4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
56 prevent memory errors on callbacks
59 struct ltdb_context
*ctx
;
63 map a tdb error code to a ldb error code
65 int ltdb_err_map(enum TDB_ERROR tdb_code
)
73 return LDB_ERR_OPERATIONS_ERROR
;
75 return LDB_ERR_PROTOCOL_ERROR
;
79 case TDB_ERR_LOCK_TIMEOUT
:
80 return LDB_ERR_TIME_LIMIT_EXCEEDED
;
82 return LDB_ERR_ENTRY_ALREADY_EXISTS
;
84 return LDB_ERR_NO_SUCH_OBJECT
;
86 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS
;
94 lock the database for read - use by ltdb_search and ltdb_sequence_number
96 int ltdb_lock_read(struct ldb_module
*module
)
98 void *data
= ldb_module_get_private(module
);
99 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
102 if (ltdb
->in_transaction
== 0 &&
103 ltdb
->read_lock_count
== 0) {
104 ret
= tdb_lockall_read(ltdb
->tdb
);
107 ltdb
->read_lock_count
++;
113 unlock the database after a ltdb_lock_read()
115 int ltdb_unlock_read(struct ldb_module
*module
)
117 void *data
= ldb_module_get_private(module
);
118 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
119 if (ltdb
->in_transaction
== 0 && ltdb
->read_lock_count
== 1) {
120 tdb_unlockall_read(ltdb
->tdb
);
123 ltdb
->read_lock_count
--;
129 form a TDB_DATA for a record key
132 note that the key for a record can depend on whether the
133 dn refers to a case sensitive index record or not
135 TDB_DATA
ltdb_key(struct ldb_module
*module
, struct ldb_dn
*dn
)
137 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
139 char *key_str
= NULL
;
140 const char *dn_folded
= NULL
;
143 most DNs are case insensitive. The exception is index DNs for
144 case sensitive attributes
146 there are 3 cases dealt with in this code:
148 1) if the dn doesn't start with @ then uppercase the attribute
149 names and the attributes values of case insensitive attributes
150 2) if the dn starts with @ then leave it alone -
151 the indexing code handles the rest
154 dn_folded
= ldb_dn_get_casefold(dn
);
159 key_str
= talloc_strdup(ldb
, "DN=");
164 key_str
= talloc_strdup_append_buffer(key_str
, dn_folded
);
169 key
.dptr
= (uint8_t *)key_str
;
170 key
.dsize
= strlen(key_str
) + 1;
182 check special dn's have valid attributes
183 currently only @ATTRIBUTES is checked
185 static int ltdb_check_special_dn(struct ldb_module
*module
,
186 const struct ldb_message
*msg
)
188 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
191 if (! ldb_dn_is_special(msg
->dn
) ||
192 ! ldb_dn_check_special(msg
->dn
, LTDB_ATTRIBUTES
)) {
196 /* we have @ATTRIBUTES, let's check attributes are fine */
197 /* should we check that we deny multivalued attributes ? */
198 for (i
= 0; i
< msg
->num_elements
; i
++) {
199 if (ldb_attr_cmp(msg
->elements
[i
].name
, "distinguishedName") == 0) continue;
201 for (j
= 0; j
< msg
->elements
[i
].num_values
; j
++) {
202 if (ltdb_check_at_attributes_values(&msg
->elements
[i
].values
[j
]) != 0) {
203 ldb_set_errstring(ldb
, "Invalid attribute value in an @ATTRIBUTES entry");
204 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX
;
214 we've made a modification to a dn - possibly reindex and
215 update sequence number
217 static int ltdb_modified(struct ldb_module
*module
, struct ldb_dn
*dn
)
219 int ret
= LDB_SUCCESS
;
220 struct ltdb_private
*ltdb
= talloc_get_type(ldb_module_get_private(module
), struct ltdb_private
);
222 /* only allow modifies inside a transaction, otherwise the
224 if (ltdb
->in_transaction
== 0) {
225 ldb_set_errstring(ldb_module_get_ctx(module
), "ltdb modify without transaction");
226 return LDB_ERR_OPERATIONS_ERROR
;
229 if (ldb_dn_is_special(dn
) &&
230 (ldb_dn_check_special(dn
, LTDB_INDEXLIST
) ||
231 ldb_dn_check_special(dn
, LTDB_ATTRIBUTES
)) ) {
232 ret
= ltdb_reindex(module
);
235 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
236 if (ret
== LDB_SUCCESS
&&
237 !(ldb_dn_is_special(dn
) &&
238 ldb_dn_check_special(dn
, LTDB_BASEINFO
)) ) {
239 ret
= ltdb_increase_sequence_number(module
);
242 /* If the modify was to @OPTIONS, reload the cache */
243 if (ret
== LDB_SUCCESS
&&
244 ldb_dn_is_special(dn
) &&
245 (ldb_dn_check_special(dn
, LTDB_OPTIONS
)) ) {
246 ret
= ltdb_cache_reload(module
);
253 store a record into the db
255 int ltdb_store(struct ldb_module
*module
, const struct ldb_message
*msg
, int flgs
)
257 void *data
= ldb_module_get_private(module
);
258 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
259 TDB_DATA tdb_key
, tdb_data
;
260 int ret
= LDB_SUCCESS
;
262 tdb_key
= ltdb_key(module
, msg
->dn
);
263 if (tdb_key
.dptr
== NULL
) {
264 return LDB_ERR_OTHER
;
267 ret
= ltdb_pack_data(module
, msg
, &tdb_data
);
269 talloc_free(tdb_key
.dptr
);
270 return LDB_ERR_OTHER
;
273 ret
= tdb_store(ltdb
->tdb
, tdb_key
, tdb_data
, flgs
);
275 ret
= ltdb_err_map(tdb_error(ltdb
->tdb
));
280 talloc_free(tdb_key
.dptr
);
281 talloc_free(tdb_data
.dptr
);
288 check if a attribute is a single valued, for a given element
290 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute
*a
,
291 struct ldb_message_element
