4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include <lib/tdb_compat/tdb_compat.h>
56 prevent memory errors on callbacks
59 struct ltdb_context
*ctx
;
63 map a tdb error code to a ldb error code
65 int ltdb_err_map(enum TDB_ERROR tdb_code
)
73 return LDB_ERR_OPERATIONS_ERROR
;
75 return LDB_ERR_PROTOCOL_ERROR
;
82 case TDB_ERR_LOCK_TIMEOUT
:
84 return LDB_ERR_TIME_LIMIT_EXCEEDED
;
86 return LDB_ERR_ENTRY_ALREADY_EXISTS
;
88 return LDB_ERR_NO_SUCH_OBJECT
;
90 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS
;
98 lock the database for read - use by ltdb_search and ltdb_sequence_number
100 int ltdb_lock_read(struct ldb_module
*module
)
102 void *data
= ldb_module_get_private(module
);
103 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
106 if (ltdb
->in_transaction
== 0 &&
107 ltdb
->read_lock_count
== 0) {
108 ret
= tdb_lockall_read(ltdb
->tdb
);
111 ltdb
->read_lock_count
++;
117 unlock the database after a ltdb_lock_read()
119 int ltdb_unlock_read(struct ldb_module
*module
)
121 void *data
= ldb_module_get_private(module
);
122 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
123 if (ltdb
->in_transaction
== 0 && ltdb
->read_lock_count
== 1) {
124 tdb_unlockall_read(ltdb
->tdb
);
127 ltdb
->read_lock_count
--;
133 form a TDB_DATA for a record key
136 note that the key for a record can depend on whether the
137 dn refers to a case sensitive index record or not
139 TDB_DATA
ltdb_key(struct ldb_module
*module
, struct ldb_dn
*dn
)
141 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
143 char *key_str
= NULL
;
144 const char *dn_folded
= NULL
;
147 most DNs are case insensitive. The exception is index DNs for
148 case sensitive attributes
150 there are 3 cases dealt with in this code:
152 1) if the dn doesn't start with @ then uppercase the attribute
153 names and the attributes values of case insensitive attributes
154 2) if the dn starts with @ then leave it alone -
155 the indexing code handles the rest
158 dn_folded
= ldb_dn_get_casefold(dn
);
163 key_str
= talloc_strdup(ldb
, "DN=");
168 key_str
= talloc_strdup_append_buffer(key_str
, dn_folded
);
173 key
.dptr
= (uint8_t *)key_str
;
174 key
.dsize
= strlen(key_str
) + 1;
186 check special dn's have valid attributes
187 currently only @ATTRIBUTES is checked
189 static int ltdb_check_special_dn(struct ldb_module
*module
,
190 const struct ldb_message
*msg
)
192 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
195 if (! ldb_dn_is_special(msg
->dn
) ||
196 ! ldb_dn_check_special(msg
->dn
, LTDB_ATTRIBUTES
)) {
200 /* we have @ATTRIBUTES, let's check attributes are fine */
201 /* should we check that we deny multivalued attributes ? */
202 for (i
= 0; i
< msg
->num_elements
; i
++) {
203 if (ldb_attr_cmp(msg
->elements
[i
].name
, "distinguishedName") == 0) continue;
205 for (j
= 0; j
< msg
->elements
[i
].num_values
; j
++) {
206 if (ltdb_check_at_attributes_values(&msg
->elements
[i
].values
[j
]) != 0) {
207 ldb_set_errstring(ldb
, "Invalid attribute value in an @ATTRIBUTES entry");
208 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX
;
218 we've made a modification to a dn - possibly reindex and
219 update sequence number
221 static int ltdb_modified(struct ldb_module
*module
, struct ldb_dn
*dn
)
223 int ret
= LDB_SUCCESS
;
224 struct ltdb_private
*ltdb
= talloc_get_type(ldb_module_get_private(module
), struct ltdb_private
);
226 /* only allow modifies inside a transaction, otherwise the
228 if (ltdb
->in_transaction
== 0) {
229 ldb_set_errstring(ldb_module_get_ctx(module
), "ltdb modify without transaction");
230 return LDB_ERR_OPERATIONS_ERROR
;
233 if (ldb_dn_is_special(dn
) &&
234 (ldb_dn_check_special(dn
, LTDB_INDEXLIST
) ||
235 ldb_dn_check_special(dn
, LTDB_ATTRIBUTES
)) ) {
236 ret
= ltdb_reindex(module
);
239 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
240 if (ret
== LDB_SUCCESS
&&
241 !(ldb_dn_is_special(dn
) &&
242 ldb_dn_check_special(dn
, LTDB_BASEINFO
)) ) {
243 ret
= ltdb_increase_sequence_number(module
