4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include "ldb_private.h"
57 prevent memory errors on callbacks
60 struct ltdb_context
*ctx
;
64 map a tdb error code to a ldb error code
66 int ltdb_err_map(enum TDB_ERROR tdb_code
)
74 return LDB_ERR_OPERATIONS_ERROR
;
76 return LDB_ERR_PROTOCOL_ERROR
;
80 case TDB_ERR_LOCK_TIMEOUT
:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED
;
83 return LDB_ERR_ENTRY_ALREADY_EXISTS
;
85 return LDB_ERR_NO_SUCH_OBJECT
;
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS
;
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
97 int ltdb_lock_read(struct ldb_module
*module
)
99 void *data
= ldb_module_get_private(module
);
100 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
103 if (ltdb
->in_transaction
== 0 &&
104 ltdb
->read_lock_count
== 0) {
105 ret
= tdb_lockall_read(ltdb
->tdb
);
108 ltdb
->read_lock_count
++;
114 unlock the database after a ltdb_lock_read()
116 int ltdb_unlock_read(struct ldb_module
*module
)
118 void *data
= ldb_module_get_private(module
);
119 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
120 if (ltdb
->in_transaction
== 0 && ltdb
->read_lock_count
== 1) {
121 tdb_unlockall_read(ltdb
->tdb
);
124 ltdb
->read_lock_count
--;
130 form a TDB_DATA for a record key
133 note that the key for a record can depend on whether the
134 dn refers to a case sensitive index record or not
136 TDB_DATA
ltdb_key(struct ldb_module
*module
, struct ldb_dn
*dn
)
138 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
140 char *key_str
= NULL
;
141 const char *dn_folded
= NULL
;
144 most DNs are case insensitive. The exception is index DNs for
145 case sensitive attributes
147 there are 3 cases dealt with in this code:
149 1) if the dn doesn't start with @ then uppercase the attribute
150 names and the attributes values of case insensitive attributes
151 2) if the dn starts with @ then leave it alone -
152 the indexing code handles the rest
155 dn_folded
= ldb_dn_get_casefold(dn
);
160 key_str
= talloc_strdup(ldb
, "DN=");
165 key_str
= talloc_strdup_append_buffer(key_str
, dn_folded
);
170 key
.dptr
= (uint8_t *)key_str
;
171 key
.dsize
= strlen(key_str
) + 1;
183 check special dn's have valid attributes
184 currently only @ATTRIBUTES is checked
186 static int ltdb_check_special_dn(struct ldb_module
*module
,
187 const struct ldb_message
*msg
)
189 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
192 if (! ldb_dn_is_special(msg
->dn
) ||
193 ! ldb_dn_check_special(msg
->dn
, LTDB_ATTRIBUTES
)) {
197 /* we have @ATTRIBUTES, let's check attributes are fine */
198 /* should we check that we deny multivalued attributes ? */
199 for (i
= 0; i
< msg
->num_elements
; i
++) {
200 if (ldb_attr_cmp(msg
->elements
[i
].name
, "distinguishedName") == 0) continue;
202 for (j
= 0; j
< msg
->elements
[i
].num_values
; j
++) {
203 if (ltdb_check_at_attributes_values(&msg
->elements
[i
].values
[j
]) != 0) {
204 ldb_set_errstring(ldb
, "Invalid attribute value in an @ATTRIBUTES entry");
205 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX
;
215 we've made a modification to a dn - possibly reindex and
216 update sequence number
218 static int ltdb_modified(struct ldb_module
*module
, struct ldb_dn
*dn
)
220 int ret
= LDB_SUCCESS
;
221 struct ltdb_private
*ltdb
= talloc_get_type(ldb_module_get_private(module
), struct ltdb_private
);
223 /* only allow modifies inside a transaction, otherwise the
225 if (ltdb
->in_transaction
== 0) {
226 ldb_set_errstring(ldb_module_get_ctx(module
), "ltdb modify without transaction");
227 return LDB_ERR_OPERATIONS_ERROR
;
230 if (ldb_dn_is_special(dn
) &&
231 (ldb_dn_check_special(dn
, LTDB_INDEXLIST
) ||
232 ldb_dn_check_special(dn
, LTDB_ATTRIBUTES
)) ) {
233 ret
= ltdb_reindex(module
);
236 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
237 if (ret
== LDB_SUCCESS
&&
238 !(ldb_dn_is_special(dn
) &&
239 ldb_dn_check_special(dn
, LTDB_BASEINFO
)) ) {
240 ret
= ltdb_increase_sequence_number(module
);
243 /* If the modify was to @OPTIONS, reload the cache */
244 if (ret
== LDB_SUCCESS
&&
245 ldb_dn_is_special(dn
) &&
246 (ldb_dn_check_special(dn
, LTDB_OPTIONS
)) ) {
247 ret
= ltdb_cache_reload(module
);
254 store a record into the db
256 int ltdb_store(struct ldb_module
*module
, const struct ldb_message
*msg
, int flgs
)
258 void *data
= ldb_module_get_private(module
);
259 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
260 TDB_DATA tdb_key
, tdb_data
;
261 int ret
= LDB_SUCCESS
;
263 tdb_key
= ltdb_key(module
, msg
->dn
);
264 if (tdb_key
.dptr
== NULL
) {
265 return LDB_ERR_OTHER
;
268 ret
= ldb_pack_data(ldb_module_get_ctx(module
),
269 msg
, (struct ldb_val
*)&tdb_data
);
271 talloc_free(tdb_key
.dptr
);
272 return LDB_ERR_OTHER
;
275 ret
= tdb_store(ltdb
->tdb
, tdb_key
, tdb_data
, flgs
);
277 ret
= ltdb_err_map(tdb_error(ltdb
->tdb
));
282 talloc_free(tdb_key
.dptr
);
283 talloc_free(tdb_data
.dptr
);
290 check if a attribute is a single valued, for a given element
292 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute
