()
116 int ltdb_unlock_read(struct ldb_module
*module
)
118 void *data
= ldb_module_get_private(module
);
119 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
120 if (ltdb
->in_transaction
== 0 && ltdb
->read_lock_count
== 1) {
121 tdb_unlockall_read(ltdb
->tdb
);
124 ltdb
->read_lock_count
--;
130 form a TDB_DATA for a record key
133 note that the key for a record can depend on whether the
134 dn refers to a case sensitive index record or not
136 TDB_DATA
ltdb_key(struct ldb_module
*module
, struct ldb_dn
*dn
)
138 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
140 char *key_str
= NULL
;
141 const char *dn_folded
= NULL
;
144 most DNs are case insensitive. The exception is index DNs for
145 case sensitive attributes
147 there are 3 cases dealt with in this code:
149 1) if the dn doesn't start with @ then uppercase the attribute
150 names and the attributes values of case insensitive attributes
151 2) if the dn starts with @ then leave it alone -
152 the indexing code handles the rest
155 dn_folded
= ldb_dn_get_casefold(dn
);
160 key_str
= talloc_strdup(ldb
, "DN=");
165 key_str
= talloc_strdup_append_buffer(key_str
, dn_folded
);
170 key
.dptr
= (uint8_t *)key_str
;
171 key
.dsize
= strlen(key_str
) + 1;
183 check special dn's have valid attributes
184 currently only @ATTRIBUTES is checked
186 static int ltdb_check_special_dn(struct ldb_module
*module
,
187 const struct ldb_message
*msg
)
189 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
192 if (! ldb_dn_is_special(msg
->dn
) ||
193 ! ldb_dn_check_special(msg
->dn
, LTDB_ATTRIBUTES
)) {
197 /* we have @ATTRIBUTES, let's check attributes are fine */
198 /* should we check that we deny multivalued attributes ? */
199 for (i
= 0; i
< msg
->num_elements
; i
++) {
200 if (ldb_attr_cmp(msg
->elements
[i
].name
, "distinguishedName") == 0) continue;
202 for (j
= 0; j
< msg
->elements
[i
].num_values
; j
++) {
203 if (ltdb_check_at_attributes_values(&msg
->elements
[i
].values
[j
]) != 0) {
204 ldb_set_errstring(ldb
, "Invalid attribute value in an @ATTRIBUTES entry");
205 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX
;
215 we've made a modification to a dn - possibly reindex and
216 update sequence number
218 static int ltdb_modified(struct ldb_module
*module
, struct ldb_dn
*dn
)
220 int ret
= LDB_SUCCESS
;
221 struct ltdb_private
*ltdb
= talloc_get_type(ldb_module_get_private(module
), struct ltdb_private
);
223 /* only allow modifies inside a transaction, otherwise the
225 if (ltdb
->in_transaction
== 0) {
226 ldb_set_errstring(ldb_module_get_ctx(module
), "ltdb modify without transaction");
227 return LDB_ERR_OPERATIONS_ERROR
;
230 if (ldb_dn_is_special(dn
) &&
231 (ldb_dn_check_special(dn
, LTDB_INDEXLIST
) ||
232 ldb_dn_check_special(dn
, LTDB_ATTRIBUTES
)) )
234 if (ltdb
->warn_reindex
) {
235 ldb_debug(ldb_module_get_ctx(module
),
236 LDB_DEBUG_ERROR
, "Reindexing %s due to modification on %s",
237 tdb_name(ltdb
->tdb
), ldb_dn_get_linearized(dn
));
239 ret
= ltdb_reindex(module
);
242 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
243 if (ret
== LDB_SUCCESS
&&
244 !(ldb_dn_is_special(dn
) &&
245 ldb_dn_check_special(dn
, LTDB_BASEINFO
)) ) {
246 ret
= ltdb_increase_sequence_number(module
);
249 /* If the modify was to @OPTIONS, reload the cache */
250 if (ret
== LDB_SUCCESS
&&
251 ldb_dn_is_special(dn
) &&
252 (ldb_dn_check_special(dn
, LTDB_OPTIONS
)) ) {
253 ret
= ltdb_cache_reload(module
);
260 store a record into the db
262 int ltdb_store(struct ldb_module
*module
, const struct ldb_message
*msg
, int flgs
)
264 void *data
= ldb_module_get_private(module
);
265 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
266 TDB_DATA tdb_key
, tdb_data
;
267 struct ldb_val ldb_data
;
268 int ret
= LDB_SUCCESS
;
270 tdb_key
= ltdb_key(module
, msg
->dn
);
271 if (tdb_key
.dptr
== NULL
) {
272 return LDB_ERR_OTHER
;
275 ret
= ldb_pack_data(ldb_module_get_ctx(module
),
278 talloc_free(tdb_key
.dptr
);
279 return LDB_ERR_OTHER
;
282 tdb_data
.dptr
= ldb_data
.data
;
283 tdb_data
.dsize
= ldb_data
.length
;
285 ret
= tdb_store(ltdb
->tdb
, tdb_key
, tdb_data
, flgs
);
287 ret
= ltdb_err_map(tdb_error(ltdb
->tdb
));
292 talloc_free(tdb_key
.dptr
);
293 talloc_free(ldb_data
.data
);
300 check if a attribute is a single valued, for a given element
302 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute
*a
,
303 struct ldb_message_element
*el
)
305 if (!a
) return false;
307 if (el
->flags
& LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK
) {
308 /* override from a ldb module, for example
309 used for the description field, which is
310 marked multi-valued in the schema but which
311 should not actually accept multiple
315 if (el
->flags
& LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
) {
316 /* override from a ldb module, for example used for
317 deleted linked attribute entries */
321 if (a
->flags
& LDB_ATTR_FLAG_SINGLE_VALUE
) {
327 static int ltdb_add_internal(struct ldb_module
*module
,
328 const struct ldb_message
*msg
,
329 bool check_single_value
)
331 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
332 int ret
= LDB_SUCCESS
;
335 for (i
=0;i
<msg
->num_elements
;i
++) {
336 struct ldb_message_element
*el
= &msg
->elements
[i
];
337 const struct ldb_schema_attribute
*a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
339 if (el
->num_values
== 0) {
340 ldb_asprintf_errstring(ldb
, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
341 el
->name
, ldb_dn_get_linearized(msg
->dn
));
342 return LDB_ERR_CONSTRAINT_VIOLATION
;
344 if (check_single_value
&&
345 el
->num_values
> 1 &&
346 ldb_tdb_single_valued(a
, el
)) {
347 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
348 el
->name
, ldb_dn_get_linearized(msg
->dn
));
349 return LDB_ERR_CONSTRAINT_VIOLATION
;
352 /* Do not check "@ATTRIBUTES" for duplicated values */
353 if (ldb_dn_is_special(msg
->dn
) &&
354 ldb_dn_check_special(msg
->dn
, LTDB_ATTRIBUTES
)) {
358 /* TODO: This is O(n^2) - replace with more efficient check */
359 for (j
=0; j
<el
->num_values
; j
++) {
360 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
361 ldb_asprintf_errstring(ldb
,
362 "attribute '%s': value #%u on '%s' provided more than once",
363 el
->name
, j
, ldb_dn_get_linearized(msg
->dn
));
364 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
369 ret
= ltdb_store(module
, msg
, TDB_INSERT
);
370 if (ret
!= LDB_SUCCESS
) {
371 if (ret
== LDB_ERR_ENTRY_ALREADY_EXISTS
) {
372 ldb_asprintf_errstring(ldb
,
373 "Entry %s already exists",
374 ldb_dn_get_linearized(msg
->dn
));
379 ret
= ltdb_index_add_new(module
, msg
);
380 if (ret
!= LDB_SUCCESS
) {
384 ret
= ltdb_modified(module
, msg
->dn
);
390 add a record to the database
392 static int ltdb_add(struct ltdb_context
*ctx
)
394 struct ldb_module
*module
= ctx
->module
;
395 struct ldb_request
*req
= ctx
->req
;
396 int ret
= LDB_SUCCESS
;
398 ret
= ltdb_check_special_dn(module
, req
->op
.add
.message
);
399 if (ret
!= LDB_SUCCESS
) {
403 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
405 if (ltdb_cache_load(module
) != 0) {
406 return LDB_ERR_OPERATIONS_ERROR
;
409 ret
= ltdb_add_internal(module
, req
->op
.add
.message
, true);
415 delete a record from the database, not updating indexes (used for deleting
418 int ltdb_delete_noindex(struct ldb_module
*module
, struct ldb_dn
*dn
)
420 void *data
= ldb_module_get_private(module
);
421 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
425 tdb_key
= ltdb_key(module
, dn
);
427 return LDB_ERR_OTHER
;
430 ret
= tdb_delete(ltdb
->tdb
, tdb_key
);
431 talloc_free(tdb_key
.dptr
);
434 ret
= ltdb_err_map(tdb_error(ltdb
->tdb
));
440 static int ltdb_delete_internal(struct ldb_module
*module
, struct ldb_dn
*dn
)
442 struct ldb_message
*msg
;
443 int ret
= LDB_SUCCESS
;
445 msg
= ldb_msg_new(module
);
447 return LDB_ERR_OPERATIONS_ERROR
;
450 /* in case any attribute of the message was indexed, we need
451 to fetch the old record */
452 ret
= ltdb_search_dn1(module
, dn
, msg
, LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC
);
453 if (ret
!= LDB_SUCCESS
) {
454 /* not finding the old record is an error */
458 ret
= ltdb_delete_noindex(module
, dn
);
459 if (ret
!= LDB_SUCCESS
) {
463 /* remove any indexed attributes */
464 ret
= ltdb_index_delete(module
, msg
);
465 if (ret
!= LDB_SUCCESS
) {
469 ret
= ltdb_modified(module
, dn
);
470 if (ret
!= LDB_SUCCESS
) {
480 delete a record from the database
482 static int ltdb_delete(struct ltdb_context
*ctx
)
484 struct ldb_module
*module
= ctx
->module
;
485 struct ldb_request
*req
= ctx
->req
;
486 int ret
= LDB_SUCCESS
;
488 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
490 if (ltdb_cache_load(module
) != 0) {
491 return LDB_ERR_OPERATIONS_ERROR
;
494 ret
= ltdb_delete_internal(module
, req
->op
.del
.dn
);
500 find an element by attribute name. At the moment this does a linear search,
501 it should be re-coded to use a binary search once all places that modify
502 records guarantee sorted order
504 return the index of the first matching element if found, otherwise -1
506 static int find_element(const struct ldb_message
*msg
, const char *name
)
509 for (i
=0;i
<msg
->num_elements
;i
++) {
510 if (ldb_attr_cmp(msg
->elements
[i
].name
, name
) == 0) {
519 add an element to an existing record. Assumes a elements array that we
520 can call re-alloc on, and assumed that we can re-use the data pointers from
521 the passed in additional values. Use with care!