);
246 /* If the modify was to @OPTIONS, reload the cache */
247 if (ret
== LDB_SUCCESS
&&
248 ldb_dn_is_special(dn
) &&
249 (ldb_dn_check_special(dn
, LTDB_OPTIONS
)) ) {
250 ret
= ltdb_cache_reload(module
);
257 store a record into the db
259 int ltdb_store(struct ldb_module
*module
, const struct ldb_message
*msg
, int flgs
)
261 void *data
= ldb_module_get_private(module
);
262 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
263 TDB_DATA tdb_key
, tdb_data
;
264 int ret
= LDB_SUCCESS
;
266 tdb_key
= ltdb_key(module
, msg
->dn
);
267 if (tdb_key
.dptr
== NULL
) {
268 return LDB_ERR_OTHER
;
271 ret
= ltdb_pack_data(module
, msg
, &tdb_data
);
273 talloc_free(tdb_key
.dptr
);
274 return LDB_ERR_OTHER
;
277 ret
= tdb_store(ltdb
->tdb
, tdb_key
, tdb_data
, flgs
);
279 ret
= ltdb_err_map(tdb_error(ltdb
->tdb
));
284 talloc_free(tdb_key
.dptr
);
285 talloc_free(tdb_data
.dptr
);
292 check if a attribute is a single valued, for a given element
294 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute
*a
,
295 struct ldb_message_element
*el
)
297 if (!a
) return false;
299 if (el
->flags
& LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK
) {
300 /* override from a ldb module, for example
301 used for the description field, which is
302 marked multi-valued in the schema but which
303 should not actually accept multiple
307 if (el
->flags
& LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
) {
308 /* override from a ldb module, for example used for
309 deleted linked attribute entries */
313 if (a
->flags
& LDB_ATTR_FLAG_SINGLE_VALUE
) {
319 static int ltdb_add_internal(struct ldb_module
*module
,
320 const struct ldb_message
*msg
,
321 bool check_single_value
)
323 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
324 int ret
= LDB_SUCCESS
;
327 for (i
=0;i
<msg
->num_elements
;i
++) {
328 struct ldb_message_element
*el
= &msg
->elements
[i
];
329 const struct ldb_schema_attribute
*a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
331 if (el
->num_values
== 0) {
332 ldb_asprintf_errstring(ldb
, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
333 el
->name
, ldb_dn_get_linearized(msg
->dn
));
334 return LDB_ERR_CONSTRAINT_VIOLATION
;
336 if (check_single_value
&&
337 el
->num_values
> 1 &&
338 ldb_tdb_single_valued(a
, el
)) {
339 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
340 el
->name
, ldb_dn_get_linearized(msg
->dn
));
341 return LDB_ERR_CONSTRAINT_VIOLATION
;
345 ret
= ltdb_store(module
, msg
, TDB_INSERT
);
346 if (ret
!= LDB_SUCCESS
) {
347 if (ret
== LDB_ERR_ENTRY_ALREADY_EXISTS
) {
348 ldb_asprintf_errstring(ldb
,
349 "Entry %s already exists",
350 ldb_dn_get_linearized(msg
->dn
));
355 ret
= ltdb_index_add_new(module
, msg
);
356 if (ret
!= LDB_SUCCESS
) {
360 ret
= ltdb_modified(module
, msg
->dn
);
366 add a record to the database
368 static int ltdb_add(struct ltdb_context
*ctx
)
370 struct ldb_module
*module
= ctx
->module
;
371 struct ldb_request
*req
= ctx
->req
;
372 int ret
= LDB_SUCCESS
;
374 ret
= ltdb_check_special_dn(module
, req
->op
.add
.message
);
375 if (ret
!= LDB_SUCCESS
) {
379 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
381 if (ltdb_cache_load(module
) != 0) {
382 return LDB_ERR_OPERATIONS_ERROR
;
385 ret
= ltdb_add_internal(module
, req
->op
.add
.message
, true);
391 delete a record from the database, not updating indexes (used for deleting
394 int ltdb_delete_noindex(struct ldb_module
*module
, struct ldb_dn
*dn
)
396 void *data
= ldb_module_get_private(module
);
397 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
401 tdb_key
= ltdb_key(module
, dn
);
403 return LDB_ERR_OTHER
;
406 ret
= tdb_delete(ltdb
->tdb
, tdb_key
);
407 talloc_free(tdb_key
.dptr
);
410 ret
= ltdb_err_map(tdb_error(ltdb
->tdb
));
416 static int ltdb_delete_internal(struct ldb_module
*module
, struct ldb_dn
*dn
)
418 struct ldb_message
*msg
;
419 int ret
= LDB_SUCCESS
;
421 msg
= ldb_msg_new(module
);
423 return LDB_ERR_OPERATIONS_ERROR
