2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2004-2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 the stupidity of the unix fcntl locking design forces us to never
24 allow a database file to be opened twice in the same process. These
25 wrappers provide convenient access to a tdb or ldb, taking advantage
26 of talloc destructors to ensure that only a single open is done
30 #include "lib/events/events.h"
32 #include <ldb_errors.h>
33 #include "lib/ldb-samba/ldif_handlers.h"
35 #include "dsdb/samdb/samdb.h"
36 #include "dsdb/common/util.h"
37 #include "param/param.h"
38 #include "../lib/util/dlinklist.h"
39 #include "lib/util/util_paths.h"
44 #define DBGC_CLASS DBGC_LDB
47 this is used to catch debug messages from ldb
49 static void ldb_wrap_debug(void *context
, enum ldb_debug_level level
,
50 const char *fmt
, va_list ap
) PRINTF_ATTRIBUTE(3,0);
52 static void ldb_wrap_debug(void *context
, enum ldb_debug_level level
,
53 const char *fmt
, va_list ap
)
58 samba_level
= DBGLVL_ERR
;
61 samba_level
= DBGLVL_WARNING
;
63 case LDB_DEBUG_WARNING
:
64 samba_level
= DBGLVL_NOTICE
;
67 samba_level
= DBGLVL_DEBUG
+ 1;
71 if (CHECK_DEBUGLVL(samba_level
)) {
75 ret
= vasprintf(&s
, fmt
, ap
);
79 DEBUG(samba_level
, ("ldb: %s\n", s
));
86 connecting to a ldb can be a relatively expensive operation because
87 of the schema and partition loads. We keep a list of open ldb
88 contexts here, and try to re-use when possible.
90 This means callers of ldb_wrap_connect() must use talloc_unlink() or
91 the free of a parent to destroy the context
93 static struct ldb_wrap
{
94 struct ldb_wrap
*next
, *prev
;
95 struct ldb_wrap_context
{
96 /* the context is what we use to tell if two ldb
97 * connections are exactly equivalent
99 pid_t pid
; /* We want to re-open in a new PID due to
100 * the LMDB backend */
102 struct tevent_context
*ev
;
103 struct loadparm_context
*lp_ctx
;
104 struct auth_session_info
*session_info
;
105 struct cli_credentials
*credentials
;
108 struct ldb_context
*ldb
;
112 free a ldb_wrap structure
114 static int ldb_wrap_destructor(struct ldb_wrap
*w
)
116 DLIST_REMOVE(ldb_wrap_list
, w
);
121 * The casefolder for s4's LDB databases - Unicode-safe
123 char *wrap_casefold(void *context
, void *mem_ctx
, const char *s
, size_t n
)
125 return strupper_talloc_n(mem_ctx
, s
, n
);
129 struct ldb_context
*samba_ldb_init(TALLOC_CTX
*mem_ctx
,
130 struct tevent_context
*ev
,
131 struct loadparm_context
*lp_ctx
,
132 struct auth_session_info
*session_info
,
133 struct cli_credentials
*credentials
)
135 struct ldb_context
*ldb
;
138 ldb
= ldb_init(mem_ctx
, ev
);
143 ldb_set_modules_dir(ldb
, modules_path(ldb
, "ldb"));
145 ldb_set_debug(ldb
, ldb_wrap_debug
, NULL
);
147 ldb_set_utf8_fns(ldb
, NULL
, wrap_casefold
);
150 if (ldb_set_opaque(ldb
, DSDB_SESSION_INFO
, session_info
)) {
157 if (ldb_set_opaque(ldb
, "credentials", credentials
)) {
163 if (ldb_set_opaque(ldb
, "loadparm", lp_ctx
)) {
168 /* This must be done before we load the schema, as these
169 * handlers for objectSid and objectGUID etc must take
170 * precedence over the 'binary attribute' declaration in the
172 ret
= ldb_register_samba_handlers(ldb
);
173 if (ret
!= LDB_SUCCESS
) {
178 /* we usually want Samba databases to be private. If we later
179 find we need one public, we will need to add a parameter to
180 ldb_wrap_connect() */
181 ldb_set_create_perms(ldb
, 0600);
186 struct ldb_context
*ldb_wrap_find(const char *url
,
187 struct tevent_context
*ev
,
188 struct loadparm_context
*lp_ctx
,
189 struct auth_session_info
*session_info
,
190 struct cli_credentials
*credentials
,
193 pid_t pid
= getpid();
195 /* see if we can re-use an existing ldb */
