search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
CVE-2019-3824 ldb: Add tests for ldb_wildcard_match
[Samba.git] / lib / ldb / ldb_tdb / ldb_tdb.c
blobafa0f9e47c3908b35b167aed052eceda6980b1e6
1 /*
2 ldb database library
3
4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
8
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
11 ** under the LGPL
12
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
17
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
22
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
25 */
26
27 /*
28 * Name: ldb_tdb
29 *
30 * Component: ldb tdb backend
31 *
32 * Description: core functions for tdb backend
33 *
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
36 *
37 * Modifications:
38 *
39 * - description: make the module use asynchronous calls
40 * date: Feb 2006
41 * Author: Simo Sorce
42 *
43 * - description: make it possible to use event contexts
44 * date: Jan 2008
45 * Author: Simo Sorce
46 *
47 * - description: fix up memory leaks and small bugs
48 * date: Oct 2009
49 * Author: Matthias Dieter Wallnöfer
50 */
51
52 #include "ldb_tdb.h"
53 #include "ldb_private.h"
54 #include <tdb.h>
55
56 /*
57 prevent memory errors on callbacks
58 */
59 struct ltdb_req_spy {
60 struct ltdb_context *ctx;
61 };
62
63 /*
64 map a tdb error code to a ldb error code
65 */
66 int ltdb_err_map(enum TDB_ERROR tdb_code)
67 {
68 switch (tdb_code) {
69 case TDB_SUCCESS:
70 return LDB_SUCCESS;
71 case TDB_ERR_CORRUPT:
72 case TDB_ERR_OOM:
73 case TDB_ERR_EINVAL:
74 return LDB_ERR_OPERATIONS_ERROR;
75 case TDB_ERR_IO:
76 return LDB_ERR_PROTOCOL_ERROR;
77 case TDB_ERR_LOCK:
78 case TDB_ERR_NOLOCK:
79 return LDB_ERR_BUSY;
80 case TDB_ERR_LOCK_TIMEOUT:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED;
82 case TDB_ERR_EXISTS:
83 return LDB_ERR_ENTRY_ALREADY_EXISTS;
84 case TDB_ERR_NOEXIST:
85 return LDB_ERR_NO_SUCH_OBJECT;
86 case TDB_ERR_RDONLY:
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
88 default:
89 break;
90 }
91 return LDB_ERR_OTHER;
92 }
93
94 /*
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
96 */
97 int ltdb_lock_read(struct ldb_module *module)
98 {
99 void *data = ldb_module_get_private(module);
100 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
101 int ret = 0;
102
103 if (ltdb->in_transaction == 0 &&
104 ltdb->read_lock_count == 0) {
105 ret = tdb_lockall_read(ltdb->tdb);
106 }
107 if (ret == 0) {
108 ltdb->read_lock_count++;
109 }
110 return ret;
111 }
112
113 /*
114 unlock the database after a ltdb_lock_read()
115 */
116 int ltdb_unlock_read(struct ldb_module *module)
117 {
118 void *data = ldb_module_get_private(module);
119 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
120 if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
121 tdb_unlockall_read(ltdb->tdb);
122 ltdb->read_lock_count--;
123 return 0;
124 }
125 ltdb->read_lock_count--;
126 return 0;
127 }
128
129
130 /*
131 * Determine if this key could hold a record. We allow the new GUID
132 * index, the old DN index and a possible future ID=
133 */
134 bool ltdb_key_is_record(TDB_DATA key)
135 {
136 if (key.dsize < 4) {
137 return false;
138 }
139
140 if (memcmp(key.dptr, "DN=", 3) == 0) {
141 return true;
142 }
143
144 if (memcmp(key.dptr, "ID=", 3) == 0) {
145 return true;
146 }
147
148 if (key.dsize < 6) {
149 return false;
150 }
151
152 if (memcmp(key.dptr, "GUID=", 5) == 0) {
153 return true;
154 }
155
156 return false;
157 }
158
159 /*
160 form a TDB_DATA for a record key
161 caller frees
162
163 note that the key for a record can depend on whether the
164 dn refers to a case sensitive index record or not
165 */
166 TDB_DATA ltdb_key(struct ldb_module *module, struct ldb_dn *dn)
167 {
168 struct ldb_context *ldb = ldb_module_get_ctx(module);
169 TDB_DATA key;
170 char *key_str = NULL;
171 const char *dn_folded = NULL;
172
173 /*
174 most DNs are case insensitive. The exception is index DNs for
175 case sensitive attributes
176
177 there are 3 cases dealt with in this code:
178
179 1) if the dn doesn't start with @ then uppercase the attribute
180 names and the attributes values of case insensitive attributes
181 2) if the dn starts with @ then leave it alone -
182 the indexing code handles the rest
183 */
184
185 dn_folded = ldb_dn_get_casefold(dn);
186 if (!dn_folded) {
187 goto failed;
188 }
189
190 key_str = talloc_strdup(ldb, "DN=");
191 if (!key_str) {
192 goto failed;
193 }
194
195 key_str = talloc_strdup_append_buffer(key_str, dn_folded);
196 if (!key_str) {
197 goto failed;
198 }
199
200 key.dptr = (uint8_t *)key_str;
201 key.dsize = strlen(key_str) + 1;
202
203 return key;
204
205 failed:
206 errno = ENOMEM;
207 key.dptr = NULL;
208 key.dsize = 0;
209 return key;
210 }
211
212 /*
213 check special dn's have valid attributes
214 currently only @ATTRIBUTES is checked
215 */
216 static int ltdb_check_special_dn(struct ldb_module *module,
217 const struct ldb_message *msg)
218 {
219 struct ldb_context *ldb = ldb_module_get_ctx(module);
220 unsigned int i, j;
221
222 if (! ldb_dn_is_special(msg->dn) ||
223 ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
224 return LDB_SUCCESS;
225 }
226
227 /* we have @ATTRIBUTES, let's check attributes are fine */
228 /* should we check that we deny multivalued attributes ? */
229 for (i = 0; i < msg->num_elements; i++) {
230 if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) continue;
231
232 for (j = 0; j < msg->elements[i].num_values; j++) {
233 if (ltdb_check_at_attributes_values(&msg->elements[i].values[j]) != 0) {
234 ldb_set_errstring(ldb, "Invalid attribute value in an @ATTRIBUTES entry");
235 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
236 }
237 }
238 }
239
240 return LDB_SUCCESS;
241 }
242
243
244 /*
245 we've made a modification to a dn - possibly reindex and
246 update sequence number
247 */
248 static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