523 returns 0 on success, -1 on failure (and sets errno)
525 static int ltdb_msg_add_element(struct ldb_context
*ldb
,
526 struct ldb_message
*msg
,
527 struct ldb_message_element
*el
)
529 struct ldb_message_element
*e2
;
532 if (el
->num_values
== 0) {
533 /* nothing to do here - we don't add empty elements */
537 e2
= talloc_realloc(msg
, msg
->elements
, struct ldb_message_element
,
538 msg
->num_elements
+1);
546 e2
= &msg
->elements
[msg
->num_elements
];
549 e2
->flags
= el
->flags
;
550 e2
->values
= talloc_array(msg
->elements
,
551 struct ldb_val
, el
->num_values
);
556 for (i
=0;i
<el
->num_values
;i
++) {
557 e2
->values
[i
] = el
->values
[i
];
559 e2
->num_values
= el
->num_values
;
567 delete all elements having a specified attribute name
569 static int msg_delete_attribute(struct ldb_module
*module
,
570 struct ldb_context
*ldb
,
571 struct ldb_message
*msg
, const char *name
)
575 struct ldb_message_element
*el
;
577 el
= ldb_msg_find_element(msg
, name
);
579 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
581 i
= el
- msg
->elements
;
583 ret
= ltdb_index_del_element(module
, msg
->dn
, el
);
584 if (ret
!= LDB_SUCCESS
) {
588 talloc_free(el
->values
);
589 if (msg
->num_elements
> (i
+1)) {
590 memmove(el
, el
+1, sizeof(*el
) * (msg
->num_elements
- (i
+1)));
593 msg
->elements
= talloc_realloc(msg
, msg
->elements
,
594 struct ldb_message_element
,
600 delete all elements matching an attribute name/value
602 return LDB Error on failure
604 static int msg_delete_element(struct ldb_module
*module
,
605 struct ldb_message
*msg
,
607 const struct ldb_val
*val
)
609 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
612 struct ldb_message_element
*el
;
613 const struct ldb_schema_attribute
*a
;
615 found
= find_element(msg
, name
);
617 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
620 i
= (unsigned int) found
;
621 el
= &(msg
->elements
[i
]);
623 a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
625 for (i
=0;i
<el
->num_values
;i
++) {
627 if (a
->syntax
->operator_fn
) {
628 ret
= a
->syntax
->operator_fn(ldb
, LDB_OP_EQUALITY
, a
,
629 &el
->values
[i
], val
, &matched
);
630 if (ret
!= LDB_SUCCESS
) return ret
;
632 matched
= (a
->syntax
->comparison_fn(ldb
, ldb
,
633 &el
->values
[i
], val
) == 0);
636 if (el
->num_values
== 1) {
637 return msg_delete_attribute(module
, ldb
, msg
, name
);
640 ret
= ltdb_index_del_value(module
, msg
->dn
, el
, i
);
641 if (ret
!= LDB_SUCCESS
) {
645 if (i
<el
->num_values
-1) {
646 memmove(&el
->values
[i
], &el
->values
[i
+1],
647 sizeof(el
->values
[i
])*
648 (el
->num_values
-(i
+1)));
652 /* per definition we find in a canonicalised message an
653 attribute value only once. So we are finished here */
659 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
664 modify a record - internal interface
666 yuck - this is O(n^2). Luckily n is usually small so we probably
667 get away with it, but if we ever have really large attribute lists
668 then we'll need to look at this again
670 'req' is optional, and is used to specify controls if supplied
672 int ltdb_modify_internal(struct ldb_module
*module
,
673 const struct ldb_message
*msg
,
674 struct ldb_request
*req
)
676 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
677 void *data
= ldb_module_get_private(module
);
678 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
679 TDB_DATA tdb_key
, tdb_data
;
680 struct ldb_val ldb_data
;
681 struct ldb_message
*msg2
;
682 unsigned int i
, j
, k
;
683 int ret
= LDB_SUCCESS
, idx
;
684 struct ldb_control
*control_permissive
= NULL
;
687 control_permissive
= ldb_request_get_control(req
,
688 LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
691 tdb_key
= ltdb_key(module
, msg
->dn
);
693 return LDB_ERR_OTHER
;
696 tdb_data
= tdb_fetch(ltdb
->tdb
, tdb_key
);
697 if (!tdb_data
.dptr
) {
698 talloc_free(tdb_key
.dptr
);
699 return ltdb_err_map(tdb_error(ltdb
->tdb
