| blob | 2671d55a4d348c5aac989acf2ade60bda0152859 |
1 /*
2 ldb database library
4 Copyright (C) Andrew Tridgell 2004-2009
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
8 ** under the LGPL
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 */
24 /*
25 * Name: ldb
26 *
27 * Component: ldb key value backend - indexing
28 *
29 * Description: indexing routines for ldb key value backend
30 *
31 * Author: Andrew Tridgell
32 */
34 /*
36 LDB Index design and choice of key:
37 =======================================
39 LDB has index records held as LDB objects with a special record like:
41 dn: @INDEX:attr:value
43 value may be base64 encoded, if it is deemed not printable:
45 dn: @INDEX:attr::base64-value
47 In each record, there is two possible formats:
49 The original format is:
50 -----------------------
52 dn: @INDEX:NAME:DNSUPDATEPROXY
53 @IDXVERSION: 2
54 @IDX: CN=DnsUpdateProxy,CN=Users,DC=addom,DC=samba,DC=example,DC=com
56 In this format, @IDX is multi-valued, one entry for each match
58 The corrosponding entry is stored in a TDB record with key:
60 DN=CN=DNSUPDATEPROXY,CN=USERS,DC=ADDOM,DC=SAMBA,DC=EXAMPLE,DC=COM
62 (This allows a scope BASE search to directly find the record via
63 a simple casefold of the DN).
65 The original mixed-case DN is stored in the entry iself.
68 The new 'GUID index' format is:
69 -------------------------------
71 dn: @INDEX:NAME:DNSUPDATEPROXY
72 @IDXVERSION: 3
73 @IDX: <binary GUID>[<binary GUID>[...]]
75 The binary guid is 16 bytes, as bytes and not expanded as hexidecimal
76 or pretty-printed. The GUID is chosen from the message to be stored
77 by the @IDXGUID attribute on @INDEXLIST.
79 If there are multiple values the @IDX value simply becomes longer,
80 in multiples of 16.
82 The corrosponding entry is stored in a TDB record with key:
84 GUID=<binary GUID>
86 This allows a very quick translation between the fixed-length index
87 values and the TDB key, while seperating entries from other data
88 in the TDB, should they be unlucky enough to start with the bytes of
89 the 'DN=' prefix.
91 Additionally, this allows a scope BASE search to directly find the
92 record via a simple match on a GUID= extended DN, controlled via
93 @IDX_DN_GUID on @INDEXLIST
95 Exception for special @ DNs:
97 @BASEINFO, @INDEXLIST and all other special DNs are stored as per the
98 original format, as they are never referenced in an index and are used
99 to bootstrap the database.
102 Control points for choice of index mode
103 ---------------------------------------
105 The choice of index and TDB key mode is made based (for example, from
106 Samba) on entries in the @INDEXLIST DN:
108 dn: @INDEXLIST
109 @IDXGUID: objectGUID
110 @IDX_DN_GUID: GUID
112 By default, the original DN format is used.
115 Control points for choosing indexed attributes
116 ----------------------------------------------
118 @IDXATTR controls if an attribute is indexed
120 dn: @INDEXLIST
121 @IDXATTR: samAccountName
122 @IDXATTR: nETBIOSName
125 C Override functions
126 --------------------
128 void ldb_schema_set_override_GUID_index(struct ldb_context *ldb,
129 const char *GUID_index_attribute,
130 const char *GUID_index_dn_component)
132 This is used, particularly in combination with the below, instead of
133 the @IDXGUID and @IDX_DN_GUID values in @INDEXLIST.
135 void ldb_schema_set_override_indexlist(struct ldb_context *ldb,
136 bool one_level_indexes);
137 void ldb_schema_attribute_set_override_handler(struct ldb_context *ldb,
138 ldb_attribute_handler_override_fn_t override,
139 void *private_data);
141 When the above two functions are called in combination, the @INDEXLIST
142 values are not read from the DB, so
143 ldb_schema_set_override_GUID_index() must be called.
145 */
156 /*
157 * Do not optimise the intersection of this list,
158 * we must never return an entry not in this
159 * list. This allows the index for
160 * SCOPE_ONELEVEL to be trusted.