249 {
250 int ret = LDB_SUCCESS;
251 struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
252
253 /* only allow modifies inside a transaction, otherwise the
254 * ldb is unsafe */
255 if (ltdb->in_transaction == 0) {
256 ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
257 return LDB_ERR_OPERATIONS_ERROR;
258 }
259
260 if (ldb_dn_is_special(dn) &&
261 (ldb_dn_check_special(dn, LTDB_INDEXLIST) ||
262 ldb_dn_check_special(dn, LTDB_ATTRIBUTES)) )
263 {
264 if (ltdb->warn_reindex) {
265 ldb_debug(ldb_module_get_ctx(module),
266 LDB_DEBUG_ERROR, "Reindexing %s due to modification on %s",
267 tdb_name(ltdb->tdb), ldb_dn_get_linearized(dn));
268 }
269 ret = ltdb_reindex(module);
270 }
271
272 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
273 if (ret == LDB_SUCCESS &&
274 !(ldb_dn_is_special(dn) &&
275 ldb_dn_check_special(dn, LTDB_BASEINFO)) ) {
276 ret = ltdb_increase_sequence_number(module);
277 }
278
279 /* If the modify was to @OPTIONS, reload the cache */
280 if (ret == LDB_SUCCESS &&
281 ldb_dn_is_special(dn) &&
282 (ldb_dn_check_special(dn, LTDB_OPTIONS)) ) {
283 ret = ltdb_cache_reload(module);
284 }
285
286 return ret;
287 }
288
289 /*
290 store a record into the db
291 */
292 int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
293 {
294 void *data = ldb_module_get_private(module);
295 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
296 TDB_DATA tdb_key, tdb_data;
297 struct ldb_val ldb_data;
298 int ret = LDB_SUCCESS;
299
300 tdb_key = ltdb_key(module, msg->dn);
301 if (tdb_key.dptr == NULL) {
302 return LDB_ERR_OTHER;
303 }
304
305 ret = ldb_pack_data(ldb_module_get_ctx(module),
306 msg, &ldb_data);
307 if (ret == -1) {
308 talloc_free(tdb_key.dptr);
309 return LDB_ERR_OTHER;
310 }
311
312 tdb_data.dptr = ldb_data.data;
313 tdb_data.dsize = ldb_data.length;
314
315 ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
316 if (ret != 0) {
317 ret = ltdb_err_map(tdb_error(ltdb->tdb));
318 goto done;
319 }
320
321 done:
322 talloc_free(tdb_key.dptr);
323 talloc_free(ldb_data.data);
324
325 return ret;
326 }
327
328
329 /*
330 check if a attribute is a single valued, for a given element
331 */
332 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute *a,
333 struct ldb_message_element *el)
334 {
335 if (!a) return false;
336 if (el != NULL) {
337 if (el->flags & LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK) {
338 /* override from a ldb module, for example
339 used for the description field, which is
340 marked multi-valued in the schema but which
341 should not actually accept multiple
342 values */
343 return true;
344 }
345 if (el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK) {
346 /* override from a ldb module, for example used for
347 deleted linked attribute entries */
348 return false;
349 }
350 }
351 if (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
352 return true;
353 }
354 return false;
355 }
356
357 static int ltdb_add_internal(struct ldb_module *module,
358 struct ltdb_private *ltdb,
359 const struct ldb_message *msg,
360 bool check_single_value)
361 {
362 struct ldb_context *ldb = ldb_module_get_ctx(module);
363 int ret = LDB_SUCCESS;
364 unsigned int i;
365
366 for (i=0;i<msg->num_elements;i++) {
367 struct ldb_message_element *el = &msg->elements[i];
368 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
369
370 if (el->num_values == 0) {
371 ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
372 el->name, ldb_dn_get_linearized(msg->dn));
373 return LDB_ERR_CONSTRAINT_VIOLATION;
374 }
375 if (check_single_value &&
376 el->num_values > 1 &&
377 ldb_tdb_single_valued(a, el)) {
378 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
379 el->name, ldb_dn_get_linearized(msg->dn));
380 return LDB_ERR_CONSTRAINT_VIOLATION;
381 }
382
383 /* Do not check "@ATTRIBUTES" for duplicated values */
384 if (ldb_dn_is_special(msg->dn) &&
385 ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
386 continue;
387 }
388
389 if (check_single_value &&
390 !(el->flags &
391 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
392 struct ldb_val *duplicate = NULL;
393
394 ret = ldb_msg_find_duplicate_val(ldb, discard_const(msg),
395 el, &duplicate, 0);
396 if (ret != LDB_SUCCESS) {
397 return ret;
398 }
399 if (duplicate != NULL) {
400 ldb_asprintf_errstring(
401 ldb,
402 "attribute '%s': value '%.*s' on '%s' "
403 "provided more than once in ADD object",
404 el->name,
405 (int)duplicate->length,
406 duplicate->data,
407 ldb_dn_get_linearized(msg->dn));
408 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
409 }
410 }
411 }
412
413 ret = ltdb_store(module, msg, TDB_INSERT);
414 if (ret != LDB_SUCCESS) {
415 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
416 ldb_asprintf_errstring(ldb,
417 "Entry %s already exists",
418 ldb_dn_get_linearized(msg->dn));
419 }
420 return ret;
421 }
422
423 ret = ltdb_index_add_new(module, ltdb, msg);
424 if (ret != LDB_SUCCESS) {
425 return ret;
426 }
427
428 ret = ltdb_modified(module, msg->dn);
429
430 return ret;
431 }
432
433 /*
434 add a record to the database
435 */
436 static int ltdb_add(struct ltdb_context *ctx)
437 {
438 struct ldb_module *module = ctx->module;
439 struct ldb_request *req = ctx->req;
440 void *data = ldb_module_get_private(module);
441 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
442 int ret = LDB_SUCCESS;
443
444 ret = ltdb_check_special_dn(module, req->op.add.message);
445 if (ret != LDB_SUCCESS) {
446 return ret;
447 }
448
449 ldb_request_set_state(req, LDB_ASYNC_PENDING);
450
451 if (ltdb_cache_load(module) != 0) {
452 return LDB_ERR_OPERATIONS_ERROR;
453 }
454
455 ret = ltdb_add_internal(module, ltdb,
456 req->op.add.message, true);
457
458 return ret;
459 }
460
461 /*
462 delete a record from the database, not updating indexes (used for deleting
463 index records)
464 */
465 int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