));
702 msg2
= ldb_msg_new(tdb_key
.dptr
);
709 ldb_data
.data
= tdb_data
.dptr
;
710 ldb_data
.length
= tdb_data
.dsize
;
712 ret
= ldb_unpack_data(ldb_module_get_ctx(module
), &ldb_data
, msg2
);
723 for (i
=0; i
<msg
->num_elements
; i
++) {
724 struct ldb_message_element
*el
= &msg
->elements
[i
], *el2
;
725 struct ldb_val
*vals
;
726 const struct ldb_schema_attribute
*a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
729 switch (msg
->elements
[i
].flags
& LDB_FLAG_MOD_MASK
) {
730 case LDB_FLAG_MOD_ADD
:
732 if (el
->num_values
== 0) {
733 ldb_asprintf_errstring(ldb
,
734 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
735 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
736 ret
= LDB_ERR_CONSTRAINT_VIOLATION
;
740 /* make a copy of the array so that a permissive
741 * control can remove duplicates without changing the
742 * original values, but do not copy data as we do not
743 * need to keep it around once the operation is
745 if (control_permissive
) {
746 el
= talloc(msg2
, struct ldb_message_element
);
751 *el
= msg
->elements
[i
];
752 el
->values
= talloc_array(el
, struct ldb_val
, el
->num_values
);
753 if (el
->values
== NULL
) {
757 for (j
= 0; j
< el
->num_values
; j
++) {
758 el
->values
[j
] = msg
->elements
[i
].values
[j
];
762 if (el
->num_values
> 1 && ldb_tdb_single_valued(a
, el
)) {
763 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
764 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
765 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
769 /* Checks if element already exists */
770 idx
= find_element(msg2
, el
->name
);
772 if (ltdb_msg_add_element(ldb
, msg2
, el
) != 0) {
776 ret
= ltdb_index_add_element(module
, msg2
->dn
,
778 if (ret
!= LDB_SUCCESS
) {
782 j
= (unsigned int) idx
;
783 el2
= &(msg2
->elements
[j
]);
785 /* We cannot add another value on a existing one
786 if the attribute is single-valued */
787 if (ldb_tdb_single_valued(a
, el
)) {
788 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
789 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
790 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
794 /* Check that values don't exist yet on multi-
795 valued attributes or aren't provided twice */
796 /* TODO: This is O(n^2) - replace with more efficient check */
797 for (j
= 0; j
< el
->num_values
; j
++) {
798 if (ldb_msg_find_val(el2
, &el
->values
[j
]) != NULL
) {
799 if (control_permissive
) {
800 /* remove this one as if it was never added */
802 for (k
= j
; k
< el
->num_values
; k
++) {
803 el
->values
[k
] = el
->values
[k
+ 1];
810 ldb_asprintf_errstring(ldb
,
811 "attribute '%s': value #%u on '%s' already exists",
812 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
813 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
816 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
817 ldb_asprintf_errstring(ldb
,
818 "attribute '%s': value #%u on '%s' provided more than once",
819 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
820 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
825 /* Now combine existing and new values to a new
827 vals
= talloc_realloc(msg2
->elements
,
828 el2
->values
, struct ldb_val
,
829 el2
->num_values
+ el
->num_values
);
836 for (j
=0; j
<el
->num_values
; j
++) {
837 vals
[el2
->num_values
+ j
] =
838 ldb_val_dup(vals
, &el
->values
[j
]);
842 el2
->num_values
+= el
->num_values
;
844 ret
= ltdb_index_add_element(module
, msg2
->dn
, el
);
845 if (ret
!= LDB_SUCCESS
) {
852 case LDB_FLAG_MOD_REPLACE
:
854 if (el
->num_values
> 1 && ldb_tdb_single_valued(a
, el
)) {
855 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
856 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
857 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
862 * We don't need to check this if we have been
863 * pre-screened by the repl_meta_data module
864 * in Samba, or someone else who can claim to
865 * know what they are doing.