*el
)
293 if (!a
) return false;
295 if (el
->flags
& LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK
) {
296 /* override from a ldb module, for example
297 used for the description field, which is
298 marked multi-valued in the schema but which
299 should not actually accept multiple
303 if (el
->flags
& LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
) {
304 /* override from a ldb module, for example used for
305 deleted linked attribute entries */
309 if (a
->flags
& LDB_ATTR_FLAG_SINGLE_VALUE
) {
315 static int ltdb_add_internal(struct ldb_module
*module
,
316 const struct ldb_message
*msg
,
317 bool check_single_value
)
319 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
320 int ret
= LDB_SUCCESS
;
323 for (i
=0;i
<msg
->num_elements
;i
++) {
324 struct ldb_message_element
*el
= &msg
->elements
[i
];
325 const struct ldb_schema_attribute
*a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
327 if (el
->num_values
== 0) {
328 ldb_asprintf_errstring(ldb
, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
329 el
->name
, ldb_dn_get_linearized(msg
->dn
));
330 return LDB_ERR_CONSTRAINT_VIOLATION
;
332 if (check_single_value
&&
333 el
->num_values
> 1 &&
334 ldb_tdb_single_valued(a
, el
)) {
335 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
336 el
->name
, ldb_dn_get_linearized(msg
->dn
));
337 return LDB_ERR_CONSTRAINT_VIOLATION
;
340 /* Do not check "@ATTRIBUTES" for duplicated values */
341 if (ldb_dn_is_special(msg
->dn
) &&
342 ldb_dn_check_special(msg
->dn
, LTDB_ATTRIBUTES
)) {
346 /* TODO: This is O(n^2) - replace with more efficient check */
347 for (j
=0; j
<el
->num_values
; j
++) {
348 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
349 ldb_asprintf_errstring(ldb
,
350 "attribute '%s': value #%u on '%s' provided more than once",
351 el
->name
, j
, ldb_dn_get_linearized(msg
->dn
));
352 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
357 ret
= ltdb_store(module
, msg
, TDB_INSERT
);
358 if (ret
!= LDB_SUCCESS
) {
359 if (ret
== LDB_ERR_ENTRY_ALREADY_EXISTS
) {
360 ldb_asprintf_errstring(ldb
,
361 "Entry %s already exists",
362 ldb_dn_get_linearized(msg
->dn
));
367 ret
= ltdb_index_add_new(module
, msg
);
368 if (ret
!= LDB_SUCCESS
) {
372 ret
= ltdb_modified(module
, msg
->dn
);
378 add a record to the database
380 static int ltdb_add(struct ltdb_context
*ctx
)
382 struct ldb_module
*module
= ctx
->module
;
383 struct ldb_request
*req
= ctx
->req
;
384 int ret
= LDB_SUCCESS
;
386 ret
= ltdb_check_special_dn(module
, req
->op
.add
.message
);
387 if (ret
!= LDB_SUCCESS
) {
391 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
393 if (ltdb_cache_load(module
) != 0) {
394 return LDB_ERR_OPERATIONS_ERROR
;
397 ret
= ltdb_add_internal(module
, req
->op
.add
.message
, true);
403 delete a record from the database, not updating indexes (used for deleting
406 int ltdb_delete_noindex(struct ldb_module
*module
, struct ldb_dn
*dn
)
408 void *data
= ldb_module_get_private(module
);
409 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
413 tdb_key
= ltdb_key(module
, dn
);
415 return LDB_ERR_OTHER
;
418 ret
= tdb_delete(ltdb
->tdb
, tdb_key
);
419 talloc_free(tdb_key
.dptr
);
422 ret
= ltdb_err_map(tdb_error(ltdb
->tdb
));
428 static int ltdb_delete_internal(struct ldb_module
*module
, struct ldb_dn
*dn
)
430 struct ldb_message
*msg
;
431 int ret
= LDB_SUCCESS
;
433 msg
= ldb_msg_new(module
);
435 return LDB_ERR_OPERATIONS_ERROR
;
438 /* in case any attribute of the message was indexed, we need
439 to fetch the old record */
440 ret
= ltdb_search_dn1(module
, dn
, msg
);
441 if (ret
!= LDB_SUCCESS
) {
442 /* not finding the old record is an error */
446 ret
= ltdb_delete_noindex(module
, dn
);
447 if (ret
!= LDB_SUCCESS
) {
451 /* remove any indexed attributes */
452 ret
= ltdb_index_delete(module
, msg
);
453 if (ret
!= LDB_SUCCESS
) {
457 ret
= ltdb_modified(module
, dn
);
458 if (ret
!= LDB_SUCCESS
) {
468 delete a record from the database
470 static int ltdb_delete(struct ltdb_context
*ctx
)
472 struct ldb_module
*module
= ctx
->module
;
473 struct ldb_request
*req
= ctx
->req
;
474 int ret
= LDB_SUCCESS
;
476 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
478 if (ltdb_cache_load(module
) != 0) {
479 return LDB_ERR_OPERATIONS_ERROR
;
482 ret
= ltdb_delete_internal(module
, req
->op
.del
.dn
);
488 find an element by attribute name. At the moment this does a linear search,
489 it should be re-coded to use a binary search once all places that modify
490 records guarantee sorted order
492 return the index of the first matching element if found, otherwise -1
494 static int find_element(const struct ldb_message
*msg
, const char *name
)
497 for (i
=0;i
<msg
->num_elements
;i
++) {
498 if (ldb_attr_cmp(msg
->elements
[i
].name
, name
) == 0) {
507 add an element to an existing record. Assumes a elements array that we
508 can call re-alloc on, and assumed that we can re-use the data pointers from
509 the passed in additional values. Use with care!