*a
,
293 struct ldb_message_element
*el
)
295 if (!a
) return false;
297 if (el
->flags
& LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK
) {
298 /* override from a ldb module, for example
299 used for the description field, which is
300 marked multi-valued in the schema but which
301 should not actually accept multiple
305 if (el
->flags
& LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
) {
306 /* override from a ldb module, for example used for
307 deleted linked attribute entries */
311 if (a
->flags
& LDB_ATTR_FLAG_SINGLE_VALUE
) {
317 static int ltdb_add_internal(struct ldb_module
*module
,
318 const struct ldb_message
*msg
,
319 bool check_single_value
)
321 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
322 int ret
= LDB_SUCCESS
;
325 for (i
=0;i
<msg
->num_elements
;i
++) {
326 struct ldb_message_element
*el
= &msg
->elements
[i
];
327 const struct ldb_schema_attribute
*a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
329 if (el
->num_values
== 0) {
330 ldb_asprintf_errstring(ldb
, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
331 el
->name
, ldb_dn_get_linearized(msg
->dn
));
332 return LDB_ERR_CONSTRAINT_VIOLATION
;
334 if (check_single_value
&&
335 el
->num_values
> 1 &&
336 ldb_tdb_single_valued(a
, el
)) {
337 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
338 el
->name
, ldb_dn_get_linearized(msg
->dn
));
339 return LDB_ERR_CONSTRAINT_VIOLATION
;
342 /* Do not check "@ATTRIBUTES" for duplicated values */
343 if (ldb_dn_is_special(msg
->dn
) &&
344 ldb_dn_check_special(msg
->dn
, LTDB_ATTRIBUTES
)) {
348 /* TODO: This is O(n^2) - replace with more efficient check */
349 for (j
=0; j
<el
->num_values
; j
++) {
350 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
351 ldb_asprintf_errstring(ldb
,
352 "attribute '%s': value #%u on '%s' provided more than once",
353 el
->name
, j
, ldb_dn_get_linearized(msg
->dn
));
354 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
359 ret
= ltdb_store(module
, msg
, TDB_INSERT
);
360 if (ret
!= LDB_SUCCESS
) {
361 if (ret
== LDB_ERR_ENTRY_ALREADY_EXISTS
) {
362 ldb_asprintf_errstring(ldb
,
363 "Entry %s already exists",
364 ldb_dn_get_linearized(msg
->dn
));
369 ret
= ltdb_index_add_new(module
, msg
);
370 if (ret
!= LDB_SUCCESS
) {
374 ret
= ltdb_modified(module
, msg
->dn
);
380 add a record to the database
382 static int ltdb_add(struct ltdb_context
*ctx
)
384 struct ldb_module
*module
= ctx
->module
;
385 struct ldb_request
*req
= ctx
->req
;
386 int ret
= LDB_SUCCESS
;
388 ret
= ltdb_check_special_dn(module
, req
->op
.add
.message
);
389 if (ret
!= LDB_SUCCESS
) {
393 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
395 if (ltdb_cache_load(module
) != 0) {
396 return LDB_ERR_OPERATIONS_ERROR
;
399 ret
= ltdb_add_internal(module
, req
->op
.add
.message
, true);
405 delete a record from the database, not updating indexes (used for deleting
408 int ltdb_delete_noindex(struct ldb_module
*module
, struct ldb_dn
*dn
)
410 void *data
= ldb_module_get_private(module
);
411 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
415 tdb_key
= ltdb_key(module
, dn
);
417 return LDB_ERR_OTHER
;
420 ret
= tdb_delete(ltdb
->tdb
, tdb_key
);
421 talloc_free(tdb_key
.dptr
);
424 ret
= ltdb_err_map(tdb_error(ltdb
->tdb
));
430 static int ltdb_delete_internal(struct ldb_module
*module
, struct ldb_dn
*dn
)
432 struct ldb_message
*msg
;
433 int ret
= LDB_SUCCESS
;
435 msg
= ldb_msg_new(module
);
437 return LDB_ERR_OPERATIONS_ERROR
;
440 /* in case any attribute of the message was indexed, we need
441 to fetch the old record */
442 ret
= ltdb_search_dn1(module
, dn
, msg
);
443 if (ret
!= LDB_SUCCESS
) {
444 /* not finding the old record is an error */
448 ret
= ltdb_delete_noindex(module
, dn
);
449 if (ret
!= LDB_SUCCESS
) {
453 /* remove any indexed attributes */
454 ret
= ltdb_index_delete(module
, msg
);
455 if (ret
!= LDB_SUCCESS
) {
459 ret
= ltdb_modified(module
, dn
);
460 if (ret
!= LDB_SUCCESS
) {
470 delete a record from the database
472 static int ltdb_delete(struct ltdb_context
*ctx
)
474 struct ldb_module
*module
= ctx
->module
;
475 struct ldb_request
*req
= ctx
->req
;
476 int ret
= LDB_SUCCESS
;
478 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
480 if (ltdb_cache_load(module
) != 0) {
481 return LDB_ERR_OPERATIONS_ERROR
;
484 ret
= ltdb_delete_internal(module
, req
->op
.del
.dn
);
490 find an element by attribute name. At the moment this does a linear search,
491 it should be re-coded to use a binary search once all places that modify
492 records guarantee sorted order
494 return the index of the first matching element if found, otherwise -1
496 static int find_element(const struct ldb_message
*msg
, const char *name
)
499 for (i
=0;i
<msg
->num_elements
;i
++) {
500 if (ldb_attr_cmp(msg
->elements
[i
].name
, name
) == 0) {
509 add an element to an existing record. Assumes a elements array that we
510 can call re-alloc on, and assumed that we can re-use the data pointers from
511 the passed in additional values. Use with care!