867 if (!(el
->flags
& LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
)) {
868 /* TODO: This is O(n^2) - replace with more efficient check */
869 for (j
=0; j
<el
->num_values
; j
++) {
870 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
871 ldb_asprintf_errstring(ldb
,
872 "attribute '%s': value #%u on '%s' provided more than once",
873 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
874 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
880 /* Checks if element already exists */
881 idx
= find_element(msg2
, el
->name
);
883 j
= (unsigned int) idx
;
884 el2
= &(msg2
->elements
[j
]);
886 /* we consider two elements to be
887 * equal only if the order
888 * matches. This allows dbcheck to
889 * fix the ordering on attributes
890 * where order matters, such as
893 if (ldb_msg_element_equal_ordered(el
, el2
)) {
897 /* Delete the attribute if it exists in the DB */
898 if (msg_delete_attribute(module
, ldb
, msg2
,
905 /* Recreate it with the new values */
906 if (ltdb_msg_add_element(ldb
, msg2
, el
) != 0) {
911 ret
= ltdb_index_add_element(module
, msg2
->dn
, el
);
912 if (ret
!= LDB_SUCCESS
) {
918 case LDB_FLAG_MOD_DELETE
:
919 dn
= ldb_dn_get_linearized(msg2
->dn
);
925 if (msg
->elements
[i
].num_values
== 0) {
926 /* Delete the whole attribute */
927 ret
= msg_delete_attribute(module
, ldb
, msg2
,
928 msg
->elements
[i
].name
);
929 if (ret
== LDB_ERR_NO_SUCH_ATTRIBUTE
&&
930 control_permissive
) {
933 ldb_asprintf_errstring(ldb
,
934 "attribute '%s': no such attribute for delete on '%s'",
935 msg
->elements
[i
].name
, dn
);
937 if (ret
!= LDB_SUCCESS
) {
941 /* Delete specified values from an attribute */
942 for (j
=0; j
< msg
->elements
[i
].num_values
; j
++) {
943 ret
= msg_delete_element(module
,
945 msg
->elements
[i
].name
,
946 &msg
->elements
[i
].values
[j
]);
947 if (ret
== LDB_ERR_NO_SUCH_ATTRIBUTE
&&
948 control_permissive
) {
950 } else if (ret
== LDB_ERR_NO_SUCH_ATTRIBUTE
) {
951 ldb_asprintf_errstring(ldb
,
952 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
953 msg
->elements
[i
].name
, dn
);
955 if (ret
!= LDB_SUCCESS
) {
962 ldb_asprintf_errstring(ldb
,
963 "attribute '%s': invalid modify flags on '%s': 0x%x",
964 msg
->elements
[i
].name
, ldb_dn_get_linearized(msg
->dn
),
965 msg
->elements
[i
].flags
& LDB_FLAG_MOD_MASK
);
966 ret
= LDB_ERR_PROTOCOL_ERROR
;
971 ret
= ltdb_store(module
, msg2
, TDB_MODIFY
);
972 if (ret
!= LDB_SUCCESS
) {
976 ret
= ltdb_modified(module
, msg2
->dn
);
977 if (ret
!= LDB_SUCCESS
) {
982 talloc_free(tdb_key
.dptr
);
989 static int ltdb_modify(struct ltdb_context
*ctx
)
991 struct ldb_module
*module
= ctx
->module
;
992 struct ldb_request
*req
= ctx
->req
;
993 int ret
= LDB_SUCCESS
;
995 ret
= ltdb_check_special_dn(module
, req
->op
.mod
.message
);
996 if (ret
!= LDB_SUCCESS
) {
1000 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
1002 if (ltdb_cache_load(module
) != 0) {
1003 return LDB_ERR_OPERATIONS_ERROR
;
1006 ret
= ltdb_modify_internal(module
, req
->op
.mod
.message
, req
);
1014 static int ltdb_rename(struct ltdb_context
*ctx
)
1016 struct ldb_module
*module
= ctx
->module
;
1017 void *data
= ldb_module_get_private(module
);
1018 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1019 struct ldb_request
*req
= ctx
->req
;
1020 struct ldb_message
*msg
;
1021 int ret
= LDB_SUCCESS
;
1022 TDB_DATA tdb_key
, tdb_key_old
;
1024 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
1026 if (ltdb_cache_load(ctx
->module
) != 0) {
1027 return LDB_ERR_OPERATIONS_ERROR
;
1030 msg
= ldb_msg_new(ctx
);
1032 return LDB_ERR_OPERATIONS_ERROR
;
1035 /* we need to fetch the old record to re-add under the new name */
1036 ret
= ltdb_search_dn1(module
, req
->op
.rename
.olddn
, msg
,
1037 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC
);
1038 if (ret
!= LDB_SUCCESS
) {
1039 /* not finding the old record is an error */
1043 /* We need to, before changing the DB, check if the new DN
1044 * exists, so we can return this error to the caller with an
1046 tdb_key
= ltdb_key(module
, req
->op
.rename
.newdn
);
1047 if (!tdb_key
.dptr
) {
1049 return LDB_ERR_OPERATIONS_ERROR
;