511 returns 0 on success, -1 on failure (and sets errno)
513 static int ltdb_msg_add_element(struct ldb_context
*ldb
,
514 struct ldb_message
*msg
,
515 struct ldb_message_element
*el
)
517 struct ldb_message_element
*e2
;
520 if (el
->num_values
== 0) {
521 /* nothing to do here - we don't add empty elements */
525 e2
= talloc_realloc(msg
, msg
->elements
, struct ldb_message_element
,
526 msg
->num_elements
+1);
534 e2
= &msg
->elements
[msg
->num_elements
];
537 e2
->flags
= el
->flags
;
538 e2
->values
= talloc_array(msg
->elements
,
539 struct ldb_val
, el
->num_values
);
544 for (i
=0;i
<el
->num_values
;i
++) {
545 e2
->values
[i
] = el
->values
[i
];
547 e2
->num_values
= el
->num_values
;
555 delete all elements having a specified attribute name
557 static int msg_delete_attribute(struct ldb_module
*module
,
558 struct ldb_context
*ldb
,
559 struct ldb_message
*msg
, const char *name
)
563 struct ldb_message_element
*el
;
565 el
= ldb_msg_find_element(msg
, name
);
567 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
569 i
= el
- msg
->elements
;
571 ret
= ltdb_index_del_element(module
, msg
->dn
, el
);
572 if (ret
!= LDB_SUCCESS
) {
576 talloc_free(el
->values
);
577 if (msg
->num_elements
> (i
+1)) {
578 memmove(el
, el
+1, sizeof(*el
) * (msg
->num_elements
- (i
+1)));
581 msg
->elements
= talloc_realloc(msg
, msg
->elements
,
582 struct ldb_message_element
,
588 delete all elements matching an attribute name/value
590 return LDB Error on failure
592 static int msg_delete_element(struct ldb_module
*module
,
593 struct ldb_message
*msg
,
595 const struct ldb_val
*val
)
597 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
600 struct ldb_message_element
*el
;
601 const struct ldb_schema_attribute
*a
;
603 found
= find_element(msg
, name
);
605 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
608 i
= (unsigned int) found
;
609 el
= &(msg
->elements
[i
]);
611 a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
613 for (i
=0;i
<el
->num_values
;i
++) {
615 if (a
->syntax
->operator_fn
) {
616 ret
= a
->syntax
->operator_fn(ldb
, LDB_OP_EQUALITY
, a
,
617 &el
->values
[i
], val
, &matched
);
618 if (ret
!= LDB_SUCCESS
) return ret
;
620 matched
= (a
->syntax
->comparison_fn(ldb
, ldb
,
621 &el
->values
[i
], val
) == 0);
624 if (el
->num_values
== 1) {
625 return msg_delete_attribute(module
, ldb
, msg
, name
);
628 ret
= ltdb_index_del_value(module
, msg
->dn
, el
, i
);
629 if (ret
!= LDB_SUCCESS
) {
633 if (i
<el
->num_values
-1) {
634 memmove(&el
->values
[i
], &el
->values
[i
+1],
635 sizeof(el
->values
[i
])*
636 (el
->num_values
-(i
+1)));
640 /* per definition we find in a canonicalised message an
641 attribute value only once. So we are finished here */
647 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
652 modify a record - internal interface
654 yuck - this is O(n^2). Luckily n is usually small so we probably
655 get away with it, but if we ever have really large attribute lists
656 then we'll need to look at this again
658 'req' is optional, and is used to specify controls if supplied
660 int ltdb_modify_internal(struct ldb_module
*module
,
661 const struct ldb_message
*msg
,
662 struct ldb_request
*req
)
664 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
665 void *data
= ldb_module_get_private(module
);
666 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
667 TDB_DATA tdb_key
, tdb_data
;
668 struct ldb_message
*msg2
;
669 unsigned int i
, j
, k
;
670 int ret
= LDB_SUCCESS
, idx
;
671 struct ldb_control
*control_permissive
= NULL
;
674 control_permissive
= ldb_request_get_control(req
,
675 LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
678 tdb_key
= ltdb_key(module
, msg
->dn
);
680 return LDB_ERR_OTHER
;
683 tdb_data
= tdb_fetch(ltdb
->tdb
, tdb_key
);
684 if (!tdb_data
.dptr
) {
685 talloc_free(tdb_key
.dptr
);
686 return ltdb_err_map(tdb_error(ltdb
->tdb
));
689 msg2
= ldb_msg_new(tdb_key
.dptr
);
696 ret