;
426 /* in case any attribute of the message was indexed, we need
427 to fetch the old record */
428 ret
= ltdb_search_dn1(module
, dn
, msg
);
429 if (ret
!= LDB_SUCCESS
) {
430 /* not finding the old record is an error */
434 ret
= ltdb_delete_noindex(module
, dn
);
435 if (ret
!= LDB_SUCCESS
) {
439 /* remove any indexed attributes */
440 ret
= ltdb_index_delete(module
, msg
);
441 if (ret
!= LDB_SUCCESS
) {
445 ret
= ltdb_modified(module
, dn
);
446 if (ret
!= LDB_SUCCESS
) {
456 delete a record from the database
458 static int ltdb_delete(struct ltdb_context
*ctx
)
460 struct ldb_module
*module
= ctx
->module
;
461 struct ldb_request
*req
= ctx
->req
;
462 int ret
= LDB_SUCCESS
;
464 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
466 if (ltdb_cache_load(module
) != 0) {
467 return LDB_ERR_OPERATIONS_ERROR
;
470 ret
= ltdb_delete_internal(module
, req
->op
.del
.dn
);
476 find an element by attribute name. At the moment this does a linear search,
477 it should be re-coded to use a binary search once all places that modify
478 records guarantee sorted order
480 return the index of the first matching element if found, otherwise -1
482 static int find_element(const struct ldb_message
*msg
, const char *name
)
485 for (i
=0;i
<msg
->num_elements
;i
++) {
486 if (ldb_attr_cmp(msg
->elements
[i
].name
, name
) == 0) {
495 add an element to an existing record. Assumes a elements array that we
496 can call re-alloc on, and assumed that we can re-use the data pointers from
497 the passed in additional values. Use with care!
499 returns 0 on success, -1 on failure (and sets errno)
501 static int ltdb_msg_add_element(struct ldb_context
*ldb
,
502 struct ldb_message
*msg
,
503 struct ldb_message_element
*el
)
505 struct ldb_message_element
*e2
;
508 if (el
->num_values
== 0) {
509 /* nothing to do here - we don't add empty elements */
513 e2
= talloc_realloc(msg
, msg
->elements
, struct ldb_message_element
,
514 msg
->num_elements
+1);
522 e2
= &msg
->elements
[msg
->num_elements
];
525 e2
->flags
= el
->flags
;
526 e2
->values
= talloc_array(msg
->elements
,
527 struct ldb_val
, el
->num_values
);
532 for (i
=0;i
<el
->num_values
;i
++) {
533 e2
->values
[i
] = el
->values
[i
];
535 e2
->num_values
= el
->num_values
;
543 delete all elements having a specified attribute name
545 static int msg_delete_attribute(struct ldb_module
*module
,
546 struct ldb_context
*ldb
,
547 struct ldb_message
*msg
, const char *name
)
551 struct ldb_message_element
*el
;
553 el
= ldb_msg_find_element(msg
, name
);
555 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
557 i
= el
- msg
->elements
;
559 ret
= ltdb_index_del_element(module
, msg
->dn
, el
);
560 if (ret
!= LDB_SUCCESS
) {
564 talloc_free(el
->values
);
565 if (msg
->num_elements
> (i
+1)) {
566 memmove(el
, el
+1, sizeof(*el
) * (msg
->num_elements
- (i
+1)));
569 msg
->elements
= talloc_realloc(msg
, msg
->elements
,
570 struct ldb_message_element
,
576 delete all elements matching an attribute name/value
578 return LDB Error on failure
580 static int msg_delete_element(struct ldb_module
*module
,
581 struct ldb_message
*msg
,
583 const struct ldb_val
*val
)
585 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
588 struct ldb_message_element
*el
;
589 const struct ldb_schema_attribute
*a
;
591 found
= find_element(msg
, name
);
593 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
596 i
= (unsigned int) found
;
597 el
= &(msg
->elements
[i
]);
599 a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
601 for (i
=0;i
<el
->num_values
;i
++) {
603 if (a
->syntax
->operator_fn
) {
604 ret
= a
->syntax
->operator_fn(ldb
, LDB_OP_EQUALITY
, a
,
605 &el
->values
[i
], val
, &matched
);
606 if (ret
!= LDB_SUCCESS
) return ret
;
608 matched
= (a
->syntax
->comparison_fn(ldb
, ldb
,
609 &el
->values
[i
], val
) == 0);
612 if (el
->num_values
== 1) {
613 return msg_delete_attribute(module
, ldb
, msg
, name
);
616 ret
= ltdb_index_del_value(module
, msg
->dn
