4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include "ldb_private.h"
57 prevent memory errors on callbacks
60 struct ltdb_context
*ctx
;
64 map a tdb error code to a ldb error code
66 int ltdb_err_map(enum TDB_ERROR tdb_code
)
74 return LDB_ERR_OPERATIONS_ERROR
;
76 return LDB_ERR_PROTOCOL_ERROR
;
80 case TDB_ERR_LOCK_TIMEOUT
:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED
;
83 return LDB_ERR_ENTRY_ALREADY_EXISTS
;
85 return LDB_ERR_NO_SUCH_OBJECT
;
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS
;
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
97 int ltdb_lock_read(struct ldb_module
*module
)
99 void *data
= ldb_module_get_private(module
);
100 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
103 if (ltdb
->in_transaction
== 0 &&
104 ltdb
->read_lock_count
== 0) {
105 ret
= tdb_lockall_read(ltdb
->tdb
);
108 ltdb
->read_lock_count
++;
114 unlock the database after a ltdb_lock_read()
116 int ltdb_unlock_read(struct ldb_module
*module
)
118 void *data
= ldb_module_get_private(module
);
119 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
120 if (ltdb
->in_transaction
== 0 && ltdb
->read_lock_count
== 1) {
121 tdb_unlockall_read(ltdb
->tdb
);
124 ltdb
->read_lock_count
--;
130 form a TDB_DATA for a record key
133 note that the key for a record can depend on whether the
134 dn refers to a case sensitive index record or not
136 TDB_DATA
ltdb_key(struct ldb_module
*module
, struct ldb_dn
*dn
)
138 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
140 char *key_str
= NULL
;
141 const char *dn_folded
= NULL
;
144 most DNs are case insensitive. The exception is index DNs for
145 case sensitive attributes
147 there are 3 cases dealt with in this code:
149 1) if the dn doesn't start with @ then uppercase the attribute
150 names and the attributes values of case insensitive attributes
151 2) if the dn starts with @ then leave it alone -
152 the indexing code handles the rest
155 dn_folded
= ldb_dn_get_casefold(dn
);
160 key_str
= talloc_strdup(ldb
, "DN=");
165 key_str
= talloc_strdup_append_buffer(key_str
, dn_folded
);
170 key
.dptr
= (uint8_t *)key_str
;
171 key
.dsize
= strlen(key_str
) + 1;
183 check special dn's have valid attributes
184 currently only @ATTRIBUTES is checked
186 static int ltdb_check_special_dn(struct ldb_module
*module
,
187 const struct ldb_message
*msg
)
189 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
192 if (! ldb_dn_is_special(msg
->dn
) ||
193 ! ldb_dn_check_special(msg
->dn
, LTDB_ATTRIBUTES
)) {
197 /* we have @ATTRIBUTES, let's check attributes are fine */
198 /* should we check that we deny multivalued attributes ? */
199 for (i
= 0; i
< msg
->num_elements
; i
++) {
200 if (ldb_attr_cmp(msg
->elements
[i
].name
, "distinguishedName") == 0) continue;
202 for (j
= 0; j
< msg
->elements
[i
].num_values
; j
++) {
203 if (ltdb_check_at_attributes_values(&msg
->elements
[i
].values
[j
]) != 0) {
204 ldb_set_errstring(ldb
, "Invalid attribute value in an @ATTRIBUTES entry");
205 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX
;
215 we've made a modification to a dn - possibly reindex and
216 update sequence number
218 static int ltdb_modified(struct ldb_module
*module
, struct ldb_dn
*dn
)
220 int ret
= LDB_SUCCESS
;
221 struct ltdb_private
*ltdb
= talloc_get_type(ldb_module_get_private(module
), struct ltdb_private
);
223 /* only allow modifies inside a transaction, otherwise the
225 if (ltdb
->in_transaction
== 0) {
226 ldb_set_errstring(ldb_module_get_ctx(module
), "ltdb modify without transaction");
227 return LDB_ERR_OPERATIONS_ERROR
;
230 if (ldb_dn_is_special(dn
) &&
231 (ldb_dn_check_special(dn
, LTDB_INDEXLIST
) ||
232 ldb_dn_check_special(dn
, LTDB_ATTRIBUTES
)) ) {
233 ret
= ltdb_reindex(module
);
236 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
237 if (ret
== LDB_SUCCESS
&&
238 !(ldb_dn_is_special(dn
) &&
239 ldb_dn_check_special(dn
, LTDB_BASEINFO
)) ) {
240 ret
= ltdb_increase_sequence_number(module
);
243 /* If the modify was to @OPTIONS, reload the cache */
244 if (ret
== LDB_SUCCESS
&&
245 ldb_dn_is_special(dn
) &&
246 (ldb_dn_check_special(dn
, LTDB_OPTIONS
)) ) {
247 ret
= ltdb_cache_reload(module
);
254 store a record into the db
256 int ltdb_store(struct ldb_module
*module
, const struct ldb_message
*msg
, int flgs
)
258 void *data
= ldb_module_get_private(module
);
259 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
260 TDB_DATA tdb_key
, tdb_data
;
261 int ret
= LDB_SUCCESS
;
263 tdb_key
= ltdb_key(module
, msg
->dn
);
264 if (tdb_key
.dptr
== NULL
) {
265 return LDB_ERR_OTHER
;
268 ret
= ldb_pack_data(module
, msg
, (struct ldb_val
*)&tdb_data
);
270 talloc_free(tdb_key
.dptr
);
271 return LDB_ERR_OTHER
;
274 ret
= tdb_store(ltdb
->tdb
, tdb_key
, tdb_data
, flgs
);
276 ret
= ltdb_err_map(tdb_error(ltdb
->tdb
));
281 talloc_free(tdb_key
.dptr
);
282 talloc_free(tdb_data
.dptr
);
289 check if a attribute is a single valued, for a given element
291 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute
*a
,
