4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include "ldb_private.h"
57 prevent memory errors on callbacks
60 struct ltdb_context *ctx;
64 map a tdb error code to a ldb error code
66 int ltdb_err_map(enum TDB_ERROR tdb_code)
74 return LDB_ERR_OPERATIONS_ERROR;
76 return LDB_ERR_PROTOCOL_ERROR;
80 case TDB_ERR_LOCK_TIMEOUT:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED;
83 return LDB_ERR_ENTRY_ALREADY_EXISTS;
85 return LDB_ERR_NO_SUCH_OBJECT;
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
97 int ltdb_lock_read(struct ldb_module *module)
99 void *data = ldb_module_get_private(module);
100 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
103 if (ltdb->in_transaction == 0 &&
104 ltdb->read_lock_count == 0) {
105 ret = tdb_lockall_read(ltdb->tdb);
108 ltdb->read_lock_count++;
114 unlock the database after a ltdb_lock_read()
116 int ltdb_unlock_read(struct ldb_module *module)
118 void *data = ldb_module_get_private(module);
119 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
120 if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
121 tdb_unlockall_read(ltdb->tdb);
124 ltdb->read_lock_count--;
130 form a TDB_DATA for a record key
133 note that the key for a record can depend on whether the
134 dn refers to a case sensitive index record or not
136 TDB_DATA ltdb_key(struct ldb_module *module, struct ldb_dn *dn)
138 struct ldb_context *ldb = ldb_module_get_ctx(module);
140 char *key_str = NULL;
141 const char *dn_folded = NULL;
144 most DNs are case insensitive. The exception is index DNs for
145 case sensitive attributes
147 there are 3 cases dealt with in this code:
149 1) if the dn doesn't start with @ then uppercase the attribute
150 names and the attributes values of case insensitive attributes
151 2) if the dn starts with @ then leave it alone -
152 the indexing code handles the rest
155 dn_folded = ldb_dn_get_casefold(dn);
160 key_str = talloc_strdup(ldb, "DN=");
165 key_str = talloc_strdup_append_buffer(key_str, dn_folded);
170 key.dptr = (uint8_t *)key_str;
171 key.dsize = strlen(key_str) + 1;
183 check special dn's have valid attributes
184 currently only @ATTRIBUTES is checked
186 static int ltdb_check_special_dn(struct ldb_module *module,
187 const struct ldb_message *msg)
189 struct ldb_context *ldb = ldb_module_get_ctx(module);
192 if (! ldb_dn_is_special(msg->dn) ||
193 ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
197 /* we have @ATTRIBUTES, let's check attributes are fine */
198 /* should we check that we deny multivalued attributes ? */
199 for (i = 0; i < msg->num_elements; i++) {
200 if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) continue;
202 for (j = 0; j < msg->elements[i].num_values; j++) {
203 if (ltdb_check_at_attributes_values(&msg->elements[i].values[j]) != 0) {
204 ldb_set_errstring(ldb, "Invalid attribute value in an @ATTRIBUTES entry");
205 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
215 we've made a modification to a dn - possibly reindex and
216 update sequence number
218 static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
220 int ret = LDB_SUCCESS;
221 struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
223 /* only allow modifies inside a transaction, otherwise the
225 if (ltdb->in_transaction == 0) {
226 ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
227 return LDB_ERR_OPERATIONS_ERROR;
230 if (ldb_dn_is_special(dn) &&
231 (ldb_dn_check_special(dn, LTDB_INDEXLIST) ||
232 ldb_dn_check_special(dn, LTDB_ATTRIBUTES)) )
234 if (ltdb->warn_reindex) {
235 ldb_debug(ldb_module_get_ctx(module),
236 LDB_DEBUG_ERROR, "Reindexing %s due to modification on %s",
237 tdb_name(ltdb->tdb), ldb_dn_get_linearized(dn));
239 ret = ltdb_reindex(module);
242 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
243 if (ret == LDB_SUCCESS &&
244 !(ldb_dn_is_special(dn) &&