513 returns 0 on success, -1 on failure (and sets errno)
515 static int ltdb_msg_add_element(struct ldb_context
*ldb
,
516 struct ldb_message
*msg
,
517 struct ldb_message_element
*el
)
519 struct ldb_message_element
*e2
;
522 if (el
->num_values
== 0) {
523 /* nothing to do here - we don't add empty elements */
527 e2
= talloc_realloc(msg
, msg
->elements
, struct ldb_message_element
,
528 msg
->num_elements
+1);
536 e2
= &msg
->elements
[msg
->num_elements
];
539 e2
->flags
= el
->flags
;
540 e2
->values
= talloc_array(msg
->elements
,
541 struct ldb_val
, el
->num_values
);
546 for (i
=0;i
<el
->num_values
;i
++) {
547 e2
->values
[i
] = el
->values
[i
];
549 e2
->num_values
= el
->num_values
;
557 delete all elements having a specified attribute name
559 static int msg_delete_attribute(struct ldb_module
*module
,
560 struct ldb_context
*ldb
,
561 struct ldb_message
*msg
, const char *name
)
565 struct ldb_message_element
*el
;
567 el
= ldb_msg_find_element(msg
, name
);
569 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
571 i
= el
- msg
->elements
;
573 ret
= ltdb_index_del_element(module
, msg
->dn
, el
);
574 if (ret
!= LDB_SUCCESS
) {
578 talloc_free(el
->values
);
579 if (msg
->num_elements
> (i
+1)) {
580 memmove(el
, el
+1, sizeof(*el
) * (msg
->num_elements
- (i
+1)));
583 msg
->elements
= talloc_realloc(msg
, msg
->elements
,
584 struct ldb_message_element
,
590 delete all elements matching an attribute name/value
592 return LDB Error on failure
594 static int msg_delete_element(struct ldb_module
*module
,
595 struct ldb_message
*msg
,
597 const struct ldb_val
*val
)
599 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
602 struct ldb_message_element
*el
;
603 const struct ldb_schema_attribute
*a
;
605 found
= find_element(msg
, name
);
607 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
610 i
= (unsigned int) found
;
611 el
= &(msg
->elements
[i
]);
613 a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
615 for (i
=0;i
<el
->num_values
;i
++) {
617 if (a
->syntax
->operator_fn
) {
618 ret
= a
->syntax
->operator_fn(ldb
, LDB_OP_EQUALITY
, a
,
619 &el
->values
[i
], val
, &matched
);
620 if (ret
!= LDB_SUCCESS
) return ret
;
622 matched
= (a
->syntax
->comparison_fn(ldb
, ldb
,
623 &el
->values
[i
], val
) == 0);
626 if (el
->num_values
== 1) {
627 return msg_delete_attribute(module
, ldb
, msg
, name
);
630 ret
= ltdb_index_del_value(module
, msg
->dn
, el
, i
);
631 if (ret
!= LDB_SUCCESS
) {
635 if (i
<el
->num_values
-1) {
636 memmove(&el
->values
[i
], &el
->values
[i
+1],
637 sizeof(el
->values
[i
])*
638 (el
->num_values
-(i
+1)));
642 /* per definition we find in a canonicalised message an
643 attribute value only once. So we are finished here */
649 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
654 modify a record - internal interface
656 yuck - this is O(n^2). Luckily n is usually small so we probably
657 get away with it, but if we ever have really large attribute lists
658 then we'll need to look at this again
660 'req' is optional, and is used to specify controls if supplied
662 int ltdb_modify_internal(struct ldb_module
*module
,
663 const struct ldb_message
*msg
,
664 struct ldb_request
*req
)
666 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
667 void *data
= ldb_module_get_private(module
);
668 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
669 TDB_DATA tdb_key
, tdb_data
;
670 struct ldb_message
*msg2
;
671 unsigned int i
, j
, k
;
672 int ret
= LDB_SUCCESS
, idx
;
673 struct ldb_control
*control_permissive
= NULL
;
676 control_permissive
= ldb_request_get_control(req
,
677 LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
680 tdb_key
= ltdb_key(module
, msg
->dn
);
682 return LDB_ERR_OTHER
;
685 tdb_data
= tdb_fetch(ltdb
->tdb
, tdb_key
);
686 if (!tdb_data
.dptr
) {
687 talloc_free(tdb_key
.dptr
);
688 return ltdb_err_map(tdb_error(ltdb
->tdb
));
691 msg2
= ldb_msg_new(tdb_key
.dptr
);
698 ret