292 struct ldb_message_element
*el
)
294 if (!a
) return false;
296 if (el
->flags
& LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK
) {
297 /* override from a ldb module, for example
298 used for the description field, which is
299 marked multi-valued in the schema but which
300 should not actually accept multiple
304 if (el
->flags
& LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
) {
305 /* override from a ldb module, for example used for
306 deleted linked attribute entries */
310 if (a
->flags
& LDB_ATTR_FLAG_SINGLE_VALUE
) {
316 static int ltdb_add_internal(struct ldb_module
*module
,
317 const struct ldb_message
*msg
,
318 bool check_single_value
)
320 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
321 int ret
= LDB_SUCCESS
;
324 for (i
=0;i
<msg
->num_elements
;i
++) {
325 struct ldb_message_element
*el
= &msg
->elements
[i
];
326 const struct ldb_schema_attribute
*a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
328 if (el
->num_values
== 0) {
329 ldb_asprintf_errstring(ldb
, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
330 el
->name
, ldb_dn_get_linearized(msg
->dn
));
331 return LDB_ERR_CONSTRAINT_VIOLATION
;
333 if (check_single_value
&&
334 el
->num_values
> 1 &&
335 ldb_tdb_single_valued(a
, el
)) {
336 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
337 el
->name
, ldb_dn_get_linearized(msg
->dn
));
338 return LDB_ERR_CONSTRAINT_VIOLATION
;
341 /* Do not check "@ATTRIBUTES" for duplicated values */
342 if (ldb_dn_is_special(msg
->dn
) &&
343 ldb_dn_check_special(msg
->dn
, LTDB_ATTRIBUTES
)) {
347 /* TODO: This is O(n^2) - replace with more efficient check */
348 for (j
=0; j
<el
->num_values
; j
++) {
349 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
350 ldb_asprintf_errstring(ldb
,
351 "attribute '%s': value #%u on '%s' provided more than once",
352 el
->name
, j
, ldb_dn_get_linearized(msg
->dn
));
353 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
358 ret
= ltdb_store(module
, msg
, TDB_INSERT
);
359 if (ret
!= LDB_SUCCESS
) {
360 if (ret
== LDB_ERR_ENTRY_ALREADY_EXISTS
) {
361 ldb_asprintf_errstring(ldb
,
362 "Entry %s already exists",
363 ldb_dn_get_linearized(msg
->dn
));
368 ret
= ltdb_index_add_new(module
, msg
);
369 if (ret
!= LDB_SUCCESS
) {
373 ret
= ltdb_modified(module
, msg
->dn
);
379 add a record to the database
381 static int ltdb_add(struct ltdb_context
*ctx
)
383 struct ldb_module
*module
= ctx
->module
;
384 struct ldb_request
*req
= ctx
->req
;
385 int ret
= LDB_SUCCESS
;
387 ret
= ltdb_check_special_dn(module
, req
->op
.add
.message
);
388 if (ret
!= LDB_SUCCESS
) {
392 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
394 if (ltdb_cache_load(module
) != 0) {
395 return LDB_ERR_OPERATIONS_ERROR
;
398 ret
= ltdb_add_internal(module
, req
->op
.add
.message
, true);
404 delete a record from the database, not updating indexes (used for deleting
407 int ltdb_delete_noindex(struct ldb_module
*module
, struct ldb_dn
*dn
)
409 void *data
= ldb_module_get_private(module
);
410 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
414 tdb_key
= ltdb_key(module
, dn
);
416 return LDB_ERR_OTHER
;
419 ret
= tdb_delete(ltdb
->tdb
, tdb_key
);
420 talloc_free(tdb_key
.dptr
);
423 ret
= ltdb_err_map(tdb_error(ltdb
->tdb
));
429 static int ltdb_delete_internal(struct ldb_module
*module
, struct ldb_dn
*dn
)
431 struct ldb_message
*msg
;
432 int ret
= LDB_SUCCESS
;
434 msg
= ldb_msg_new(module
);
436 return LDB_ERR_OPERATIONS_ERROR
;
439 /* in case any attribute of the message was indexed, we need
440 to fetch the old record */
441 ret
= ltdb_search_dn1(module
, dn
, msg
);
442 if (ret
!= LDB_SUCCESS
) {
443 /* not finding the old record is an error */
447 ret
= ltdb_delete_noindex(module
, dn
);
448 if (ret
!= LDB_SUCCESS
) {
452 /* remove any indexed attributes */
453 ret
= ltdb_index_delete(module
, msg
);
454 if (ret
!= LDB_SUCCESS
) {
458 ret
= ltdb_modified(module
, dn
);
459 if (ret
!= LDB_SUCCESS
) {
469 delete a record from the database
471 static int ltdb_delete(struct ltdb_context
*ctx
)
473 struct ldb_module
*module
= ctx
->module
;
474 struct ldb_request
*req
= ctx
->req
;
475 int ret
= LDB_SUCCESS
;
477 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
479 if (ltdb_cache_load(module
) != 0) {
480 return LDB_ERR_OPERATIONS_ERROR
;
483 ret
= ltdb_delete_internal(module
, req
->op
.del
.dn
);
489 find an element by attribute name. At the moment this does a linear search,
490 it should be re-coded to use a binary search once all places that modify
491 records guarantee sorted order
493 return the index of the first matching element if found, otherwise -1
495 static int find_element(const struct ldb_message
*msg
, const char *name
)
498 for (i
=0;i
<msg
->num_elements
;i
++) {
499 if (ldb_attr_cmp(msg
->elements
[i
].name
, name
) == 0) {
508 add an element to an existing record. Assumes a elements array that we
509 can call re-alloc on, and assumed that we can re-use the data pointers from
510 the passed in additional values. Use with care!
