4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include "ldb_private.h"
57 prevent memory errors on callbacks
60 struct ltdb_context *ctx;
64 map a tdb error code to a ldb error code
66 int ltdb_err_map(enum TDB_ERROR tdb_code)
74 return LDB_ERR_OPERATIONS_ERROR;
76 return LDB_ERR_PROTOCOL_ERROR;
80 case TDB_ERR_LOCK_TIMEOUT:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED;
83 return LDB_ERR_ENTRY_ALREADY_EXISTS;
85 return LDB_ERR_NO_SUCH_OBJECT;
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
97 int ltdb_lock_read(struct ldb_module *module)
99 void *data = ldb_module_get_private(module);
100 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
104 if (ltdb->in_transaction == 0 &&
105 ltdb->read_lock_count == 0) {
106 tdb_ret = tdb_lockall_read(ltdb->tdb);
109 ltdb->read_lock_count++;
112 ret = ltdb_err_map(tdb_error(ltdb->tdb));
113 if (ret == LDB_SUCCESS) {
114 ret = LDB_ERR_OPERATIONS_ERROR;
116 ldb_debug_set(ldb_module_get_ctx(module),
118 "Failure during ltdb_lock_read(): %s -> %s",
119 tdb_errorstr(ltdb->tdb),
125 unlock the database after a ltdb_lock_read()
127 int ltdb_unlock_read(struct ldb_module *module)
129 void *data = ldb_module_get_private(module);
130 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
131 if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
132 tdb_unlockall_read(ltdb->tdb);
133 ltdb->read_lock_count--;
136 ltdb->read_lock_count--;
142 * Determine if this key could hold a record. We allow the new GUID
143 * index, the old DN index and a possible future ID=
145 bool ltdb_key_is_record(TDB_DATA key)
151 if (memcmp(key.dptr, "DN=", 3) == 0) {
155 if (memcmp(key.dptr, "ID=", 3) == 0) {
163 if (memcmp(key.dptr, "GUID=", 5) == 0) {
171 form a TDB_DATA for a record key
174 note that the key for a record can depend on whether the
175 dn refers to a case sensitive index record or not
177 TDB_DATA ltdb_key_dn(struct ldb_module *module, struct ldb_dn *dn)
179 struct ldb_context *ldb = ldb_module_get_ctx(module);
181 char *key_str = NULL;
182 const char *dn_folded = NULL;
185 most DNs are case insensitive. The exception is index DNs for
186 case sensitive attributes
188 there are 3 cases dealt with in this code:
190 1) if the dn doesn't start with @ then uppercase the attribute
191 names and the attributes values of case insensitive attributes
192 2) if the dn starts with @ then leave it alone -
193 the indexing code handles the rest
196 dn_folded = ldb_dn_get_casefold(dn);
201 key_str = talloc_strdup(ldb, "DN=");
206 key_str = talloc_strdup_append_buffer(key_str, dn_folded);
211 key.dptr = (uint8_t *)key_str;
212 key.dsize = strlen(key_str) + 1;
224 form a TDB_DATA for a record key
227 note that the key for a record can depend on whether the
228 dn refers to a case sensitive index record or not
230 TDB_DATA ltdb_key_msg(struct ldb_module *module,
231 const struct ldb_message *msg)
233 return ltdb_key_dn(module, msg->dn);
237 check special dn's have valid attributes
238 currently only @ATTRIBUTES is checked
240 static int ltdb_check_special_dn(struct ldb_module *module,
241 const struct ldb_message *msg)
243 struct ldb_context *ldb = ldb_module_get_ctx(module);
246 if (! ldb_dn_is_special(msg->dn) ||
247 ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
251 /* we have @ATTRIBUTES, let's check attributes are fine */
252 /* should we check that we deny multivalued attributes ? */
253 for (i = 0; i < msg->num_elements; i++) {
254 if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) continue;
256 for (j = 0; j < msg->elements[i].num_values; j++) {
257 if (ltdb_check_at_attributes_values(&msg->elements[i].values[j]) != 0) {
258 ldb_set_errstring(ldb, "Invalid attribute value in an @ATTRIBUTES entry");
259 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
269 we've made a modification to a dn - possibly reindex and
270 update sequence number
272 static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
274 int ret = LDB_SUCCESS;
275 struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
277 /* only allow modifies inside a transaction, otherwise the
279 if (ltdb->in_transaction == 0) {
280 ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
281 return LDB_ERR_OPERATIONS_ERROR;
284 if (ldb_dn_is_special(dn) &&
285 (ldb_dn_check_special(dn, LTDB_INDEXLIST) ||
286 ldb_dn_check_special(dn, LTDB_ATTRIBUTES)) )
288 if (ltdb->warn_reindex) {
289 ldb_debug(ldb_module_get_ctx(module),
290 LDB_DEBUG_ERROR, "Reindexing %s due to modification on %s",
291 tdb_name(ltdb->tdb), ldb_dn_get_linearized(dn));
293 ret = ltdb_reindex(module);
296 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
297 if (ret == LDB_SUCCESS &&
298 !(ldb_dn_is_special(dn) &&