161 */
163 };
166 /*
167 * In memory tdb to cache the index updates performed during a
168 * transaction. This improves the performance of operations like
169 * re-index and join
170 */
173 };
176 KEY_NOT_TRUNCATED,
177 KEY_TRUNCATED,
178 };
192 /* we put a @IDXVERSION attribute on index entries. This
193 allows us to tell if it was written by an older version
194 */
195 #define LDB_KV_INDEXING_VERSION 2
197 #define LDB_KV_GUID_INDEXING_VERSION 3
200 {
203 }
205 }
207 /* enable the idxptr mode when transactions start */
211 {
217 }
220 NULL,
221 cache_size,
222 TDB_INTERNAL,
223 O_RDWR,
227 }
230 }
232 /*
233 see if two ldb_val structures contain exactly the same data
234 return -1 or 1 for a mismatch, 0 for match
235 */
238 {
241 }
244 }
246 }
248 /*
249 see if two ldb_val structures contain exactly the same data
250 return -1 or 1 for a mismatch, 0 for match
251 */
254 {
257 }
260 }
262 }
265 /*
266 find a entry in a dn_list, using a ldb_val. Uses a case sensitive
267 binary-safe comparison for the 'dn' returns -1 if not found
269 This is therefore safe when the value is a GUID in the future
270 */
274 {
282 }
283 }
285 }
292 }
293 /* Not required, but keeps the compiler quiet */
296 }
300 }
302 /*
303 find a entry in a dn_list. Uses a case sensitive comparison with the dn
304 returns -1 if not found
305 */
309 {
321 }
323 }
325 }
327 /*
328 this is effectively a cast function, but with lots of paranoia
329 checks and also copes with CPUs that are fussy about pointer
330 alignment
331 */
333 TDB_DATA rec)
334 {
340 }
341 /* note that we can't just use a cast here, as rec.dptr may
342 not be aligned sufficiently for a pointer. A cast would cause
343 platforms like some ARM CPUs to crash */
351 }
353 }
358 };
360 /*
361 return the @IDX list in an index entry for a dn as a
362 struct dn_list
363 */
369 {
382 /*
383 * See if we have an in memory index cache
384 */
387 }
392 /*
393 * Have we cached this index record?
394 * If we have a nested transaction cache try that first.
395 * then try the transaction cache.
396 * if the record is not cached it will need to be read from disk.
397 */
400 }
404 }
407 }
409 /* we've found an in-memory index entry */
414 }
417 /*
418 * If this is a read only transaction the indexes will not be
419 * changed so we don't need a copy in the event of a rollback
420 *
421 * In this case make an early return
422 */
426 }
428 /*
429 * record was read from the sub transaction cache, so we have
430 * already copied the primary cache record
431 */
435 }
437 /*
438 * No index sub transaction active, so no need to cache a copy
439 */
443 }
445 /*
446 * There is an active index sub transaction, and the record was
447 * found in the primary index transaction cache. A copy of the
448 * record needs be taken to prevent the original entry being
449 * altered, until the index sub transaction is committed.
450 */
452 {
457 list,
462 }
466 dns,
472 }
473 }
476 }
479 /*
480 * Index record not found in the caches, read it from the
481 * database.
482 */
483 normal_index:
487 }
490 dn,
491 msg,
492 LDB_UNPACK_DATA_FLAG_NO_DN |
493 /*
494 * The entry point ldb_kv_search_indexed is
495 * only called from the read-locked
496 * ldb_kv_search.
497 */
498 LDB_UNPACK_DATA_FLAG_READ_LOCKED);
502 }
508 }
512 /*
513 * we avoid copying the strings by stealing the list. We have
514 * to steal msg onto el->values (which looks odd) because
515 * the memory is allocated on msg, not on each value.
516 */
518 /* check indexing version number */
521 LDB_DEBUG_ERROR,
522 "Wrong DN index version %d "
528 }
536 /* This is quite likely during the DB startup
537 on first upgrade to using a GUID index */
539 LDB_DEBUG_ERROR,
540 "Wrong GUID index version %d "
546 }
551 }
556 }
563 }
565 /*
566 * The actual data is on msg.
567 */
573 }
574 }
576 /* We don't need msg->elements any more */
579 }
586 {
595 }
601 }
606 }
611 __location__
612 ": Failed to read DN index "
613 "against %s for %s: too many "
616 dn_str,
620 }
623 /*
624 * DN key has been truncated, need to inspect the actual
625 * records to locate the actual DN
626 */
634 };
640 }
648 }
650 ret =
654 }
656 /*
657 * the record has disappeared?
658 * yes, this can happen
659 */
662 }
665 /* an internal error */
669 }
671 /*
672 * We found the actual DN that we wanted from in the
673 * multiple values that matched the index
674 * (due to truncation), so return that.
675 *
676 */
681 }
682 }
684 /*
685 * We matched the index but the actual DN we wanted
686 * was not here.
687 */
691 }
692 }
694 /* The ldb_key memory is allocated by the caller */
700 }
703 }
707 /*
708 save a dn_list into a full @IDX style record
709 */
714 {
721 }
729 }
732 }
736 LDB_KV_INDEXING_VERSION);
740 }
743 LDB_KV_GUID_INDEXING_VERSION);
747 }
748 }
757 }
770 }
774 LDB_KV_GUID_SIZE);
778 }
784 LDB_KV_GUID_SIZE) {
787 }
790 LDB_KV_GUID_SIZE);
791 }
794 }
795 }
800 }
802 /*
803 save a dn_list into the database, in either @IDX or internal format
804 */
808 {
821 }
824 /*
825 * If there is an index sub transaction active, update the
826 * sub transaction index cache. Otherwise update the
827 * primary index cache
828 */
833 }
834 /*
835 * Get the cache entry for the index
836 *
837 * As the value in the cache is a pointer to a dn_list we update
838 * the dn_list directly.