512 returns 0 on success, -1 on failure (and sets errno)
514 static int ltdb_msg_add_element(struct ldb_context
*ldb
,
515 struct ldb_message
*msg
,
516 struct ldb_message_element
*el
)
518 struct ldb_message_element
*e2
;
521 if (el
->num_values
== 0) {
522 /* nothing to do here - we don't add empty elements */
526 e2
= talloc_realloc(msg
, msg
->elements
, struct ldb_message_element
,
527 msg
->num_elements
+1);
535 e2
= &msg
->elements
[msg
->num_elements
];
538 e2
->flags
= el
->flags
;
539 e2
->values
= talloc_array(msg
->elements
,
540 struct ldb_val
, el
->num_values
);
545 for (i
=0;i
<el
->num_values
;i
++) {
546 e2
->values
[i
] = el
->values
[i
];
548 e2
->num_values
= el
->num_values
;
556 delete all elements having a specified attribute name
558 static int msg_delete_attribute(struct ldb_module
*module
,
559 struct ldb_context
*ldb
,
560 struct ldb_message
*msg
, const char *name
)
564 struct ldb_message_element
*el
;
566 el
= ldb_msg_find_element(msg
, name
);
568 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
570 i
= el
- msg
->elements
;
572 ret
= ltdb_index_del_element(module
, msg
->dn
, el
);
573 if (ret
!= LDB_SUCCESS
) {
577 talloc_free(el
->values
);
578 if (msg
->num_elements
> (i
+1)) {
579 memmove(el
, el
+1, sizeof(*el
) * (msg
->num_elements
- (i
+1)));
582 msg
->elements
= talloc_realloc(msg
, msg
->elements
,
583 struct ldb_message_element
,
589 delete all elements matching an attribute name/value
591 return LDB Error on failure
593 static int msg_delete_element(struct ldb_module
*module
,
594 struct ldb_message
*msg
,
596 const struct ldb_val
*val
)
598 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
601 struct ldb_message_element
*el
;
602 const struct ldb_schema_attribute
*a
;
604 found
= find_element(msg
, name
);
606 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
609 i
= (unsigned int) found
;
610 el
= &(msg
->elements
[i
]);
612 a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
614 for (i
=0;i
<el
->num_values
;i
++) {
616 if (a
->syntax
->operator_fn
) {
617 ret
= a
->syntax
->operator_fn(ldb
, LDB_OP_EQUALITY
, a
,
618 &el
->values
[i
], val
, &matched
);
619 if (ret
!= LDB_SUCCESS
) return ret
;
621 matched
= (a
->syntax
->comparison_fn(ldb
, ldb
,
622 &el
->values
[i
], val
) == 0);
625 if (el
->num_values
== 1) {
626 return msg_delete_attribute(module
, ldb
, msg
, name
);
629 ret
= ltdb_index_del_value(module
, msg
->dn
, el
, i
);
630 if (ret
!= LDB_SUCCESS
) {
634 if (i
<el
->num_values
-1) {
635 memmove(&el
->values
[i
], &el
->values
[i
+1],
636 sizeof(el
->values
[i
])*
637 (el
->num_values
-(i
+1)));
641 /* per definition we find in a canonicalised message an
642 attribute value only once. So we are finished here */
648 return LDB_ERR_NO_SUCH_ATTRIBUTE
;
653 modify a record - internal interface
655 yuck - this is O(n^2). Luckily n is usually small so we probably
656 get away with it, but if we ever have really large attribute lists
657 then we'll need to look at this again
659 'req' is optional, and is used to specify controls if supplied
661 int ltdb_modify_internal(struct ldb_module
*module
,
662 const struct ldb_message
*msg
,
663 struct ldb_request
*req
)
665 struct ldb_context
*ldb
= ldb_module_get_ctx(module
);
666 void *data
= ldb_module_get_private(module
);
667 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
668 TDB_DATA tdb_key
, tdb_data
;
669 struct ldb_message
*msg2
;
670 unsigned int i
, j
, k
;
671 int ret
= LDB_SUCCESS
, idx
;
672 struct ldb_control
*control_permissive
= NULL
;
675 control_permissive
= ldb_request_get_control(req
,
676 LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
679 tdb_key
= ltdb_key(module
, msg
->dn
);
681 return LDB_ERR_OTHER
;
684 tdb_data
= tdb_fetch(ltdb
->tdb
, tdb_key
);
685 if (!tdb_data
.dptr
) {
686 talloc_free(tdb_key
.dptr
);
687 return ltdb_err_map(tdb_error(ltdb
->tdb
));
690 msg2
= ldb_msg_new(tdb_key
.dptr
);
697 ret
= ldb_unpack_data(ldb_module_get_ctx(module