, el
, i
);
617 if (ret
!= LDB_SUCCESS
) {
621 if (i
<el
->num_values
-1) {
622 memmove(&el
->values
[i
], &el
->values
[i
+1],
623 sizeof(el
->values
[i
])*
624 (el
->num_values
-(i
+1)));
628 /* per definition we find in a canonicalised message an
629 attribute value only once. So we are finished here */
635 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
640 modify a record - internal interface
642 yuck - this is O(n^2). Luckily n is usually small so we probably
643 get away with it, but if we ever have really large attribute lists
644 then we'll need to look at this again
646 'req' is optional, and is used to specify controls if supplied
648 int ltdb_modify_internal(struct ldb_module
*module
,
649 const struct ldb_message
*msg
,
650 struct ldb_request
*req
)
652 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
653 void *data
= ldb_module_get_private(module
);
654 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
655 TDB_DATA tdb_key
, tdb_data
;
656 struct ldb_message
*msg2
;
657 unsigned int i
, j
, k
;
658 int ret
= LDB_SUCCESS
, idx
;
659 struct ldb_control
*control_permissive
= NULL
;
662 control_permissive
= ldb_request_get_control(req
,
663 LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
666 tdb_key
= ltdb_key(module
, msg
->dn
);
668 return LDB_ERR_OTHER
;
671 tdb_data
= tdb_fetch_compat(ltdb
->tdb
, tdb_key
);
672 if (!tdb_data
.dptr
) {
673 talloc_free(tdb_key
.dptr
);
674 return ltdb_err_map(tdb_error(ltdb
->tdb
));
677 msg2
= ldb_msg_new(tdb_key
.dptr
);
684 ret
= ltdb_unpack_data(module
, &tdb_data
, msg2
);
695 for (i
=0; i
<msg
->num_elements
; i
++) {
696 struct ldb_message_element
*el
= &msg
->elements
[i
], *el2
;
697 struct ldb_val
*vals
;
698 const struct ldb_schema_attribute
*a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
701 switch (msg
->elements
[i
].flags
& LDB_FLAG_MOD_MASK
) {
702 case LDB_FLAG_MOD_ADD
:
704 if (el
->num_values
== 0) {
705 ldb_asprintf_errstring(ldb
,
706 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
707 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
708 ret
= LDB_ERR_CONSTRAINT_VIOLATION
;
712 /* make a copy of the array so that a permissive
713 * control can remove duplicates without changing the
714 * original values, but do not copy data as we do not
715 * need to keep it around once the operation is
717 if (control_permissive
) {
718 el
= talloc(msg2
, struct ldb_message_element
);
723 *el
= msg
->elements
[i
];
724 el
->values
= talloc_array(el
, struct ldb_val
, el
->num_values
);
725 if (el
->values
== NULL
) {
729 for (j
= 0; j
< el
->num_values
; j
++) {
730 el
->values
[j
] = msg
->elements
[i
].values
[j
];
734 if (el
->num_values
> 1 && ldb_tdb_single_valued(a
, el
)) {
735 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
736 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
737 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
741 /* Checks if element already exists */
742 idx
= find_element(msg2
, el
->name
);
744 if (ltdb_msg_add_element(ldb
, msg2
, el
) != 0) {
748 ret
= ltdb_index_add_element(module
, msg2
->dn
,
750 if (ret
!= LDB_SUCCESS
) {
754 j
= (unsigned int) idx
;
755 el2
= &(msg2
->elements
[j
]);
757 /* We cannot add another value on a existing one
758 if the attribute is single-valued */
759 if (ldb_tdb_single_valued(a
, el
)) {
760 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
761 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
762 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
766 /* Check that values don't exist yet on multi-
767 valued attributes or aren't provided twice */
768 for (j
= 0; j
< el
->num_values
; j
++) {
769 if (ldb_msg_find_val(el2
, &el
->values
[j
]) != NULL
) {
770 if (control_permissive
) {
771 /* remove this one as if it was never added */
773 for (k
= j
; k
< el
->num_values
; k
++) {
774 el
->values
[k
] = el
->values
[k
+ 1];
781 ldb_asprintf_errstring(ldb
,
782 "attribute '%s': value #%u on '%s' already exists",
