search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lib ldb ldb_key_value: csbuild unused parm module
[Samba.git] / lib / ldb / ldb_key_value / ldb_kv_search.c
blobbb63ed1ab60906f69efdad4bda482c49e94cbfc8
1 /*
2 ldb database library
3
4 Copyright (C) Andrew Tridgell 2004
5
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
8 ** under the LGPL
9
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
14
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
19
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 */
23
24 /*
25 * Name: ldb
26 *
27 * Component: ldb search functions
28 *
29 * Description: functions to search ldb+tdb databases
30 *
31 * Author: Andrew Tridgell
32 */
33
34 #include "ldb_kv.h"
35 #include "ldb_private.h"
36 /*
37 search the database for a single simple dn.
38 return LDB_ERR_NO_SUCH_OBJECT on record-not-found
39 and LDB_SUCCESS on success
40 */
41 int ldb_kv_search_base(struct ldb_module *module,
42 TALLOC_CTX *mem_ctx,
43 struct ldb_dn *dn,
44 struct ldb_dn **ret_dn)
45 {
46 int exists;
47 int ret;
48 struct ldb_message *msg = NULL;
49
50 if (ldb_dn_is_null(dn)) {
51 return LDB_ERR_NO_SUCH_OBJECT;
52 }
53
54 /*
55 * We can't use tdb_exists() directly on a key when the TDB
56 * key is the GUID one, not the DN based one. So we just do a
57 * normal search and avoid most of the allocation with the
58 * LDB_UNPACK_DATA_FLAG_NO_ATTRS flag
59 */
60 msg = ldb_msg_new(module);
61 if (msg == NULL) {
62 return LDB_ERR_OPERATIONS_ERROR;
63 }
64
65 ret = ldb_kv_search_dn1(module, dn, msg, LDB_UNPACK_DATA_FLAG_NO_ATTRS);
66 if (ret == LDB_SUCCESS) {
67 const char *dn_linearized
68 = ldb_dn_get_linearized(dn);
69 const char *msg_dn_linearized
70 = ldb_dn_get_linearized(msg->dn);
71
72 if (strcmp(dn_linearized, msg_dn_linearized) == 0) {
73 /*
74 * Re-use the full incoming DN for
75 * subtree checks
76 */
77 *ret_dn = dn;
78 } else {
79 /*
80 * Use the string DN from the unpack, so that
81 * we have a case-exact match of the base
82 */
83 *ret_dn = talloc_steal(mem_ctx, msg->dn);
84 }
85 exists = true;
86 } else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
87 exists = false;
88 } else {
89 talloc_free(msg);
90 return ret;
91 }
92 talloc_free(msg);
93 if (exists) {
94 return LDB_SUCCESS;
95 }
96 return LDB_ERR_NO_SUCH_OBJECT;
97 }
98
99 struct ldb_kv_parse_data_unpack_ctx {
100 struct ldb_message *msg;
101 struct ldb_module *module;
102 struct ldb_kv_private *ldb_kv;
103 unsigned int unpack_flags;
104 };
105
106 static int ldb_kv_parse_data_unpack(struct ldb_val key,
107 struct ldb_val data,
108 void *private_data)
109 {
110 struct ldb_kv_parse_data_unpack_ctx *ctx = private_data;
111 int ret;
112 struct ldb_context *ldb = ldb_module_get_ctx(ctx->module);
113 struct ldb_val data_parse = data;
114
115 struct ldb_kv_private *ldb_kv = ctx->ldb_kv;
116
117 if ((ldb_kv->kv_ops->options & LDB_KV_OPTION_STABLE_READ_LOCK) &&
118 (ctx->unpack_flags & LDB_UNPACK_DATA_FLAG_READ_LOCKED) &&
119 !ldb_kv->kv_ops->transaction_active(ldb_kv)) {
120 /*
121 * In the case where no transactions are active and
122 * we're in a read-lock, we can point directly into
123 * database memory.
124 *
125 * The database can't be changed underneath us and we
126 * will duplicate this data in the call to filter.