839 *
840 */
847 }
849 /* Now put the updated pointer back in the cache */
856 }
858 }
863 }
871 /*
872 * This is not a store into the main DB, but into an in-memory
873 * TDB, so we don't need a guard on ltdb->read_only
874 *
875 * Also as we directly update the in memory dn_list for existing
876 * cache entries we must be adding a new entry to the cache.
877 */
881 }
883 }
885 /*
886 traverse function for storing the in-memory index entries on disk
887 */
889 TDB_DATA key,
890 TDB_DATA data,
892 {
905 }
912 ldb_asprintf_errstring(ldb, "Failed to parse index key %*.*s as an LDB DN", (int)v.length, (int)v.length, (const char *)v.data);
915 }
922 }
924 }
926 /* cleanup the idxptr mode when transaction commits */
928 {
941 }
947 }
948 ldb_asprintf_errstring(ldb, "Failed to store index records in transaction commit: %s", ldb_errstring(ldb));
949 }
954 }
956 /* cleanup the idxptr mode when transaction cancels */
958 {
963 }
967 }
970 }
973 /*
974 return the dn key to be used for an index
975 the caller is responsible for freeing
976 */
983 {
1004 /*
1005 * Accept a NULL value as a request for a key with no value. This is
1006 * different from passing an empty value, which might be given
1007 * significance by some canonicalise functions.
1008 */
1014 }
1021 }
1026 }
1033 }
1038 ldb_attr_handler_t fn;
1044 }
1048 /* canonicalisation can be refused. For
1049 example, a attribute that takes wildcards
1050 will refuse to canonicalise if the value
1051 contains a wildcard */
1053 "Failed to create "
1054 "index key for "
1061 }
1062 }
1063 }
1066 /*
1067 * Check if there is any hope this will fit into the DB.
1068 * Overflow here is not actually critical the code below
1069 * checks again to make the printf and the DB does another
1070 * check for too long keys
1071 */
1074 ldb,
1075 __location__ ": max_key_length "
1077 max_key_length,
1081 }
1083 /*
1084 * ltdb_key_dn() makes something 4 bytes longer, it adds a leading
1085 * "DN=" and a trailing string terminator
1086 */
1089 /*
1090 * We do not base 64 encode a DN in a key, it has already been
1091 * casefold and lineraized, that is good enough. That already
1092 * avoids embedded NUL etc.
1093 */
1098 /*
1099 * We can only change the behaviour for IDXONE
1100 * when the GUID index is enabled
1101 */
1104 should_b64_encode
1106 }
1109 }
1117 }
1119 /*
1120 * Overflow here is not critical as we only use this
1121 * to choose the printf truncation
1122 */
1128 /*
1129 * Truncated keys are placed in a separate key space
1130 * from the non truncated keys
1131 * Note: the double hash "##" is not a typo and
1132 * indicates that the following value is base64 encoded
1133 */
1140 /*
1141 * Note: the double colon "::" is not a typo and
1142 * indicates that the following value is base64 encoded
1143 */
1147 }
1150 /* Only need two seperators */
1153 /*
1154 * Overflow here is not critical as we only use this
1155 * to choose the printf truncation
1156 */
1162 /*
1163 * Truncated keys are placed in a separate key space
1164 * from the non truncated keys
1165 */
1175 }
1176 }
1180 }
1184 }
1186 /*
1187 see if a attribute value is in the list of indexed attributes
1188 */
1192 {
1199 /* Implicity covered, this is the index key */
1201 }
1208 }
1214 }
1215 }
1219 }
1224 }
1226 /* TODO: this is too expensive! At least use a binary search */
1230 }
1231 }
1233 }
1235 /*
1236 in the following logic functions, the return value is treated as
1237 follows:
1239 LDB_SUCCESS: we found some matching index values
1241 LDB_ERR_NO_SUCH_OBJECT: we know for sure that no object matches
1243 LDB_ERR_OPERATIONS_ERROR: indexing could not answer the call,
1244 we'll need a full search
1245 */
1247 /*
1248 return a list of dn's that might match a simple indexed search (an
1249 equality search only)
1250 */
1255 {
1266 /* if the attribute isn't in the list of indexed attributes then
1267 this node needs a full search */
1270 }
1272 /* the attribute is indexed. Pull the list of DNs that match the
1273 search criterion */
1275 ldb_kv,
1278 NULL,
1280 /*
1281 * We ignore truncation here and allow multi-valued matches
1282 * as ltdb_search_indexed will filter out the wrong one in
1283 * ltdb_index_filter() which calls ldb_match_message().