= ltdb_unpack_data(ldb_module_get_ctx(module
), &tdb_data
, msg2
);
707 for (i
=0; i
<msg
->num_elements
; i
++) {
708 struct ldb_message_element
*el
= &msg
->elements
[i
], *el2
;
709 struct ldb_val
*vals
;
710 const struct ldb_schema_attribute
*a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
713 switch (msg
->elements
[i
].flags
& LDB_FLAG_MOD_MASK
) {
714 case LDB_FLAG_MOD_ADD
:
716 if (el
->num_values
== 0) {
717 ldb_asprintf_errstring(ldb
,
718 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
719 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
720 ret
= LDB_ERR_CONSTRAINT_VIOLATION
;
724 /* make a copy of the array so that a permissive
725 * control can remove duplicates without changing the
726 * original values, but do not copy data as we do not
727 * need to keep it around once the operation is
729 if (control_permissive
) {
730 el
= talloc(msg2
, struct ldb_message_element
);
735 *el
= msg
->elements
[i
];
736 el
->values
= talloc_array(el
, struct ldb_val
, el
->num_values
);
737 if (el
->values
== NULL
) {
741 for (j
= 0; j
< el
->num_values
; j
++) {
742 el
->values
[j
] = msg
->elements
[i
].values
[j
];
746 if (el
->num_values
> 1 && ldb_tdb_single_valued(a
, el
)) {
747 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
748 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
749 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
753 /* Checks if element already exists */
754 idx
= find_element(msg2
, el
->name
);
756 if (ltdb_msg_add_element(ldb
, msg2
, el
) != 0) {
760 ret
= ltdb_index_add_element(module
, msg2
->dn
,
762 if (ret
!= LDB_SUCCESS
) {
766 j
= (unsigned int) idx
;
767 el2
= &(msg2
->elements
[j
]);
769 /* We cannot add another value on a existing one
770 if the attribute is single-valued */
771 if (ldb_tdb_single_valued(a
, el
)) {
772 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
773 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
774 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
778 /* Check that values don't exist yet on multi-
779 valued attributes or aren't provided twice */
780 /* TODO: This is O(n^2) - replace with more efficient check */
781 for (j
= 0; j
< el
->num_values
; j
++) {
782 if (ldb_msg_find_val(el2
, &el
->values
[j
]) != NULL
) {
783 if (control_permissive
) {
784 /* remove this one as if it was never added */
786 for (k
= j
; k
< el
->num_values
; k
++) {
787 el
->values
[k
] = el
->values
[k
+ 1];
794 ldb_asprintf_errstring(ldb
,
795 "attribute '%s': value #%u on '%s' already exists",
796 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
797 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
800 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
801 ldb_asprintf_errstring(ldb
,
802 "attribute '%s': value #%u on '%s' provided more than once",
803 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
804 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
809 /* Now combine existing and new values to a new
811 vals
= talloc_realloc(msg2
->elements
,
812 el2
->values
, struct ldb_val
,
813 el2
->num_values
+ el
->num_values
);
820 for (j
=0; j
<el
->num_values
; j
++) {
821 vals
[el2
->num_values
+ j
] =
822 ldb_val_dup(vals
, &el
->values
[j
]);
826 el2
->num_values
+= el
->num_values
;
828 ret
= ltdb_index_add_element(module
, msg2
->dn
, el
);
829 if (ret
!= LDB_SUCCESS
) {
836 case LDB_FLAG_MOD_REPLACE
:
838 if (el
->num_values
> 1 && ldb_tdb_single_valued(a
, el
)) {
839 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
840 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
841 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
845 /* TODO: This is O(n^2) - replace with more efficient check */
846 for (j
=0; j
<el
->num_values
; j
++) {
847 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
848 ldb_asprintf_errstring(ldb
,
849 "attribute '%s': value #%u on '%s' provided more than once",
850 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