), (struct ldb_val
*)&tdb_data
, msg2
);
708 for (i
=0; i
<msg
->num_elements
; i
++) {
709 struct ldb_message_element
*el
= &msg
->elements
[i
], *el2
;
710 struct ldb_val
*vals
;
711 const struct ldb_schema_attribute
*a
= ldb_schema_attribute_by_name(ldb
, el
->name
);
714 switch (msg
->elements
[i
].flags
& LDB_FLAG_MOD_MASK
) {
715 case LDB_FLAG_MOD_ADD
:
717 if (el
->num_values
== 0) {
718 ldb_asprintf_errstring(ldb
,
719 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
720 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
721 ret
= LDB_ERR_CONSTRAINT_VIOLATION
;
725 /* make a copy of the array so that a permissive
726 * control can remove duplicates without changing the
727 * original values, but do not copy data as we do not
728 * need to keep it around once the operation is
730 if (control_permissive
) {
731 el
= talloc(msg2
, struct ldb_message_element
);
736 *el
= msg
->elements
[i
];
737 el
->values
= talloc_array(el
, struct ldb_val
, el
->num_values
);
738 if (el
->values
== NULL
) {
742 for (j
= 0; j
< el
->num_values
; j
++) {
743 el
->values
[j
] = msg
->elements
[i
].values
[j
];
747 if (el
->num_values
> 1 && ldb_tdb_single_valued(a
, el
)) {
748 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
749 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
750 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
754 /* Checks if element already exists */
755 idx
= find_element(msg2
, el
->name
);
757 if (ltdb_msg_add_element(ldb
, msg2
, el
) != 0) {
761 ret
= ltdb_index_add_element(module
, msg2
->dn
,
763 if (ret
!= LDB_SUCCESS
) {
767 j
= (unsigned int) idx
;
768 el2
= &(msg2
->elements
[j
]);
770 /* We cannot add another value on a existing one
771 if the attribute is single-valued */
772 if (ldb_tdb_single_valued(a
, el
)) {
773 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
774 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
775 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
779 /* Check that values don't exist yet on multi-
780 valued attributes or aren't provided twice */
781 /* TODO: This is O(n^2) - replace with more efficient check */
782 for (j
= 0; j
< el
->num_values
; j
++) {
783 if (ldb_msg_find_val(el2
, &el
->values
[j
]) != NULL
) {
784 if (control_permissive
) {
785 /* remove this one as if it was never added */
787 for (k
= j
; k
< el
->num_values
; k
++) {
788 el
->values
[k
] = el
->values
[k
+ 1];
795 ldb_asprintf_errstring(ldb
,
796 "attribute '%s': value #%u on '%s' already exists",
797 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
798 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
801 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
802 ldb_asprintf_errstring(ldb
,
803 "attribute '%s': value #%u on '%s' provided more than once",
804 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
805 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
810 /* Now combine existing and new values to a new
812 vals
= talloc_realloc(msg2
->elements
,
813 el2
->values
, struct ldb_val
,
814 el2
->num_values
+ el
->num_values
);
821 for (j
=0; j
<el
->num_values
; j
++) {
822 vals
[el2
->num_values
+ j
] =
823 ldb_val_dup(vals
, &el
->values
[j
]);
827 el2
->num_values
+= el
->num_values
;
829 ret
= ltdb_index_add_element(module
, msg2
->dn
, el
);
830 if (ret
!= LDB_SUCCESS
) {
837 case LDB_FLAG_MOD_REPLACE
:
839 if (el
->num_values
> 1 && ldb_tdb_single_valued(a
, el
)) {
840 ldb_asprintf_errstring(ldb
, "SINGLE-VALUE attribute %s on %s specified more than once",
841 el
->name
, ldb_dn_get_linearized(msg2
->dn
));
842 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
846 /* TODO: This is O(n^2) - replace with more efficient check */
847 for (j
=0; j
<el
->num_values
; j
++) {
848 if (ldb_msg_find_val(el
, &el
->values
[j
]) != &el
->values
[j
]) {
849 ldb_asprintf_errstring(ldb
,
850 "attribute '%s': value #%u on '%s' provided more than once",
851 el
->name
, j
, ldb_dn_get_linearized(msg2