466 {
467 void *data = ldb_module_get_private(module);
468 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
469 TDB_DATA tdb_key;
470 int ret;
471
472 tdb_key = ltdb_key(module, dn);
473 if (!tdb_key.dptr) {
474 return LDB_ERR_OTHER;
475 }
476
477 ret = tdb_delete(ltdb->tdb, tdb_key);
478 talloc_free(tdb_key.dptr);
479
480 if (ret != 0) {
481 ret = ltdb_err_map(tdb_error(ltdb->tdb));
482 }
483
484 return ret;
485 }
486
487 static int ltdb_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
488 {
489 struct ldb_message *msg;
490 int ret = LDB_SUCCESS;
491
492 msg = ldb_msg_new(module);
493 if (msg == NULL) {
494 return LDB_ERR_OPERATIONS_ERROR;
495 }
496
497 /* in case any attribute of the message was indexed, we need
498 to fetch the old record */
499 ret = ltdb_search_dn1(module, dn, msg, LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
500 if (ret != LDB_SUCCESS) {
501 /* not finding the old record is an error */
502 goto done;
503 }
504
505 ret = ltdb_delete_noindex(module, dn);
506 if (ret != LDB_SUCCESS) {
507 goto done;
508 }
509
510 /* remove any indexed attributes */
511 ret = ltdb_index_delete(module, msg);
512 if (ret != LDB_SUCCESS) {
513 goto done;
514 }
515
516 ret = ltdb_modified(module, dn);
517 if (ret != LDB_SUCCESS) {
518 goto done;
519 }
520
521 done:
522 talloc_free(msg);
523 return ret;
524 }
525
526 /*
527 delete a record from the database
528 */
529 static int ltdb_delete(struct ltdb_context *ctx)
530 {
531 struct ldb_module *module = ctx->module;
532 struct ldb_request *req = ctx->req;
533 int ret = LDB_SUCCESS;
534
535 ldb_request_set_state(req, LDB_ASYNC_PENDING);
536
537 if (ltdb_cache_load(module) != 0) {
538 return LDB_ERR_OPERATIONS_ERROR;
539 }
540
541 ret = ltdb_delete_internal(module, req->op.del.dn);
542
543 return ret;
544 }
545
546 /*
547 find an element by attribute name. At the moment this does a linear search,
548 it should be re-coded to use a binary search once all places that modify
549 records guarantee sorted order
550
551 return the index of the first matching element if found, otherwise -1
552 */
553 static int find_element(const struct ldb_message *msg, const char *name)
554 {
555 unsigned int i;
556 for (i=0;i<msg->num_elements;i++) {
557 if (ldb_attr_cmp(msg->elements[i].name, name) == 0) {
558 return i;
559 }
560 }
561 return -1;
562 }
563
564
565 /*
566 add an element to an existing record. Assumes a elements array that we
567 can call re-alloc on, and assumed that we can re-use the data pointers from
568 the passed in additional values. Use with care!
569
570 returns 0 on success, -1 on failure (and sets errno)
571 */
572 static int ltdb_msg_add_element(struct ldb_message *msg,
573 struct ldb_message_element *el)
574 {
575 struct ldb_message_element *e2;
576 unsigned int i;
577
578 if (el->num_values == 0) {
579 /* nothing to do here - we don't add empty elements */
580 return 0;
581 }
582
583 e2 = talloc_realloc(msg, msg->elements, struct ldb_message_element,
584 msg->num_elements+1);
585 if (!e2) {
586 errno = ENOMEM;
587 return -1;
588 }
589
590 msg->elements = e2;
591
592 e2 = &msg->elements[msg->num_elements];
593
594 e2->name = el->name;
595 e2->flags = el->flags;
596 e2->values = talloc_array(msg->elements,
597 struct ldb_val, el->num_values);
598 if (!e2->values) {
599 errno = ENOMEM;
600 return -1;
601 }
602 for (i=0;i<el->num_values;i++) {
603 e2->values[i] = el->values[i];
604 }
605 e2->num_values = el->num_values;
606
607 ++msg->num_elements;
608
609 return 0;
610 }
611
612 /*
613 delete all elements having a specified attribute name
614 */
615 static int msg_delete_attribute(struct ldb_module *module,
616 struct ltdb_private *ltdb,
617 struct ldb_message *msg, const char *name)
618 {
619 unsigned int i;
620 int ret;
621 struct ldb_message_element *el;
622
623 el = ldb_msg_find_element(msg, name);
624 if (el == NULL) {
625 return LDB_ERR_NO_SUCH_ATTRIBUTE;
626 }
627 i = el - msg->elements;
628
629 ret = ltdb_index_del_element(module, ltdb, msg->dn, el);
630 if (ret != LDB_SUCCESS) {
631 return ret;
632 }
633
634 talloc_free(el->values);
635 if (msg->num_elements > (i+1)) {
636 memmove(el, el+1, sizeof(*el) * (msg->num_elements - (i+1)));
637 }
638 msg->num_elements--;
639 msg->elements = talloc_realloc(msg, msg->elements,
640 struct ldb_message_element,
641 msg->num_elements);
642 return LDB_SUCCESS;
643 }
644
645 /*
646 delete all elements matching an attribute name/value
647
648 return LDB Error on failure
649 */
650 static int msg_delete_element(struct ldb_module *module,
651 struct ltdb_private *ltdb,
652 struct ldb_message *msg,
653 const char *name,
654 const struct ldb_val *val)
655 {
656 struct ldb_context *ldb = ldb_module_get_ctx(module);
657 unsigned int i;
658 int found, ret;
659 struct ldb_message_element *el;
660 const struct ldb_schema_attribute *a;
661
662 found = find_element(msg, name);
663 if (found == -1) {
664 return LDB_ERR_NO_SUCH_ATTRIBUTE;
665 }
666
667 i = (unsigned int) found;
668 el = &(msg->elements[i]);
669
670 a = ldb_schema_attribute_by_name(ldb, el->name);
671
672 for (i=0;i<el->num_values;i++) {
673 bool matched;
674 if (a->syntax->operator_fn) {
675 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
676 &el->values[i], val, &matched);
677 if (ret != LDB_SUCCESS) return ret;
678 } else {
679 matched = (a->syntax->comparison_fn(ldb, ldb,
680 &el->values[i], val) == 0);
681 }
682 if (matched) {
683 if (el->num_values == 1) {
684 return msg_delete_attribute(module,
685 ltdb, msg, name);
686 }
687
688 ret = ltdb_index_del_value(module, ltdb, msg->dn, el, i);
689 if (ret != LDB_SUCCESS) {
690 return ret;
691 }
692
693 if (i<el->num_values-1) {
694 memmove(&el->values[i], &el->values[i+1],
695 sizeof(el->values[i])*
696 (el->num_values-(i+1)));
697 }
698 el->num_values--;
699
700 /* per definition we find in a canonicalised message an