127 *
128 * This is seen in:
129 * - ldb_kv_index_filter
130 * - ldb_kv_search_and_return_base
131 */
132 } else {
133 /*
134 * In every other case, since unpack doesn't memdup, we need
135 * to at least do a memdup on the whole data buffer as that
136 * may change later and the caller needs a stable result.
137 *
138 * During transactions, pointers could change and in
139 * TDB, there just aren't the same guarantees.
140 */
141 data_parse.data = talloc_memdup(ctx->msg,
142 data.data,
143 data.length);
144 if (data_parse.data == NULL) {
145 ldb_debug(ldb, LDB_DEBUG_ERROR,
146 "Unable to allocate data(%d) for %*.*s\n",
147 (int)data.length,
148 (int)key.length, (int)key.length, key.data);
149 return LDB_ERR_OPERATIONS_ERROR;
150 }
151 }
152
153 ret = ldb_unpack_data_flags(ldb, &data_parse,
154 ctx->msg, ctx->unpack_flags);
155 if (ret == -1) {
156 if (data_parse.data != data.data) {
157 talloc_free(data_parse.data);
158 }
159
160 ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index %*.*s\n",
161 (int)key.length, (int)key.length, key.data);
162 return LDB_ERR_OPERATIONS_ERROR;
163 }
164 return ret;
165 }
166
167 /*
168 search the database for a single simple dn, returning all attributes
169 in a single message
170
171 return LDB_ERR_NO_SUCH_OBJECT on record-not-found
172 and LDB_SUCCESS on success
173 */
174 int ldb_kv_search_key(struct ldb_module *module,
175 struct ldb_kv_private *ldb_kv,
176 const struct ldb_val ldb_key,
177 struct ldb_message *msg,
178 unsigned int unpack_flags)
179 {
180 int ret;
181 struct ldb_kv_parse_data_unpack_ctx ctx = {
182 .msg = msg,
183 .module = module,
184 .unpack_flags = unpack_flags,
185 .ldb_kv = ldb_kv
186 };
187
188 memset(msg, 0, sizeof(*msg));
189
190 msg->num_elements = 0;
191 msg->elements = NULL;
192
193 ret = ldb_kv->kv_ops->fetch_and_parse(
194 ldb_kv, ldb_key, ldb_kv_parse_data_unpack, &ctx);
195
196 if (ret == -1) {
197 ret = ldb_kv->kv_ops->error(ldb_kv);
198 if (ret == LDB_SUCCESS) {
199 /*
200 * Just to be sure we don't turn errors
201 * into success
202 */
203 return LDB_ERR_OPERATIONS_ERROR;
204 }
205 return ret;
206 } else if (ret != LDB_SUCCESS) {
207 return ret;
208 }
209
210 return LDB_SUCCESS;
211 }
212
213 /*
214 search the database for a single simple dn, returning all attributes
215 in a single message
216
217 return LDB_ERR_NO_SUCH_OBJECT on record-not-found
218 and LDB_SUCCESS on success
219 */
220 int ldb_kv_search_dn1(struct ldb_module *module,
221 struct ldb_dn *dn,
222 struct ldb_message *msg,
223 unsigned int unpack_flags)
224 {
225 void *data = ldb_module_get_private(module);
226 struct ldb_kv_private *ldb_kv =
227 talloc_get_type(data, struct ldb_kv_private);
228 int ret;
229 uint8_t guid_key[LDB_KV_GUID_KEY_SIZE];
230 struct ldb_val key = {
231 .data = guid_key,
232 .length = sizeof(guid_key)
233 };
234 TALLOC_CTX *tdb_key_ctx = NULL;
235
236 bool valid_dn = ldb_dn_validate(dn);
237 if (valid_dn == false) {
238 ldb_asprintf_errstring(ldb_module_get_ctx(module),
239 "Invalid Base DN: %s",
240 ldb_dn_get_linearized(dn));
241 return LDB_ERR_INVALID_DN_SYNTAX;
242 }
243
244 if (ldb_kv->cache->GUID_index_attribute == NULL ||
245 ldb_dn_is_special(dn)) {
246
247 tdb_key_ctx = talloc_new(msg);
248 if (!tdb_key_ctx) {
249 return ldb_module_oom(module);
250 }
251
252 /* form the key */
253 key = ldb_kv_key_dn(tdb_key_ctx, dn);
254 if (!key.data) {
255 TALLOC_FREE(tdb_key_ctx);
256 return LDB_ERR_OPERATIONS_ERROR;
257 }
258 } else {
259 /*
260 * Look in the index to find the key for this DN.