->dn
));
852 ret
= LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
;
857 /* Checks if element already exists */
858 idx
= find_element(msg2
, el
->name
);
860 j
= (unsigned int) idx
;
861 el2
= &(msg2
->elements
[j
]);
863 /* we consider two elements to be
864 * equal only if the order
865 * matches. This allows dbcheck to
866 * fix the ordering on attributes
867 * where order matters, such as
870 if (ldb_msg_element_equal_ordered(el
, el2
)) {
874 /* Delete the attribute if it exists in the DB */
875 if (msg_delete_attribute(module
, ldb
, msg2
,
882 /* Recreate it with the new values */
883 if (ltdb_msg_add_element(ldb
, msg2
, el
) != 0) {
888 ret
= ltdb_index_add_element(module
, msg2
->dn
, el
);
889 if (ret
!= LDB_SUCCESS
) {
895 case LDB_FLAG_MOD_DELETE
:
896 dn
= ldb_dn_get_linearized(msg2
->dn
);
902 if (msg
->elements
[i
].num_values
== 0) {
903 /* Delete the whole attribute */
904 ret
= msg_delete_attribute(module
, ldb
, msg2
,
905 msg
->elements
[i
].name
);
906 if (ret
== LDB_ERR_NO_SUCH_ATTRIBUTE
&&
907 control_permissive
) {
910 ldb_asprintf_errstring(ldb
,
911 "attribute '%s': no such attribute for delete on '%s'",
912 msg
->elements
[i
].name
, dn
);
914 if (ret
!= LDB_SUCCESS
) {
918 /* Delete specified values from an attribute */
919 for (j
=0; j
< msg
->elements
[i
].num_values
; j
++) {
920 ret
= msg_delete_element(module
,
922 msg
->elements
[i
].name
,
923 &msg
->elements
[i
].values
[j
]);
924 if (ret
== LDB_ERR_NO_SUCH_ATTRIBUTE
&&
925 control_permissive
) {
928 ldb_asprintf_errstring(ldb
,
929 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
930 msg
->elements
[i
].name
, dn
);
932 if (ret
!= LDB_SUCCESS
) {
939 ldb_asprintf_errstring(ldb
,
940 "attribute '%s': invalid modify flags on '%s': 0x%x",
941 msg
->elements
[i
].name
, ldb_dn_get_linearized(msg
->dn
),
942 msg
->elements
[i
].flags
& LDB_FLAG_MOD_MASK
);
943 ret
= LDB_ERR_PROTOCOL_ERROR
;
948 ret
= ltdb_store(module
, msg2
, TDB_MODIFY
);
949 if (ret
!= LDB_SUCCESS
) {
953 ret
= ltdb_modified(module
, msg2
->dn
);
954 if (ret
!= LDB_SUCCESS
) {
959 talloc_free(tdb_key
.dptr
);
966 static int ltdb_modify(struct ltdb_context
*ctx
)
968 struct ldb_module
*module
= ctx
->module
;
969 struct ldb_request
*req
= ctx
->req
;
970 int ret
= LDB_SUCCESS
;
972 ret
= ltdb_check_special_dn(module
, req
->op
.mod
.message
);
973 if (ret
!= LDB_SUCCESS
) {
977 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
979 if (ltdb_cache_load(module
) != 0) {
980 return LDB_ERR_OPERATIONS_ERROR
;
983 ret
= ltdb_modify_internal(module
, req
->op
.mod
.message
, req
);
991 static int ltdb_rename(struct ltdb_context
*ctx
)
993 struct ldb_module
*module
= ctx
->module
;
994 void *data
= ldb_module_get_private(module
);
995 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
996 struct ldb_request
*req
= ctx
->req
;
997 struct ldb_message
*msg
;
998 int ret
= LDB_SUCCESS
;
999 TDB_DATA tdb_key
, tdb_key_old
;
1001 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
1003 if (ltdb_cache_load(ctx
->module
) != 0) {
1004 return LDB_ERR_OPERATIONS_ERROR
;
1007 msg
= ldb_msg_new(ctx
);
1009 return LDB_ERR_OPERATIONS_ERROR
;
1012 /* we need to fetch the old record to re-add under the new name */
1013 ret
= ltdb_search_dn1(module
, req
->op
.rename
.olddn
, msg
);
1014 if (ret
!= LDB_SUCCESS
) {
1015 /* not finding the old record is an error */
1019 /* We need to, before changing the DB, check if the new DN
1020 * exists, so we can return this error to the caller with an
1022 tdb_key
= ltdb_key(module
, req
->op
.rename
.newdn
);
1023 if (!tdb_key
.dptr
) {
1025 return LDB_ERR_OPERATIONS_ERROR
;
1028 tdb_key_old
= ltdb_key(module
, req
->op
.rename
.olddn
);
1029 if (!tdb_key_old
.dptr
) {
1031 talloc_free(tdb_key
.dptr
);
1032 return LDB_ERR_OPERATIONS_ERROR
;
1035 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1036 if (tdb_key_old
.dsize
!= tdb_key
.dsize
|| memcmp(tdb_key
.dptr
, tdb_key_old
.dptr
, tdb_key