1052 tdb_key_old
= ltdb_key(module
, req
->op
.rename
.olddn
);
1053 if (!tdb_key_old
.dptr
) {
1055 talloc_free(tdb_key
.dptr
);
1056 return LDB_ERR_OPERATIONS_ERROR
;
1059 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1060 if (tdb_key_old
.dsize
!= tdb_key
.dsize
|| memcmp(tdb_key
.dptr
, tdb_key_old
.dptr
, tdb_key
.dsize
) != 0) {
1061 if (tdb_exists(ltdb
->tdb
, tdb_key
)) {
1062 talloc_free(tdb_key_old
.dptr
);
1063 talloc_free(tdb_key
.dptr
);
1064 ldb_asprintf_errstring(ldb_module_get_ctx(module
),
1065 "Entry %s already exists",
1066 ldb_dn_get_linearized(req
->op
.rename
.newdn
));
1067 /* finding the new record already in the DB is an error */
1069 return LDB_ERR_ENTRY_ALREADY_EXISTS
;
1072 talloc_free(tdb_key_old
.dptr
);
1073 talloc_free(tdb_key
.dptr
);
1075 /* Always delete first then add, to avoid conflicts with
1076 * unique indexes. We rely on the transaction to make this
1079 ret
= ltdb_delete_internal(module
, msg
->dn
);
1080 if (ret
!= LDB_SUCCESS
) {
1085 msg
->dn
= ldb_dn_copy(msg
, req
->op
.rename
.newdn
);
1086 if (msg
->dn
== NULL
) {
1088 return LDB_ERR_OPERATIONS_ERROR
;
1091 /* We don't check single value as we can have more than 1 with
1092 * deleted attributes. We could go through all elements but that's
1093 * maybe not the most efficient way
1095 ret
= ltdb_add_internal(module
, msg
, false);
1102 static int ltdb_start_trans(struct ldb_module
*module
)
1104 void *data
= ldb_module_get_private(module
);
1105 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1107 if (tdb_transaction_start(ltdb
->tdb
) != 0) {
1108 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1111 ltdb
->in_transaction
++;
1113 ltdb_index_transaction_start(module
);
1118 static int ltdb_prepare_commit(struct ldb_module
*module
)
1120 void *data
= ldb_module_get_private(module
);
1121 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1123 if (ltdb
->in_transaction
!= 1) {
1127 if (ltdb_index_transaction_commit(module
) != 0) {
1128 tdb_transaction_cancel(ltdb
->tdb
);
1129 ltdb
->in_transaction
--;
1130 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1133 if (tdb_transaction_prepare_commit(ltdb
->tdb
) != 0) {
1134 ltdb
->in_transaction
--;
1135 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1138 ltdb
->prepared_commit
= true;
1143 static int ltdb_end_trans(struct ldb_module
*module
)
1145 void *data
= ldb_module_get_private(module
);
1146 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1148 if (!ltdb
->prepared_commit
) {
1149 int ret
= ltdb_prepare_commit(module
);
1150 if (ret
!= LDB_SUCCESS
) {
1155 ltdb
->in_transaction
--;
1156 ltdb
->prepared_commit
= false;
1158 if (tdb_transaction_commit(ltdb
->tdb
) != 0) {
1159 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1165 static int ltdb_del_trans(struct ldb_module
*module
)
1167 void *data
= ldb_module_get_private(module
);
1168 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1170 ltdb
->in_transaction
--;
1172 if (ltdb_index_transaction_cancel(module
) != 0) {
1173 tdb_transaction_cancel(ltdb
->tdb
);
1174 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1177 tdb_transaction_cancel(ltdb
->tdb
);
1182 return sequenceNumber from @BASEINFO
1184 static int ltdb_sequence_number(struct ltdb_context
*ctx
,
1185 struct ldb_extended
**ext
)
1187 struct ldb_context
*ldb
;
1188 struct ldb_module
*module
= ctx
->module
;
1189 struct ldb_request
*req
= ctx
->req
;
1190 TALLOC_CTX
*tmp_ctx
= NULL
;
1191 struct ldb_seqnum_request
*seq
;
1192 struct ldb_seqnum_result
*res
;
1193 struct ldb_message
*msg
= NULL
;
1196 int ret
= LDB_SUCCESS
;
1198 ldb
= ldb_module_get_ctx(module
);
1200 seq
= talloc_get_type(req
->op
.extended
.data
,
1201 struct ldb_seqnum_request
);
1203 return LDB_ERR_OPERATIONS_ERROR
;
1206 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
1208 if (ltdb_lock_read(module
) != 0) {
1209 return LDB_ERR_OPERATIONS_ERROR
;
1212 res
= talloc_zero(req
, struct ldb_seqnum_result
);
1214 ret
= LDB_ERR_OPERATIONS_ERROR
;
1218 tmp_ctx
= talloc_new(req
);
1219 if (tmp_ctx
== NULL
) {
1220 ret
= LDB_ERR_OPERATIONS_ERROR
;
1224 dn
= ldb_dn_new(tmp_ctx
, ldb
, LTDB_BASEINFO
);
1226 ret