1284 */
1288 DN_LIST_WILL_BE_READ_ONLY);
1291 }
1298 /*
1299 return a list of dn's that might match a leaf indexed search
1300 */
1305 {
1308 /* in AD mode we do not support "(dn=...)" search filters */
1312 }
1314 /* Do not allow a indexed search against an @ */
1318 }
1327 /* If we can't parse it, no match */
1331 }
1335 /* If we can't parse it, no match */
1339 }
1341 /*
1342 * Re-use the same code we use for a SCOPE_BASE
1343 * search
1344 *
1345 * We can't call TALLOC_FREE(dn) as this must belong
1346 * to list for the memory to remain valid.
1347 */
1350 /*
1351 * We ignore truncation here and allow multi-valued matches
1352 * as ltdb_search_indexed will filter out the wrong one in
1353 * ltdb_index_filter() which calls ldb_match_message().
1354 */
1365 }
1366 /*
1367 * We need to go via the canonicalise_fn() to
1368 * ensure we get the index in binary, rather
1369 * than a string
1370 */
1375 }
1378 }
1381 }
1384 /*
1385 list intersection
1386 list = list & list2
1387 */
1391 {
1397 /* 0 & X == 0 */
1399 }
1401 /* X & 0 == 0 */
1405 }
1407 /*
1408 * In both of the below we check for strict and in that
1409 * case do not optimise the intersection of this list,
1410 * we must never return an entry not in this
1411 * list. This allows the index for
1412 * SCOPE_ONELEVEL to be trusted.
1413 */
1415 /* the indexing code is allowed to return a longer list than
1416 what really matches, as all results are filtered by the
1417 full expression at the end - this shortcut avoids a lot of
1418 work in some cases */
1421 }
1425 /* note that list2 may not be the parent of list2->dn,
1426 as list2->dn may be owned by ltdb->idxptr. In that
1427 case we expect this reparent call to fail, which is
1428 OK */
1431 }
1439 }
1444 }
1451 }
1455 /* For the GUID index case, this is a binary search */
1460 }
1461 }
1469 }
1472 /*
1473 list union
1474 list = list | list2
1475 */
1480 {
1485 /* X | 0 == X */
1487 }
1490 /* 0 | X == X */
1493 /* note that list2 may not be the parent of list2->dn,
1494 as list2->dn may be owned by ltdb->idxptr. In that
1495 case we expect this reparent call to fail, which is
1496 OK */
1499 }
1501 /*
1502 * Sort the lists (if not in GUID DN mode) so we can do
1503 * the de-duplication during the merge
1504 *
1505 * NOTE: This can sort the in-memory index values, as list or
1506 * list2 might not be a copy!
1507 */
1515 }
1526 }
1529 /* Take list */
1531 i++;
1532 k++;
1534 /* Take list2 */
1536 j++;
1537 k++;
1539 /* Equal, take list */
1541 i++;
1542 j++;
1543 k++;
1544 }
1545 }
1551 }
1558 /*
1559 process an OR list (a union)
1560 */
1565 {
1581 }
1587 /* X || 0 == X */
1590 }
1593 /* X || * == * */
1596 }
1601 }
1602 }
1606 }
1609 }
1612 /*
1613 NOT an index results
1614 */
1619 {
1620 /* the only way to do an indexed not would be if we could
1621 negate the not via another not or if we knew the total
1622 number of database elements so we could know that the
1623 existing expression covered the whole database.
1625 instead, we just give up, and rely on a full index scan
1626 (unless an outer & manages to reduce the list)
1627 */
1629 }
1631 /*
1632 * These things are unique, so avoid a full scan if this is a search
1633 * by GUID, DN or a unique attribute
1634 */
1638 {
1644 }
1645 }
1648 }
1653 }
1655 }
1657 /*
1658 process an AND expression (intersection)
1659 */
1664 {
1674 /* in the first pass we only look for unique simple
1675 equality tests, in the hope of avoiding having to look
1676 at any others */
1685 }
1689 /* 0 && X == 0 */
1691 }
1693 /* a unique index match means we can
1694 * stop. Note that we don't care if we return
1695 * a few too many objects, due to later
1696 * filtering */
1698 }
1699 }
1701 /* now do a full intersection */
1712 }
1717 /* X && 0 == 0 */
1722 }
1725 /* this didn't adding anything */
1728 }
1738 }
1743 }
1746 /* it isn't worth loading the next part of the tree */
1748 }
1749 }
1752 /* none of the attributes were indexed */
1754 }
1757 }
1763 };
1769 {
1786 LDB_UNPACK_DATA_FLAG_NO_DN);
1791 }
1797 }
1801 /*
1802 * we avoid copying the strings by stealing the list. We have
1803 * to steal msg onto el->values (which looks odd) because
1804 * the memory is allocated on msg, not on each value.