299 ldb_dn_check_special(dn, LTDB_BASEINFO)) ) {
300 ret = ltdb_increase_sequence_number(module);
303 /* If the modify was to @OPTIONS, reload the cache */
304 if (ret == LDB_SUCCESS &&
305 ldb_dn_is_special(dn) &&
306 (ldb_dn_check_special(dn, LTDB_OPTIONS)) ) {
307 ret = ltdb_cache_reload(module);
314 store a record into the db
316 int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
318 void *data = ldb_module_get_private(module);
319 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
320 TDB_DATA tdb_key, tdb_data;
321 struct ldb_val ldb_data;
322 int ret = LDB_SUCCESS;
324 if (ltdb->read_only) {
325 return LDB_ERR_UNWILLING_TO_PERFORM;
328 tdb_key = ltdb_key_msg(module, msg);
329 if (tdb_key.dptr == NULL) {
330 return LDB_ERR_OTHER;
333 ret = ldb_pack_data(ldb_module_get_ctx(module),
336 talloc_free(tdb_key.dptr);
337 return LDB_ERR_OTHER;
340 tdb_data.dptr = ldb_data.data;
341 tdb_data.dsize = ldb_data.length;
343 ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
345 ret = ltdb_err_map(tdb_error(ltdb->tdb));
350 talloc_free(tdb_key.dptr);
351 talloc_free(ldb_data.data);
358 check if a attribute is a single valued, for a given element
360 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute *a,
361 struct ldb_message_element *el)
363 if (!a) return false;
365 if (el->flags & LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK) {
366 /* override from a ldb module, for example
367 used for the description field, which is
368 marked multi-valued in the schema but which
369 should not actually accept multiple
373 if (el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK) {
374 /* override from a ldb module, for example used for
375 deleted linked attribute entries */
379 if (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
385 static int ltdb_add_internal(struct ldb_module *module,
386 struct ltdb_private *ltdb,
387 const struct ldb_message *msg,
388 bool check_single_value)
390 struct ldb_context *ldb = ldb_module_get_ctx(module);
391 int ret = LDB_SUCCESS;
394 for (i=0;i<msg->num_elements;i++) {
395 struct ldb_message_element *el = &msg->elements[i];
396 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
398 if (el->num_values == 0) {
399 ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
400 el->name, ldb_dn_get_linearized(msg->dn));
401 return LDB_ERR_CONSTRAINT_VIOLATION;
403 if (check_single_value &&
404 el->num_values > 1 &&
405 ldb_tdb_single_valued(a, el)) {
406 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
407 el->name, ldb_dn_get_linearized(msg->dn));
408 return LDB_ERR_CONSTRAINT_VIOLATION;
411 /* Do not check "@ATTRIBUTES" for duplicated values */
412 if (ldb_dn_is_special(msg->dn) &&
413 ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
417 if (check_single_value &&
419 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
420 struct ldb_val *duplicate = NULL;
422 ret = ldb_msg_find_duplicate_val(ldb, discard_const(msg),
424 if (ret != LDB_SUCCESS) {
427 if (duplicate != NULL) {
428 ldb_asprintf_errstring(
430 "attribute '%s': value '%.*s' on '%s' "
431 "provided more than once in ADD object",
433 (int)duplicate->length,
435 ldb_dn_get_linearized(msg->dn));
436 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
441 ret = ltdb_store(module, msg, TDB_INSERT);
442 if (ret != LDB_SUCCESS) {
443 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
444 ldb_asprintf_errstring(ldb,
445 "Entry %s already exists",
446 ldb_dn_get_linearized(msg->dn));
451 ret = ltdb_index_add_new(module, ltdb, msg);
452 if (ret != LDB_SUCCESS) {
456 ret = ltdb_modified(module, msg->dn);
462 add a record to the database
464 static int ltdb_add(struct ltdb_context *ctx)
466 struct ldb_module *module = ctx->module;
467 struct ldb_request *req = ctx->req;
468 void *data = ldb_module_get_private(module);
469 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
470 int ret = LDB_SUCCESS;
472 ret = ltdb_check_special_dn(module, req->op.add.message);
473 if (ret != LDB_SUCCESS) {
477 ldb_request_set_state(req, LDB_ASYNC_PENDING);
479 if (ltdb_cache_load(module) != 0) {
480 return LDB_ERR_OPERATIONS_ERROR;
483 ret = ltdb_add_internal(module, ltdb,
484 req->op.add.message, true);
490 delete a record from the database, not updating indexes (used for deleting
493 int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
495 void *data = ldb_module_get_private(module);
496 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
500 if (ltdb->read_only) {
501 return LDB_ERR_UNWILLING_TO_PERFORM;
504 tdb_key = ltdb_key_dn(module, dn);
506 return LDB_ERR_OTHER;
509 ret = tdb_delete(ltdb->tdb, tdb_key);
510 talloc_free(tdb_key.dptr);
513 ret = ltdb_err_map(tdb_error(ltdb->tdb));