783 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
784 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
787 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
788 ldb_asprintf_errstring(ldb
,
789 "attribute '%s': value #%u on '%s' provided more than once",
790 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
791 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
796 /* Now combine existing and new values to a new
798 vals
= talloc_realloc(msg2
->elements
,
799 el2
->values
, struct ldb_val
,
800 el2
->num_values
+ el
->num_values
);
807 for (j
=0; j
<el
->num_values
; j
++) {
808 vals
[el2
->num_values
+ j
] =
809 ldb_val_dup(vals
, &el
->values
[j
]);
813 el2
->num_values
+= el
->num_values
;
815 ret
= ltdb_index_add_element(module
, msg2
->dn
, el
);
816 if (ret
!= LDB_SUCCESS
) {
823 case LDB_FLAG_MOD_REPLACE
:
825 if (el
->num_values
> 1 && ldb_tdb_single_valued(a
, el
)) {
826 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
827 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
828 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
832 /* TODO: This is O(n^2) - replace with more efficient check */
833 for (j
=0; j
<el
->num_values
; j
++) {
834 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
835 ldb_asprintf_errstring(ldb
,
836 "attribute '%s': value #%u on '%s' provided more than once",
837 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
838 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
843 /* Checks if element already exists */
844 idx
= find_element(msg2
, el
->name
);
846 j
= (unsigned int) idx
;
847 el2
= &(msg2
->elements
[j
]);
848 if (ldb_msg_element_compare(el
, el2
) == 0) {
849 /* we are replacing with the same values */
853 /* Delete the attribute if it exists in the DB */
854 if (msg_delete_attribute(module
, ldb
, msg2
,
861 /* Recreate it with the new values */
862 if (ltdb_msg_add_element(ldb
, msg2
, el
) != 0) {
867 ret
= ltdb_index_add_element(module
, msg2
->dn
, el
);
868 if (ret
!= LDB_SUCCESS
) {
874 case LDB_FLAG_MOD_DELETE
:
875 dn
= ldb_dn_get_linearized(msg2
->dn
);
881 if (msg
->elements
[i
].num_values
== 0) {
882 /* Delete the whole attribute */
883 ret
= msg_delete_attribute(module
, ldb
, msg2
,
884 msg
->elements
[i
].name
);
885 if (ret
== LDB_ERR_NO_SUCH_ATTRIBUTE
&&
886 control_permissive
) {
889 ldb_asprintf_errstring(ldb
,
890 "attribute '%s': no such attribute for delete on '%s'",
891 msg
->elements
[i
].name
, dn
);
893 if (ret
!= LDB_SUCCESS
) {
897 /* Delete specified values from an attribute */
898 for (j
=0; j
< msg
->elements
[i
].num_values
; j
++) {
899 ret
= msg_delete_element(module
,
901 msg
->elements
[i
].name
,
902 &msg
->elements
[i
].values
[j
]);
903 if (ret
== LDB_ERR_NO_SUCH_ATTRIBUTE
&&
904 control_permissive
) {
907 ldb_asprintf_errstring(ldb
,
908 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
909 msg
->elements
[i
].name
, dn
);
911 if (ret
!= LDB_SUCCESS
) {
918 ldb_asprintf_errstring(ldb
,
919 "attribute '%s': invalid modify flags on '%s': 0x%x",
920 msg
->elements
[i
].name
, ldb_dn_get_linearized(msg
->dn
),
921 msg
->elements
[i
].flags
& LDB_FLAG_MOD_MASK
);
922 ret
= LDB_ERR_PROTOCOL_ERROR
;
927 ret
= ltdb_store(module
, msg2
, TDB_MODIFY
);
928 if (ret
!= LDB_SUCCESS
) {
932 ret
= ltdb_modified(module
, msg2
->dn
);
933 if (ret
!= LDB_SUCCESS
) {
938 talloc_free(tdb_key
.dptr
);
945 static int ltdb_modify(struct ltdb_context
*ctx
)
947 struct ldb_module
*module
= ctx
->module
;
948 struct ldb_request
*req
= ctx
->req
;
949 int ret
= LDB_SUCCESS
;
951 ret
= ltdb_check_special_dn(module
, req
->op
.mod
.message
);
952 if (ret
!= LDB_SUCCESS
) {
956 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
958 if (ltdb_cache_load(module
) != 0) {
959 return LDB_ERR_OPERATIONS_ERROR
;
962 ret
= ltdb_modify_internal(module
, req
->op
.mod
.message
, req
);
970 static int ltdb_rename(struct ltdb_context
*ctx
)
972 struct ldb_module
*module
= ctx
->module
;
973 struct ldb_request
*req
= ctx
->req
;
