source4/dsdb/samdb/ldb_modules/subtree_delete.c

   1 /*
   2    ldb database library
   3
   4    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2007
   5    Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
   6    Copyright (C) Simo Sorce <idra@samba.org> 2008
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 /*
  23  *  Name: ldb
  24  *
  25  *  Component: ldb subtree delete (prevention) module
  26  *
  27  *  Description: Prevent deletion of a subtree in LDB
  28  *
  29  *  Author: Andrew Bartlett
  30  */
  31
  32 #include "ldb_includes.h"
  33
  34 struct subtree_delete_context {
  35         struct ldb_module *module;
  36         struct ldb_request *req;
  37
  38         int num_children;
  39 };
  40
  41 static struct subtree_delete_context *subdel_ctx_init(struct ldb_module *module,
  42                                                       struct ldb_request *req)
  43 {
  44         struct subtree_delete_context *ac;
  45
  46         ac = talloc_zero(req, struct subtree_delete_context);
  47         if (ac == NULL) {
  48                 ldb_oom(module->ldb);
  49                 return NULL;
  50         }
  51
  52         ac->module = module;
  53         ac->req = req;
  54
  55         return ac;
  56 }
  57
  58 static int subtree_delete_search_callback(struct ldb_request *req,
  59                                           struct ldb_reply *ares)
  60 {
  61         struct subtree_delete_context *ac;
  62         int ret;
  63
  64         ac = talloc_get_type(req->context, struct subtree_delete_context);
  65
  66         if (!ares) {
  67                 return ldb_module_done(ac->req, NULL, NULL,
  68                                         LDB_ERR_OPERATIONS_ERROR);
  69         }
  70         if (ares->error != LDB_SUCCESS) {
  71                 return ldb_module_done(ac->req, ares->controls,
  72                                         ares->response, ares->error);
  73         }
  74
  75         switch (ares->type) {
  76         case LDB_REPLY_ENTRY:
  77
  78                 talloc_free(ares);
  79                 ac->num_children++;
  80                 break;
  81
  82         case LDB_REPLY_REFERRAL:
  83
  84                 /* ignore */
  85                 talloc_free(ares);
  86                 break;
  87
  88         case LDB_REPLY_DONE:
  89
  90                 if (ac->num_children > 0) {
  91                         talloc_free(ares);
  92                         ldb_asprintf_errstring(ac->module->ldb,
  93                                 "Cannot delete %s, not a leaf node "
  94                                 "(has %d children)\n",
  95                                 ldb_dn_get_linearized(ac->req->op.del.dn),
  96                                 ac->num_children);
  97                         return ldb_module_done(ac->req, NULL, NULL,
  98                                                LDB_ERR_NOT_ALLOWED_ON_NON_LEAF);
  99                 }
 100
 101                 /* ok no children, let the original request through */
 102                 ret = ldb_next_request(ac->module, ac->req);
 103                 if (ret != LDB_SUCCESS) {
 104                         return ldb_module_done(ac->req, NULL, NULL, ret);
 105                 }
 106
 107                 /* free our own context we are not going to be called back */
 108                 talloc_free(ac);
 109         }
 110         return LDB_SUCCESS;
 111 }
 112
 113 static int subtree_delete(struct ldb_module *module, struct ldb_request *req)
 114 {
 115         static const char * const attrs[2] = { "distinguishedName", NULL };
 116         struct ldb_request *search_req;
 117         struct subtree_delete_context *ac;
 118         int ret;
 119         if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */
 120                 return ldb_next_request(module, req);
 121         }
 122
 123         /* This gets complex:  We need to:
 124            - Do a search for all entires under this entry
 125            - Wait for these results to appear
 126            - In the callback for each result, count the children (if any)
 127            - return an error if there are any
 128         */
 129
 130         ac = subdel_ctx_init(module, req);
 131         if (!ac) {
 132                 return LDB_ERR_OPERATIONS_ERROR;
 133         }
 134
 135         /* we do not really need to find all descendents,
 136          * if there is even one single direct child, that's
 137          * enough to bail out */
 138         ret = ldb_build_search_req(&search_req, module->ldb, ac,
 139                                    req->op.del.dn, LDB_SCOPE_ONELEVEL,
 140                                    "(objectClass=*)", attrs,
 141                                    req->controls,
 142                                    ac, subtree_delete_search_callback,
 143                                    req);
 144         if (ret != LDB_SUCCESS) {
 145                 return ret;
 146         }
 147
 148         return ldb_next_request(module, search_req);
 149 }
 150
 151 const struct ldb_module_ops ldb_subtree_delete_module_ops = {
 152         .name              = "subtree_delete",
 153         .del               = subtree_delete,
 154 };