= ldb_unpack_data(ldb_module_get_ctx(module
), (struct ldb_val
*)&tdb_data
, msg2
);
709 for (i
=0; i
<msg
->num_elements
; i
++) {
710 struct ldb_message_element
*el
= &msg
->elements
[i
], *el2
;
711 struct ldb_val
*vals
;
712 const struct ldb_schema_attribute
*a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
715 switch (msg
->elements
[i
].flags
& LDB_FLAG_MOD_MASK
) {
716 case LDB_FLAG_MOD_ADD
:
718 if (el
->num_values
== 0) {
719 ldb_asprintf_errstring(ldb
,
720 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
721 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
722 ret
= LDB_ERR_CONSTRAINT_VIOLATION
;
726 /* make a copy of the array so that a permissive
727 * control can remove duplicates without changing the
728 * original values, but do not copy data as we do not
729 * need to keep it around once the operation is
731 if (control_permissive
) {
732 el
= talloc(msg2
, struct ldb_message_element
);
737 *el
= msg
->elements
[i
];
738 el
->values
= talloc_array(el
, struct ldb_val
, el
->num_values
);
739 if (el
->values
== NULL
) {
743 for (j
= 0; j
< el
->num_values
; j
++) {
744 el
->values
[j
] = msg
->elements
[i
].values
[j
];
748 if (el
->num_values
> 1 && ldb_tdb_single_valued(a
, el
)) {
749 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
750 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
751 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
755 /* Checks if element already exists */
756 idx
= find_element(msg2
, el
->name
);
758 if (ltdb_msg_add_element(ldb
, msg2
, el
) != 0) {
762 ret
= ltdb_index_add_element(module
, msg2
->dn
,
764 if (ret
!= LDB_SUCCESS
) {
768 j
= (unsigned int) idx
;
769 el2
= &(msg2
->elements
[j
]);
771 /* We cannot add another value on a existing one
772 if the attribute is single-valued */
773 if (ldb_tdb_single_valued(a
, el
)) {
774 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
775 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
776 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
780 /* Check that values don't exist yet on multi-
781 valued attributes or aren't provided twice */
782 /* TODO: This is O(n^2) - replace with more efficient check */
783 for (j
= 0; j
< el
->num_values
; j
++) {
784 if (ldb_msg_find_val(el2
, &el
->values
[j
]) != NULL
) {
785 if (control_permissive
) {
786 /* remove this one as if it was never added */
788 for (k
= j
; k
< el
->num_values
; k
++) {
789 el
->values
[k
] = el
->values
[k
+ 1];
796 ldb_asprintf_errstring(ldb
,
797 "attribute '%s': value #%u on '%s' already exists",
798 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
799 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
802 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
803 ldb_asprintf_errstring(ldb
,
804 "attribute '%s': value #%u on '%s' provided more than once",
805 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
806 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
811 /* Now combine existing and new values to a new
813 vals
= talloc_realloc(msg2
->elements
,
814 el2
->values
, struct ldb_val
,
815 el2
->num_values
+ el
->num_values
);
822 for (j
=0; j
<el
->num_values
; j
++) {
823 vals
[el2
->num_values
+ j
] =
824 ldb_val_dup(vals
, &el
->values
[j
]);
828 el2
->num_values
+= el
->num_values
;
830 ret
= ltdb_index_add_element(module
, msg2
->dn
, el
);
831 if (ret
!= LDB_SUCCESS
) {
838 case LDB_FLAG_MOD_REPLACE
:
840 if (el
->num_values
> 1 && ldb_tdb_single_valued(a
, el
)) {
841 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
842 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
843 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
847 /* TODO: This is O(n^2) - replace with more efficient check */
848 for (j
=0; j
<el
->num_values
; j
++) {
849 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
850 ldb_asprintf_errstring(ldb
,
851 "attribute '%s': value #%u on '%s' provided more than once",
852 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