245 ldb_dn_check_special(dn, LTDB_BASEINFO)) ) {
246 ret = ltdb_increase_sequence_number(module);
249 /* If the modify was to @OPTIONS, reload the cache */
250 if (ret == LDB_SUCCESS &&
251 ldb_dn_is_special(dn) &&
252 (ldb_dn_check_special(dn, LTDB_OPTIONS)) ) {
253 ret = ltdb_cache_reload(module);
260 store a record into the db
262 int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
264 void *data = ldb_module_get_private(module);
265 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
266 TDB_DATA tdb_key, tdb_data;
267 struct ldb_val ldb_data;
268 int ret = LDB_SUCCESS;
270 tdb_key = ltdb_key(module, msg->dn);
271 if (tdb_key.dptr == NULL) {
272 return LDB_ERR_OTHER;
275 ret = ldb_pack_data(ldb_module_get_ctx(module),
278 talloc_free(tdb_key.dptr);
279 return LDB_ERR_OTHER;
282 tdb_data.dptr = ldb_data.data;
283 tdb_data.dsize = ldb_data.length;
285 ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
287 ret = ltdb_err_map(tdb_error(ltdb->tdb));
292 talloc_free(tdb_key.dptr);
293 talloc_free(ldb_data.data);
300 check if a attribute is a single valued, for a given element
302 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute *a,
303 struct ldb_message_element *el)
305 if (!a) return false;
307 if (el->flags & LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK) {
308 /* override from a ldb module, for example
309 used for the description field, which is
310 marked multi-valued in the schema but which
311 should not actually accept multiple
315 if (el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK) {
316 /* override from a ldb module, for example used for
317 deleted linked attribute entries */
321 if (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
327 static int ltdb_add_internal(struct ldb_module *module,
328 const struct ldb_message *msg,
329 bool check_single_value)
331 struct ldb_context *ldb = ldb_module_get_ctx(module);
332 int ret = LDB_SUCCESS;
335 for (i=0;i<msg->num_elements;i++) {
336 struct ldb_message_element *el = &msg->elements[i];
337 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
339 if (el->num_values == 0) {
340 ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
341 el->name, ldb_dn_get_linearized(msg->dn));
342 return LDB_ERR_CONSTRAINT_VIOLATION;
344 if (check_single_value &&
345 el->num_values > 1 &&
346 ldb_tdb_single_valued(a, el)) {
347 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
348 el->name, ldb_dn_get_linearized(msg->dn));
349 return LDB_ERR_CONSTRAINT_VIOLATION;
352 /* Do not check "@ATTRIBUTES" for duplicated values */
353 if (ldb_dn_is_special(msg->dn) &&
354 ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
358 if (check_single_value) {
359 struct ldb_val *duplicate = NULL;
361 ret = ldb_msg_find_duplicate_val(ldb, discard_const(msg),
363 if (ret != LDB_SUCCESS) {
366 if (duplicate != NULL) {
367 ldb_asprintf_errstring(
369 "attribute '%s': value '%.*s' on '%s' "
370 "provided more than once in ADD object",
372 (int)duplicate->length,
374 ldb_dn_get_linearized(msg->dn));
375 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
380 ret = ltdb_store(module, msg, TDB_INSERT);
381 if (ret != LDB_SUCCESS) {
382 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
383 ldb_asprintf_errstring(ldb,
384 "Entry %s already exists",
385 ldb_dn_get_linearized(msg->dn));
390 ret = ltdb_index_add_new(module, msg);
391 if (ret != LDB_SUCCESS) {
395 ret = ltdb_modified(module, msg->dn);
401 add a record to the database
403 static int ltdb_add(struct ltdb_context *ctx)
405 struct ldb_module *module = ctx->module;
406 struct ldb_request *req = ctx->req;
407 int ret = LDB_SUCCESS;
409 ret = ltdb_check_special_dn(module, req->op.add.message);
410 if (ret != LDB_SUCCESS) {
414 ldb_request_set_state(req, LDB_ASYNC_PENDING);
416 if (ltdb_cache_load(module) != 0) {