851 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
856 /* Checks if element already exists */
857 idx
= find_element(msg2
, el
->name
);
859 j
= (unsigned int) idx
;
860 el2
= &(msg2
->elements
[j
]);
862 /* we consider two elements to be
863 * equal only if the order
864 * matches. This allows dbcheck to
865 * fix the ordering on attributes
866 * where order matters, such as
869 if (ldb_msg_element_equal_ordered(el
, el2
)) {
873 /* Delete the attribute if it exists in the DB */
874 if (msg_delete_attribute(module
, ldb
, msg2
,
881 /* Recreate it with the new values */
882 if (ltdb_msg_add_element(ldb
, msg2
, el
) != 0) {
887 ret
= ltdb_index_add_element(module
, msg2
->dn
, el
);
888 if (ret
!= LDB_SUCCESS
) {
894 case LDB_FLAG_MOD_DELETE
:
895 dn
= ldb_dn_get_linearized(msg2
->dn
);
901 if (msg
->elements
[i
].num_values
== 0) {
902 /* Delete the whole attribute */
903 ret
= msg_delete_attribute(module
, ldb
, msg2
,
904 msg
->elements
[i
].name
);
905 if (ret
== LDB_ERR_NO_SUCH_ATTRIBUTE
&&
906 control_permissive
) {
909 ldb_asprintf_errstring(ldb
,
910 "attribute '%s': no such attribute for delete on '%s'",
911 msg
->elements
[i
].name
, dn
);
913 if (ret
!= LDB_SUCCESS
) {
917 /* Delete specified values from an attribute */
918 for (j
=0; j
< msg
->elements
[i
].num_values
; j
++) {
919 ret
= msg_delete_element(module
,
921 msg
->elements
[i
].name
,
922 &msg
->elements
[i
].values
[j
]);
923 if (ret
== LDB_ERR_NO_SUCH_ATTRIBUTE
&&
924 control_permissive
) {
927 ldb_asprintf_errstring(ldb
,
928 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
929 msg
->elements
[i
].name
, dn
);
931 if (ret
!= LDB_SUCCESS
) {
938 ldb_asprintf_errstring(ldb
,
939 "attribute '%s': invalid modify flags on '%s': 0x%x",
940 msg
->elements
[i
].name
, ldb_dn_get_linearized(msg
->dn
),
941 msg
->elements
[i
].flags
& LDB_FLAG_MOD_MASK
);
942 ret
= LDB_ERR_PROTOCOL_ERROR
;
947 ret
= ltdb_store(module
, msg2
, TDB_MODIFY
);
948 if (ret
!= LDB_SUCCESS
) {
952 ret
= ltdb_modified(module
, msg2
->dn
);
953 if (ret
!= LDB_SUCCESS
) {
958 talloc_free(tdb_key
.dptr
);
965 static int ltdb_modify(struct ltdb_context
*ctx
)
967 struct ldb_module
*module
= ctx
->module
;
968 struct ldb_request
*req
= ctx
->req
;
969 int ret
= LDB_SUCCESS
;
971 ret
= ltdb_check_special_dn(module
, req
->op
.mod
.message
);
972 if (ret
!= LDB_SUCCESS
) {
976 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
978 if (ltdb_cache_load(module
) != 0) {
979 return LDB_ERR_OPERATIONS_ERROR
;
982 ret
= ltdb_modify_internal(module
, req
->op
.mod
.message
, req
);
990 static int ltdb_rename(struct ltdb_context
*ctx
)
992 struct ldb_module
*module
= ctx
->module
;
993 void *data
= ldb_module_get_private(module
);
994 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
995 struct ldb_request
*req
= ctx
->req
;
996 struct ldb_message
*msg
;
997 int ret
= LDB_SUCCESS
;
998 TDB_DATA tdb_key
, tdb_key_old
;
1000 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
1002 if (ltdb_cache_load(ctx
->module
) != 0) {
1003 return LDB_ERR_OPERATIONS_ERROR
;
1006 msg
= ldb_msg_new(ctx
);
1008 return LDB_ERR_OPERATIONS_ERROR
;
1011 /* we need to fetch the old record to re-add under the new name */
1012 ret
= ltdb_search_dn1(module
, req
->op
.rename
.olddn
, msg
);
1013 if (ret
!= LDB_SUCCESS
) {
1014 /* not finding the old record is an error */
1018 /* We need to, before changing the DB, check if the new DN
1019 * exists, so we can return this error to the caller with an
1021 tdb_key
= ltdb_key(module
, req
->op
.rename
.newdn
);
1022 if (!tdb_key
.dptr
) {
1024 return LDB_ERR_OPERATIONS_ERROR
;
1027 tdb_key_old
= ltdb_key(module
, req
->op
.rename
.olddn
);
1028 if (!tdb_key_old
.dptr
) {
1030 talloc_free(tdb_key
.dptr
);
1031 return LDB_ERR_OPERATIONS_ERROR
;
1034 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1035 if (tdb_key_old
.dsize
!= tdb_key
.dsize
|| memcmp(tdb_key
.dptr
, tdb_key_old
.dptr
, tdb_key
.dsize
) != 0) {