974 struct ldb_message
*msg
;
975 int ret
= LDB_SUCCESS
;
977 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
979 if (ltdb_cache_load(ctx
->module
) != 0) {
980 return LDB_ERR_OPERATIONS_ERROR
;
983 msg
= ldb_msg_new(ctx
);
985 return LDB_ERR_OPERATIONS_ERROR
;
988 /* in case any attribute of the message was indexed, we need
989 to fetch the old record */
990 ret
= ltdb_search_dn1(module
, req
->op
.rename
.olddn
, msg
);
991 if (ret
!= LDB_SUCCESS
) {
992 /* not finding the old record is an error */
996 /* Always delete first then add, to avoid conflicts with
997 * unique indexes. We rely on the transaction to make this
1000 ret
= ltdb_delete_internal(module
, msg
->dn
);
1001 if (ret
!= LDB_SUCCESS
) {
1005 msg
->dn
= ldb_dn_copy(msg
, req
->op
.rename
.newdn
);
1006 if (msg
->dn
== NULL
) {
1007 return LDB_ERR_OPERATIONS_ERROR
;
1010 /* We don't check single value as we can have more than 1 with
1011 * deleted attributes. We could go through all elements but that's
1012 * maybe not the most efficient way
1014 ret
= ltdb_add_internal(module
, msg
, false);
1019 static int ltdb_start_trans(struct ldb_module
*module
)
1021 void *data
= ldb_module_get_private(module
);
1022 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1024 if (tdb_transaction_start(ltdb
->tdb
) != 0) {
1025 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1028 ltdb
->in_transaction
++;
1030 ltdb_index_transaction_start(module
);
1035 static int ltdb_prepare_commit(struct ldb_module
*module
)
1037 void *data
= ldb_module_get_private(module
);
1038 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1040 if (ltdb
->in_transaction
!= 1) {
1044 if (ltdb_index_transaction_commit(module
) != 0) {
1045 tdb_transaction_cancel(ltdb
->tdb
);
1046 ltdb
->in_transaction
--;
1047 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1050 if (tdb_transaction_prepare_commit(ltdb
->tdb
) != 0) {
1051 ltdb
->in_transaction
--;
1052 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1055 ltdb
->prepared_commit
= true;
1060 static int ltdb_end_trans(struct ldb_module
*module
)
1062 void *data
= ldb_module_get_private(module
);
1063 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1065 if (!ltdb
->prepared_commit
) {
1066 int ret
= ltdb_prepare_commit(module
);
1067 if (ret
!= LDB_SUCCESS
) {
1072 ltdb
->in_transaction
--;
1073 ltdb
->prepared_commit
= false;
1075 if (tdb_transaction_commit(ltdb
->tdb
) != 0) {
1076 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1082 static int ltdb_del_trans(struct ldb_module
*module
)
1084 void *data
= ldb_module_get_private(module
);
1085 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1087 ltdb
->in_transaction
--;
1089 if (ltdb_index_transaction_cancel(module
) != 0) {
1090 tdb_transaction_cancel(ltdb
->tdb
);
1091 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1094 tdb_transaction_cancel(ltdb
->tdb
);
1099 return sequenceNumber from @BASEINFO
1101 static int ltdb_sequence_number(struct ltdb_context
*ctx
,
1102 struct ldb_extended
**ext
)
1104 struct ldb_context
*ldb
;
1105 struct ldb_module
*module
= ctx
->module
;
1106 struct ldb_request
*req
= ctx
->req
;
1107 TALLOC_CTX
*tmp_ctx
= NULL
;
1108 struct ldb_seqnum_request
*seq
;
1109 struct ldb_seqnum_result
*res
;
1110 struct ldb_message
*msg
= NULL
;
1113 int ret
= LDB_SUCCESS
;
1115 ldb
= ldb_module_get_ctx(module
);
1117 seq
= talloc_get_type(req
->op
.extended
.data
,
1118 struct ldb_seqnum_request
);
1120 return LDB_ERR_OPERATIONS_ERROR
;
1123 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
1125 if (ltdb_lock_read(module
) != 0) {
1126 return LDB_ERR_OPERATIONS_ERROR
;
1129 res
= talloc_zero(req
, struct ldb_seqnum_result
);
1131 ret
= LDB_ERR_OPERATIONS_ERROR
;
1135 tmp_ctx
= talloc_new(req
);
1136 if (tmp_ctx
== NULL
) {
1137 ret
= LDB_ERR_OPERATIONS_ERROR
;
1141 dn
= ldb_dn_new(tmp_ctx
, ldb
, LTDB_BASEINFO
);
1143 ret
= LDB_ERR_OPERATIONS_ERROR
;
1147 msg
= ldb_msg_new(tmp_ctx
);
1149 ret
= LDB_ERR_OPERATIONS_ERROR
;