701 attribute value only once. So we are finished here */
702 return LDB_SUCCESS;
703 }
704 }
705
706 /* Not found */
707 return LDB_ERR_NO_SUCH_ATTRIBUTE;
708 }
709
710
711 /*
712 modify a record - internal interface
713
714 yuck - this is O(n^2). Luckily n is usually small so we probably
715 get away with it, but if we ever have really large attribute lists
716 then we'll need to look at this again
717
718 'req' is optional, and is used to specify controls if supplied
719 */
720 int ltdb_modify_internal(struct ldb_module *module,
721 const struct ldb_message *msg,
722 struct ldb_request *req)
723 {
724 struct ldb_context *ldb = ldb_module_get_ctx(module);
725 void *data = ldb_module_get_private(module);
726 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
727 struct ldb_message *msg2;
728 unsigned int i, j;
729 int ret = LDB_SUCCESS, idx;
730 struct ldb_control *control_permissive = NULL;
731 TALLOC_CTX *mem_ctx = talloc_new(req);
732
733 if (mem_ctx == NULL) {
734 return ldb_module_oom(module);
735 }
736
737 if (req) {
738 control_permissive = ldb_request_get_control(req,
739 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
740 }
741
742 msg2 = ldb_msg_new(mem_ctx);
743 if (msg2 == NULL) {
744 ret = LDB_ERR_OTHER;
745 goto done;
746 }
747
748 ret = ltdb_search_dn1(module, msg->dn,
749 msg2,
750 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
751 if (ret != LDB_SUCCESS) {
752 goto done;
753 }
754
755 for (i=0; i<msg->num_elements; i++) {
756 struct ldb_message_element *el = &msg->elements[i], *el2;
757 struct ldb_val *vals;
758 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
759 const char *dn;
760 uint32_t options = 0;
761 if (control_permissive != NULL) {
762 options |= LDB_MSG_FIND_COMMON_REMOVE_DUPLICATES;
763 }
764
765 switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
766 case LDB_FLAG_MOD_ADD:
767
768 if (el->num_values == 0) {
769 ldb_asprintf_errstring(ldb,
770 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
771 el->name, ldb_dn_get_linearized(msg2->dn));
772 ret = LDB_ERR_CONSTRAINT_VIOLATION;
773 goto done;
774 }
775
776 /* make a copy of the array so that a permissive
777 * control can remove duplicates without changing the
778 * original values, but do not copy data as we do not
779 * need to keep it around once the operation is
780 * finished */
781 if (control_permissive) {
782 el = talloc(msg2, struct ldb_message_element);
783 if (!el) {
784 ret = LDB_ERR_OTHER;
785 goto done;
786 }
787 *el = msg->elements[i];
788 el->values = talloc_array(el, struct ldb_val, el->num_values);
789 if (el->values == NULL) {
790 ret = LDB_ERR_OTHER;
791 goto done;
792 }
793 for (j = 0; j < el->num_values; j++) {
794 el->values[j] = msg->elements[i].values[j];
795 }
796 }
797
798 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
799 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
800 el->name, ldb_dn_get_linearized(msg2->dn));
801 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
802 goto done;
803 }
804
805 /* Checks if element already exists */
806 idx = find_element(msg2, el->name);
807 if (idx == -1) {
808 if (ltdb_msg_add_element(msg2, el) != 0) {
809 ret = LDB_ERR_OTHER;
810 goto done;
811 }
812 ret = ltdb_index_add_element(module, ltdb,
813 msg2->dn,
814 el);
815 if (ret != LDB_SUCCESS) {
816 goto done;
817 }
818 } else {
819 j = (unsigned int) idx;
820 el2 = &(msg2->elements[j]);
821
822 /* We cannot add another value on a existing one
823 if the attribute is single-valued */
824 if (ldb_tdb_single_valued(a, el)) {
825 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
826 el->name, ldb_dn_get_linearized(msg2->dn));
827 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
828 goto done;
829 }
830
831 /* Check that values don't exist yet on multi-
832 valued attributes or aren't provided twice */
833 if (!(el->flags &
834 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
835 struct ldb_val *duplicate = NULL;
836 ret = ldb_msg_find_common_values(ldb,
837 msg2,
838 el,
839 el2,
840 options);
841
842 if (ret ==
843 LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
844 ldb_asprintf_errstring(ldb,
845 "attribute '%s': value "
846 "#%u on '%s' already "
847 "exists", el->name, j,
848 ldb_dn_get_linearized(msg2->dn));
849 goto done;
850 } else if (ret != LDB_SUCCESS) {
851 goto done;
852 }
853
854 ret = ldb_msg_find_duplicate_val(
855 ldb, msg2, el, &duplicate, 0);
856 if (ret != LDB_SUCCESS) {
857 goto done;
858 }
859 if (duplicate != NULL) {
860 ldb_asprintf_errstring(
861 ldb,
862 "attribute '%s': value "
863 "'%.*s' on '%s' "
864 "provided more than "
865 "once in ADD",
866 el->name,
867 (int)duplicate->length,
868 duplicate->data,
869 ldb_dn_get_linearized(msg->dn));
870 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
871 goto done;
872 }
873 }
874
875 /* Now combine existing and new values to a new
876 attribute record */
877 vals = talloc_realloc(msg2->elements,
878 el2->values, struct ldb_val,
879 el2->num_values + el->num_values);
880 if (vals == NULL) {
881 ldb_oom(ldb);
882 ret = LDB_ERR_OTHER;
883 goto done;
884 }
885
886 for (j=0; j<el->num_values; j++) {
887 vals[el2->num_values + j] =
888 ldb_val_dup(vals, &el->values[j]);
889 }
890
891 el2->values = vals;
892 el2->num_values += el->num_values;
893
894 ret = ltdb_index_add_element(module, ltdb,
895 msg2->dn, el);
896 if (ret != LDB_SUCCESS) {
897 goto done;
898 }
899 }
900
901 break;
902
903 case LDB_FLAG_MOD_REPLACE:
904
905 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
906 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
907 el->name, ldb_dn_get_linearized(msg2->dn));
908 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
909 goto done;
910 }
911
912 /*
913 * We don't need to check this if we have been
914 * pre-screened by the repl_meta_data module
915 * in Samba, or someone else who can claim to
916 * know what they are doing.