853 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
858 /* Checks if element already exists */
859 idx
= find_element(msg2
, el
->name
);
861 j
= (unsigned int) idx
;
862 el2
= &(msg2
->elements
[j
]);
864 /* we consider two elements to be
865 * equal only if the order
866 * matches. This allows dbcheck to
867 * fix the ordering on attributes
868 * where order matters, such as
871 if (ldb_msg_element_equal_ordered(el
, el2
)) {
875 /* Delete the attribute if it exists in the DB */
876 if (msg_delete_attribute(module
, ldb
, msg2
,
883 /* Recreate it with the new values */
884 if (ltdb_msg_add_element(ldb
, msg2
, el
) != 0) {
889 ret
= ltdb_index_add_element(module
, msg2
->dn
, el
);
890 if (ret
!= LDB_SUCCESS
) {
896 case LDB_FLAG_MOD_DELETE
:
897 dn
= ldb_dn_get_linearized(msg2
->dn
);
903 if (msg
->elements
[i
].num_values
== 0) {
904 /* Delete the whole attribute */
905 ret
= msg_delete_attribute(module
, ldb
, msg2
,
906 msg
->elements
[i
].name
);
907 if (ret
== LDB_ERR_NO_SUCH_ATTRIBUTE
&&
908 control_permissive
) {
911 ldb_asprintf_errstring(ldb
,
912 "attribute '%s': no such attribute for delete on '%s'",
913 msg
->elements
[i
].name
, dn
);
915 if (ret
!= LDB_SUCCESS
) {
919 /* Delete specified values from an attribute */
920 for (j
=0; j
< msg
->elements
[i
].num_values
; j
++) {
921 ret
= msg_delete_element(module
,
923 msg
->elements
[i
].name
,
924 &msg
->elements
[i
].values
[j
]);
925 if (ret
== LDB_ERR_NO_SUCH_ATTRIBUTE
&&
926 control_permissive
) {
929 ldb_asprintf_errstring(ldb
,
930 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
931 msg
->elements
[i
].name
, dn
);
933 if (ret
!= LDB_SUCCESS
) {
940 ldb_asprintf_errstring(ldb
,
941 "attribute '%s': invalid modify flags on '%s': 0x%x",
942 msg
->elements
[i
].name
, ldb_dn_get_linearized(msg
->dn
),
943 msg
->elements
[i
].flags
& LDB_FLAG_MOD_MASK
);
944 ret
= LDB_ERR_PROTOCOL_ERROR
;
949 ret
= ltdb_store(module
, msg2
, TDB_MODIFY
);
950 if (ret
!= LDB_SUCCESS
) {
954 ret
= ltdb_modified(module
, msg2
->dn
);
955 if (ret
!= LDB_SUCCESS
) {
960 talloc_free(tdb_key
.dptr
);
967 static int ltdb_modify(struct ltdb_context
*ctx
)
969 struct ldb_module
*module
= ctx
->module
;
970 struct ldb_request
*req
= ctx
->req
;
971 int ret
= LDB_SUCCESS
;
973 ret
= ltdb_check_special_dn(module
, req
->op
.mod
.message
);
974 if (ret
!= LDB_SUCCESS
) {
978 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
980 if (ltdb_cache_load(module
) != 0) {
981 return LDB_ERR_OPERATIONS_ERROR
;
984 ret
= ltdb_modify_internal(module
, req
->op
.mod
.message
, req
);
992 static int ltdb_rename(struct ltdb_context
*ctx
)
994 struct ldb_module
*module
= ctx
->module
;
995 void *data
= ldb_module_get_private(module
);
996 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
997 struct ldb_request
*req
= ctx
->req
;
998 struct ldb_message
*msg
;
999 int ret
= LDB_SUCCESS
;
1000 TDB_DATA tdb_key
, tdb_key_old
;
1002 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
1004 if (ltdb_cache_load(ctx
->module
) != 0) {
1005 return LDB_ERR_OPERATIONS_ERROR
;
1008 msg
= ldb_msg_new(ctx
);
1010 return LDB_ERR_OPERATIONS_ERROR
;
1013 /* we need to fetch the old record to re-add under the new name */
1014 ret
= ltdb_search_dn1(module
, req
->op
.rename
.olddn
, msg
);
1015 if (ret
!= LDB_SUCCESS
) {
1016 /* not finding the old record is an error */
1020 /* We need to, before changing the DB, check if the new DN
1021 * exists, so we can return this error to the caller with an
1023 tdb_key
= ltdb_key(module
, req
->op
.rename
.newdn
);
1024 if (!tdb_key
.dptr
) {
1026 return LDB_ERR_OPERATIONS_ERROR
;
1029 tdb_key_old
= ltdb_key(module
, req
->op
.rename
.olddn
);
1030 if (!tdb_key_old
.dptr
) {
1032 talloc_free(tdb_key
.dptr
);
1033 return LDB_ERR_OPERATIONS_ERROR
;
1036 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1037 if (tdb_key_old
.dsize
!= tdb_key
.dsize
|| memcmp(tdb_key
.dptr
, tdb_key_old
.dptr
, tdb_key
.dsize
) != 0) {