1153 ret
= ltdb_search_dn1(module
, dn
, msg
);
1154 if (ret
!= LDB_SUCCESS
) {
1158 switch (seq
->type
) {
1159 case LDB_SEQ_HIGHEST_SEQ
:
1160 res
->seq_num
= ldb_msg_find_attr_as_uint64(msg
, LTDB_SEQUENCE_NUMBER
, 0);
1163 res
->seq_num
= ldb_msg_find_attr_as_uint64(msg
, LTDB_SEQUENCE_NUMBER
, 0);
1166 case LDB_SEQ_HIGHEST_TIMESTAMP
:
1167 date
= ldb_msg_find_attr_as_string(msg
, LTDB_MOD_TIMESTAMP
, NULL
);
1169 res
->seq_num
= ldb_string_to_time(date
);
1172 /* zero is as good as anything when we don't know */
1177 *ext
= talloc_zero(req
, struct ldb_extended
);
1179 ret
= LDB_ERR_OPERATIONS_ERROR
;
1182 (*ext
)->oid
= LDB_EXTENDED_SEQUENCE_NUMBER
;
1183 (*ext
)->data
= talloc_steal(*ext
, res
);
1186 talloc_free(tmp_ctx
);
1187 ltdb_unlock_read(module
);
1191 static void ltdb_request_done(struct ltdb_context
*ctx
, int error
)
1193 struct ldb_context
*ldb
;
1194 struct ldb_request
*req
;
1195 struct ldb_reply
*ares
;
1197 ldb
= ldb_module_get_ctx(ctx
->module
);
1200 /* if we already returned an error just return */
1201 if (ldb_request_get_status(req
) != LDB_SUCCESS
) {
1205 ares
= talloc_zero(req
, struct ldb_reply
);
1208 req
->callback(req
, NULL
);
1211 ares
->type
= LDB_REPLY_DONE
;
1212 ares
->error
= error
;
1214 req
->callback(req
, ares
);
1217 static void ltdb_timeout(struct tevent_context
*ev
,
1218 struct tevent_timer
*te
,
1222 struct ltdb_context
*ctx
;
1223 ctx
= talloc_get_type(private_data
, struct ltdb_context
);
1225 if (!ctx
->request_terminated
) {
1226 /* request is done now */
1227 ltdb_request_done(ctx
, LDB_ERR_TIME_LIMIT_EXCEEDED
);
1231 /* neutralize the spy */
1232 ctx
->spy
->ctx
= NULL
;
1238 static void ltdb_request_extended_done(struct ltdb_context
*ctx
,
1239 struct ldb_extended
*ext
,
1242 struct ldb_context
*ldb
;
1243 struct ldb_request
*req
;
1244 struct ldb_reply
*ares
;
1246 ldb
= ldb_module_get_ctx(ctx
->module
);
1249 /* if we already returned an error just return */
1250 if (ldb_request_get_status(req
) != LDB_SUCCESS
) {
1254 ares
= talloc_zero(req
, struct ldb_reply
);
1257 req
->callback(req
, NULL
);
1260 ares
->type
= LDB_REPLY_DONE
;
1261 ares
->response
= ext
;
1262 ares
->error
= error
;
1264 req
->callback(req
, ares
);
1267 static void ltdb_handle_extended(struct ltdb_context
*ctx
)
1269 struct ldb_extended
*ext
= NULL
;
1272 if (strcmp(ctx
->req
->op
.extended
.oid
,
1273 LDB_EXTENDED_SEQUENCE_NUMBER
) == 0) {
1274 /* get sequence number */
1275 ret
= ltdb_sequence_number(ctx
, &ext
);
1277 /* not recognized */
1278 ret
= LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION
;
1281 ltdb_request_extended_done(ctx
, ext
, ret
);
1284 static void ltdb_callback(struct tevent_context
*ev
,
1285 struct tevent_timer
*te
,
1289 struct ltdb_context
*ctx
;
1292 ctx
= talloc_get_type(private_data
, struct ltdb_context
);
1294 if (ctx
->request_terminated
) {
1298 switch (ctx
->req
->operation
) {
1300 ret
= ltdb_search(ctx
);
1303 ret
= ltdb_add(ctx
);
1306 ret
= ltdb_modify(ctx
);
1309 ret
= ltdb_delete(ctx
);
1312 ret
= ltdb_rename(ctx
);
1315 ltdb_handle_extended(ctx
);
1318 /* no other op supported */
1319 ret
= LDB_ERR_PROTOCOL_ERROR
;
1322 if (!ctx
->request_terminated
) {
1323 /* request is done now */
1324 ltdb_request_done(ctx
, ret
);
1329 /* neutralize the spy */
1330 ctx
->spy
->ctx
= NULL
;
1336 static int ltdb_request_destructor(void *ptr
)
1338 struct ltdb_req_spy
*spy
= talloc_get_type(ptr
, struct ltdb_req_spy
);
1340 if (spy
->ctx
!= NULL
) {
1341 spy
->ctx
->spy
= NULL
;
1342 spy
->ctx
->request_terminated
= true;
1349 static int ltdb_handle_request(struct ldb_module
*module
,
1350 struct ldb_request
*req
)
1352 struct ldb_control
*control_permissive
;
1353 struct ldb_context
*ldb
;
1354 struct tevent_context
*ev
;
1355 struct ltdb_context
*ac
;
1356 struct tevent_timer
*te
;
1360 ldb
= ldb_module_get_ctx(module
);
1362 control_permissive
= ldb_request_get_control(req
,
1363 LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
1365 for (i