519 static int ltdb_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
521 struct ldb_message *msg;
522 int ret = LDB_SUCCESS;
524 msg = ldb_msg_new(module);
526 return LDB_ERR_OPERATIONS_ERROR;
529 /* in case any attribute of the message was indexed, we need
530 to fetch the old record */
531 ret = ltdb_search_dn1(module, dn, msg, LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
532 if (ret != LDB_SUCCESS) {
533 /* not finding the old record is an error */
537 ret = ltdb_delete_noindex(module, dn);
538 if (ret != LDB_SUCCESS) {
542 /* remove any indexed attributes */
543 ret = ltdb_index_delete(module, msg);
544 if (ret != LDB_SUCCESS) {
548 ret = ltdb_modified(module, dn);
549 if (ret != LDB_SUCCESS) {
559 delete a record from the database
561 static int ltdb_delete(struct ltdb_context *ctx)
563 struct ldb_module *module = ctx->module;
564 struct ldb_request *req = ctx->req;
565 int ret = LDB_SUCCESS;
567 ldb_request_set_state(req, LDB_ASYNC_PENDING);
569 if (ltdb_cache_load(module) != 0) {
570 return LDB_ERR_OPERATIONS_ERROR;
573 ret = ltdb_delete_internal(module, req->op.del.dn);
579 find an element by attribute name. At the moment this does a linear search,
580 it should be re-coded to use a binary search once all places that modify
581 records guarantee sorted order
583 return the index of the first matching element if found, otherwise -1
585 static int find_element(const struct ldb_message *msg, const char *name)
588 for (i=0;i<msg->num_elements;i++) {
589 if (ldb_attr_cmp(msg->elements[i].name, name) == 0) {
598 add an element to an existing record. Assumes a elements array that we
599 can call re-alloc on, and assumed that we can re-use the data pointers from
600 the passed in additional values. Use with care!
602 returns 0 on success, -1 on failure (and sets errno)
604 static int ltdb_msg_add_element(struct ldb_message *msg,
605 struct ldb_message_element *el)
607 struct ldb_message_element *e2;
610 if (el->num_values == 0) {
611 /* nothing to do here - we don't add empty elements */
615 e2 = talloc_realloc(msg, msg->elements, struct ldb_message_element,
616 msg->num_elements+1);
624 e2 = &msg->elements[msg->num_elements];
627 e2->flags = el->flags;
628 e2->values = talloc_array(msg->elements,
629 struct ldb_val, el->num_values);
634 for (i=0;i<el->num_values;i++) {
635 e2->values[i] = el->values[i];
637 e2->num_values = el->num_values;
645 delete all elements having a specified attribute name
647 static int msg_delete_attribute(struct ldb_module *module,
648 struct ltdb_private *ltdb,
649 struct ldb_message *msg, const char *name)
653 struct ldb_message_element *el;
654 bool is_special = ldb_dn_is_special(msg->dn);
657 && ltdb->cache->GUID_index_attribute != NULL
658 && ldb_attr_cmp(name, ltdb->cache->GUID_index_attribute) == 0) {
659 struct ldb_context *ldb = ldb_module_get_ctx(module);
660 ldb_asprintf_errstring(ldb, "Must not modify GUID "
661 "attribute %s (used as DB index)",
662 ltdb->cache->GUID_index_attribute);
663 return LDB_ERR_CONSTRAINT_VIOLATION;
666 el = ldb_msg_find_element(msg, name);
668 return LDB_ERR_NO_SUCH_ATTRIBUTE;
670 i = el - msg->elements;
672 ret = ltdb_index_del_element(module, ltdb, msg->dn, el);
673 if (ret != LDB_SUCCESS) {
677 talloc_free(el->values);
678 if (msg->num_elements > (i+1)) {
679 memmove(el, el+1, sizeof(*el) * (msg->num_elements - (i+1)));
682 msg->elements = talloc_realloc(msg, msg->elements,
683 struct ldb_message_element,
689 delete all elements matching an attribute name/value
691 return LDB Error on failure
693 static int msg_delete_element(struct ldb_module *module,
694 struct ltdb_private *ltdb,
695 struct ldb_message *msg,
697 const struct ldb_val *val)
699 struct ldb_context *ldb = ldb_module_get_ctx(module);
702 struct ldb_message_element *el;
703 const struct ldb_schema_attribute *a;
705 found = find_element(msg, name);
707 return LDB_ERR_NO_SUCH_ATTRIBUTE;
710 i = (unsigned int) found;
711 el = &(msg->elements[i]);
713 a = ldb_schema_attribute_by_name(ldb, el->name);
715 for (i=0;i<el->num_values;i++) {
717 if (a->syntax->operator_fn) {
718 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
719 &el->values[i], val, &matched);
720 if (ret != LDB_SUCCESS) return ret;
722 matched = (a->syntax->comparison_fn(ldb, ldb,
723 &el->values[i], val) == 0);
726 if (el->num_values == 1) {
727 return msg_delete_attribute(module,
731 ret = ltdb_index_del_value(module, ltdb, msg->dn, el, i);
732 if (ret != LDB_SUCCESS) {
736 if (i<el->num_values-1) {
737 memmove(&el->values[i], &el->values[i+1],
738 sizeof(el->values[i])*
739 (el->num_values-(i+1)));
743 /* per definition we find in a canonicalised message an
744 attribute value only once. So we are finished here */