1805 */
1807 /* This is quite likely during the DB startup
1808 on first upgrade to using a GUID index */
1810 LDB_DEBUG_ERROR, __location__
1816 }
1822 }
1829 }
1839 }
1848 }
1856 new_array_length);
1857 }
1863 }
1865 /*
1866 * The actual data is on msg.
1867 */
1874 }
1881 }
1883 /*
1884 * >= and <= indexing implemented using lexicographically sorted keys
1885 *
1886 * We only run this in GUID indexing mode and when there is no write
1887 * transaction (only implicit read locks are being held). Otherwise, we would
1888 * have to deal with the in-memory index cache.
1889 *
1890 * We rely on the implementation of index_format_fn on a schema syntax which
1891 * will can help us to construct keys which can be ordered correctly, and we
1892 * terminate using schema agnostic start and end keys.
1893 *
1894 * index_format_fn must output values which can be memcmp-able to produce the
1895 * correct ordering as defined by the schema syntax class.
1896 */
1901 {
1917 }
1921 }
1923 /* bail out if we're in a transaction, full search instead. */
1926 }
1930 /* in AD mode we do not support "(dn=...)" search filters */
1934 }
1936 /* Do not allow a indexed search against an @ */
1940 }
1944 /*
1945 * If there's no index format function defined for this attr, then
1946 * the lexicographic order in the database doesn't correspond to the
1947 * attr's ordering, so we can't use the iterate_range op.
1948 */
1951 }
1960 __location__
1964 }
1969 }
1977 __location__
1981 }
1987 }
1989 /*
1990 * In order to avoid defining a start and end key for the search, we
1991 * notice that each index key is of the form:
1992 *
1993 * DN=@INDEX:<ATTRIBUTE>:<VALUE>\0.
1994 *
1995 * We can simply make our start key DN=@INDEX:<ATTRIBUTE>: and our end
1996 * key DN=@INDEX:<ATTRIBUTE>; to return all index entries for a
1997 * particular attribute.
1998 *
1999 * Our LMDB backend uses the default memcmp for key comparison.
2000 */
2002 /* Eliminate NUL byte at the end of the empty key */
2006 /* : becomes ; for pseudo end-key */
2013 }
2026 }
2029 ldb_val_equal_exact_for_qsort);
2034 }
2040 {
2042 ldb_kv,
2043 tree,
2045 }
2051 {
2053 ldb_kv,
2054 tree,
2056 }
2058 /*
2059 return a list of matching objects using a one-level index
2060 */
2067 {
2075 /* work out the index key from the parent DN */
2080 __location__
2081 ": Failed to get casefold DN "
2083 dn_str);
2085 }
2091 }
2094 DN_LIST_WILL_BE_READ_ONLY);
2098 }
2102 }
2105 }
2107 /*
2108 return a list of matching objects using a one-level index
2109 */
2115 {
2116 /*
2117 * Ensure we do not shortcut on intersection for this list.
2118 * We must never be lazy and return an entry not in this
2119 * list. This allows the index for
2120 * SCOPE_ONELEVEL to be trusted.
2121 */
2126 }
2128 /*
2129 return a list of matching objects using the DN index
2130 */
2136 {
2142 }
2148 }
2153 }
2158 }
2164 }
2170 }
2174 }
2176 /*
2177 return a list of dn's that might match a indexed search or
2178 an error. return LDB_ERR_NO_SUCH_OBJECT for no matches, or LDB_SUCCESS for matches
2179 */
2184 {
2216 /* we can't index with fancy bitops yet */
2219 }
2222 }
2224 /*
2225 filter a candidate dn_list from an indexed search into a set of results
2226 extracting just the given attributes
2227 */
2233 {
2242 /*
2243 * We have to allocate the key list (rather than just walk the
2244 * caller supplied list) as the callback could change the list
2245 * (by modifying an indexed attribute hosted in the in-memory
2246 * index cache!)
2247 */
2251 }
2254 /*
2255 * We speculate that the keys will be GUID based and so
2256 * pre-fill in enough space for a GUID (avoiding a pile of
2257 * small allocations)
2258 */
2270 }
2274 }
2279 }
2280 }
2290 }
2293 /*
2294 * If we are in GUID index mode, then the dn_list is
2295 * sorted. If we got a duplicate, forget about it, as
2296 * otherwise we would send the same entry back more
2297 * than once.
2298 *
2299 * This is needed in the truncated DN case, or if a
2300 * duplicate was forced in via
2301 * LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
2302 */
2308 }
2313 }
2314 num_keys++;
2315 }
2318 /*
2319 * Now that the list is a safe copy, send the callbacks
2320 */
2328 }
2330 ret =
2332 ldb_kv,
2334 msg,
2335 LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC |
2336 /*
2337 * The entry point ldb_kv_search_indexed is
2338 * only called from the read-locked
2339 * ldb_kv_search.