261 *
262 * the tdb_key memory is allocated above, msg is just
263 * used for internal memory.
264 *
265 */
266 ret = ldb_kv_key_dn_from_idx(module, ldb_kv, msg, dn, &key);
267 if (ret != LDB_SUCCESS) {
268 return ret;
269 }
270 }
271
272 ret = ldb_kv_search_key(module, ldb_kv, key, msg, unpack_flags);
273
274 TALLOC_FREE(tdb_key_ctx);
275
276 if (ret != LDB_SUCCESS) {
277 return ret;
278 }
279
280 if ((unpack_flags & LDB_UNPACK_DATA_FLAG_NO_DN) == 0) {
281 if (!msg->dn) {
282 msg->dn = ldb_dn_copy(msg, dn);
283 }
284 if (!msg->dn) {
285 return LDB_ERR_OPERATIONS_ERROR;
286 }
287 }
288
289 return LDB_SUCCESS;
290 }
291
292 /*
293 * filter the specified list of attributes from msg,
294 * adding requested attributes, and perhaps all for *,
295 * but not the DN to filtered_msg.
296 */
297 int ldb_kv_filter_attrs(struct ldb_context *ldb,
298 const struct ldb_message *msg,
299 const char *const *attrs,
300 struct ldb_message *filtered_msg)
301 {
302 return ldb_filter_attrs(ldb, msg, attrs, filtered_msg);
303 }
304
305 /*
306 search function for a non-indexed search
307 */
308 static int search_func(struct ldb_kv_private *ldb_kv,
309 struct ldb_val key,
310 struct ldb_val val,
311 void *state)
312 {
313 struct ldb_context *ldb;
314 struct ldb_kv_context *ac;
315 struct ldb_message *msg, *filtered_msg;
316 int ret;
317 bool matched;
318
319 ac = talloc_get_type(state, struct ldb_kv_context);
320 ldb = ldb_module_get_ctx(ac->module);
321
322 /*
323 * We want to skip @ records early in a search full scan
324 *
325 * @ records like @IDXLIST are only available via a base
326 * search on the specific name but the method by which they
327 * were excluded was expensive, after the unpack the DN is
328 * exploded and ldb_match_msg_error() would reject it for
329 * failing to match the scope.
330 *
331 * ldb_kv_key_is_normal_record() uses the fact that @ records
332 * have the DN=@ prefix on their TDB/LMDB key to quickly
333 * exclude them from consideration.