750 return LDB_ERR_NO_SUCH_ATTRIBUTE;
755 modify a record - internal interface
757 yuck - this is O(n^2). Luckily n is usually small so we probably
758 get away with it, but if we ever have really large attribute lists
759 then we'll need to look at this again
761 'req' is optional, and is used to specify controls if supplied
763 int ltdb_modify_internal(struct ldb_module *module,
764 const struct ldb_message *msg,
765 struct ldb_request *req)
767 struct ldb_context *ldb = ldb_module_get_ctx(module);
768 void *data = ldb_module_get_private(module);
769 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
770 struct ldb_message *msg2;
772 int ret = LDB_SUCCESS, idx;
773 struct ldb_control *control_permissive = NULL;
774 TALLOC_CTX *mem_ctx = talloc_new(req);
776 if (mem_ctx == NULL) {
777 return ldb_module_oom(module);
781 control_permissive = ldb_request_get_control(req,
782 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
785 msg2 = ldb_msg_new(mem_ctx);
791 ret = ltdb_search_dn1(module, msg->dn,
793 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
794 if (ret != LDB_SUCCESS) {
798 for (i=0; i<msg->num_elements; i++) {
799 struct ldb_message_element *el = &msg->elements[i], *el2;
800 struct ldb_val *vals;
801 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
803 uint32_t options = 0;
804 if (control_permissive != NULL) {
805 options |= LDB_MSG_FIND_COMMON_REMOVE_DUPLICATES;
808 switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
809 case LDB_FLAG_MOD_ADD:
811 if (el->num_values == 0) {
812 ldb_asprintf_errstring(ldb,
813 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
814 el->name, ldb_dn_get_linearized(msg2->dn));
815 ret = LDB_ERR_CONSTRAINT_VIOLATION;
819 /* make a copy of the array so that a permissive
820 * control can remove duplicates without changing the
821 * original values, but do not copy data as we do not
822 * need to keep it around once the operation is
824 if (control_permissive) {
825 el = talloc(msg2, struct ldb_message_element);
830 *el = msg->elements[i];
831 el->values = talloc_array(el, struct ldb_val, el->num_values);
832 if (el->values == NULL) {
836 for (j = 0; j < el->num_values; j++) {
837 el->values[j] = msg->elements[i].values[j];
841 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
842 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
843 el->name, ldb_dn_get_linearized(msg2->dn));
844 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
848 /* Checks if element already exists */
849 idx = find_element(msg2, el->name);
851 if (ltdb_msg_add_element(msg2, el) != 0) {
855 ret = ltdb_index_add_element(module, ltdb,
858 if (ret != LDB_SUCCESS) {
862 j = (unsigned int) idx;
863 el2 = &(msg2->elements[j]);
865 /* We cannot add another value on a existing one
866 if the attribute is single-valued */
867 if (ldb_tdb_single_valued(a, el)) {
868 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
869 el->name, ldb_dn_get_linearized(msg2->dn));
870 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
874 /* Check that values don't exist yet on multi-
875 valued attributes or aren't provided twice */
877 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
878 struct ldb_val *duplicate = NULL;
879 ret = ldb_msg_find_common_values(ldb,
886 LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
887 ldb_asprintf_errstring(ldb,
888 "attribute '%s': value "
889 "#%u on '%s' already "
890 "exists", el->name, j,
891 ldb_dn_get_linearized(msg2->dn));
893 } else if (ret != LDB_SUCCESS) {
897 ret = ldb_msg_find_duplicate_val(
898 ldb, msg2, el, &duplicate, 0);
899 if (ret != LDB_SUCCESS) {
902 if (duplicate != NULL) {
903 ldb_asprintf_errstring(
905 "attribute '%s': value "
907 "provided more than "
910 (int)duplicate->length,
912 ldb_dn_get_linearized(msg->dn));
913 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
918 /* Now combine existing and new values to a new
920 vals = talloc_realloc(msg2->elements,
921 el2->values, struct ldb_val,
922 el2->num_values + el->num_values);
929 for (j=0; j<el->num_values; j++) {
930 vals[el2->num_values + j] =
931 ldb_val_dup(vals, &el->values[j]);
935 el2->num_values += el->num_values;
937 ret = ltdb_index_add_element(module, ltdb,
939 if (ret != LDB_SUCCESS) {
946 case LDB_FLAG_MOD_REPLACE:
948 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
949 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
950 el->name, ldb_dn_get_linearized(msg2->dn));
951 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
956 * We don't need to check this if we have been
957 * pre-screened by the repl_meta_data module
958 * in Samba, or someone else who can claim to
959 * know what they are doing.