.dsize
) != 0) {
1037 if (tdb_exists(ltdb
->tdb
, tdb_key
)) {
1038 talloc_free(tdb_key_old
.dptr
);
1039 talloc_free(tdb_key
.dptr
);
1040 ldb_asprintf_errstring(ldb_module_get_ctx(module
),
1041 "Entry %s already exists",
1042 ldb_dn_get_linearized(msg
->dn
));
1043 /* finding the new record already in the DB is an error */
1045 return LDB_ERR_ENTRY_ALREADY_EXISTS
;
1048 talloc_free(tdb_key_old
.dptr
);
1049 talloc_free(tdb_key
.dptr
);
1051 /* Always delete first then add, to avoid conflicts with
1052 * unique indexes. We rely on the transaction to make this
1055 ret
= ltdb_delete_internal(module
, msg
->dn
);
1056 if (ret
!= LDB_SUCCESS
) {
1061 msg
->dn
= ldb_dn_copy(msg
, req
->op
.rename
.newdn
);
1062 if (msg
->dn
== NULL
) {
1064 return LDB_ERR_OPERATIONS_ERROR
;
1067 /* We don't check single value as we can have more than 1 with
1068 * deleted attributes. We could go through all elements but that's
1069 * maybe not the most efficient way
1071 ret
= ltdb_add_internal(module
, msg
, false);
1078 static int ltdb_start_trans(struct ldb_module
*module
)
1080 void *data
= ldb_module_get_private(module
);
1081 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1083 if (tdb_transaction_start(ltdb
->tdb
) != 0) {
1084 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1087 ltdb
->in_transaction
++;
1089 ltdb_index_transaction_start(module
);
1094 static int ltdb_prepare_commit(struct ldb_module
*module
)
1096 void *data
= ldb_module_get_private(module
);
1097 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1099 if (ltdb
->in_transaction
!= 1) {
1103 if (ltdb_index_transaction_commit(module
) != 0) {
1104 tdb_transaction_cancel(ltdb
->tdb
);
1105 ltdb
->in_transaction
--;
1106 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1109 if (tdb_transaction_prepare_commit(ltdb
->tdb
) != 0) {
1110 ltdb
->in_transaction
--;
1111 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1114 ltdb
->prepared_commit
= true;
1119 static int ltdb_end_trans(struct ldb_module
*module
)
1121 void *data
= ldb_module_get_private(module
);
1122 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1124 if (!ltdb
->prepared_commit
) {
1125 int ret
= ltdb_prepare_commit(module
);
1126 if (ret
!= LDB_SUCCESS
) {
1131 ltdb
->in_transaction
--;
1132 ltdb
->prepared_commit
= false;
1134 if (tdb_transaction_commit(ltdb
->tdb
) != 0) {
1135 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1141 static int ltdb_del_trans(struct ldb_module
*module
)
1143 void *data
= ldb_module_get_private(module
);
1144 struct ltdb_private
*ltdb
= talloc_get_type(data
, struct ltdb_private
);
1146 ltdb
->in_transaction
--;
1148 if (ltdb_index_transaction_cancel(module
) != 0) {
1149 tdb_transaction_cancel(ltdb
->tdb
);
1150 return ltdb_err_map(tdb_error(ltdb
->tdb
));
1153 tdb_transaction_cancel(ltdb
->tdb
);
1158 return sequenceNumber from @BASEINFO
1160 static int ltdb_sequence_number(struct ltdb_context
*ctx
,
1161 struct ldb_extended
**ext
)
1163 struct ldb_context
*ldb
;
1164 struct ldb_module
*module
= ctx
->module
;
1165 struct ldb_request
*req
= ctx
->req
;
1166 TALLOC_CTX
*tmp_ctx
= NULL
;
1167 struct ldb_seqnum_request
*seq
;
1168 struct ldb_seqnum_result
*res
;
1169 struct ldb_message
*msg
= NULL
;
1172 int ret
= LDB_SUCCESS
;
1174 ldb
= ldb_module_get_ctx(module
);
1176 seq
= talloc_get_type(req
->op
.extended
.data
,
1177 struct ldb_seqnum_request
);
1179 return LDB_ERR_OPERATIONS_ERROR
;
1182 ldb_request_set_state(req
, LDB_ASYNC_PENDING
);
1184 if (ltdb_lock_read(module
) != 0) {
1185 return LDB_ERR_OPERATIONS_ERROR
;
1188 res
= talloc_zero(req
, struct ldb_seqnum_result
);
1190 ret
= LDB_ERR_OPERATIONS_ERROR
;
1194 tmp_ctx
= talloc_new(req
);
1195 if (tmp_ctx
== NULL
) {
1196 ret
= LDB_ERR_OPERATIONS_ERROR
;
1200 dn
= ldb_dn_new(tmp_ctx
, ldb
, LTDB_BASEINFO
);
1202 ret
= LDB_ERR_OPERATIONS_ERROR
;
1206 msg
= ldb_msg_new(tmp_ctx
);
1208 ret
= LDB_ERR_OPERATIONS_ERROR
;
1212 ret
= ltdb_search_dn1(module