917 */
918 if (!(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
919 struct ldb_val *duplicate = NULL;
920
921 ret = ldb_msg_find_duplicate_val(ldb, msg2, el,
922 &duplicate, 0);
923 if (ret != LDB_SUCCESS) {
924 goto done;
925 }
926 if (duplicate != NULL) {
927 ldb_asprintf_errstring(
928 ldb,
929 "attribute '%s': value '%.*s' "
930 "on '%s' provided more than "
931 "once in REPLACE",
932 el->name,
933 (int)duplicate->length,
934 duplicate->data,
935 ldb_dn_get_linearized(msg2->dn));
936 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
937 goto done;
938 }
939 }
940
941 /* Checks if element already exists */
942 idx = find_element(msg2, el->name);
943 if (idx != -1) {
944 j = (unsigned int) idx;
945 el2 = &(msg2->elements[j]);
946
947 /* we consider two elements to be
948 * equal only if the order
949 * matches. This allows dbcheck to
950 * fix the ordering on attributes
951 * where order matters, such as
952 * objectClass
953 */
954 if (ldb_msg_element_equal_ordered(el, el2)) {
955 continue;
956 }
957
958 /* Delete the attribute if it exists in the DB */
959 if (msg_delete_attribute(module, ltdb,
960 msg2,
961 el->name) != 0) {
962 ret = LDB_ERR_OTHER;
963 goto done;
964 }
965 }
966
967 /* Recreate it with the new values */
968 if (ltdb_msg_add_element(msg2, el) != 0) {
969 ret = LDB_ERR_OTHER;
970 goto done;
971 }
972
973 ret = ltdb_index_add_element(module, ltdb,
974 msg2->dn, el);
975 if (ret != LDB_SUCCESS) {
976 goto done;
977 }
978
979 break;
980
981 case LDB_FLAG_MOD_DELETE:
982 dn = ldb_dn_get_linearized(msg2->dn);
983 if (dn == NULL) {
984 ret = LDB_ERR_OTHER;
985 goto done;
986 }
987
988 if (msg->elements[i].num_values == 0) {
989 /* Delete the whole attribute */
990 ret = msg_delete_attribute(module,
991 ltdb,
992 msg2,
993 msg->elements[i].name);
994 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
995 control_permissive) {
996 ret = LDB_SUCCESS;
997 } else {
998 ldb_asprintf_errstring(ldb,
999 "attribute '%s': no such attribute for delete on '%s'",
1000 msg->elements[i].name, dn);
1001 }
1002 if (ret != LDB_SUCCESS) {
1003 goto done;
1004 }
1005 } else {
1006 /* Delete specified values from an attribute */
1007 for (j=0; j < msg->elements[i].num_values; j++) {
1008 ret = msg_delete_element(module,
1009 ltdb,
1010 msg2,
1011 msg->elements[i].name,
1012 &msg->elements[i].values[j]);
1013 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
1014 control_permissive) {
1015 ret = LDB_SUCCESS;
1016 } else if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
1017 ldb_asprintf_errstring(ldb,
1018 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
1019 msg->elements[i].name, dn);
1020 }
1021 if (ret != LDB_SUCCESS) {
1022 goto done;
1023 }
1024 }
1025 }
1026 break;
1027 default:
1028 ldb_asprintf_errstring(ldb,
1029 "attribute '%s': invalid modify flags on '%s': 0x%x",
1030 msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
1031 msg->elements[i].flags & LDB_FLAG_MOD_MASK);
1032 ret = LDB_ERR_PROTOCOL_ERROR;
1033 goto done;
1034 }
1035 }
1036
1037 ret = ltdb_store(module, msg2, TDB_MODIFY);
1038 if (ret != LDB_SUCCESS) {
1039 goto done;
1040 }
1041
1042 ret = ltdb_modified(module, msg2->dn);
1043 if (ret != LDB_SUCCESS) {
1044 goto done;
1045 }
1046
1047 done:
1048 TALLOC_FREE(mem_ctx);
1049 return ret;
1050 }
1051
1052 /*
1053 modify a record
1054 */
1055 static int ltdb_modify(struct ltdb_context *ctx)
1056 {
1057 struct ldb_module *module = ctx->module;
1058 struct ldb_request *req = ctx->req;
1059 int ret = LDB_SUCCESS;
1060
1061 ret = ltdb_check_special_dn(module, req->op.mod.message);
1062 if (ret != LDB_SUCCESS) {
1063 return ret;
1064 }
1065
1066 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1067
1068 if (ltdb_cache_load(module) != 0) {
1069 return LDB_ERR_OPERATIONS_ERROR;
1070 }
1071
1072 ret = ltdb_modify_internal(module, req->op.mod.message, req);
1073
1074 return ret;
1075 }
1076
1077 /*
1078 rename a record
1079 */
1080 static int ltdb_rename(struct ltdb_context *ctx)
1081 {
1082 struct ldb_module *module = ctx->module;
1083 void *data = ldb_module_get_private(module);
1084 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1085 struct ldb_request *req = ctx->req;
1086 struct ldb_message *msg;
1087 int ret = LDB_SUCCESS;
1088 TDB_DATA tdb_key, tdb_key_old;
1089
1090 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1091
1092 if (ltdb_cache_load(ctx->module) != 0) {
1093 return LDB_ERR_OPERATIONS_ERROR;
1094 }
1095
1096 msg = ldb_msg_new(ctx);
1097 if (msg == NULL) {
1098 return LDB_ERR_OPERATIONS_ERROR;
1099 }
1100
1101 /* we need to fetch the old record to re-add under the new name */
1102 ret = ltdb_search_dn1(module, req->op.rename.olddn, msg,
1103 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
1104 if (ret != LDB_SUCCESS) {
1105 /* not finding the old record is an error */
1106 return ret;
1107 }
1108
1109 /* We need to, before changing the DB, check if the new DN
1110 * exists, so we can return this error to the caller with an
1111 * unmodified DB */
1112 tdb_key = ltdb_key(module, req->op.rename.newdn);
1113 if (!tdb_key.dptr) {
1114 talloc_free(msg);
1115 return LDB_ERR_OPERATIONS_ERROR;
1116 }
1117
1118 tdb_key_old = ltdb_key(module, req->op.rename.olddn);
1119 if (!tdb_key_old.dptr) {
1120 talloc_free(msg);
1121 talloc_free(tdb_key.dptr);