417 return LDB_ERR_OPERATIONS_ERROR;
420 ret = ltdb_add_internal(module, req->op.add.message, true);
426 delete a record from the database, not updating indexes (used for deleting
429 int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
431 void *data = ldb_module_get_private(module);
432 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
436 tdb_key = ltdb_key(module, dn);
438 return LDB_ERR_OTHER;
441 ret = tdb_delete(ltdb->tdb, tdb_key);
442 talloc_free(tdb_key.dptr);
445 ret = ltdb_err_map(tdb_error(ltdb->tdb));
451 static int ltdb_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
453 struct ldb_message *msg;
454 int ret = LDB_SUCCESS;
456 msg = ldb_msg_new(module);
458 return LDB_ERR_OPERATIONS_ERROR;
461 /* in case any attribute of the message was indexed, we need
462 to fetch the old record */
463 ret = ltdb_search_dn1(module, dn, msg, LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
464 if (ret != LDB_SUCCESS) {
465 /* not finding the old record is an error */
469 ret = ltdb_delete_noindex(module, dn);
470 if (ret != LDB_SUCCESS) {
474 /* remove any indexed attributes */
475 ret = ltdb_index_delete(module, msg);
476 if (ret != LDB_SUCCESS) {
480 ret = ltdb_modified(module, dn);
481 if (ret != LDB_SUCCESS) {
491 delete a record from the database
493 static int ltdb_delete(struct ltdb_context *ctx)
495 struct ldb_module *module = ctx->module;
496 struct ldb_request *req = ctx->req;
497 int ret = LDB_SUCCESS;
499 ldb_request_set_state(req, LDB_ASYNC_PENDING);
501 if (ltdb_cache_load(module) != 0) {
502 return LDB_ERR_OPERATIONS_ERROR;
505 ret = ltdb_delete_internal(module, req->op.del.dn);
511 find an element by attribute name. At the moment this does a linear search,
512 it should be re-coded to use a binary search once all places that modify
513 records guarantee sorted order
515 return the index of the first matching element if found, otherwise -1
517 static int find_element(const struct ldb_message *msg, const char *name)
520 for (i=0;i<msg->num_elements;i++) {
521 if (ldb_attr_cmp(msg->elements[i].name, name) == 0) {
530 add an element to an existing record. Assumes a elements array that we
531 can call re-alloc on, and assumed that we can re-use the data pointers from
532 the passed in additional values. Use with care!
534 returns 0 on success, -1 on failure (and sets errno)
536 static int ltdb_msg_add_element(struct ldb_message *msg,
537 struct ldb_message_element *el)
539 struct ldb_message_element *e2;
542 if (el->num_values == 0) {
543 /* nothing to do here - we don't add empty elements */
547 e2 = talloc_realloc(msg, msg->elements, struct ldb_message_element,
548 msg->num_elements+1);
556 e2 = &msg->elements[msg->num_elements];
559 e2->flags = el->flags;
560 e2->values = talloc_array(msg->elements,
561 struct ldb_val, el->num_values);
566 for (i=0;i<el->num_values;i++) {
567 e2->values[i] = el->values[i];
569 e2->num_values = el->num_values;
577 delete all elements having a specified attribute name
579 static int msg_delete_attribute(struct ldb_module *module,
580 struct ldb_message *msg, const char *name)
584 struct ldb_message_element *el;
586 el = ldb_msg_find_element(msg, name);
588 return LDB_ERR_NO_SUCH_ATTRIBUTE;
590 i = el - msg->elements;
592 ret = ltdb_index_del_element(module, msg->dn, el);
593 if (ret != LDB_SUCCESS) {
597 talloc_free(el->values);
598 if (msg->num_elements > (i+1)) {
599 memmove(el, el+1, sizeof(*el) * (msg->num_elements - (i+1)));
602 msg->elements = talloc_realloc(msg, msg->elements,
603 struct ldb_message_element,
609 delete all elements matching an attribute name/value
611 return LDB Error on failure
613 static int msg_delete_element(struct ldb_module *module,
614 struct ldb_message *msg,
616 const struct ldb_val *val)
618 struct ldb_context *ldb = ldb_module_get_ctx(module);
