ldb database library
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2007
+ Copyright (C) Andrew Tridgell <tridge@samba.org> 2009
Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+ Copyright (C) Simo Sorce <idra@samba.org> 2008
+ Copyright (C) Matthias Dieter Wallnöfer 2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
* Name: ldb
*
- * Component: ldb subtree delete (prevention) module
+ * Component: ldb subtree delete module
*
- * Description: Prevent deletion of a subtree in LDB
+ * Description: Delete of a subtree in LDB
*
* Author: Andrew Bartlett
*/
-#include "ldb_includes.h"
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_module.h>
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/common/util.h"
-struct subtree_delete_context {
- enum sd_step {SD_SEARCH, SD_DO_DEL} step;
- struct ldb_module *module;
- struct ldb_handle *handle;
- struct ldb_request *orig_req;
-
- struct ldb_request *search_req;
- struct ldb_request *down_req;
-
- int num_children;
-};
-
-static struct subtree_delete_context *subtree_delete_init_handle(struct ldb_request *req,
- struct ldb_module *module)
-{
- struct subtree_delete_context *ac;
- struct ldb_handle *h;
-
- h = talloc_zero(req, struct ldb_handle);
- if (h == NULL) {
- ldb_set_errstring(module->ldb, "Out of Memory");
- return NULL;
- }
-
- h->module = module;
-
- ac = talloc_zero(h, struct subtree_delete_context);
- if (ac == NULL) {
- ldb_set_errstring(module->ldb, "Out of Memory");
- talloc_free(h);
- return NULL;
- }
-
- h->private_data = ac;
-
- ac->module = module;
- ac->handle = h;
- ac->orig_req = req;
-
- req->handle = h;
-
- return ac;
-}
-
-static int subtree_delete_check_for_children(struct subtree_delete_context *ac)
+static int subtree_delete_sort(struct ldb_message **m1,
+ struct ldb_message **m2,
+ void *private_data)
{
- if (ac->num_children > 0) {
- ldb_asprintf_errstring(ac->module->ldb, "Cannot delete %s, not a leaf node (has %d children)\n",
- ldb_dn_get_linearized(ac->orig_req->op.del.dn), ac->num_children);
- return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF;
- } else {
- struct ldb_request *req = talloc(ac, struct ldb_request);
- if (!req) {
- ldb_oom(ac->module->ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- *req = *ac->orig_req;
-
- /* Ensure any (io) errors during the search for
- * children don't propgate back in the error string */
- ldb_set_errstring(ac->module->ldb, NULL);
+ struct ldb_dn *dn1 = (*m1)->dn;
+ struct ldb_dn *dn2 = (*m2)->dn;
- ac->down_req = req;
- ac->step = SD_DO_DEL;
- return ldb_next_request(ac->module, req);
- }
-}
-
-static int subtree_delete_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares)
-{
- struct subtree_delete_context *ac = talloc_get_type(context, struct subtree_delete_context);
- TALLOC_CTX *mem_ctx = talloc_new(ac);
-
- if (!mem_ctx) {
- ldb_oom(ac->module->ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- /* OK, we have one of *many* search results here:
-
- We should also get the entry we tried to rename. This
- callback handles this and everything below it.
+ /*
+ * This sorts in tree order, children first
*/
-
- /* Only entries are interesting, and we handle the case of the parent seperatly */
- if (ares->type == LDB_REPLY_ENTRY
- && ldb_dn_compare(ares->message->dn, ac->orig_req->op.del.dn) != 0) {
- /* And it is an actual entry: now object bitterly that we are not a leaf node */
- ac->num_children++;
- }
- talloc_free(ares);
- return LDB_SUCCESS;
+ return ldb_dn_compare(dn1, dn2);
}
-/* rename */
static int subtree_delete(struct ldb_module *module, struct ldb_request *req)
{
- const char *attrs[] = { NULL };
- struct ldb_request *new_req;
- struct subtree_delete_context *ac;
+ static const char * const attrs[] = { NULL };
+ struct ldb_result *res = NULL;
+ uint32_t flags;
+ unsigned int i;
int ret;
- if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */
- return ldb_next_request(module, req);
- }
-
- /* This gets complex: We need to:
- - Do a search for all entires under this entry
- - Wait for these results to appear
- - In the callback for each result, count the children (if any)
- - return an error if there are any
- */
-
- ac = subtree_delete_init_handle(req, module);
- if (!ac) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- ret = ldb_build_search_req(&new_req, module->ldb, req,
- req->op.del.dn,
- LDB_SCOPE_SUBTREE,
- "(objectClass=*)",
- attrs,
- req->controls,
- ac,
- subtree_delete_search_callback);
-
- if (ret != LDB_SUCCESS) {
- return ret;
+ if (ldb_dn_is_special(req->op.del.dn)) {
+ /* do not manipulate our control entries */
+ return ldb_next_request(module, req);
}
- ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
-
+ /* see if we have any children */
+ ret = dsdb_module_search(module, req, &res, req->op.del.dn,
+ LDB_SCOPE_ONELEVEL, attrs,
+ DSDB_FLAG_NEXT_MODULE,
+ req,
+ "(objectClass=*)");
if (ret != LDB_SUCCESS) {
+ talloc_free(res);
return ret;
}
-
- ac->search_req = new_req;
- if (req == NULL) {
- ldb_oom(ac->module->ldb);
- return LDB_ERR_OPERATIONS_ERROR;
+ if (res->count == 0) {
+ talloc_free(res);
+ return ldb_next_request(module, req);
}
- return ldb_next_request(module, new_req);
-}
-
-static int subtree_delete_wait_none(struct ldb_handle *handle) {
- struct subtree_delete_context *ac;
- int ret = LDB_ERR_OPERATIONS_ERROR;
- if (!handle || !handle->private_data) {
- return LDB_ERR_OPERATIONS_ERROR;
+ if (ldb_request_get_control(req, LDB_CONTROL_TREE_DELETE_OID) == NULL) {
+ /* Do not add any DN outputs to this error string!