= LDB_ERR_OPERATIONS_ERROR
;
1230 msg
= ldb_msg_new(tmp_ctx
);
1232 ret
= LDB_ERR_OPERATIONS_ERROR
;
1236 ret
= ltdb_search_dn1(module
, dn
, msg
, 0);
1237 if (ret
!= LDB_SUCCESS
) {
1241 switch (seq
->type
) {
1242 case LDB_SEQ_HIGHEST_SEQ
:
1243 res
->seq_num
= ldb_msg_find_attr_as_uint64(msg
, LTDB_SEQUENCE_NUMBER
, 0);
1246 res
->seq_num
= ldb_msg_find_attr_as_uint64(msg
, LTDB_SEQUENCE_NUMBER
, 0);
1249 case LDB_SEQ_HIGHEST_TIMESTAMP
:
1250 date
= ldb_msg_find_attr_as_string(msg
, LTDB_MOD_TIMESTAMP
, NULL
);
1252 res
->seq_num
= ldb_string_to_time(date
);
1255 /* zero is as good as anything when we don't know */
1260 *ext
= talloc_zero(req
, struct ldb_extended
);
1262 ret
= LDB_ERR_OPERATIONS_ERROR
;
1265 (*ext
)->oid
= LDB_EXTENDED_SEQUENCE_NUMBER
;
1266 (*ext
)->data
= talloc_steal(*ext
, res
);
1269 talloc_free(tmp_ctx
);
1270 ltdb_unlock_read(module
);
1274 static void ltdb_request_done(struct ltdb_context
*ctx
, int error
)
1276 struct ldb_context
*ldb
;
1277 struct ldb_request
*req
;
1278 struct ldb_reply
*ares
;
1280 ldb
= ldb_module_get_ctx(ctx
->module
);
1283 /* if we already returned an error just return */
1284 if (ldb_request_get_status(req
) != LDB_SUCCESS
) {
1288 ares
= talloc_zero(req
, struct ldb_reply
);
1291 req
->callback(req
, NULL
);
1294 ares
->type
= LDB_REPLY_DONE
;
1295 ares
->error
= error
;
1297 req
->callback(req
, ares
);
1300 static void ltdb_timeout(struct tevent_context
*ev
,
1301 struct tevent_timer
*te
,
1305 struct ltdb_context
*ctx
;
1306 ctx
= talloc_get_type(private_data
, struct ltdb_context
);
1308 if (!ctx
->request_terminated
) {
1309 /* request is done now */
1310 ltdb_request_done(ctx
, LDB_ERR_TIME_LIMIT_EXCEEDED
);
1314 /* neutralize the spy */
1315 ctx
->spy
->ctx
= NULL
;
1321 static void ltdb_request_extended_done(struct ltdb_context
*ctx
,
1322 struct ldb_extended
*ext
,
1325 struct ldb_context
*ldb
;
1326 struct ldb_request
*req
;
1327 struct ldb_reply
*ares
;
1329 ldb
= ldb_module_get_ctx(ctx
->module
);
1332 /* if we already returned an error just return */
1333 if (ldb_request_get_status(req
) != LDB_SUCCESS
) {
1337 ares
= talloc_zero(req
, struct ldb_reply
);
1340 req
->callback(req
, NULL
);
1343 ares
->type
= LDB_REPLY_DONE
;
1344 ares
->response
= ext
;
1345 ares
->error
= error
;
1347 req
->callback(req
, ares
);
1350 static void ltdb_handle_extended(struct ltdb_context
*ctx
)
1352 struct ldb_extended
*ext
= NULL
;
1355 if (strcmp(ctx
->req
->op
.extended
.oid
,
1356 LDB_EXTENDED_SEQUENCE_NUMBER
) == 0) {
1357 /* get sequence number */
1358 ret
= ltdb_sequence_number(ctx
, &ext
);
1360 /* not recognized */
1361 ret
= LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION
;
1364 ltdb_request_extended_done(ctx
, ext
, ret
);
1367 static void ltdb_callback(struct tevent_context
*ev
,
1368 struct tevent_timer
*te
,
1372 struct ltdb_context
*ctx
;
1375 ctx
= talloc_get_type(private_data
, struct ltdb_context
);
1377 if (ctx
->request_terminated
) {
1381 switch (ctx
->req
->operation
) {
1383 ret
= ltdb_search(ctx
);
1386 ret
= ltdb_add(ctx
);
1389 ret
= ltdb_modify(ctx
);
1392 ret
= ltdb_delete(ctx
);
1395 ret
= ltdb_rename(ctx
);
1398 ltdb_handle_extended(ctx
);
1401 /* no other op supported */
1402 ret
= LDB_ERR_PROTOCOL_ERROR
;
1405 if (!ctx
->request_terminated
) {
1406 /* request is done now */
1407 ltdb_request_done(ctx
, ret
);
1412 /* neutralize the spy */
1413 ctx
->spy
->ctx
= NULL
;
1419 static int ltdb_request_destructor(void *ptr
)
1421 struct ltdb_req_spy
*spy
= talloc_get_type(ptr
, struct ltdb_req_spy
);
1423 if (spy
->ctx
!= NULL
) {
1424 spy
->ctx
->spy
= NULL
;
1425 spy
->ctx
->request_terminated
= true;
1432 static int ltdb_handle_request(struct ldb_module
*module
,
1433 struct ldb_request
*req
)
1435 struct ldb_control
*control_permissive
;
1436 struct ldb_context
*ldb
;
1437 struct tevent_context
*ev
;
1438 struct ltdb_context
*ac
;
1439 struct tevent_timer
*te
;
1443 ldb
= ldb_module_get_ctx(module
);
1445 control_permissive
= ldb_request_get_control(req
,
1446 LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
1448 for (i
= 0; req
->controls
&& req
->controls
[i
]; i
++) {
1449 if (req