1038 if (tdb_exists(ltdb
->tdb
, tdb_key
)) {
1039 talloc_free(tdb_key_old
.dptr
);
1040 talloc_free(tdb_key
.dptr
);
1041 ldb_asprintf_errstring(ldb_module_get_ctx(module
),
1042 "Entry %s already exists",
1043 ldb_dn_get_linearized(msg
->dn
));
1044 /* finding the new record already in the DB is an error */
1046 return LDB_ERR_ENTRY_ALREADY_EXISTS
;
1049 talloc_free(tdb_key_old
.dptr
);
1050 talloc_free(tdb_key
.dptr
);
1052 /* Always delete first then add, to avoid conflicts with
1053 * unique indexes. We rely on the transaction to make this
1056 ret
= ltdb_delete_internal(module
, msg
->dn
);
1057 if (ret
!= LDB_SUCCESS
) {
1062 msg
->dn
= ldb_dn_copy(msg
, req
->op
.rename
.newdn
);
1063 if (msg
->dn
== NULL
) {
1065 return LDB_ERR_OPERATIONS_ERROR
;
1068 /* We don't check single value as we can have more than 1 with
1069 * deleted attributes. We could go through all elements but that's
1070 * maybe not the most efficient way
1072 ret
= ltdb_add_internal(module
, msg
, false);
1079 static int ltdb_start_trans(struct ldb_module
*module
)
1081 void *data
= ldb_module_get_private(module
);
1082 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1084 if (tdb_transaction_start(ltdb
->tdb
) != 0) {
1085 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1088 ltdb
->in_transaction
++;
1090 ltdb_index_transaction_start(module
);
1095 static int ltdb_prepare_commit(struct ldb_module
*module
)
1097 void *data
= ldb_module_get_private(module
);
1098 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1100 if (ltdb
->in_transaction
!= 1) {
1104 if (ltdb_index_transaction_commit(module
) != 0) {
1105 tdb_transaction_cancel(ltdb
->tdb
);
1106 ltdb
->in_transaction
--;
1107 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1110 if (tdb_transaction_prepare_commit(ltdb
->tdb
) != 0) {
1111 ltdb
->in_transaction
--;
1112 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1115 ltdb
->prepared_commit
= true;
1120 static int ltdb_end_trans(struct ldb_module
*module
)
1122 void *data
= ldb_module_get_private(module
);
1123 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1125 if (!ltdb
->prepared_commit
) {
1126 int ret
= ltdb_prepare_commit(module
);
1127 if (ret
!= LDB_SUCCESS
) {
1132 ltdb
->in_transaction
--;
1133 ltdb
->prepared_commit
= false;
1135 if (tdb_transaction_commit(ltdb
->tdb
) != 0) {
1136 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1142 static int ltdb_del_trans(struct ldb_module
*module
)
1144 void *data
= ldb_module_get_private(module
);
1145 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1147 ltdb
->in_transaction
--;
1149 if (ltdb_index_transaction_cancel(module
) != 0) {
1150 tdb_transaction_cancel(ltdb
->tdb
);
1151 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1154 tdb_transaction_cancel(ltdb
->tdb
);
1159 return sequenceNumber from @BASEINFO
1161 static int ltdb_sequence_number(struct ltdb_context
*ctx
,
1162 struct ldb_extended
**ext
)
1164 struct ldb_context
*ldb
;
1165 struct ldb_module
*module
= ctx
->module
;
1166 struct ldb_request
*req
= ctx
->req
;
1167 TALLOC_CTX
*tmp_ctx
= NULL
;
1168 struct ldb_seqnum_request
*seq
;
1169 struct ldb_seqnum_result
*res
;
1170 struct ldb_message
*msg
= NULL
;
1173 int ret
= LDB_SUCCESS
;
1175 ldb
= ldb_module_get_ctx(module
);
1177 seq
= talloc_get_type(req
->op
.extended
.data
,
1178 struct ldb_seqnum_request
);
1180 return LDB_ERR_OPERATIONS_ERROR
;
1183 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
1185 if (ltdb_lock_read(module
) != 0) {
1186 return LDB_ERR_OPERATIONS_ERROR
;
1189 res
= talloc_zero(req
, struct ldb_seqnum_result
);
1191 ret
= LDB_ERR_OPERATIONS_ERROR
;
1195 tmp_ctx
= talloc_new(req
);
1196 if (tmp_ctx
== NULL
) {
1197 ret
= LDB_ERR_OPERATIONS_ERROR
;
1201 dn
= ldb_dn_new(tmp_ctx
, ldb
, LTDB_BASEINFO
);
1203 ret
= LDB_ERR_OPERATIONS_ERROR
;
1207 msg
= ldb_msg_new(tmp_ctx
);
1209 ret
= LDB_ERR_OPERATIONS_ERROR
;
1213 ret
= ltdb_search_dn1(module
, dn
, msg
);
1214 if (ret