+ * Some MMC consoles (eg release 2000) have a strange
+ * bug and prevent subtree deletes afterwards. */
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "subtree_delete: Unable to "
+ "delete a non-leaf node "
+ "(it has %u children)!",
+ res->count);
+ talloc_free(res);
+ return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF;
}
- if (handle->state == LDB_ASYNC_DONE) {
- return handle->status;
+ /*
+ * First we sort the results from the leaf to the root
+ */
+ LDB_TYPESAFE_QSORT(res->msgs, res->count, NULL,
+ subtree_delete_sort);
+
+ /*
+ * we need to start from the top since other LDB modules could
+ * enforce constraints (eg "objectclass" and "samldb" do so).
+ *
+ * We pass DSDB_FLAG_AS_SYSTEM as the acl module above us
+ * has already checked for SEC_ADS_DELETE_TREE.
+ */
+ flags = DSDB_FLAG_TOP_MODULE |
+ DSDB_FLAG_AS_SYSTEM |
+ DSDB_FLAG_TRUSTED |
+ DSDB_TREE_DELETE;
+ if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID) != NULL) {
+ flags |= DSDB_MODIFY_RELAX;
}
- handle->state = LDB_ASYNC_PENDING;
- handle->status = LDB_SUCCESS;
-
- ac = talloc_get_type(handle->private_data, struct subtree_delete_context);
-
- switch (ac->step) {
- case SD_SEARCH:
- ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE);
-
- if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) {
- handle->status = ret;
- goto done;
- }
- if (ac->search_req->handle->status != LDB_SUCCESS
- && ac->search_req->handle->status != LDB_ERR_NO_SUCH_OBJECT) {
- handle->status = ac->search_req->handle->status;
- goto done;
- }
-
- return subtree_delete_check_for_children(ac);
-
- case SD_DO_DEL:
- ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE);
-
+ for (i = 0; i < res->count; i++) {
+ ret = dsdb_module_del(module, res->msgs[i]->dn, flags, req);
if (ret != LDB_SUCCESS) {
- handle->status = ret;
- goto done;
- }
- if (ac->down_req->handle->status != LDB_SUCCESS) {
- handle->status = ac->down_req->handle->status;
- goto done;
+ return ret;
}
+ }
- if (ac->down_req->handle->state != LDB_ASYNC_DONE) {
- return LDB_SUCCESS;
- }
+ talloc_free(res);
- break;
- }
-done:
- handle->state = LDB_ASYNC_DONE;
- return ret;
+ return ldb_next_request(module, req);
}
-static int subtree_delete_wait_all(struct ldb_handle *handle) {
-
+static int subtree_delete_init(struct ldb_module *module)
+{
+ struct ldb_context *ldb;
int ret;
- while (handle->state != LDB_ASYNC_DONE) {
- ret = subtree_delete_wait_none(handle);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
- }
+ ldb = ldb_module_get_ctx(module);
- return handle->status;
-}
-
-static int subtree_delete_wait(struct ldb_handle *handle, enum ldb_wait_type type)
-{
- if (type == LDB_WAIT_ALL) {
- return subtree_delete_wait_all(handle);
- } else {
- return subtree_delete_wait_none(handle);
+ ret = ldb_mod_register_control(module, LDB_CONTROL_TREE_DELETE_OID);
+ if (ret != LDB_SUCCESS) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR,
+ "subtree_delete: Unable to register control with rootdse!\n");
+ return ldb_operr(ldb);
}
+
+ return ldb_next_init(module);
}
-const struct ldb_module_ops ldb_subtree_delete_module_ops = {
+static const struct ldb_module_ops ldb_subtree_delete_module_ops = {
.name = "subtree_delete",
- .del = subtree_delete,
- .wait = subtree_delete_wait,
+ .init_context = subtree_delete_init,
+ .del = subtree_delete
};
+
+int ldb_subtree_delete_module_init(const char *version)
+{
+ LDB_MODULE_CHECK_VERSION(version);
+ return ldb_register_module(&ldb_subtree_delete_module_ops);
+}