334 *
335 * (any other non-records are also excluded by the same key
336 * match)
337 */
338
339 if (ldb_kv_key_is_normal_record(key) == false) {
340 return 0;
341 }
342
343 msg = ldb_msg_new(ac);
344 if (!msg) {
345 ac->error = LDB_ERR_OPERATIONS_ERROR;
346 return -1;
347 }
348
349 /* unpack the record */
350 ret = ldb_unpack_data_flags(ldb, &val, msg,
351 LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC);
352 if (ret == -1) {
353 talloc_free(msg);
354 ac->error = LDB_ERR_OPERATIONS_ERROR;
355 return -1;
356 }
357
358 if (!msg->dn) {
359 msg->dn = ldb_dn_new(msg, ldb,
360 (char *)key.data + 3);
361 if (msg->dn == NULL) {
362 talloc_free(msg);
363 ac->error = LDB_ERR_OPERATIONS_ERROR;
364 return -1;
365 }
366 }
367
368 /* see if it matches the given expression */
369 ret = ldb_match_msg_error(ldb, msg,
370 ac->tree, ac->base, ac->scope, &matched);
371 if (ret != LDB_SUCCESS) {
372 talloc_free(msg);
373 ac->error = LDB_ERR_OPERATIONS_ERROR;
374 return -1;
375 }
376 if (!matched) {
377 talloc_free(msg);
378 return 0;
379 }
380
381 filtered_msg = ldb_msg_new(ac);
382 if (filtered_msg == NULL) {
383 TALLOC_FREE(msg);
384 return LDB_ERR_OPERATIONS_ERROR;
385 }
386
387 filtered_msg->dn = talloc_steal(filtered_msg, msg->dn);
388
389 /* filter the attributes that the user wants */
390 ret = ldb_kv_filter_attrs(ldb, msg, ac->attrs, filtered_msg);
391 talloc_free(msg);
392
393 if (ret == -1) {
394 TALLOC_FREE(filtered_msg);
395 ac->error = LDB_ERR_OPERATIONS_ERROR;
396 return -1;
397 }
398
399 ret = ldb_module_send_entry(ac->req, filtered_msg, NULL);
400 if (ret != LDB_SUCCESS) {
401 ac->request_terminated = true;
402 /* the callback failed, abort the operation */
403 ac->error = LDB_ERR_OPERATIONS_ERROR;
404 return -1;
405 }
406
407 return 0;
408 }
409
410
411 /*
412 search the database with a LDAP-like expression.
413 this is the "full search" non-indexed variant
414 */
415 static int ldb_kv_search_full(struct ldb_kv_context *ctx)
416 {
417 void *data = ldb_module_get_private(ctx->module);
418 struct ldb_kv_private *ldb_kv =
419 talloc_get_type(data, struct ldb_kv_private);
420 int ret;
421
422 ctx->error = LDB_SUCCESS;
423 ret = ldb_kv->kv_ops->iterate(ldb_kv, search_func, ctx);
424
425 if (ret < 0) {
426 return LDB_ERR_OPERATIONS_ERROR;
427 }
428
429 return ctx->error;
430 }
431
432 static int ldb_kv_search_and_return_base(struct ldb_kv_private *ldb_kv,
433 struct ldb_kv_context *ctx)
434 {
435 struct ldb_message *msg, *filtered_msg;
436 struct ldb_context *ldb = ldb_module_get_ctx(ctx->module);
437 const char *dn_linearized;
438 const char *msg_dn_linearized;
439 int ret;
440 bool matched;
441
442 msg = ldb_msg_new(ctx);
443 if (!msg) {
444 return LDB_ERR_OPERATIONS_ERROR;
445 }
446 ret = ldb_kv_search_dn1(ctx->module,
447 ctx->base,
448 msg,
449 LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC |
450 LDB_UNPACK_DATA_FLAG_READ_LOCKED);
451
452 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
453 if (ldb_kv->check_base == false) {
454 /*
455 * In this case, we are done, as no base
456 * checking is allowed in this DB
457 */
458 talloc_free(msg);
459 return LDB_SUCCESS;
460 }
461 ldb_asprintf_errstring(ldb,
462 "No such Base DN: %s",
463 ldb_dn_get_linearized(ctx->base));
464 }
465 if (ret != LDB_SUCCESS) {
466 talloc_free(msg);
467 return ret;
468 }
469
470
471 /*
472 * We use this, not ldb_match_msg_error() as we know
473 * we matched on the scope BASE, as we just fetched
474 * the base DN
475 */
476
477 ret = ldb_match_message(ldb, msg,
478 ctx->tree,
479 ctx->scope,
480 &matched);
481 if (ret != LDB_SUCCESS) {
482 talloc_free(msg);
483 return ret;
484 }
485 if (!matched) {
486 talloc_free(msg);
487 return LDB_SUCCESS;
488 }
489
490 dn_linearized = ldb_dn_get_linearized(ctx->base);
491 msg_dn_linearized = ldb_dn_get_linearized(msg->dn);
492
493 filtered_msg = ldb_msg_new(ctx);
494 if (filtered_msg == NULL) {
495 talloc_free(msg);
496 return LDB_ERR_OPERATIONS_ERROR;
497 }
498
499 if (strcmp(dn_linearized, msg_dn_linearized) == 0) {
500 /*
501 * If the DN is exactly the same string, then
502 * re-use the full incoming DN for the
503 * returned result, as it has already been
504 * casefolded
505 */
506 filtered_msg->dn = ldb_dn_copy(filtered_msg, ctx->base);
507 }
508
509 /*
510 * If the ldb_dn_copy() failed, or if we did not choose that
511 * optimisation (filtered_msg is zeroed at allocation),
512 * steal the one from the unpack
513 */
514 if (filtered_msg->dn == NULL) {
515 filtered_msg->dn = talloc_steal(filtered_msg, msg->dn);
516 }
517
518 /*
519 * filter the attributes that the user wants.