961 if (!(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
962 struct ldb_val *duplicate = NULL;
964 ret = ldb_msg_find_duplicate_val(ldb, msg2, el,
966 if (ret != LDB_SUCCESS) {
969 if (duplicate != NULL) {
970 ldb_asprintf_errstring(
972 "attribute '%s': value '%.*s' "
973 "on '%s' provided more than "
976 (int)duplicate->length,
978 ldb_dn_get_linearized(msg2->dn));
979 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
984 /* Checks if element already exists */
985 idx = find_element(msg2, el->name);
987 j = (unsigned int) idx;
988 el2 = &(msg2->elements[j]);
990 /* we consider two elements to be
991 * equal only if the order
992 * matches. This allows dbcheck to
993 * fix the ordering on attributes
994 * where order matters, such as
997 if (ldb_msg_element_equal_ordered(el, el2)) {
1001 /* Delete the attribute if it exists in the DB */
1002 if (msg_delete_attribute(module, ltdb,
1005 ret = LDB_ERR_OTHER;
1010 /* Recreate it with the new values */
1011 if (ltdb_msg_add_element(msg2, el) != 0) {
1012 ret = LDB_ERR_OTHER;
1016 ret = ltdb_index_add_element(module, ltdb,
1018 if (ret != LDB_SUCCESS) {
1024 case LDB_FLAG_MOD_DELETE:
1025 dn = ldb_dn_get_linearized(msg2->dn);
1027 ret = LDB_ERR_OTHER;
1031 if (msg->elements[i].num_values == 0) {
1032 /* Delete the whole attribute */
1033 ret = msg_delete_attribute(module,
1036 msg->elements[i].name);
1037 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
1038 control_permissive) {
1041 ldb_asprintf_errstring(ldb,
1042 "attribute '%s': no such attribute for delete on '%s'",
1043 msg->elements[i].name, dn);
1045 if (ret != LDB_SUCCESS) {
1049 /* Delete specified values from an attribute */
1050 for (j=0; j < msg->elements[i].num_values; j++) {
1051 ret = msg_delete_element(module,
1054 msg->elements[i].name,
1055 &msg->elements[i].values[j]);
1056 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
1057 control_permissive) {
1059 } else if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
1060 ldb_asprintf_errstring(ldb,
1061 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
1062 msg->elements[i].name, dn);
1064 if (ret != LDB_SUCCESS) {
1071 ldb_asprintf_errstring(ldb,
1072 "attribute '%s': invalid modify flags on '%s': 0x%x",
1073 msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
1074 msg->elements[i].flags & LDB_FLAG_MOD_MASK);
1075 ret = LDB_ERR_PROTOCOL_ERROR;
1080 ret = ltdb_store(module, msg2, TDB_MODIFY);
1081 if (ret != LDB_SUCCESS) {
1085 ret = ltdb_modified(module, msg2->dn);
1086 if (ret != LDB_SUCCESS) {
1091 TALLOC_FREE(mem_ctx);
1098 static int ltdb_modify(struct ltdb_context *ctx)
1100 struct ldb_module *module = ctx->module;
1101 struct ldb_request *req = ctx->req;
1102 int ret = LDB_SUCCESS;
1104 ret = ltdb_check_special_dn(module, req->op.mod.message);
1105 if (ret != LDB_SUCCESS) {
1109 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1111 if (ltdb_cache_load(module) != 0) {
1112 return LDB_ERR_OPERATIONS_ERROR;
1115 ret = ltdb_modify_internal(module, req->op.mod.message, req);
1123 static int ltdb_rename(struct ltdb_context *ctx)
1125 struct ldb_module *module = ctx->module;
1126 void *data = ldb_module_get_private(module);
1127 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1128 struct ldb_request *req = ctx->req;
1129 struct ldb_message *msg;
1130 int ret = LDB_SUCCESS;
1131 TDB_DATA tdb_key, tdb_key_old;
1133 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1135 if (ltdb_cache_load(ctx->module) != 0) {
1136 return LDB_ERR_OPERATIONS_ERROR;
1139 msg = ldb_msg_new(ctx);
1141 return LDB_ERR_OPERATIONS_ERROR;
1144 /* we need to fetch the old record to re-add under the new name */
1145 ret = ltdb_search_dn1(module, req->op.rename.olddn, msg,
1146 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
1147 if (ret != LDB_SUCCESS) {
1148 /* not finding the old record is an error */
1152 /* We need to, before changing the DB, check if the new DN
1153 * exists, so we can return this error to the caller with an
1155 tdb_key = ltdb_key_dn(module, req->op.rename.newdn);
1156 if (!tdb_key.dptr) {
1158 return LDB_ERR_OPERATIONS_ERROR;
1161 tdb_key_old = ltdb_key_dn(module, req->op.rename.olddn);
1162 if (!tdb_key_old.dptr) {
1164 talloc_free(tdb_key.dptr);
1165 return LDB_ERR_OPERATIONS_ERROR;