!= LDB_SUCCESS
) {
1218 switch (seq
->type
) {
1219 case LDB_SEQ_HIGHEST_SEQ
:
1220 res
->seq_num
= ldb_msg_find_attr_as_uint64(msg
, LTDB_SEQUENCE_NUMBER
, 0);
1223 res
->seq_num
= ldb_msg_find_attr_as_uint64(msg
, LTDB_SEQUENCE_NUMBER
, 0);
1226 case LDB_SEQ_HIGHEST_TIMESTAMP
:
1227 date
= ldb_msg_find_attr_as_string(msg
, LTDB_MOD_TIMESTAMP
, NULL
);
1229 res
->seq_num
= ldb_string_to_time(date
);
1232 /* zero is as good as anything when we don't know */
1237 *ext
= talloc_zero(req
, struct ldb_extended
);
1239 ret
= LDB_ERR_OPERATIONS_ERROR
;
1242 (*ext
)->oid
= LDB_EXTENDED_SEQUENCE_NUMBER
;
1243 (*ext
)->data
= talloc_steal(*ext
, res
);
1246 talloc_free(tmp_ctx
);
1247 ltdb_unlock_read(module
);
1251 static void ltdb_request_done(struct ltdb_context
*ctx
, int error
)
1253 struct ldb_context
*ldb
;
1254 struct ldb_request
*req
;
1255 struct ldb_reply
*ares
;
1257 ldb
= ldb_module_get_ctx(ctx
->module
);
1260 /* if we already returned an error just return */
1261 if (ldb_request_get_status(req
) != LDB_SUCCESS
) {
1265 ares
= talloc_zero(req
, struct ldb_reply
);
1268 req
->callback(req
, NULL
);
1271 ares
->type
= LDB_REPLY_DONE
;
1272 ares
->error
= error
;
1274 req
->callback(req
, ares
);
1277 static void ltdb_timeout(struct tevent_context
*ev
,
1278 struct tevent_timer
*te
,
1282 struct ltdb_context
*ctx
;
1283 ctx
= talloc_get_type(private_data
, struct ltdb_context
);
1285 if (!ctx
->request_terminated
) {
1286 /* request is done now */
1287 ltdb_request_done(ctx
, LDB_ERR_TIME_LIMIT_EXCEEDED
);
1291 /* neutralize the spy */
1292 ctx
->spy
->ctx
= NULL
;
1298 static void ltdb_request_extended_done(struct ltdb_context
*ctx
,
1299 struct ldb_extended
*ext
,
1302 struct ldb_context
*ldb
;
1303 struct ldb_request
*req
;
1304 struct ldb_reply
*ares
;
1306 ldb
= ldb_module_get_ctx(ctx
->module
);
1309 /* if we already returned an error just return */
1310 if (ldb_request_get_status(req
) != LDB_SUCCESS
) {
1314 ares
= talloc_zero(req
, struct ldb_reply
);
1317 req
->callback(req
, NULL
);
1320 ares
->type
= LDB_REPLY_DONE
;
1321 ares
->response
= ext
;
1322 ares
->error
= error
;
1324 req
->callback(req
, ares
);
1327 static void ltdb_handle_extended(struct ltdb_context
*ctx
)
1329 struct ldb_extended
*ext
= NULL
;
1332 if (strcmp(ctx
->req
->op
.extended
.oid
,
1333 LDB_EXTENDED_SEQUENCE_NUMBER
) == 0) {
1334 /* get sequence number */
1335 ret
= ltdb_sequence_number(ctx
, &ext
);
1337 /* not recognized */
1338 ret
= LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION
;
1341 ltdb_request_extended_done(ctx
, ext
, ret
);
1344 static void ltdb_callback(struct tevent_context
*ev
,
1345 struct tevent_timer
*te
,
1349 struct ltdb_context
*ctx
;
1352 ctx
= talloc_get_type(private_data
, struct ltdb_context
);
1354 if (ctx
->request_terminated
) {
1358 switch (ctx
->req
->operation
) {
1360 ret
= ltdb_search(ctx
);
1363 ret
= ltdb_add(ctx
);
1366 ret
= ltdb_modify(ctx
);
1369 ret
= ltdb_delete(ctx
);
1372 ret
= ltdb_rename(ctx
);
1375 ltdb_handle_extended(ctx
);
1378 /* no other op supported */
1379 ret
= LDB_ERR_PROTOCOL_ERROR
;
1382 if (!ctx
->request_terminated
) {
1383 /* request is done now */
1384 ltdb_request_done(ctx
, ret
);
1389 /* neutralize the spy */
1390 ctx
->spy
->ctx
= NULL
;
1396 static int ltdb_request_destructor(void *ptr
)
1398 struct ltdb_req_spy
*spy
= talloc_get_type(ptr
, struct ltdb_req_spy
);
1400 if (spy
->ctx
!= NULL
) {
1401 spy
->ctx
->spy
= NULL
;
1402 spy
->ctx
->request_terminated
= true;
1409 static int ltdb_handle_request(struct ldb_module
*module
,
1410 struct ldb_request
*req
)
1412 struct ldb_control
*control_permissive
;
1413 struct ldb_context
*ldb
;
1414 struct tevent_context
*ev
;
1415 struct ltdb_context
*ac
;
1416 struct tevent_timer
*te
;
1420 ldb
= ldb_module_get_ctx(module
);
1422 control_permissive
= ldb_request_get_control(req
,
1423 LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
1425 for (i
= 0; req
->controls