1122 return LDB_ERR_OPERATIONS_ERROR;
1123 }
1124
1125 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1126 if (tdb_key_old.dsize != tdb_key.dsize || memcmp(tdb_key.dptr, tdb_key_old.dptr, tdb_key.dsize) != 0) {
1127 if (tdb_exists(ltdb->tdb, tdb_key)) {
1128 talloc_free(tdb_key_old.dptr);
1129 talloc_free(tdb_key.dptr);
1130 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1131 "Entry %s already exists",
1132 ldb_dn_get_linearized(req->op.rename.newdn));
1133 /* finding the new record already in the DB is an error */
1134 talloc_free(msg);
1135 return LDB_ERR_ENTRY_ALREADY_EXISTS;
1136 }
1137 }
1138 talloc_free(tdb_key_old.dptr);
1139 talloc_free(tdb_key.dptr);
1140
1141 /* Always delete first then add, to avoid conflicts with
1142 * unique indexes. We rely on the transaction to make this
1143 * atomic
1144 */
1145 ret = ltdb_delete_internal(module, msg->dn);
1146 if (ret != LDB_SUCCESS) {
1147 talloc_free(msg);
1148 return ret;
1149 }
1150
1151 msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
1152 if (msg->dn == NULL) {
1153 talloc_free(msg);
1154 return LDB_ERR_OPERATIONS_ERROR;
1155 }
1156
1157 /* We don't check single value as we can have more than 1 with
1158 * deleted attributes. We could go through all elements but that's
1159 * maybe not the most efficient way
1160 */
1161 ret = ltdb_add_internal(module, ltdb, msg, false);
1162
1163 talloc_free(msg);
1164
1165 return ret;
1166 }
1167
1168 static int ltdb_start_trans(struct ldb_module *module)
1169 {
1170 void *data = ldb_module_get_private(module);
1171 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1172
1173 if (tdb_transaction_start(ltdb->tdb) != 0) {
1174 return ltdb_err_map(tdb_error(ltdb->tdb));
1175 }
1176
1177 ltdb->in_transaction++;
1178
1179 ltdb_index_transaction_start(module);
1180
1181 return LDB_SUCCESS;
1182 }
1183
1184 static int ltdb_prepare_commit(struct ldb_module *module)
1185 {
1186 int ret;
1187 void *data = ldb_module_get_private(module);
1188 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1189
1190 if (ltdb->in_transaction != 1) {
1191 return LDB_SUCCESS;
1192 }
1193
1194 ret = ltdb_index_transaction_commit(module);
1195 if (ret != LDB_SUCCESS) {
1196 tdb_transaction_cancel(ltdb->tdb);
1197 ltdb->in_transaction--;
1198 return ret;
1199 }
1200
1201 if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
1202 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1203 ltdb->in_transaction--;
1204 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1205 "Failure during tdb_transaction_prepare_commit(): %s -> %s",
1206 tdb_errorstr(ltdb->tdb),
1207 ldb_strerror(ret));
1208 return ret;
1209 }
1210
1211 ltdb->prepared_commit = true;
1212
1213 return LDB_SUCCESS;
1214 }
1215
1216 static int ltdb_end_trans(struct ldb_module *module)
1217 {
1218 int ret;
1219 void *data = ldb_module_get_private(module);
1220 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1221
1222 if (!ltdb->prepared_commit) {
1223 ret = ltdb_prepare_commit(module);
1224 if (ret != LDB_SUCCESS) {
1225 return ret;
1226 }
1227 }
1228
1229 ltdb->in_transaction--;
1230 ltdb->prepared_commit = false;
1231
1232 if (tdb_transaction_commit(ltdb->tdb) != 0) {
1233 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1234 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1235 "Failure during tdb_transaction_commit(): %s -> %s",
1236 tdb_errorstr(ltdb->tdb),
1237 ldb_strerror(ret));
1238 return ret;
1239 }
1240
1241 return LDB_SUCCESS;
1242 }
1243
1244 static int ltdb_del_trans(struct ldb_module *module)
1245 {
1246 void *data = ldb_module_get_private(module);
1247 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1248
1249 ltdb->in_transaction--;
1250
1251 if (ltdb_index_transaction_cancel(module) != 0) {
1252 tdb_transaction_cancel(ltdb->tdb);
1253 return ltdb_err_map(tdb_error(ltdb->tdb));
1254 }
1255
1256 tdb_transaction_cancel(ltdb->tdb);
1257 return LDB_SUCCESS;
1258 }
1259
1260 /*
1261 return sequenceNumber from @BASEINFO
1262 */
1263 static int ltdb_sequence_number(struct ltdb_context *ctx,
1264 struct ldb_extended **ext)
1265 {
1266 struct ldb_context *ldb;
1267 struct ldb_module *module = ctx->module;
1268 struct ldb_request *req = ctx->req;
1269 TALLOC_CTX *tmp_ctx = NULL;
1270 struct ldb_seqnum_request *seq;
1271 struct ldb_seqnum_result *res;
1272 struct ldb_message *msg = NULL;
1273 struct ldb_dn *dn;
1274 const char *date;
1275 int ret = LDB_SUCCESS;
1276
1277 ldb = ldb_module_get_ctx(module);
1278
1279 seq = talloc_get_type(req->op.extended.data,
1280 struct ldb_seqnum_request);
1281 if (seq == NULL) {
1282 return LDB_ERR_OPERATIONS_ERROR;
1283 }
1284
1285 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1286
1287 if (ltdb_lock_read(module) != 0) {
1288 return LDB_ERR_OPERATIONS_ERROR;
1289 }
1290
1291 res = talloc_zero(req, struct ldb_seqnum_result);
1292 if (res == NULL) {
1293 ret = LDB_ERR_OPERATIONS_ERROR;
1294 goto done;
1295 }
1296
1297 tmp_ctx = talloc_new(req);
1298 if (tmp_ctx == NULL) {
1299 ret = LDB_ERR_OPERATIONS_ERROR;
1300 goto done;
1301 }
1302
1303 dn = ldb_dn_new(tmp_ctx, ldb, LTDB_BASEINFO);
1304 if (dn == NULL) {
1305 ret = LDB_ERR_OPERATIONS_ERROR;
1306 goto done;
1307 }
1308
1309 msg = ldb_msg_new(tmp_ctx);
1310 if (msg == NULL) {
1311 ret = LDB_ERR_OPERATIONS_ERROR;
1312 goto done;
1313 }
1314