2340 */
2341 LDB_UNPACK_DATA_FLAG_READ_LOCKED);
2343 /*
2344 * the record has disappeared? yes, this can
2345 * happen if the entry is deleted by something
2346 * operating in the callback (not another
2347 * process, as we have a read lock)
2348 */
2351 }
2354 /* an internal error */
2358 }
2360 /*
2361 * We trust the index for LDB_SCOPE_ONELEVEL
2362 * unless the index key has been truncated.
2363 *
2364 * LDB_SCOPE_BASE is not passed in by our only caller.
2365 */
2375 }
2381 }
2385 }
2392 }
2396 /* filter the attributes that the user wants */
2405 }
2409 /* Regardless of success or failure, the msg
2410 * is the callbacks responsiblity, and should
2411 * not be talloc_free()'ed */
2415 }
2418 }
2422 }
2424 /*
2425 sort a DN list
2426 */
2429 {
2432 }
2434 /* We know the list is sorted when using the GUID index */
2437 }
2440 ldb_val_equal_exact_for_qsort);
2441 }
2443 /*
2444 search the database with a LDAP-like expression using indexes
2445 returns -1 if an indexed search is not possible, in which
2446 case the caller should call ltdb_search_full()
2447 */
2449 {
2458 /* see if indexing is enabled */
2461 /* fallback to a full search */
2463 }
2468 }
2470 /*
2471 * For the purposes of selecting the switch arm below, if we
2472 * don't have a one-level index then treat it like a subtree
2473 * search
2474 */
2480 }
2484 /*
2485 * The only caller will have filtered the operation out
2486 * so we should never get here
2487 */
2492 /*
2493 * First, load all the one-level child objects (regardless of
2494 * whether they match the search filter or not). The database
2495 * maintains a one-level index, so retrieving this is quick.
2496 */
2498 ldb_kv,
2500 dn_list,
2505 }
2507 /*
2508 * If we have too many children, running ldb_kv_index_filter()
2509 * over all the child objects can be quite expensive. So next
2510 * we do a separate indexed query using the search filter.
2511 *
2512 * This should be quick, but it may return objects that are not
2513 * the direct one-level child objects we're interested in.
2514 *
2515 * We only do this in the GUID index mode, which is
2516 * O(n*log(m)) otherwise the intersection below will
2517 * be too costly at O(n*m).
2518 *
2519 * We don't set a heuristic for 'too many' but instead
2520 * do it always and rely on the index lookup being
2521 * fast enough in the small case.
2522 */
2529 }
2535 }
2537 /*
2538 * Try to do an indexed database search
2539 */
2542 indexed_search_result);
2544 /*
2545 * We can stop if we're sure the object doesn't exist
2546 */
2551 }
2553 /*
2554 * Once we have a successful search result, we
2555 * intersect it with the one-level children (dn_list).
2556 * This should give us exactly the result we're after
2557 * (we still need to run ldb_kv_index_filter() to
2558 * handle potential index truncation cases).
2559 *
2560 * The indexed search may fail because we don't support
2561 * indexing on that type of search operation, e.g.
2562 * matching against '*'. In which case we fall through
2563 * and run ldb_kv_index_filter() over all the one-level
2564 * children (which is still better than bailing out here
2565 * and falling back to a full DB scan).
2566 */
2569 dn_list,
2570 indexed_search_result)) {
2574 }
2575 }
2576 }
2584 }
2585 /*
2586 * Here we load the index for the tree. We have no
2587 * index for the subtree.
2588 */
2593 }
2595 }
2597 /*
2598 * It is critical that this function do the re-filter even
2599 * on things found by the index as the index can over-match
2600 * in cases of truncation (as well as when it decides it is
2601 * not worth further filtering)
2602 *
2603 * If this changes, then the index code above would need to
2604 * pass up a flag to say if any index was truncated during
2605 * processing as the truncation here refers only to the
2606 * SCOPE_ONELEVEL index.
2607 */
2612 }
2614 /**
2615 * @brief Add a DN in the index list of a given attribute name/value pair
2616 *
2617 * This function will add the DN in the index list for the index for
2618 * the given attribute name and value.
2619 *
2620 * @param[in] module A ldb_module structure
2621 *
2622 * @param[in] dn The string representation of the DN as it
2623 * will be stored in the index entry
2624 *
2625 * @param[in] el A ldb_message_element array, one of the entry
2626 * referred by the v_idx is the attribute name and
2627 * value pair which will be used to construct the
2628 * index name
2629 *
2630 * @param[in] v_idx The index of element in the el array to use
2631 *
2632 * @return An ldb error code
2633 */
2639 {
2654 }
2661 }
2662 /*
2663 * Samba only maintains unique indexes on the objectSID and objectGUID
2664 * so if a unique index key exceeds the maximum length there is a
2665 * problem.
2666 */
2672 ldb,
2673 __location__ ": unique index key on %s in %s, "
2680 }
2684 DN_LIST_MUTABLE);
2688 }
2690 /*
2691 * Check for duplicates in the @IDXDN DN -> GUID record
2692 *
2693 * This is very normal, it just means a duplicate DN creation
2694 * was attempted, so don't set the error string or print scary
2695 * messages.