621 struct ldb_message_element *el;
622 const struct ldb_schema_attribute *a;
624 found = find_element(msg, name);
626 return LDB_ERR_NO_SUCH_ATTRIBUTE;
629 i = (unsigned int) found;
630 el = &(msg->elements[i]);
632 a = ldb_schema_attribute_by_name(ldb, el->name);
634 for (i=0;i<el->num_values;i++) {
636 if (a->syntax->operator_fn) {
637 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
638 &el->values[i], val, &matched);
639 if (ret != LDB_SUCCESS) return ret;
641 matched = (a->syntax->comparison_fn(ldb, ldb,
642 &el->values[i], val) == 0);
645 if (el->num_values == 1) {
646 return msg_delete_attribute(module, msg, name);
649 ret = ltdb_index_del_value(module, msg->dn, el, i);
650 if (ret != LDB_SUCCESS) {
654 if (i<el->num_values-1) {
655 memmove(&el->values[i], &el->values[i+1],
656 sizeof(el->values[i])*
657 (el->num_values-(i+1)));
661 /* per definition we find in a canonicalised message an
662 attribute value only once. So we are finished here */
668 return LDB_ERR_NO_SUCH_ATTRIBUTE;
673 modify a record - internal interface
675 yuck - this is O(n^2). Luckily n is usually small so we probably
676 get away with it, but if we ever have really large attribute lists
677 then we'll need to look at this again
679 'req' is optional, and is used to specify controls if supplied
681 int ltdb_modify_internal(struct ldb_module *module,
682 const struct ldb_message *msg,
683 struct ldb_request *req)
685 struct ldb_context *ldb = ldb_module_get_ctx(module);
686 void *data = ldb_module_get_private(module);
687 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
688 TDB_DATA tdb_key, tdb_data;
689 struct ldb_val ldb_data;
690 struct ldb_message *msg2;
692 int ret = LDB_SUCCESS, idx;
693 struct ldb_control *control_permissive = NULL;
696 control_permissive = ldb_request_get_control(req,
697 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
700 tdb_key = ltdb_key(module, msg->dn);
702 return LDB_ERR_OTHER;
705 tdb_data = tdb_fetch(ltdb->tdb, tdb_key);
706 if (!tdb_data.dptr) {
707 talloc_free(tdb_key.dptr);
708 return ltdb_err_map(tdb_error(ltdb->tdb));
711 msg2 = ldb_msg_new(tdb_key.dptr);
718 ldb_data.data = tdb_data.dptr;
719 ldb_data.length = tdb_data.dsize;
721 ret = ldb_unpack_data(ldb_module_get_ctx(module), &ldb_data, msg2);
732 for (i=0; i<msg->num_elements; i++) {
733 struct ldb_message_element *el = &msg->elements[i], *el2;
734 struct ldb_val *vals;
735 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
737 uint32_t options = 0;
738 if (control_permissive != NULL) {
739 options |= LDB_MSG_FIND_COMMON_REMOVE_DUPLICATES;
742 switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
743 case LDB_FLAG_MOD_ADD:
745 if (el->num_values == 0) {
746 ldb_asprintf_errstring(ldb,
747 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
748 el->name, ldb_dn_get_linearized(msg2->dn));
749 ret = LDB_ERR_CONSTRAINT_VIOLATION;
753 /* make a copy of the array so that a permissive
754 * control can remove duplicates without changing the
755 * original values, but do not copy data as we do not
756 * need to keep it around once the operation is
758 if (control_permissive) {
759 el = talloc(msg2, struct ldb_message_element);
764 *el = msg->elements[i];
765 el->values = talloc_array(el, struct ldb_val, el->num_values);
766 if (el->values == NULL) {
770 for (j = 0; j < el->num_values; j++) {
771 el->values[j] = msg->elements[i].values[j];
775 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
776 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
777 el->name, ldb_dn_get_linearized(msg2->dn));
778 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
782 /* Checks if element already exists */
783 idx = find_element(msg2, el->name);
785 if (ltdb_msg_add_element(msg2, el) != 0) {
789 ret = ltdb_index_add_element(module, msg2->dn,
791 if (ret != LDB_SUCCESS) {