, dn
, msg
);
1213 if (ret
!= LDB_SUCCESS
) {
1217 switch (seq
->type
) {
1218 case LDB_SEQ_HIGHEST_SEQ
:
1219 res
->seq_num
= ldb_msg_find_attr_as_uint64(msg
, LTDB_SEQUENCE_NUMBER
, 0);
1222 res
->seq_num
= ldb_msg_find_attr_as_uint64(msg
, LTDB_SEQUENCE_NUMBER
, 0);
1225 case LDB_SEQ_HIGHEST_TIMESTAMP
:
1226 date
= ldb_msg_find_attr_as_string(msg
, LTDB_MOD_TIMESTAMP
, NULL
);
1228 res
->seq_num
= ldb_string_to_time(date
);
1231 /* zero is as good as anything when we don't know */
1236 *ext
= talloc_zero(req
, struct ldb_extended
);
1238 ret
= LDB_ERR_OPERATIONS_ERROR
;
1241 (*ext
)->oid
= LDB_EXTENDED_SEQUENCE_NUMBER
;
1242 (*ext
)->data
= talloc_steal(*ext
, res
);
1245 talloc_free(tmp_ctx
);
1246 ltdb_unlock_read(module
);
1250 static void ltdb_request_done(struct ltdb_context
*ctx
, int error
)
1252 struct ldb_context
*ldb
;
1253 struct ldb_request
*req
;
1254 struct ldb_reply
*ares
;
1256 ldb
= ldb_module_get_ctx(ctx
->module
);
1259 /* if we already returned an error just return */
1260 if (ldb_request_get_status(req
) != LDB_SUCCESS
) {
1264 ares
= talloc_zero(req
, struct ldb_reply
);
1267 req
->callback(req
, NULL
);
1270 ares
->type
= LDB_REPLY_DONE
;
1271 ares
->error
= error
;
1273 req
->callback(req
, ares
);
1276 static void ltdb_timeout(struct tevent_context
*ev
,
1277 struct tevent_timer
*te
,
1281 struct ltdb_context
*ctx
;
1282 ctx
= talloc_get_type(private_data
, struct ltdb_context
);
1284 if (!ctx
->request_terminated
) {
1285 /* request is done now */
1286 ltdb_request_done(ctx
, LDB_ERR_TIME_LIMIT_EXCEEDED
);
1290 /* neutralize the spy */
1291 ctx
->spy
->ctx
= NULL
;
1297 static void ltdb_request_extended_done(struct ltdb_context
*ctx
,
1298 struct ldb_extended
*ext
,
1301 struct ldb_context
*ldb
;
1302 struct ldb_request
*req
;
1303 struct ldb_reply
*ares
;
1305 ldb
= ldb_module_get_ctx(ctx
->module
);
1308 /* if we already returned an error just return */
1309 if (ldb_request_get_status(req
) != LDB_SUCCESS
) {
1313 ares
= talloc_zero(req
, struct ldb_reply
);
1316 req
->callback(req
, NULL
);
1319 ares
->type
= LDB_REPLY_DONE
;
1320 ares
->response
= ext
;
1321 ares
->error
= error
;
1323 req
->callback(req
, ares
);
1326 static void ltdb_handle_extended(struct ltdb_context
*ctx
)
1328 struct ldb_extended
*ext
= NULL
;
1331 if (strcmp(ctx
->req
->op
.extended
.oid
,
1332 LDB_EXTENDED_SEQUENCE_NUMBER
) == 0) {
1333 /* get sequence number */
1334 ret
= ltdb_sequence_number(ctx
, &ext
);
1336 /* not recognized */
1337 ret
= LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION
;
1340 ltdb_request_extended_done(ctx
, ext
, ret
);
1343 static void ltdb_callback(struct tevent_context
*ev
,
1344 struct tevent_timer
*te
,
1348 struct ltdb_context
*ctx
;
1351 ctx
= talloc_get_type(private_data
, struct ltdb_context
);
1353 if (ctx
->request_terminated
) {
1357 switch (ctx
->req
->operation
) {
1359 ret
= ltdb_search(ctx
);
1362 ret
= ltdb_add(ctx
);
1365 ret
= ltdb_modify(ctx
);
1368 ret
= ltdb_delete(ctx
);
1371 ret
= ltdb_rename(ctx
);
1374 ltdb_handle_extended(ctx
);
1377 /* no other op supported */
1378 ret
= LDB_ERR_PROTOCOL_ERROR
;
1381 if (!ctx
->request_terminated
) {
1382 /* request is done now */
1383 ltdb_request_done(ctx
, ret
);
1388 /* neutralize the spy */
1389 ctx
->spy
->ctx
= NULL
;
1395 static int ltdb_request_destructor(void *ptr
)
1397 struct ltdb_req_spy
*spy
= talloc_get_type(ptr
, struct ltdb_req_spy
);
1399 if (spy
->ctx
!= NULL
) {
1400 spy
->ctx
->spy
= NULL
;
1401 spy
->ctx
->request_terminated
= true;
1408 static int ltdb_handle_request(struct ldb_module
*module
,
1409 struct ldb_request
*req
)
1411 struct ldb_control
*control_permissive
;
1412 struct ldb_context
*ldb
;
1413 struct tevent_context
*ev
;
1414 struct ltdb_context
*ac
;
1415 struct tevent_timer
*te
;
1419 ldb
= ldb_module_get_ctx(module
);
1421 control_permissive
= ldb_request_get_control(req
,
1422 LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
1424 for (i