2696 */
2707 /*
2708 * At least one existing entry in the DN->GUID index, which
2709 * arises when the DN indexes have been truncated
2710 *
2711 * So need to pull the DN's to check if it's really a duplicate
2712 */
2719 };
2724 }
2732 }
2734 ret =
2738 }
2740 /*
2741 * the record has disappeared?
2742 * yes, this can happen
2743 */
2746 }
2749 /* an internal error */
2753 }
2754 /*
2755 * The DN we are trying to add to the DB and index
2756 * is already here, so we must deny the addition
2757 */
2762 }
2763 }
2764 }
2766 /*
2767 * Check for duplicates in unique indexes
2768 *
2769 * We don't need to do a loop test like the @IDXDN case
2770 * above as we have a ban on long unique index values
2771 * at the start of this function.
2772 */
2777 /*
2778 * We do not want to print info about a possibly
2779 * confidential DN that the conflict was with in the
2780 * user-visible error string
2781 */
2785 __location__
2786 ": unique index violation on %s in %s, "
2794 /* This can't fail, gives a default at worst */
2803 LDB_DEBUG_WARNING,
2804 __location__
2805 ": unique index violation on %s in "
2814 }
2815 }
2817 __location__ ": unique index violation "
2823 }
2825 /* overallocate the list a bit, to reduce the number of
2826 * realloc trigered copies */
2832 }
2841 }
2851 }
2856 }
2862 /*
2863 * Give a warning rather than fail, this could be a
2864 * duplicate value in the record allowed by a caller
2865 * forcing in the value with
2866 * LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
2867 */
2869 /* This can't fail, gives a default at worst */
2878 LDB_DEBUG_WARNING,
2879 __location__
2880 ": duplicate attribute value in %s "
2881 "for index on %s, "
2890 }
2891 }
2898 }
2903 }
2904 }
2912 }
2914 /*
2915 add index entries for one elements in a message
2916 */
2921 {
2927 }
2928 }
2931 }
2933 /*
2934 add index entries for all elements in a message
2935 */
2939 {
2947 }
2952 }
2957 }
2960 /* no indexed fields */
2962 }
2967 }
2976 }
2977 }
2980 }
2983 /*
2984 insert a DN index for a message
2985 */
2992 {
3001 __location__ ": Failed to modify %s "
3002 "against %s in %s: failed "
3004 index,
3006 dn_str);
3008 }
3019 }
3025 __location__ ": Failed to modify %s "
3027 index,
3029 dn_str,
3032 }
3034 }
3036 /*
3037 insert a one level index for a message
3038 */
3042 {
3048 /* We index for ONE Level only if requested */
3051 }
3056 }
3057 ret =
3063 }
3065 /*
3066 insert a one level index for a message
3067 */
3071 {
3076 /* We index for DN only if using a GUID index */
3079 }
3089 }
3091 }
3093 /*
3094 add the index entries for a new element in a record
3095 The caller guarantees that these element values are not yet indexed
3096 */
3101 {
3104 }
3107 }
3109 }
3111 /*
3112 add the index entries for a new record
3113 */
3117 {
3122 }
3126 /*
3127 * Because we can't trust the caller to be doing
3128 * transactions properly, clean up any index for this
3129 * entry rather than relying on a transaction
3130 * cleanup
3131 */
3135 }
3139 /*
3140 * Because we can't trust the caller to be doing
3141 * transactions properly, clean up any index for this
3142 * entry rather than relying on a transaction
3143 * cleanup
3144 */
3147 }
3149 }
3152 /*
3153 delete an index entry for one message element
3154 */
3160 {
3175 }
3179 }
3183 /*
3184 * We ignore key truncation in ltdb_index_add1() so
3185 * match that by ignoring it here as well
3186 *
3187 * Multiple values are legitimate and accepted
3188 */
3191 }
3197 }
3200 DN_LIST_MUTABLE);
3202 /* it wasn't indexed. Did we have an earlier error? If we did then
3203 its gone now */
3206 }
3211 }
3213 /*
3214 * Find one of the values matching this message to remove
3215 */
3218 /* nothing to delete */
3221 }
3226 }
3233 }
3240 }
3242 /*
3243 delete the index entries for a element
3244 return -1 on failure
3245 */
3250 {
3256 /* no indexed fields */
3258 }
3263 }
3267 }
3271 }
3276 }
3277 }
3280 }
3282 /*
3283 delete the index entries for a record
3284 return -1 on failure
3285 */
3288 {
3296 }
3301 }
3306 }
3309 /* no indexed fields */
3311 }
3318 }
3319 }
3322 }
3325 /*
3326 traversal function that deletes all @INDEX records in the in-memory
3327 TDB.
3329 This does not touch the actual DB, that is done at transaction
3330 commit, which in turn greatly reduces DB churn as we will likely
3331 be able to do a direct update into the old record.