520 */
521 ret = ldb_kv_filter_attrs(ldb, msg, ctx->attrs, filtered_msg);
522 if (ret == -1) {
523 talloc_free(msg);
524 filtered_msg = NULL;
525 return LDB_ERR_OPERATIONS_ERROR;
526 }
527
528 /*
529 * Remove any extended components possibly copied in from
530 * msg->dn, we just want the casefold components
531 */
532 ldb_dn_remove_extended_components(filtered_msg->dn);
533 talloc_free(msg);
534
535 ret = ldb_module_send_entry(ctx->req, filtered_msg, NULL);
536 if (ret != LDB_SUCCESS) {
537 /* Regardless of success or failure, the msg
538 * is the callbacks responsiblity, and should
539 * not be talloc_free()'ed */
540 ctx->request_terminated = true;
541 return ret;
542 }
543
544 return LDB_SUCCESS;
545 }
546
547 /*
548 search the database with a LDAP-like expression.
549 choses a search method
550 */
551 int ldb_kv_search(struct ldb_kv_context *ctx)
552 {
553 struct ldb_context *ldb;
554 struct ldb_module *module = ctx->module;
555 struct ldb_request *req = ctx->req;
556 void *data = ldb_module_get_private(module);
557 struct ldb_kv_private *ldb_kv =
558 talloc_get_type(data, struct ldb_kv_private);
559 int ret;
560
561 ldb = ldb_module_get_ctx(module);
562
563 ldb_request_set_state(req, LDB_ASYNC_PENDING);
564
565 if (ldb_kv->kv_ops->lock_read(module) != 0) {
566 return LDB_ERR_OPERATIONS_ERROR;
567 }
568
569 if (ldb_kv_cache_load(module) != 0) {
570 ldb_kv->kv_ops->unlock_read(module);
571 return LDB_ERR_OPERATIONS_ERROR;
572 }
573
574 if (req->op.search.tree == NULL) {
575 ldb_kv->kv_ops->unlock_read(module);
576 return LDB_ERR_OPERATIONS_ERROR;
577 }
578
579 ctx->tree = req->op.search.tree;
580 ctx->scope = req->op.search.scope;
581 ctx->base = req->op.search.base;
582 ctx->attrs = req->op.search.attrs;
583
584 if ((req->op.search.base == NULL) || (ldb_dn_is_null(req->op.search.base) == true)) {
585
586 /* Check what we should do with a NULL dn */
587 switch (req->op.search.scope) {
588 case LDB_SCOPE_BASE:
589 ldb_asprintf_errstring(ldb,
590 "NULL Base DN invalid for a base search");
591 ret = LDB_ERR_INVALID_DN_SYNTAX;
592 break;
593 case LDB_SCOPE_ONELEVEL:
594 ldb_asprintf_errstring(ldb,
595 "NULL Base DN invalid for a one-level search");
596 ret = LDB_ERR_INVALID_DN_SYNTAX;
597 break;
598 case LDB_SCOPE_SUBTREE:
599 default:
600 /* We accept subtree searches from a NULL base DN, ie over the whole DB */
601 ret = LDB_SUCCESS;
602 }
603 } else if (req->op.search.scope == LDB_SCOPE_BASE) {
604
605 /*
606 * If we are LDB_SCOPE_BASE, do just one search and
607 * return early. This is critical to ensure we do not
608 * go into the index code for special DNs, as that
609 * will try to look up an index record for a special
610 * record (which doesn't exist).