= 0; req
->controls
&& req
->controls
[i
]; i
++) {
1425 if (req
->controls
[i
]->critical
&&
1426 req
->controls
[i
] != control_permissive
) {
1427 ldb_asprintf_errstring(ldb
, "Unsupported critical extension %s",
1428 req
->controls
[i
]->oid
);
1429 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION
;
1433 if (req
->starttime
== 0 || req
->timeout
== 0) {
1434 ldb_set_errstring(ldb
, "Invalid timeout settings");
1435 return LDB_ERR_TIME_LIMIT_EXCEEDED
;
1438 ev
= ldb_get_event_context(ldb
);
1440 ac
= talloc_zero(ldb
, struct ltdb_context
);
1443 return LDB_ERR_OPERATIONS_ERROR
;
1446 ac
->module
= module
;
1451 te
= tevent_add_timer(ev
, ac
, tv
, ltdb_callback
, ac
);
1454 return LDB_ERR_OPERATIONS_ERROR
;
1457 tv
.tv_sec
= req
->starttime
+ req
->timeout
;
1458 ac
->timeout_event
= tevent_add_timer(ev
, ac
, tv
, ltdb_timeout
, ac
);
1459 if (NULL
== ac
->timeout_event
) {
1461 return LDB_ERR_OPERATIONS_ERROR
;
1464 /* set a spy so that we do not try to use the request context
1465 * if it is freed before ltdb_callback fires */
1466 ac
->spy
= talloc(req
, struct ltdb_req_spy
);
1467 if (NULL
== ac
->spy
) {
1469 return LDB_ERR_OPERATIONS_ERROR
;
1473 talloc_set_destructor((TALLOC_CTX
*)ac
->spy
, ltdb_request_destructor
);
1478 static int ltdb_init_rootdse(struct ldb_module
*module
)
1480 /* ignore errors on this - we expect it for non-sam databases */
1481 ldb_mod_register_control(module
, LDB_CONTROL_PERMISSIVE_MODIFY_OID
);
1483 /* there can be no module beyond the backend, just return */
1487 static const struct ldb_module_ops ltdb_ops
= {
1489 .init_context
= ltdb_init_rootdse
,
1490 .search
= ltdb_handle_request
,
1491 .add
= ltdb_handle_request
,
1492 .modify
= ltdb_handle_request
,
1493 .del
= ltdb_handle_request
,
1494 .rename
= ltdb_handle_request
,
1495 .extended
= ltdb_handle_request
,
1496 .start_transaction
= ltdb_start_trans
,
1497 .end_transaction
= ltdb_end_trans
,
1498 .prepare_commit
= ltdb_prepare_commit
,
1499 .del_transaction
= ltdb_del_trans
,
1503 connect to the database
1505 static int ltdb_connect(struct ldb_context
*ldb
, const char *url
,
1506 unsigned int flags
, const char *options
[],
1507 struct ldb_module
**_module
)
1509 struct ldb_module
*module
;
1511 int tdb_flags
, open_flags
;
1512 struct ltdb_private
*ltdb
;
1515 if (strchr(url
, ':')) {
1516 if (strncmp(url
, "tdb://", 6) != 0) {
1517 ldb_debug(ldb
, LDB_DEBUG_ERROR
,
1518 "Invalid tdb URL '%s'", url
);
1519 return LDB_ERR_OPERATIONS_ERROR
;
1526 tdb_flags
= TDB_DEFAULT
| TDB_SEQNUM
;
1528 /* check for the 'nosync' option */
1529 if (flags
& LDB_FLG_NOSYNC
) {
1530 tdb_flags
|= TDB_NOSYNC
;
1533 /* and nommap option */
1534 if (flags
& LDB_FLG_NOMMAP
) {
1535 tdb_flags
|= TDB_NOMMAP
;
1538 if (flags
& LDB_FLG_RDONLY
) {
1539 open_flags
= O_RDONLY
;
1541 open_flags
= O_CREAT
| O_RDWR
;
1544 ltdb
= talloc_zero(ldb
, struct ltdb_private
);
1547 return LDB_ERR_OPERATIONS_ERROR
;
1550 /* note that we use quite a large default hash size */
1551 ltdb
->tdb
= ltdb_wrap_open(ltdb
, path
, 10000,
1552 tdb_flags
, open_flags
,
1553 ldb_get_create_perms(ldb
), ldb
);
1555 ldb_asprintf_errstring(ldb
,
1556 "Unable to open tdb '%s'", path
);
1557 ldb_debug(ldb
, LDB_DEBUG_ERROR
,
1558 "Unable to open tdb '%s'", path
);
1560 return LDB_ERR_OPERATIONS_ERROR
;
1563 if (getenv("LDB_WARN_UNINDEXED")) {
1564 ltdb
->warn_unindexed
= true;
1567 ltdb
->sequence_number
= 0;
1569 module
= ldb_module_new(ldb
, ldb
, "ldb_tdb backend", <db_ops
);
1573 return LDB_ERR_OPERATIONS_ERROR
;
1575 ldb_module_set_private(module
, ltdb
);
1576 talloc_steal(module
, ltdb
);
1578 if (ltdb_cache_load(module
) != 0) {
1579 ldb_asprintf_errstring(ldb
,
1580 "Unable to load ltdb cache records of tdb '%s'", path
);
1581 talloc_free(module
);
1582 return LDB_ERR_OPERATIONS_ERROR
;
1589 int ldb_tdb_init(const char *version
)
1591 LDB_MODULE_CHECK_VERSION(version
);
1592 return ldb_register_backend("tdb", ltdb_connect
, false);