1315 ret = ltdb_search_dn1(module, dn, msg, 0);
1316 if (ret != LDB_SUCCESS) {
1317 goto done;
1318 }
1319
1320 switch (seq->type) {
1321 case LDB_SEQ_HIGHEST_SEQ:
1322 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1323 break;
1324 case LDB_SEQ_NEXT:
1325 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1326 res->seq_num++;
1327 break;
1328 case LDB_SEQ_HIGHEST_TIMESTAMP:
1329 date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL);
1330 if (date) {
1331 res->seq_num = ldb_string_to_time(date);
1332 } else {
1333 res->seq_num = 0;
1334 /* zero is as good as anything when we don't know */
1335 }
1336 break;
1337 }
1338
1339 *ext = talloc_zero(req, struct ldb_extended);
1340 if (*ext == NULL) {
1341 ret = LDB_ERR_OPERATIONS_ERROR;
1342 goto done;
1343 }
1344 (*ext)->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
1345 (*ext)->data = talloc_steal(*ext, res);
1346
1347 done:
1348 talloc_free(tmp_ctx);
1349 ltdb_unlock_read(module);
1350 return ret;
1351 }
1352
1353 static void ltdb_request_done(struct ltdb_context *ctx, int error)
1354 {
1355 struct ldb_context *ldb;
1356 struct ldb_request *req;
1357 struct ldb_reply *ares;
1358
1359 ldb = ldb_module_get_ctx(ctx->module);
1360 req = ctx->req;
1361
1362 /* if we already returned an error just return */
1363 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1364 return;
1365 }
1366
1367 ares = talloc_zero(req, struct ldb_reply);
1368 if (!ares) {
1369 ldb_oom(ldb);
1370 req->callback(req, NULL);
1371 return;
1372 }
1373 ares->type = LDB_REPLY_DONE;
1374 ares->error = error;
1375
1376 req->callback(req, ares);
1377 }
1378
1379 static void ltdb_timeout(struct tevent_context *ev,
1380 struct tevent_timer *te,
1381 struct timeval t,
1382 void *private_data)
1383 {
1384 struct ltdb_context *ctx;
1385 ctx = talloc_get_type(private_data, struct ltdb_context);
1386
1387 if (!ctx->request_terminated) {
1388 /* request is done now */
1389 ltdb_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED);
1390 }
1391
1392 if (ctx->spy) {
1393 /* neutralize the spy */
1394 ctx->spy->ctx = NULL;
1395 ctx->spy = NULL;
1396 }
1397 talloc_free(ctx);
1398 }
1399
1400 static void ltdb_request_extended_done(struct ltdb_context *ctx,
1401 struct ldb_extended *ext,
1402 int error)
1403 {
1404 struct ldb_context *ldb;
1405 struct ldb_request *req;
1406 struct ldb_reply *ares;
1407
1408 ldb = ldb_module_get_ctx(ctx->module);
1409 req = ctx->req;
1410
1411 /* if we already returned an error just return */
1412 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1413 return;
1414 }
1415
1416 ares = talloc_zero(req, struct ldb_reply);
1417 if (!ares) {
1418 ldb_oom(ldb);
1419 req->callback(req, NULL);
1420 return;
1421 }
1422 ares->type = LDB_REPLY_DONE;
1423 ares->response = ext;
1424 ares->error = error;
1425
1426 req->callback(req, ares);
1427 }
1428
1429 static void ltdb_handle_extended(struct ltdb_context *ctx)
1430 {
1431 struct ldb_extended *ext = NULL;
1432 int ret;
1433
1434 if (strcmp(ctx->req->op.extended.oid,
1435 LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
1436 /* get sequence number */
1437 ret = ltdb_sequence_number(ctx, &ext);
1438 } else {
1439 /* not recognized */
1440 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1441 }
1442
1443 ltdb_request_extended_done(ctx, ext, ret);
1444 }
1445
1446 static void ltdb_callback(struct tevent_context *ev,
1447 struct tevent_timer *te,
1448 struct timeval t,
1449 void *private_data)
1450 {
1451 struct ltdb_context *ctx;
1452 int ret;
1453
1454 ctx = talloc_get_type(private_data, struct ltdb_context);
1455
1456 if (ctx->request_terminated) {
1457 goto done;
1458 }
1459
1460 switch (ctx->req->operation) {
1461 case LDB_SEARCH:
1462 ret = ltdb_search(ctx);
1463 break;
1464 case LDB_ADD:
1465 ret = ltdb_add(ctx);
1466 break;
1467 case LDB_MODIFY:
1468 ret = ltdb_modify(ctx);
1469 break;
1470 case LDB_DELETE:
1471 ret = ltdb_delete(ctx);
1472 break;
1473 case LDB_RENAME:
1474 ret = ltdb_rename(ctx);
1475 break;
1476 case LDB_EXTENDED:
1477 ltdb_handle_extended(ctx);
1478 goto done;
1479 default:
1480 /* no other op supported */
1481 ret = LDB_ERR_PROTOCOL_ERROR;
1482 }
1483
1484 if (!ctx->request_terminated) {
1485 /* request is done now */
1486 ltdb_request_done(ctx, ret);
1487 }
1488
1489 done:
1490 if (ctx->spy) {
1491 /* neutralize the spy */
1492 ctx->spy->ctx = NULL;
1493 ctx->spy = NULL;
1494 }
1495 talloc_free(ctx);
1496 }
1497
1498 static int ltdb_request_destructor(void *ptr)
1499 {
1500 struct ltdb_req_spy *spy = talloc_get_type(ptr, struct ltdb_req_spy);
1501
1502 if (spy->ctx != NULL) {
1503 spy->ctx->spy = NULL;
1504 spy->ctx->request_terminated = true;
1505 spy->ctx = NULL;
1506 }
1507
1508 return 0;
1509 }
1510
1511 static int ltdb_handle_request(struct ldb_module *module,
1512 struct ldb_request *req)
1513 {
1514 struct ldb_control *control_permissive;
1515 struct ldb_context *ldb;
1516 struct tevent_context *ev;
1517 struct ltdb_context *ac;
1518 struct tevent_timer *te;
1519 struct timeval tv;
1520 unsigned int i;
1521
1522 ldb = ldb_module_get_ctx(module);
1523
1524 control_permissive = ldb_request_get_control(req,
1525 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1526
1527 for (i = 0; req->controls && req->controls[i]; i++) {
1528 if (req->controls[i]->critical &&