1168 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1169 if (tdb_key_old.dsize != tdb_key.dsize || memcmp(tdb_key.dptr, tdb_key_old.dptr, tdb_key.dsize) != 0) {
1170 if (tdb_exists(ltdb->tdb, tdb_key)) {
1171 talloc_free(tdb_key_old.dptr);
1172 talloc_free(tdb_key.dptr);
1173 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1174 "Entry %s already exists",
1175 ldb_dn_get_linearized(req->op.rename.newdn));
1176 /* finding the new record already in the DB is an error */
1178 return LDB_ERR_ENTRY_ALREADY_EXISTS;
1181 talloc_free(tdb_key_old.dptr);
1182 talloc_free(tdb_key.dptr);
1184 /* Always delete first then add, to avoid conflicts with
1185 * unique indexes. We rely on the transaction to make this
1188 ret = ltdb_delete_internal(module, msg->dn);
1189 if (ret != LDB_SUCCESS) {
1194 msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
1195 if (msg->dn == NULL) {
1197 return LDB_ERR_OPERATIONS_ERROR;
1200 /* We don't check single value as we can have more than 1 with
1201 * deleted attributes. We could go through all elements but that's
1202 * maybe not the most efficient way
1204 ret = ltdb_add_internal(module, ltdb, msg, false);
1211 static int ltdb_start_trans(struct ldb_module *module)
1213 void *data = ldb_module_get_private(module);
1214 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1216 /* Do not take out the transaction lock on a read-only DB */
1217 if (ltdb->read_only) {
1218 return LDB_ERR_UNWILLING_TO_PERFORM;
1221 if (tdb_transaction_start(ltdb->tdb) != 0) {
1222 return ltdb_err_map(tdb_error(ltdb->tdb));
1225 ltdb->in_transaction++;
1227 ltdb_index_transaction_start(module);
1232 static int ltdb_prepare_commit(struct ldb_module *module)
1235 void *data = ldb_module_get_private(module);
1236 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1238 if (ltdb->in_transaction != 1) {
1242 ret = ltdb_index_transaction_commit(module);
1243 if (ret != LDB_SUCCESS) {
1244 tdb_transaction_cancel(ltdb->tdb);
1245 ltdb->in_transaction--;
1249 if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
1250 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1251 ltdb->in_transaction--;
1252 ldb_debug_set(ldb_module_get_ctx(module),
1255 "tdb_transaction_prepare_commit(): %s -> %s",
1256 tdb_errorstr(ltdb->tdb),
1261 ltdb->prepared_commit = true;
1266 static int ltdb_end_trans(struct ldb_module *module)
1269 void *data = ldb_module_get_private(module);
1270 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1272 if (!ltdb->prepared_commit) {
1273 ret = ltdb_prepare_commit(module);
1274 if (ret != LDB_SUCCESS) {
1279 ltdb->in_transaction--;
1280 ltdb->prepared_commit = false;
1282 if (tdb_transaction_commit(ltdb->tdb) != 0) {
1283 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1284 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1285 "Failure during tdb_transaction_commit(): %s -> %s",
1286 tdb_errorstr(ltdb->tdb),
1294 static int ltdb_del_trans(struct ldb_module *module)
1296 void *data = ldb_module_get_private(module);
1297 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1299 ltdb->in_transaction--;
1301 if (ltdb_index_transaction_cancel(module) != 0) {
1302 tdb_transaction_cancel(ltdb->tdb);
1303 return ltdb_err_map(tdb_error(ltdb->tdb));
1306 tdb_transaction_cancel(ltdb->tdb);
1311 return sequenceNumber from @BASEINFO
1313 static int ltdb_sequence_number(struct ltdb_context *ctx,
1314 struct ldb_extended **ext)
1316 struct ldb_context *ldb;
1317 struct ldb_module *module = ctx->module;
1318 struct ldb_request *req = ctx->req;
1319 TALLOC_CTX *tmp_ctx = NULL;
1320 struct ldb_seqnum_request *seq;
1321 struct ldb_seqnum_result *res;
1322 struct ldb_message *msg = NULL;
1325 int ret = LDB_SUCCESS;
1327 ldb = ldb_module_get_ctx(module);
1329 seq = talloc_get_type(req->op.extended.data,
1330 struct ldb_seqnum_request);
1332 return LDB_ERR_OPERATIONS_ERROR;
1335 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1337 if (ltdb_lock_read(module) != 0) {
1338 return LDB_ERR_OPERATIONS_ERROR;
1341 res = talloc_zero(req, struct ldb_seqnum_result);
1343 ret = LDB_ERR_OPERATIONS_ERROR;
1347 tmp_ctx = talloc_new(req);
1348 if (tmp_ctx == NULL) {
1349 ret = LDB_ERR_OPERATIONS_ERROR;
1353 dn = ldb_dn_new(tmp_ctx, ldb, LTDB_BASEINFO);
1355 ret = LDB_ERR_OPERATIONS_ERROR;
1359 msg = ldb_msg_new(tmp_ctx);
1361 ret = LDB_ERR_OPERATIONS_ERROR;