&& req
->controls
[i
]; i
++) {
1426 if (req
->controls
[i
]->critical
&&
1427 req
->controls
[i
] != control_permissive
) {
1428 ldb_asprintf_errstring(ldb
, "Unsupported critical extension %s",
1429 req
->controls
[i
]->oid
);
1430 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION
;
1434 if (req
->starttime
== 0 || req
->timeout
== 0) {
1435 ldb_set_errstring(ldb
, "Invalid timeout settings");
1436 return LDB_ERR_TIME_LIMIT_EXCEEDED
;
1439 ev
= ldb_get_event_context(ldb
);
1441 ac
= talloc_zero(ldb
, struct ltdb_context
);
1444 return LDB_ERR_OPERATIONS_ERROR
;
1447 ac
->module
= module
;
1452 te
= tevent_add_timer(ev
, ac
, tv
, ltdb_callback
, ac
);
1455 return LDB_ERR_OPERATIONS_ERROR
;
1458 tv
.tv_sec
= req
->starttime
+ req
->timeout
;
1459 ac
->timeout_event
= tevent_add_timer(ev
, ac
, tv
, ltdb_timeout
, ac
);
1460 if (NULL
== ac
->timeout_event
) {
1462 return LDB_ERR_OPERATIONS_ERROR
;
1465 /* set a spy so that we do not try to use the request context
1466 * if it is freed before ltdb_callback fires */
1467 ac
->spy
= talloc(req
, struct ltdb_req_spy
);
1468 if (NULL
== ac
->spy
) {
1470 return LDB_ERR_OPERATIONS_ERROR
;
1474 talloc_set_destructor((TALLOC_CTX
*)ac
->spy
, ltdb_request_destructor
);
1479 static int ltdb_init_rootdse(struct ldb_module
*module
)
1481 /* ignore errors on this - we expect it for non-sam databases */
1482 ldb_mod_register_control(module
, LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
1484 /* there can be no module beyond the backend, just return */
1488 static const struct ldb_module_ops ltdb_ops
= {
1490 .init_context
= ltdb_init_rootdse
,
1491 .search
= ltdb_handle_request
,
1492 .add
= ltdb_handle_request
,
1493 .modify
= ltdb_handle_request
,
1494 .del
= ltdb_handle_request
,
1495 .rename
= ltdb_handle_request
,
1496 .extended
= ltdb_handle_request
,
1497 .start_transaction
= ltdb_start_trans
,
1498 .end_transaction
= ltdb_end_trans
,
1499 .prepare_commit
= ltdb_prepare_commit
,
1500 .del_transaction
= ltdb_del_trans
,
1504 connect to the database
1506 static int ltdb_connect(struct ldb_context
*ldb
, const char *url
,
1507 unsigned int flags
, const char *options
[],
1508 struct ldb_module
**_module
)
1510 struct ldb_module
*module
;
1512 int tdb_flags
, open_flags
;
1513 struct ltdb_private
*ltdb
;
1516 if (strchr(url
, ':')) {
1517 if (strncmp(url
, "tdb://", 6) != 0) {
1518 ldb_debug(ldb
, LDB_DEBUG_ERROR
,
1519 "Invalid tdb URL '%s'", url
);
1520 return LDB_ERR_OPERATIONS_ERROR
;
1527 tdb_flags
= TDB_DEFAULT
| TDB_SEQNUM
;
1529 /* check for the 'nosync' option */
1530 if (flags
& LDB_FLG_NOSYNC
) {
1531 tdb_flags
|= TDB_NOSYNC
;
1534 /* and nommap option */
1535 if (flags
& LDB_FLG_NOMMAP
) {
1536 tdb_flags
|= TDB_NOMMAP
;
1539 if (flags
& LDB_FLG_RDONLY
) {
1540 open_flags
= O_RDONLY
;
1542 open_flags
= O_CREAT
| O_RDWR
;
1545 ltdb
= talloc_zero(ldb
, struct ltdb_private
);
1548 return LDB_ERR_OPERATIONS_ERROR
;
1551 /* note that we use quite a large default hash size */
1552 ltdb
->tdb
= ltdb_wrap_open(ltdb
, path
, 10000,
1553 tdb_flags
, open_flags
,
1554 ldb_get_create_perms(ldb
), ldb
);
1556 ldb_asprintf_errstring(ldb
,
1557 "Unable to open tdb '%s'", path
);
1558 ldb_debug(ldb
, LDB_DEBUG_ERROR
,
1559 "Unable to open tdb '%s'", path
);
1561 return LDB_ERR_OPERATIONS_ERROR
;
1564 if (getenv("LDB_WARN_UNINDEXED")) {
1565 ltdb
->warn_unindexed
= true;
1568 ltdb
->sequence_number
= 0;
1570 module
= ldb_module_new(ldb
, ldb
, "ldb_tdb backend", <db_ops
);
1574 return LDB_ERR_OPERATIONS_ERROR
;
1576 ldb_module_set_private(module
, ltdb
);
1577 talloc_steal(module
, ltdb
);
1579 if (ltdb_cache_load(module
) != 0) {
1580 ldb_asprintf_errstring(ldb
,
1581 "Unable to load ltdb cache records of tdb '%s'", path
);
1582 talloc_free(module
);
1583 return LDB_ERR_OPERATIONS_ERROR
;
1590 int ldb_tdb_init(const char *version
)
1592 LDB_MODULE_CHECK_VERSION(version
);
1593 return ldb_register_backend("tdb", ltdb_connect
, false);