1036 if (tdb_exists(ltdb
->tdb
, tdb_key
)) {
1037 talloc_free(tdb_key_old
.dptr
);
1038 talloc_free(tdb_key
.dptr
);
1039 ldb_asprintf_errstring(ldb_module_get_ctx(module
),
1040 "Entry %s already exists",
1041 ldb_dn_get_linearized(msg
->dn
));
1042 /* finding the new record already in the DB is an error */
1044 return LDB_ERR_ENTRY_ALREADY_EXISTS
;
1047 talloc_free(tdb_key_old
.dptr
);
1048 talloc_free(tdb_key
.dptr
);
1050 /* Always delete first then add, to avoid conflicts with
1051 * unique indexes. We rely on the transaction to make this
1054 ret
= ltdb_delete_internal(module
, msg
->dn
);
1055 if (ret
!= LDB_SUCCESS
) {
1060 msg
->dn
= ldb_dn_copy(msg
, req
->op
.rename
.newdn
);
1061 if (msg
->dn
== NULL
) {
1063 return LDB_ERR_OPERATIONS_ERROR
;
1066 /* We don't check single value as we can have more than 1 with
1067 * deleted attributes. We could go through all elements but that's
1068 * maybe not the most efficient way
1070 ret
= ltdb_add_internal(module
, msg
, false);
1077 static int ltdb_start_trans(struct ldb_module
*module
)
1079 void *data
= ldb_module_get_private(module
);
1080 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1082 if (tdb_transaction_start(ltdb
->tdb
) != 0) {
1083 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1086 ltdb
->in_transaction
++;
1088 ltdb_index_transaction_start(module
);
1093 static int ltdb_prepare_commit(struct ldb_module
*module
)
1095 void *data
= ldb_module_get_private(module
);
1096 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1098 if (ltdb
->in_transaction
!= 1) {
1102 if (ltdb_index_transaction_commit(module
) != 0) {
1103 tdb_transaction_cancel(ltdb
->tdb
);
1104 ltdb
->in_transaction
--;
1105 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1108 if (tdb_transaction_prepare_commit(ltdb
->tdb
) != 0) {
1109 ltdb
->in_transaction
--;
1110 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1113 ltdb
->prepared_commit
= true;
1118 static int ltdb_end_trans(struct ldb_module
*module
)
1120 void *data
= ldb_module_get_private(module
);
1121 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1123 if (!ltdb
->prepared_commit
) {
1124 int ret
= ltdb_prepare_commit(module
);
1125 if (ret
!= LDB_SUCCESS
) {
1130 ltdb
->in_transaction
--;
1131 ltdb
->prepared_commit
= false;
1133 if (tdb_transaction_commit(ltdb
->tdb
) != 0) {
1134 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1140 static int ltdb_del_trans(struct ldb_module
*module
)
1142 void *data
= ldb_module_get_private(module
);
1143 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1145 ltdb
->in_transaction
--;
1147 if (ltdb_index_transaction_cancel(module
) != 0) {
1148 tdb_transaction_cancel(ltdb
->tdb
);
1149 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1152 tdb_transaction_cancel(ltdb
->tdb
);
1157 return sequenceNumber from @BASEINFO
1159 static int ltdb_sequence_number(struct ltdb_context
*ctx
,
1160 struct ldb_extended
**ext
)
1162 struct ldb_context
*ldb
;
1163 struct ldb_module
*module
= ctx
->module
;
1164 struct ldb_request
*req
= ctx
->req
;
1165 TALLOC_CTX
*tmp_ctx
= NULL
;
1166 struct ldb_seqnum_request
*seq
;
1167 struct ldb_seqnum_result
*res
;
1168 struct ldb_message
*msg
= NULL
;
1171 int ret
= LDB_SUCCESS
;
1173 ldb
= ldb_module_get_ctx(module
);
1175 seq
= talloc_get_type(req
->op
.extended
.data
,
1176 struct ldb_seqnum_request
);
1178 return LDB_ERR_OPERATIONS_ERROR
;
1181 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
1183 if (ltdb_lock_read(module
) != 0) {
1184 return LDB_ERR_OPERATIONS_ERROR
;
1187 res
= talloc_zero(req
, struct ldb_seqnum_result
);
1189 ret
= LDB_ERR_OPERATIONS_ERROR
;
1193 tmp_ctx
= talloc_new(req
);
1194 if (tmp_ctx
== NULL
) {
1195 ret
= LDB_ERR_OPERATIONS_ERROR
;
1199 dn
= ldb_dn_new(tmp_ctx
, ldb
, LTDB_BASEINFO
);
1201 ret
= LDB_ERR_OPERATIONS_ERROR
;
1205 msg
= ldb_msg_new(tmp_ctx
);
1207 ret
= LDB_ERR_OPERATIONS_ERROR
;
1211 ret
= ltdb_search_dn1(module
, dn
, msg
);
1212 if (ret