3332 */
3337 {
3347 }
3348 /* we need to put a empty list in the internal tdb for this
3349 * index entry */
3353 /* the offset of 3 is to remove the DN= prefix. */
3359 /*
3360 * This does not actually touch the DB quite yet, just
3361 * the in-memory index cache
3362 */
3370 }
3373 }
3375 /*
3376 traversal function that adds @INDEX records during a re index TODO wrong comment
3377 */
3382 {
3397 }
3402 }
3411 }
3415 "Refusing to re-index as GUID "
3421 }
3423 /* check if the DN key has changed, perhaps due to the case
3424 insensitivity of an element changing, or a change from DN
3425 to GUID keys */
3428 /* probably a corrupt record ... darn */
3433 }
3438 }
3448 }
3451 }
3453 /*
3454 traversal function that adds @INDEX records during a re index
3455 */
3460 {
3474 }
3479 }
3488 }
3492 "Refusing to re-index as GUID "
3498 }
3507 }
3515 }
3524 }
3527 }
3533 {
3546 }
3555 }
3564 }
3566 /*
3567 * Warn the user that we're repacking the first time we see a normal
3568 * record. This means we never warn if we're repacking a database with
3569 * only @ records. This is because during database initialisation,
3570 * we might repack as initial settings are written out, and we don't
3571 * want to spam the log.
3572 */
3578 }
3585 }
3588 }
3591 {
3602 /* Iterate all database records and repack them in the new format */
3608 }
3614 }
3617 }
3619 /*
3620 force a complete reindex of the database
3621 */
3623 {
3630 /*
3631 * Only triggered after a modification, but make clear we do
3632 * not re-index a read-only DB
3633 */
3636 }
3640 }
3642 /*
3643 * Ensure we read (and so remove) the entries from the real
3644 * DB, no values stored so far are any use as we want to do a
3645 * re-index
3646 */
3650 }
3652 /*
3653 * Calculate the size of the index cache that we'll need for
3654 * the re-index
3655 */
3659 }
3661 /*
3662 * Note that we don't start an index sub transaction for re-indexing
3663 */
3667 }
3669 /* first traverse the database deleting any @INDEX records by
3670 * putting NULL entries in the in-memory tdb
3671 */
3678 }
3689 }
3695 }
3700 /* now traverse adding any indexes for normal LDB records */
3707 }
3713 }
3717 LDB_DEBUG_WARNING,
3718 "Reindexing: re_index successful on %s, "
3721 }
3723 }
3725 /*
3726 * Copy the contents of the nested transaction index cache record to the
3727 * transaction index cache.
3728 *
3729 * During this 'commit' of the subtransaction to the main transaction
3730 * (cache), care must be taken to free any existing index at the top
3731 * level because otherwise we would leak memory.
3732 */
3735 TDB_DATA key,
3736 TDB_DATA data,
3738 {
3747 /*
3748 * This unwraps the pointer in the DB into a pointer in
3749 * memory, we are abusing TDB as a hash map, not a linearised
3750 * database store
3751 */
3756 }
3758 /*
3759 * Do we already have an entry in the primary transaction cache
3760 * If so free it's dn_list and replace it with the dn_list from
3761 * the secondary cache
3762 *
3763 * The TDB and so the fetched rec contains NO DATA, just a
3764 * pointer to data held in memory.
3765 */
3772 }
3773 /*
3774 * We had this key at the top level. However we made a copy
3775 * at the sub-transaction level so that we could possibly
3776 * roll back. We have to free the top level index memory
3777 * otherwise we would leak
3778 */
3781 }
3782 index_in_top_level->dn
3787 }
3793 }
3794 index_in_top_level->dn
3803 /*
3804 * This is not a store into the main DB, but into an in-memory
3805 * TDB, so we don't need a guard on ltdb->read_only
3806 */
3812 }
3814 }
3816 /*
3817 * Initialise the index cache for a sub transaction.
3818 */
3820 {
3824 }
3826 /*
3827 * We use a tiny hash size for the sub-database (11).
3828 *
3829 * The sub-transaction is only for one record at a time, we
3830 * would use a linked list but that would make the code even
3831 * more complex when manipulating the index, as it would have
3832 * to know if we were in a nested transaction (normal
3833 * operations) or the top one (a reindex).
3834 */
3839 }
3841 }
3843 /*
3844 * Clear the contents of the nested transaction index cache when the nested
3845 * transaction is cancelled.
3846 */
3848 {
3852 }
3854 }
3856 /*
3857 * Commit a nested transaction,
3858 * Copy the contents of the nested transaction index cache to the
3859 * transaction index cache.
3860 */
3862 {
3867 }
3870 }
3873 ldb_kv_sub_transaction_traverse,
3883 }
3885 ldb,
3886 __location__": Failed to update index records in "
3889 }
3892 }