611 */
612 ret = ldb_kv_search_and_return_base(ldb_kv, ctx);
613
614 ldb_kv->kv_ops->unlock_read(module);
615
616 return ret;
617
618 } else if (ldb_kv->check_base) {
619 /*
620 * This database has been marked as
621 * 'checkBaseOnSearch', so do a spot check of the base
622 * dn. Also optimise the subsequent filter by filling
623 * in the ctx->base to be exactly case correct
624 */
625 ret = ldb_kv_search_base(
626 module, ctx, req->op.search.base, &ctx->base);
627
628 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
629 ldb_asprintf_errstring(ldb,
630 "No such Base DN: %s",
631 ldb_dn_get_linearized(req->op.search.base));
632 }
633
634 } else if (ldb_dn_validate(req->op.search.base) == false) {
635
636 /* We don't want invalid base DNs here */
637 ldb_asprintf_errstring(ldb,
638 "Invalid Base DN: %s",
639 ldb_dn_get_linearized(req->op.search.base));
640 ret = LDB_ERR_INVALID_DN_SYNTAX;
641
642 } else {
643 /* If we are not checking the base DN life is easy */
644 ret = LDB_SUCCESS;
645 }
646
647 if (ret == LDB_SUCCESS) {
648 uint32_t match_count = 0;
649
650 ret = ldb_kv_search_indexed(ctx, &match_count);
651 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
652 /* Not in the index, therefore OK! */
653 ret = LDB_SUCCESS;
654
655 }
656 /* Check if we got just a normal error.
657 * In that case proceed to a full search unless we got a
658 * callback error */
659 if (!ctx->request_terminated && ret != LDB_SUCCESS) {
660 /* Not indexed, so we need to do a full scan */
661 if (ldb_kv->warn_unindexed ||
662 ldb_kv->disable_full_db_scan) {
663 /* useful for debugging when slow performance
664 * is caused by unindexed searches */
665 char *expression = ldb_filter_from_tree(ctx, ctx->tree);
666 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb FULL SEARCH: %s SCOPE: %s DN: %s",
667 expression,
668 req->op.search.scope==LDB_SCOPE_BASE?"base":
669 req->op.search.scope==LDB_SCOPE_ONELEVEL?"one":
670 req->op.search.scope==LDB_SCOPE_SUBTREE?"sub":"UNKNOWN",
671 ldb_dn_get_linearized(req->op.search.base));
672
673 talloc_free(expression);
674 }
675
676 if (match_count != 0) {
677 /* the indexing code gave an error
678 * after having returned at least one
679 * entry. This means the indexes are
680 * corrupt or a database record is
681 * corrupt. We cannot continue with a
682 * full search or we may return
683 * duplicate entries
684 */
685 ldb_kv->kv_ops->unlock_read(module);
686 return LDB_ERR_OPERATIONS_ERROR;
687 }
688
689 if (ldb_kv->disable_full_db_scan) {
690 ldb_set_errstring(ldb,
691 "ldb FULL SEARCH disabled");
692 ldb_kv->kv_ops->unlock_read(module);
693 return LDB_ERR_INAPPROPRIATE_MATCHING;
694 }
695
696 ret = ldb_kv_search_full(ctx);
697 if (ret != LDB_SUCCESS) {
698 ldb_set_errstring(ldb, "Indexed and full searches both failed!\n");
699 }
700 }
701 }
702
703 ldb_kv->kv_ops->unlock_read(module);
704
705 return ret;
706 }
Samba GIT mirror