!= LDB_SUCCESS
) {
1216 switch (seq
->type
) {
1217 case LDB_SEQ_HIGHEST_SEQ
:
1218 res
->seq_num
= ldb_msg_find_attr_as_uint64(msg
, LTDB_SEQUENCE_NUMBER
, 0);
1221 res
->seq_num
= ldb_msg_find_attr_as_uint64(msg
, LTDB_SEQUENCE_NUMBER
, 0);
1224 case LDB_SEQ_HIGHEST_TIMESTAMP
:
1225 date
= ldb_msg_find_attr_as_string(msg
, LTDB_MOD_TIMESTAMP
, NULL
);
1227 res
->seq_num
= ldb_string_to_time(date
);
1230 /* zero is as good as anything when we don't know */
1235 *ext
= talloc_zero(req
, struct ldb_extended
);
1237 ret
= LDB_ERR_OPERATIONS_ERROR
;
1240 (*ext
)->oid
= LDB_EXTENDED_SEQUENCE_NUMBER
;
1241 (*ext
)->data
= talloc_steal(*ext
, res
);
1244 talloc_free(tmp_ctx
);
1245 ltdb_unlock_read(module
);
1249 static void ltdb_request_done(struct ltdb_context
*ctx
, int error
)
1251 struct ldb_context
*ldb
;
1252 struct ldb_request
*req
;
1253 struct ldb_reply
*ares
;
1255 ldb
= ldb_module_get_ctx(ctx
->module
);
1258 /* if we already returned an error just return */
1259 if (ldb_request_get_status(req
) != LDB_SUCCESS
) {
1263 ares
= talloc_zero(req
, struct ldb_reply
);
1266 req
->callback(req
, NULL
);
1269 ares
->type
= LDB_REPLY_DONE
;
1270 ares
->error
= error
;
1272 req
->callback(req
, ares
);
1275 static void ltdb_timeout(struct tevent_context
*ev
,
1276 struct tevent_timer
*te
,
1280 struct ltdb_context
*ctx
;
1281 ctx
= talloc_get_type(private_data
, struct ltdb_context
);
1283 if (!ctx
->request_terminated
) {
1284 /* request is done now */
1285 ltdb_request_done(ctx
, LDB_ERR_TIME_LIMIT_EXCEEDED
);
1289 /* neutralize the spy */
1290 ctx
->spy
->ctx
= NULL
;
1296 static void ltdb_request_extended_done(struct ltdb_context
*ctx
,
1297 struct ldb_extended
*ext
,
1300 struct ldb_context
*ldb
;
1301 struct ldb_request
*req
;
1302 struct ldb_reply
*ares
;
1304 ldb
= ldb_module_get_ctx(ctx
->module
);
1307 /* if we already returned an error just return */
1308 if (ldb_request_get_status(req
) != LDB_SUCCESS
) {
1312 ares
= talloc_zero(req
, struct ldb_reply
);
1315 req
->callback(req
, NULL
);
1318 ares
->type
= LDB_REPLY_DONE
;
1319 ares
->response
= ext
;
1320 ares
->error
= error
;
1322 req
->callback(req
, ares
);
1325 static void ltdb_handle_extended(struct ltdb_context
*ctx
)
1327 struct ldb_extended
*ext
= NULL
;
1330 if (strcmp(ctx
->req
->op
.extended
.oid
,
1331 LDB_EXTENDED_SEQUENCE_NUMBER
) == 0) {
1332 /* get sequence number */
1333 ret
= ltdb_sequence_number(ctx
, &ext
);
1335 /* not recognized */
1336 ret
= LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION
;
1339 ltdb_request_extended_done(ctx
, ext
, ret
);
1342 static void ltdb_callback(struct tevent_context
*ev
,
1343 struct tevent_timer
*te
,
1347 struct ltdb_context
*ctx
;
1350 ctx
= talloc_get_type(private_data
, struct ltdb_context
);
1352 if (ctx
->request_terminated
) {
1356 switch (ctx
->req
->operation
) {
1358 ret
= ltdb_search(ctx
);
1361 ret
= ltdb_add(ctx
);
1364 ret
= ltdb_modify(ctx
);
1367 ret
= ltdb_delete(ctx
);
1370 ret
= ltdb_rename(ctx
);
1373 ltdb_handle_extended(ctx
);
1376 /* no other op supported */
1377 ret
= LDB_ERR_PROTOCOL_ERROR
;
1380 if (!ctx
->request_terminated
) {
1381 /* request is done now */
1382 ltdb_request_done(ctx
, ret
);
1387 /* neutralize the spy */
1388 ctx
->spy
->ctx
= NULL
;
1394 static int ltdb_request_destructor(void *ptr
)
1396 struct ltdb_req_spy
*spy
= talloc_get_type(ptr
, struct ltdb_req_spy
);
1398 if (spy
->ctx
!= NULL
) {
1399 spy
->ctx
->spy
= NULL
;
1400 spy
->ctx
->request_terminated
= true;
1407 static int ltdb_handle_request(struct ldb_module
*module
,
1408 struct ldb_request
*req
)
1410 struct ldb_control
*control_permissive
;
1411 struct ldb_context
*ldb
;
1412 struct tevent_context
*ev
;
1413 struct ltdb_context
*ac
;
1414 struct tevent_timer
*te
;
1418 ldb
= ldb_module_get_ctx(module
);
1420 control_permissive
= ldb_request_get_control(req
,
1421 LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
1423 for (i
= 0; req
->controls
&& req