1365 ret = ltdb_search_dn1(module, dn, msg, 0);
1366 if (ret != LDB_SUCCESS) {
1370 switch (seq->type) {
1371 case LDB_SEQ_HIGHEST_SEQ:
1372 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1375 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1378 case LDB_SEQ_HIGHEST_TIMESTAMP:
1379 date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL);
1381 res->seq_num = ldb_string_to_time(date);
1384 /* zero is as good as anything when we don't know */
1389 *ext = talloc_zero(req, struct ldb_extended);
1391 ret = LDB_ERR_OPERATIONS_ERROR;
1394 (*ext)->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
1395 (*ext)->data = talloc_steal(*ext, res);
1398 talloc_free(tmp_ctx);
1399 ltdb_unlock_read(module);
1403 static void ltdb_request_done(struct ltdb_context *ctx, int error)
1405 struct ldb_context *ldb;
1406 struct ldb_request *req;
1407 struct ldb_reply *ares;
1409 ldb = ldb_module_get_ctx(ctx->module);
1412 /* if we already returned an error just return */
1413 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1417 ares = talloc_zero(req, struct ldb_reply);
1420 req->callback(req, NULL);
1423 ares->type = LDB_REPLY_DONE;
1424 ares->error = error;
1426 req->callback(req, ares);
1429 static void ltdb_timeout(struct tevent_context *ev,
1430 struct tevent_timer *te,
1434 struct ltdb_context *ctx;
1435 ctx = talloc_get_type(private_data, struct ltdb_context);
1437 if (!ctx->request_terminated) {
1438 /* request is done now */
1439 ltdb_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED);
1443 /* neutralize the spy */
1444 ctx->spy->ctx = NULL;
1450 static void ltdb_request_extended_done(struct ltdb_context *ctx,
1451 struct ldb_extended *ext,
1454 struct ldb_context *ldb;
1455 struct ldb_request *req;
1456 struct ldb_reply *ares;
1458 ldb = ldb_module_get_ctx(ctx->module);
1461 /* if we already returned an error just return */
1462 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1466 ares = talloc_zero(req, struct ldb_reply);
1469 req->callback(req, NULL);
1472 ares->type = LDB_REPLY_DONE;
1473 ares->response = ext;
1474 ares->error = error;
1476 req->callback(req, ares);
1479 static void ltdb_handle_extended(struct ltdb_context *ctx)
1481 struct ldb_extended *ext = NULL;
1484 if (strcmp(ctx->req->op.extended.oid,
1485 LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
1486 /* get sequence number */
1487 ret = ltdb_sequence_number(ctx, &ext);
1489 /* not recognized */
1490 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1493 ltdb_request_extended_done(ctx, ext, ret);
1496 static void ltdb_callback(struct tevent_context *ev,
1497 struct tevent_timer *te,
1501 struct ltdb_context *ctx;
1504 ctx = talloc_get_type(private_data, struct ltdb_context);
1506 if (ctx->request_terminated) {
1510 switch (ctx->req->operation) {
1512 ret = ltdb_search(ctx);
1515 ret = ltdb_add(ctx);
1518 ret = ltdb_modify(ctx);
1521 ret = ltdb_delete(ctx);
1524 ret = ltdb_rename(ctx);
1527 ltdb_handle_extended(ctx);
1530 /* no other op supported */
1531 ret = LDB_ERR_PROTOCOL_ERROR;
1534 if (!ctx->request_terminated) {
1535 /* request is done now */
1536 ltdb_request_done(ctx, ret);
1541 /* neutralize the spy */
1542 ctx->spy->ctx = NULL;
1548 static int ltdb_request_destructor(void *ptr)
1550 struct ltdb_req_spy *spy = talloc_get_type(ptr, struct ltdb_req_spy);
1552 if (spy->ctx != NULL) {
1553 spy->ctx->spy = NULL;
1554 spy->ctx->request_terminated = true;
1561 static int ltdb_handle_request(struct ldb_module *module,
1562 struct ldb_request *req)
1564 struct ldb_control *control_permissive;
1565 struct ldb_context *ldb;
1566 struct tevent_context *ev;
1567 struct ltdb_context *ac;
1568 struct tevent_timer *te;
1572 ldb = ldb_module_get_ctx(module);
1574 control_permissive = ldb_request_get_control(req,
1575 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1577 for (i = 0; req->controls && req->controls[i]; i++) {
1578 if (req->controls[i]->critical &&
1579 req->controls[i] != control_permissive) {
1580 ldb_asprintf_errstring(ldb, "Unsupported critical extension %s",
1581 req->controls[i]->oid);
1582 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1586 if (req->starttime == 0 || req->timeout == 0) {
1587 ldb_set_errstring(ldb, "Invalid timeout settings");
1588 return LDB_ERR_TIME_LIMIT_EXCEEDED;