196 for (w
=ldb_wrap_list
; w
; w
=w
->next
) {
197 if (w
->context
.pid
== pid
&&
198 w
->context
.ev
== ev
&&
199 w
->context
.lp_ctx
== lp_ctx
&&
200 w
->context
.session_info
== session_info
&&
201 w
->context
.credentials
== credentials
&&
202 w
->context
.flags
== flags
&&
203 (w
->context
.url
== url
|| strcmp(w
->context
.url
, url
) == 0))
210 int samba_ldb_connect(struct ldb_context
*ldb
, struct loadparm_context
*lp_ctx
,
211 const char *url
, unsigned int flags
)
214 char *real_url
= NULL
;
216 /* allow admins to force non-sync ldb for all databases */
217 if (lpcfg_parm_bool(lp_ctx
, NULL
, "ldb", "nosync", false)) {
218 flags
|= LDB_FLG_NOSYNC
;
222 flags
|= LDB_FLG_ENABLE_TRACING
;
225 real_url
= lpcfg_private_path(ldb
, lp_ctx
, url
);
226 if (real_url
== NULL
) {
227 return LDB_ERR_OPERATIONS_ERROR
;
230 ret
= ldb_connect(ldb
, real_url
, flags
, NULL
);
232 if (ret
!= LDB_SUCCESS
) {
236 /* setup for leak detection */
237 ldb_set_opaque(ldb
, "wrap_url", real_url
);
242 bool ldb_wrap_add(const char *url
, struct tevent_context
*ev
,
243 struct loadparm_context
*lp_ctx
,
244 struct auth_session_info
*session_info
,
245 struct cli_credentials
*credentials
,
247 struct ldb_context
*ldb
)
250 struct ldb_wrap_context c
;
252 /* add to the list of open ldb contexts */
253 w
= talloc(ldb
, struct ldb_wrap
);
262 c
.session_info
= session_info
;
263 c
.credentials
= credentials
;
267 w
->context
.url
= talloc_strdup(w
, url
);
268 if (w
->context
.url
== NULL
) {
273 /* take a reference to the session_info, as it is
274 * possible for the ldb to live longer than the
275 * session_info. This happens when a DRS DsBind call
276 * reuses a handle, but the original connection is
277 * shutdown. The token for the new connection is still
278 * valid, so we need the session_info to remain valid for
281 if (talloc_reference(w
, session_info
) == NULL
) {
288 DLIST_ADD(ldb_wrap_list
, w
);
290 talloc_set_destructor(w
, ldb_wrap_destructor
);
297 wrapped connection to a ldb database
298 to close just talloc_free() the returned ldb_context
300 TODO: We need an error_string parameter
302 struct ldb_context
*ldb_wrap_connect(TALLOC_CTX
*mem_ctx
,
303 struct tevent_context
*ev
,
304 struct loadparm_context
*lp_ctx
,
306 struct auth_session_info
*session_info
,
307 struct cli_credentials
*credentials
,
310 struct ldb_context
*ldb
;
314 * Unlike samdb_connect_url() do not try and cache the LDB
315 * handle, get a new one each time. Only sam.ldb is
316 * punitively expensive to open and helpful caches like this
317 * cause challenges (such as if the value for 'private dir'
321 ldb
= samba_ldb_init(mem_ctx
, ev
, lp_ctx
, session_info
, credentials
);
326 ret
= samba_ldb_connect(ldb
, lp_ctx
, url
, flags
);
327 if (ret
!= LDB_SUCCESS
) {
332 DEBUG(3,("ldb_wrap open of %s\n", url
));
338 call tdb_reopen_all() in case there is a TDB open so we are
339 not blocked from re-opening it inside ldb_tdb.
341 void ldb_wrap_fork_hook(void)
343 if (tdb_reopen_all(1) != 0) {
344 smb_panic("tdb_reopen_all failed\n");
348 char *ldb_relative_path(struct ldb_context
*ldb
,
352 const char *base_url
=
353 (const char *)ldb_get_opaque(ldb
, "ldb_url");
354 char *path
, *p
, *full_name
;
358 if (strncmp("tdb://", base_url
, 6) == 0) {
359 base_url
= base_url
+6;
360 } else if (strncmp("mdb://", base_url
, 6) == 0) {
361 base_url
= base_url
+6;
362 } else if (strncmp("ldb://", base_url
, 6) == 0) {
363 base_url
= base_url
+6;
365 path
= talloc_strdup(mem_ctx
, base_url
);
369 if ( (p
= strrchr(path
, '/')) != NULL
) {
371 full_name
= talloc_asprintf(mem_ctx
, "%s/%s", path
, name
);
373 full_name
= talloc_asprintf(mem_ctx
, "./%s", name
);