->controls
[i
]; i
++) {
1424 if (req
->controls
[i
]->critical
&&
1425 req
->controls
[i
] != control_permissive
) {
1426 ldb_asprintf_errstring(ldb
, "Unsupported critical extension %s",
1427 req
->controls
[i
]->oid
);
1428 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION
;
1432 if (req
->starttime
== 0 || req
->timeout
== 0) {
1433 ldb_set_errstring(ldb
, "Invalid timeout settings");
1434 return LDB_ERR_TIME_LIMIT_EXCEEDED
;
1437 ev
= ldb_get_event_context(ldb
);
1439 ac
= talloc_zero(ldb
, struct ltdb_context
);
1442 return LDB_ERR_OPERATIONS_ERROR
;
1445 ac
->module
= module
;
1450 te
= tevent_add_timer(ev
, ac
, tv
, ltdb_callback
, ac
);
1453 return LDB_ERR_OPERATIONS_ERROR
;
1456 tv
.tv_sec
= req
->starttime
+ req
->timeout
;
1457 ac
->timeout_event
= tevent_add_timer(ev
, ac
, tv
, ltdb_timeout
, ac
);
1458 if (NULL
== ac
->timeout_event
) {
1460 return LDB_ERR_OPERATIONS_ERROR
;
1463 /* set a spy so that we do not try to use the request context
1464 * if it is freed before ltdb_callback fires */
1465 ac
->spy
= talloc(req
, struct ltdb_req_spy
);
1466 if (NULL
== ac
->spy
) {
1468 return LDB_ERR_OPERATIONS_ERROR
;
1472 talloc_set_destructor((TALLOC_CTX
*)ac
->spy
, ltdb_request_destructor
);
1477 static int ltdb_init_rootdse(struct ldb_module
*module
)
1479 /* ignore errors on this - we expect it for non-sam databases */
1480 ldb_mod_register_control(module
, LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
1482 /* there can be no module beyond the backend, just return */
1486 static const struct ldb_module_ops ltdb_ops
= {
1488 .init_context
= ltdb_init_rootdse
,
1489 .search
= ltdb_handle_request
,
1490 .add
= ltdb_handle_request
,
1491 .modify
= ltdb_handle_request
,
1492 .del
= ltdb_handle_request
,
1493 .rename
= ltdb_handle_request
,
1494 .extended
= ltdb_handle_request
,
1495 .start_transaction
= ltdb_start_trans
,
1496 .end_transaction
= ltdb_end_trans
,
1497 .prepare_commit
= ltdb_prepare_commit
,
1498 .del_transaction
= ltdb_del_trans
,
1502 connect to the database
1504 static int ltdb_connect(struct ldb_context
*ldb
, const char *url
,
1505 unsigned int flags
, const char *options
[],
1506 struct ldb_module
**_module
)
1508 struct ldb_module
*module
;
1510 int tdb_flags
, open_flags
;
1511 struct ltdb_private
*ltdb
;
1514 if (strchr(url
, ':')) {
1515 if (strncmp(url
, "tdb://", 6) != 0) {
1516 ldb_debug(ldb
, LDB_DEBUG_ERROR
,
1517 "Invalid tdb URL '%s'", url
);
1518 return LDB_ERR_OPERATIONS_ERROR
;
1525 tdb_flags
= TDB_DEFAULT
| TDB_SEQNUM
;
1527 /* check for the 'nosync' option */
1528 if (flags
& LDB_FLG_NOSYNC
) {
1529 tdb_flags
|= TDB_NOSYNC
;
1532 /* and nommap option */
1533 if (flags
& LDB_FLG_NOMMAP
) {
1534 tdb_flags
|= TDB_NOMMAP
;
1537 if (flags
& LDB_FLG_RDONLY
) {
1538 open_flags
= O_RDONLY
;
1540 open_flags
= O_CREAT
| O_RDWR
;
1543 ltdb
= talloc_zero(ldb
, struct ltdb_private
);
1546 return LDB_ERR_OPERATIONS_ERROR
;
1549 /* note that we use quite a large default hash size */
1550 ltdb
->tdb
= ltdb_wrap_open(ltdb
, path
, 10000,
1551 tdb_flags
, open_flags
,
1552 ldb_get_create_perms(ldb
), ldb
);
1554 ldb_asprintf_errstring(ldb
,
1555 "Unable to open tdb '%s'", path
);
1556 ldb_debug(ldb
, LDB_DEBUG_ERROR
,
1557 "Unable to open tdb '%s'", path
);
1559 return LDB_ERR_OPERATIONS_ERROR
;
1562 if (getenv("LDB_WARN_UNINDEXED")) {
1563 ltdb
->warn_unindexed
= true;
1566 ltdb
->sequence_number
= 0;
1568 module
= ldb_module_new(ldb
, ldb
, "ldb_tdb backend", <db_ops
);
1572 return LDB_ERR_OPERATIONS_ERROR
;
1574 ldb_module_set_private(module
, ltdb
);
1575 talloc_steal(module
, ltdb
);
1577 if (ltdb_cache_load(module
) != 0) {
1578 ldb_asprintf_errstring(ldb
,
1579 "Unable to load ltdb cache records of tdb '%s'", path
);
1580 talloc_free(module
);
1581 return LDB_ERR_OPERATIONS_ERROR
;
1588 int ldb_tdb_init(const char *version
)
1590 LDB_MODULE_CHECK_VERSION(version
);
1591 return ldb_register_backend("tdb", ltdb_connect
, false);