= 0; req
->controls
&& req
->controls
[i
]; i
++) {
1366 if (req
->controls
[i
]->critical
&&
1367 req
->controls
[i
] != control_permissive
) {
1368 ldb_asprintf_errstring(ldb
, "Unsupported critical extension %s",
1369 req
->controls
[i
]->oid
);
1370 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION
;
1374 if (req
->starttime
== 0 || req
->timeout
== 0) {
1375 ldb_set_errstring(ldb
, "Invalid timeout settings");
1376 return LDB_ERR_TIME_LIMIT_EXCEEDED
;
1379 ev
= ldb_get_event_context(ldb
);
1381 ac
= talloc_zero(ldb
, struct ltdb_context
);
1384 return LDB_ERR_OPERATIONS_ERROR
;
1387 ac
->module
= module
;
1392 te
= tevent_add_timer(ev
, ac
, tv
, ltdb_callback
, ac
);
1395 return LDB_ERR_OPERATIONS_ERROR
;
1398 tv
.tv_sec
= req
->starttime
+ req
->timeout
;
1399 ac
->timeout_event
= tevent_add_timer(ev
, ac
, tv
, ltdb_timeout
, ac
);
1400 if (NULL
== ac
->timeout_event
) {
1402 return LDB_ERR_OPERATIONS_ERROR
;
1405 /* set a spy so that we do not try to use the request context
1406 * if it is freed before ltdb_callback fires */
1407 ac
->spy
= talloc(req
, struct ltdb_req_spy
);
1408 if (NULL
== ac
->spy
) {
1410 return LDB_ERR_OPERATIONS_ERROR
;
1414 talloc_set_destructor((TALLOC_CTX
*)ac
->spy
, ltdb_request_destructor
);
1419 static int ltdb_init_rootdse(struct ldb_module
*module
)
1421 /* ignore errors on this - we expect it for non-sam databases */
1422 ldb_mod_register_control(module
, LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
1424 /* there can be no module beyond the backend, just return */
1428 static const struct ldb_module_ops ltdb_ops
= {
1430 .init_context
= ltdb_init_rootdse
,
1431 .search
= ltdb_handle_request
,
1432 .add
= ltdb_handle_request
,
1433 .modify
= ltdb_handle_request
,
1434 .del
= ltdb_handle_request
,
1435 .rename
= ltdb_handle_request
,
1436 .extended
= ltdb_handle_request
,
1437 .start_transaction
= ltdb_start_trans
,
1438 .end_transaction
= ltdb_end_trans
,
1439 .prepare_commit
= ltdb_prepare_commit
,
1440 .del_transaction
= ltdb_del_trans
,
1444 connect to the database
1446 static int ltdb_connect(struct ldb_context
*ldb
, const char *url
,
1447 unsigned int flags
, const char *options
[],
1448 struct ldb_module
**_module
)
1450 struct ldb_module
*module
;
1452 int tdb_flags
, open_flags
;
1453 struct ltdb_private
*ltdb
;
1456 if (strchr(url
, ':')) {
1457 if (strncmp(url
, "tdb://", 6) != 0) {
1458 ldb_debug(ldb
, LDB_DEBUG_ERROR
,
1459 "Invalid tdb URL '%s'", url
);
1460 return LDB_ERR_OPERATIONS_ERROR
;
1467 tdb_flags
= TDB_DEFAULT
| TDB_SEQNUM
;
1469 /* check for the 'nosync' option */
1470 if (flags
& LDB_FLG_NOSYNC
) {
1471 tdb_flags
|= TDB_NOSYNC
;
1474 /* and nommap option */
1475 if (flags
& LDB_FLG_NOMMAP
) {
1476 tdb_flags
|= TDB_NOMMAP
;
1479 if (flags
& LDB_FLG_RDONLY
) {
1480 open_flags
= O_RDONLY
;
1482 open_flags
= O_CREAT
| O_RDWR
;
1485 ltdb
= talloc_zero(ldb
, struct ltdb_private
);
1488 return LDB_ERR_OPERATIONS_ERROR
;
1491 /* note that we use quite a large default hash size */
1492 ltdb
->tdb
= ltdb_wrap_open(ltdb
, path
, 10000,
1493 tdb_flags
, open_flags
,
1494 ldb_get_create_perms(ldb
), ldb
);
1496 ldb_asprintf_errstring(ldb
,
1497 "Unable to open tdb '%s'", path
);
1498 ldb_debug(ldb
, LDB_DEBUG_ERROR
,
1499 "Unable to open tdb '%s'", path
);
1501 return LDB_ERR_OPERATIONS_ERROR
;
1504 if (getenv("LDB_WARN_UNINDEXED")) {
1505 ltdb
->warn_unindexed
= true;
1508 ltdb
->sequence_number
= 0;
1510 module
= ldb_module_new(ldb
, ldb
, "ldb_tdb backend", <db_ops
);
1514 return LDB_ERR_OPERATIONS_ERROR
;
1516 ldb_module_set_private(module
, ltdb
);
1517 talloc_steal(module
, ltdb
);
1519 if (ltdb_cache_load(module
) != 0) {
1520 ldb_asprintf_errstring(ldb
,
1521 "Unable to load ltdb cache records of tdb '%s'", path
);
1522 talloc_free(module
);
1523 return LDB_ERR_OPERATIONS_ERROR
;
1530 int ldb_tdb_init(const char *version
)
1532 LDB_MODULE_CHECK_VERSION(version
);
1533 return ldb_register_backend("tdb", ltdb_connect
, false);