1529 req->controls[i] != control_permissive) {
1530 ldb_asprintf_errstring(ldb, "Unsupported critical extension %s",
1531 req->controls[i]->oid);
1532 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1533 }
1534 }
1535
1536 if (req->starttime == 0 || req->timeout == 0) {
1537 ldb_set_errstring(ldb, "Invalid timeout settings");
1538 return LDB_ERR_TIME_LIMIT_EXCEEDED;
1539 }
1540
1541 ev = ldb_handle_get_event_context(req->handle);
1542
1543 ac = talloc_zero(ldb, struct ltdb_context);
1544 if (ac == NULL) {
1545 ldb_oom(ldb);
1546 return LDB_ERR_OPERATIONS_ERROR;
1547 }
1548
1549 ac->module = module;
1550 ac->req = req;
1551
1552 tv.tv_sec = 0;
1553 tv.tv_usec = 0;
1554 te = tevent_add_timer(ev, ac, tv, ltdb_callback, ac);
1555 if (NULL == te) {
1556 talloc_free(ac);
1557 return LDB_ERR_OPERATIONS_ERROR;
1558 }
1559
1560 if (req->timeout > 0) {
1561 tv.tv_sec = req->starttime + req->timeout;
1562 tv.tv_usec = 0;
1563 ac->timeout_event = tevent_add_timer(ev, ac, tv,
1564 ltdb_timeout, ac);
1565 if (NULL == ac->timeout_event) {
1566 talloc_free(ac);
1567 return LDB_ERR_OPERATIONS_ERROR;
1568 }
1569 }
1570
1571 /* set a spy so that we do not try to use the request context
1572 * if it is freed before ltdb_callback fires */
1573 ac->spy = talloc(req, struct ltdb_req_spy);
1574 if (NULL == ac->spy) {
1575 talloc_free(ac);
1576 return LDB_ERR_OPERATIONS_ERROR;
1577 }
1578 ac->spy->ctx = ac;
1579
1580 talloc_set_destructor((TALLOC_CTX *)ac->spy, ltdb_request_destructor);
1581
1582 return LDB_SUCCESS;
1583 }
1584
1585 static int ltdb_init_rootdse(struct ldb_module *module)
1586 {
1587 /* ignore errors on this - we expect it for non-sam databases */
1588 ldb_mod_register_control(module, LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1589
1590 /* there can be no module beyond the backend, just return */
1591 return LDB_SUCCESS;
1592 }
1593
1594 static const struct ldb_module_ops ltdb_ops = {
1595 .name = "tdb",
1596 .init_context = ltdb_init_rootdse,
1597 .search = ltdb_handle_request,
1598 .add = ltdb_handle_request,
1599 .modify = ltdb_handle_request,
1600 .del = ltdb_handle_request,
1601 .rename = ltdb_handle_request,
1602 .extended = ltdb_handle_request,
1603 .start_transaction = ltdb_start_trans,
1604 .end_transaction = ltdb_end_trans,
1605 .prepare_commit = ltdb_prepare_commit,
1606 .del_transaction = ltdb_del_trans,
1607 .read_lock = ltdb_lock_read,
1608 .read_unlock = ltdb_unlock_read,
1609 };
1610
1611 /*
1612 connect to the database
1613 */
1614 static int ltdb_connect(struct ldb_context *ldb, const char *url,
1615 unsigned int flags, const char *options[],
1616 struct ldb_module **_module)
1617 {
1618 struct ldb_module *module;
1619 const char *path;
1620 int tdb_flags, open_flags;
1621 struct ltdb_private *ltdb;
1622
1623 /*
1624 * We hold locks, so we must use a private event context
1625 * on each returned handle
1626 */
1627
1628 ldb_set_require_private_event_context(ldb);
1629
1630 /* parse the url */
1631 if (strchr(url, ':')) {
1632 if (strncmp(url, "tdb://", 6) != 0) {
1633 ldb_debug(ldb, LDB_DEBUG_ERROR,
1634 "Invalid tdb URL '%s'", url);
1635 return LDB_ERR_OPERATIONS_ERROR;
1636 }
1637 path = url+6;
1638 } else {
1639 path = url;
1640 }
1641
1642 tdb_flags = TDB_DEFAULT | TDB_SEQNUM;
1643
1644 /* check for the 'nosync' option */
1645 if (flags & LDB_FLG_NOSYNC) {
1646 tdb_flags |= TDB_NOSYNC;
1647 }
1648
1649 /* and nommap option */
1650 if (flags & LDB_FLG_NOMMAP) {
1651 tdb_flags |= TDB_NOMMAP;
1652 }
1653
1654 if (flags & LDB_FLG_RDONLY) {
1655 open_flags = O_RDONLY;
1656 } else if (flags & LDB_FLG_DONT_CREATE_DB) {
1657 open_flags = O_RDWR;
1658 } else {
1659 open_flags = O_CREAT | O_RDWR;
1660 }
1661
1662 ltdb = talloc_zero(ldb, struct ltdb_private);
1663 if (!ltdb) {
1664 ldb_oom(ldb);
1665 return LDB_ERR_OPERATIONS_ERROR;
1666 }
1667
1668 /* note that we use quite a large default hash size */
1669 ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
1670 tdb_flags, open_flags,
1671 ldb_get_create_perms(ldb), ldb);
1672 if (!ltdb->tdb) {
1673 ldb_asprintf_errstring(ldb,
1674 "Unable to open tdb '%s': %s", path, strerror(errno));
1675 ldb_debug(ldb, LDB_DEBUG_ERROR,
1676 "Unable to open tdb '%s': %s", path, strerror(errno));
1677 talloc_free(ltdb);
1678 if (errno == EACCES || errno == EPERM) {
1679 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
1680 }
1681 return LDB_ERR_OPERATIONS_ERROR;
1682 }
1683
1684 if (getenv("LDB_WARN_UNINDEXED")) {
1685 ltdb->warn_unindexed = true;
1686 }
1687
1688 if (getenv("LDB_WARN_REINDEX")) {
1689 ltdb->warn_reindex = true;
1690 }
1691
1692 ltdb->sequence_number = 0;
1693
1694 module = ldb_module_new(ldb, ldb, "ldb_tdb backend", &ltdb_ops);
1695 if (!module) {
1696 ldb_oom(ldb);
1697 talloc_free(ltdb);
1698 return LDB_ERR_OPERATIONS_ERROR;
1699 }
1700 ldb_module_set_private(module, ltdb);
1701 talloc_steal(module, ltdb);
1702
1703 if (ltdb_cache_load(module) != 0) {
1704 ldb_asprintf_errstring(ldb,
1705 "Unable to load ltdb cache records of tdb '%s'", path);
1706 talloc_free(module);
1707 return LDB_ERR_OPERATIONS_ERROR;
1708 }
1709
1710 *_module = module;
1711 return LDB_SUCCESS;
1712 }
1713
1714 int ldb_tdb_init(const char *version)
1715 {
1716 LDB_MODULE_CHECK_VERSION(version);
1717 return ldb_register_backend("tdb", ltdb_connect, false);
1718 }
Samba GIT mirror