795 j = (unsigned int) idx;
796 el2 = &(msg2->elements[j]);
798 /* We cannot add another value on a existing one
799 if the attribute is single-valued */
800 if (ldb_tdb_single_valued(a, el)) {
801 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
802 el->name, ldb_dn_get_linearized(msg2->dn));
803 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
807 /* Check that values don't exist yet on multi-
808 valued attributes or aren't provided twice */
810 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
811 struct ldb_val *duplicate = NULL;
812 ret = ldb_msg_find_common_values(ldb,
819 LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
820 ldb_asprintf_errstring(ldb,
821 "attribute '%s': value "
822 "#%u on '%s' already "
823 "exists", el->name, j,
824 ldb_dn_get_linearized(msg2->dn));
826 } else if (ret != LDB_SUCCESS) {
830 ret = ldb_msg_find_duplicate_val(
831 ldb, msg2, el, &duplicate, 0);
832 if (ret != LDB_SUCCESS) {
835 if (duplicate != NULL) {
836 ldb_asprintf_errstring(
838 "attribute '%s': value "
840 "provided more than "
843 (int)duplicate->length,
845 ldb_dn_get_linearized(msg->dn));
846 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
851 /* Now combine existing and new values to a new
853 vals = talloc_realloc(msg2->elements,
854 el2->values, struct ldb_val,
855 el2->num_values + el->num_values);
862 for (j=0; j<el->num_values; j++) {
863 vals[el2->num_values + j] =
864 ldb_val_dup(vals, &el->values[j]);
868 el2->num_values += el->num_values;
870 ret = ltdb_index_add_element(module, msg2->dn, el);
871 if (ret != LDB_SUCCESS) {
878 case LDB_FLAG_MOD_REPLACE:
880 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
881 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
882 el->name, ldb_dn_get_linearized(msg2->dn));
883 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
888 * We don't need to check this if we have been
889 * pre-screened by the repl_meta_data module
890 * in Samba, or someone else who can claim to
891 * know what they are doing.
893 if (!(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
894 struct ldb_val *duplicate = NULL;
896 ret = ldb_msg_find_duplicate_val(ldb, msg2, el,
898 if (ret != LDB_SUCCESS) {
901 if (duplicate != NULL) {
902 ldb_asprintf_errstring(
904 "attribute '%s': value '%.*s' "
905 "on '%s' provided more than "
908 (int)duplicate->length,
910 ldb_dn_get_linearized(msg2->dn));
911 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
916 /* Checks if element already exists */
917 idx = find_element(msg2, el->name);
919 j = (unsigned int) idx;
920 el2 = &(msg2->elements[j]);
922 /* we consider two elements to be
923 * equal only if the order
924 * matches. This allows dbcheck to
925 * fix the ordering on attributes
926 * where order matters, such as
929 if (ldb_msg_element_equal_ordered(el, el2)) {
933 /* Delete the attribute if it exists in the DB */
934 if (msg_delete_attribute(module, msg2,
941 /* Recreate it with the new values */
942 if (ltdb_msg_add_element(msg2, el) != 0) {
947 ret = ltdb_index_add_element(module, msg2->dn, el);
948 if (ret != LDB_SUCCESS) {
954 case LDB_FLAG_MOD_DELETE:
955 dn = ldb_dn_get_linearized(msg2->dn);
961 if (msg->elements[i].num_values == 0) {
962 /* Delete the whole attribute */
963 ret = msg_delete_attribute(module, msg2,
964 msg->elements[i].name);
965 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
966 control_permissive) {
969 ldb_asprintf_errstring(ldb,
970 "attribute '%s': no such attribute for delete on '%s'",
971 msg->elements[i].name, dn);
973 if (ret != LDB_SUCCESS) {
977 /* Delete specified values from an attribute */
978 for (j=0; j < msg->elements[i].num_values; j++) {
979 ret = msg_delete_element(module,
981 msg->elements[i].name,
982 &msg->elements[i].values[j]);
983 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