->controls
[i
]->critical
&&
1450 req
->controls
[i
] != control_permissive
) {
1451 ldb_asprintf_errstring(ldb
, "Unsupported critical extension %s",
1452 req
->controls
[i
]->oid
);
1453 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION
;
1457 if (req
->starttime
== 0 || req
->timeout
== 0) {
1458 ldb_set_errstring(ldb
, "Invalid timeout settings");
1459 return LDB_ERR_TIME_LIMIT_EXCEEDED
;
1462 ev
= ldb_get_event_context(ldb
);
1464 ac
= talloc_zero(ldb
, struct ltdb_context
);
1467 return LDB_ERR_OPERATIONS_ERROR
;
1470 ac
->module
= module
;
1475 te
= tevent_add_timer(ev
, ac
, tv
, ltdb_callback
, ac
);
1478 return LDB_ERR_OPERATIONS_ERROR
;
1481 if (req
->timeout
> 0) {
1482 tv
.tv_sec
= req
->starttime
+ req
->timeout
;
1484 ac
->timeout_event
= tevent_add_timer(ev
, ac
, tv
,
1486 if (NULL
== ac
->timeout_event
) {
1488 return LDB_ERR_OPERATIONS_ERROR
;
1492 /* set a spy so that we do not try to use the request context
1493 * if it is freed before ltdb_callback fires */
1494 ac
->spy
= talloc(req
, struct ltdb_req_spy
);
1495 if (NULL
== ac
->spy
) {
1497 return LDB_ERR_OPERATIONS_ERROR
;
1501 talloc_set_destructor((TALLOC_CTX
*)ac
->spy
, ltdb_request_destructor
);
1506 static int ltdb_init_rootdse(struct ldb_module
*module
)
1508 /* ignore errors on this - we expect it for non-sam databases */
1509 ldb_mod_register_control(module
, LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
1511 /* there can be no module beyond the backend, just return */
1515 static const struct ldb_module_ops ltdb_ops
= {
1517 .init_context
= ltdb_init_rootdse
,
1518 .search
= ltdb_handle_request
,
1519 .add
= ltdb_handle_request
,
1520 .modify
= ltdb_handle_request
,
1521 .del
= ltdb_handle_request
,
1522 .rename
= ltdb_handle_request
,
1523 .extended
= ltdb_handle_request
,
1524 .start_transaction
= ltdb_start_trans
,
1525 .end_transaction
= ltdb_end_trans
,
1526 .prepare_commit
= ltdb_prepare_commit
,
1527 .del_transaction
= ltdb_del_trans
,
1531 connect to the database
1533 static int ltdb_connect(struct ldb_context
*ldb
, const char *url
,
1534 unsigned int flags
, const char *options
[],
1535 struct ldb_module
**_module
)
1537 struct ldb_module
*module
;
1539 int tdb_flags
, open_flags
;
1540 struct ltdb_private
*ltdb
;
1543 if (strchr(url
, ':')) {
1544 if (strncmp(url
, "tdb://", 6) != 0) {
1545 ldb_debug(ldb
, LDB_DEBUG_ERROR
,
1546 "Invalid tdb URL '%s'", url
);
1547 return LDB_ERR_OPERATIONS_ERROR
;
1554 tdb_flags
= TDB_DEFAULT
| TDB_SEQNUM
;
1556 /* check for the 'nosync' option */
1557 if (flags
& LDB_FLG_NOSYNC
) {
1558 tdb_flags
|= TDB_NOSYNC
;
1561 /* and nommap option */
1562 if (flags
& LDB_FLG_NOMMAP
) {
1563 tdb_flags
|= TDB_NOMMAP
;
1566 if (flags
& LDB_FLG_RDONLY
) {
1567 open_flags
= O_RDONLY
;
1569 open_flags
= O_CREAT
| O_RDWR
;
1572 ltdb
= talloc_zero(ldb
, struct ltdb_private
);
1575 return LDB_ERR_OPERATIONS_ERROR
;
1578 /* note that we use quite a large default hash size */
1579 ltdb
->tdb
= ltdb_wrap_open(ltdb
, path
, 10000,
1580 tdb_flags
, open_flags
,
1581 ldb_get_create_perms(ldb
), ldb
);
1583 ldb_asprintf_errstring(ldb
,
1584 "Unable to open tdb '%s': %s", path
, strerror(errno
));
1585 ldb_debug(ldb
, LDB_DEBUG_ERROR
,
1586 "Unable to open tdb '%s': %s", path
, strerror(errno
));
1588 if (errno
== EACCES
|| errno
== EPERM
) {
1589 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS
;
1591 return LDB_ERR_OPERATIONS_ERROR
;
1594 if (getenv("LDB_WARN_UNINDEXED")) {
1595 ltdb
->warn_unindexed
= true;
1598 if (getenv("LDB_WARN_REINDEX")) {
1599 ltdb
->warn_reindex
= true;
1602 ltdb
->sequence_number
= 0;
1604 module
= ldb_module_new(ldb
, ldb
, "ldb_tdb backend", <db_ops
);
1608 return LDB_ERR_OPERATIONS_ERROR
;
1610 ldb_module_set_private(module
, ltdb
);
1611 talloc_steal(module
, ltdb
);
1613 if (ltdb_cache_load(module
) != 0) {
1614 ldb_asprintf_errstring(ldb
,
1615 "Unable to load ltdb cache records of tdb '%s'", path
);
1616 talloc_free(module
);
1617 return LDB_ERR_OPERATIONS_ERROR
;
1624 int ldb_tdb_init(const char *version
)
1626 LDB_MODULE_CHECK_VERSION(version
);
1627 return ldb_register_backend("tdb", ltdb_connect
, false);