1591 ev = ldb_handle_get_event_context(req->handle);
1593 ac = talloc_zero(ldb, struct ltdb_context);
1596 return LDB_ERR_OPERATIONS_ERROR;
1599 ac->module = module;
1604 te = tevent_add_timer(ev, ac, tv, ltdb_callback, ac);
1607 return LDB_ERR_OPERATIONS_ERROR;
1610 if (req->timeout > 0) {
1611 tv.tv_sec = req->starttime + req->timeout;
1613 ac->timeout_event = tevent_add_timer(ev, ac, tv,
1615 if (NULL == ac->timeout_event) {
1617 return LDB_ERR_OPERATIONS_ERROR;
1621 /* set a spy so that we do not try to use the request context
1622 * if it is freed before ltdb_callback fires */
1623 ac->spy = talloc(req, struct ltdb_req_spy);
1624 if (NULL == ac->spy) {
1626 return LDB_ERR_OPERATIONS_ERROR;
1630 talloc_set_destructor((TALLOC_CTX *)ac->spy, ltdb_request_destructor);
1635 static int ltdb_init_rootdse(struct ldb_module *module)
1637 /* ignore errors on this - we expect it for non-sam databases */
1638 ldb_mod_register_control(module, LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1640 /* there can be no module beyond the backend, just return */
1644 static const struct ldb_module_ops ltdb_ops = {
1646 .init_context = ltdb_init_rootdse,
1647 .search = ltdb_handle_request,
1648 .add = ltdb_handle_request,
1649 .modify = ltdb_handle_request,
1650 .del = ltdb_handle_request,
1651 .rename = ltdb_handle_request,
1652 .extended = ltdb_handle_request,
1653 .start_transaction = ltdb_start_trans,
1654 .end_transaction = ltdb_end_trans,
1655 .prepare_commit = ltdb_prepare_commit,
1656 .del_transaction = ltdb_del_trans,
1657 .read_lock = ltdb_lock_read,
1658 .read_unlock = ltdb_unlock_read,
1662 connect to the database
1664 static int ltdb_connect(struct ldb_context *ldb, const char *url,
1665 unsigned int flags, const char *options[],
1666 struct ldb_module **_module)
1668 struct ldb_module *module;
1670 int tdb_flags, open_flags;
1671 struct ltdb_private *ltdb;
1674 * We hold locks, so we must use a private event context
1675 * on each returned handle
1678 ldb_set_require_private_event_context(ldb);
1681 if (strchr(url, ':')) {
1682 if (strncmp(url, "tdb://", 6) != 0) {
1683 ldb_debug(ldb, LDB_DEBUG_ERROR,
1684 "Invalid tdb URL '%s'", url);
1685 return LDB_ERR_OPERATIONS_ERROR;
1692 tdb_flags = TDB_DEFAULT | TDB_SEQNUM;
1694 /* check for the 'nosync' option */
1695 if (flags & LDB_FLG_NOSYNC) {
1696 tdb_flags |= TDB_NOSYNC;
1699 /* and nommap option */
1700 if (flags & LDB_FLG_NOMMAP) {
1701 tdb_flags |= TDB_NOMMAP;
1704 ltdb = talloc_zero(ldb, struct ltdb_private);
1707 return LDB_ERR_OPERATIONS_ERROR;
1710 if (flags & LDB_FLG_RDONLY) {
1712 * This is weird, but because we can only have one tdb
1713 * in this process, and the other one could be
1714 * read-write, we can't use the tdb readonly. Plus a
1715 * read only tdb prohibits the all-record lock.
1717 open_flags = O_RDWR;
1719 ltdb->read_only = true;
1721 } else if (flags & LDB_FLG_DONT_CREATE_DB) {
1723 * This is used by ldbsearch to prevent creation of the database
1724 * if the name is wrong
1726 open_flags = O_RDWR;
1729 * This is the normal case
1731 open_flags = O_CREAT | O_RDWR;
1734 /* note that we use quite a large default hash size */
1735 ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
1736 tdb_flags, open_flags,
1737 ldb_get_create_perms(ldb), ldb);
1739 ldb_asprintf_errstring(ldb,
1740 "Unable to open tdb '%s': %s", path, strerror(errno));
1741 ldb_debug(ldb, LDB_DEBUG_ERROR,
1742 "Unable to open tdb '%s': %s", path, strerror(errno));
1744 if (errno == EACCES || errno == EPERM) {
1745 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
1747 return LDB_ERR_OPERATIONS_ERROR;
1750 if (getenv("LDB_WARN_UNINDEXED")) {
1751 ltdb->warn_unindexed = true;
1754 if (getenv("LDB_WARN_REINDEX")) {
1755 ltdb->warn_reindex = true;
1758 ltdb->sequence_number = 0;
1760 module = ldb_module_new(ldb, ldb, "ldb_tdb backend", <db_ops);
1764 return LDB_ERR_OPERATIONS_ERROR;
1766 ldb_module_set_private(module, ltdb);
1767 talloc_steal(module, ltdb);
1769 if (ltdb_cache_load(module) != 0) {
1770 ldb_asprintf_errstring(ldb,
1771 "Unable to load ltdb cache records of tdb '%s'", path);
1772 talloc_free(module);
1773 return LDB_ERR_OPERATIONS_ERROR;
1780 int ldb_tdb_init(const char *version)
1782 LDB_MODULE_CHECK_VERSION(version);
1783 return ldb_register_backend("tdb", ltdb_connect, false);