984 control_permissive) {
986 } else if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
987 ldb_asprintf_errstring(ldb,
988 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
989 msg->elements[i].name, dn);
991 if (ret != LDB_SUCCESS) {
998 ldb_asprintf_errstring(ldb,
999 "attribute '%s': invalid modify flags on '%s': 0x%x",
1000 msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
1001 msg->elements[i].flags & LDB_FLAG_MOD_MASK);
1002 ret = LDB_ERR_PROTOCOL_ERROR;
1007 ret = ltdb_store(module, msg2, TDB_MODIFY);
1008 if (ret != LDB_SUCCESS) {
1012 ret = ltdb_modified(module, msg2->dn);
1013 if (ret != LDB_SUCCESS) {
1018 talloc_free(tdb_key.dptr);
1025 static int ltdb_modify(struct ltdb_context *ctx)
1027 struct ldb_module *module = ctx->module;
1028 struct ldb_request *req = ctx->req;
1029 int ret = LDB_SUCCESS;
1031 ret = ltdb_check_special_dn(module, req->op.mod.message);
1032 if (ret != LDB_SUCCESS) {
1036 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1038 if (ltdb_cache_load(module) != 0) {
1039 return LDB_ERR_OPERATIONS_ERROR;
1042 ret = ltdb_modify_internal(module, req->op.mod.message, req);
1050 static int ltdb_rename(struct ltdb_context *ctx)
1052 struct ldb_module *module = ctx->module;
1053 void *data = ldb_module_get_private(module);
1054 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1055 struct ldb_request *req = ctx->req;
1056 struct ldb_message *msg;
1057 int ret = LDB_SUCCESS;
1058 TDB_DATA tdb_key, tdb_key_old;
1060 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1062 if (ltdb_cache_load(ctx->module) != 0) {
1063 return LDB_ERR_OPERATIONS_ERROR;
1066 msg = ldb_msg_new(ctx);
1068 return LDB_ERR_OPERATIONS_ERROR;
1071 /* we need to fetch the old record to re-add under the new name */
1072 ret = ltdb_search_dn1(module, req->op.rename.olddn, msg,
1073 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
1074 if (ret != LDB_SUCCESS) {
1075 /* not finding the old record is an error */
1079 /* We need to, before changing the DB, check if the new DN
1080 * exists, so we can return this error to the caller with an
1082 tdb_key = ltdb_key(module, req->op.rename.newdn);
1083 if (!tdb_key.dptr) {
1085 return LDB_ERR_OPERATIONS_ERROR;
1088 tdb_key_old = ltdb_key(module, req->op.rename.olddn);
1089 if (!tdb_key_old.dptr) {
1091 talloc_free(tdb_key.dptr);
1092 return LDB_ERR_OPERATIONS_ERROR;
1095 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1096 if (tdb_key_old.dsize != tdb_key.dsize || memcmp(tdb_key.dptr, tdb_key_old.dptr, tdb_key.dsize) != 0) {
1097 if (tdb_exists(ltdb->tdb, tdb_key)) {
1098 talloc_free(tdb_key_old.dptr);
1099 talloc_free(tdb_key.dptr);
1100 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1101 "Entry %s already exists",
1102 ldb_dn_get_linearized(req->op.rename.newdn));
1103 /* finding the new record already in the DB is an error */
1105 return LDB_ERR_ENTRY_ALREADY_EXISTS;
1108 talloc_free(tdb_key_old.dptr);
1109 talloc_free(tdb_key.dptr);
1111 /* Always delete first then add, to avoid conflicts with
1112 * unique indexes. We rely on the transaction to make this
1115 ret = ltdb_delete_internal(module, msg->dn);
1116 if (ret != LDB_SUCCESS) {
1121 msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
1122 if (msg->dn == NULL) {
1124 return LDB_ERR_OPERATIONS_ERROR;
1127 /* We don't check single value as we can have more than 1 with
1128 * deleted attributes. We could go through all elements but that's
1129 * maybe not the most efficient way
1131 ret = ltdb_add_internal(module, msg, false);
1138 static int ltdb_start_trans(struct ldb_module *module)
1140 void *data = ldb_module_get_private(module);
1141 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1143 if (tdb_transaction_start(ltdb->tdb) != 0) {
1144 return ltdb_err_map(tdb_error(ltdb->tdb));
1147 ltdb->in_transaction++;
1149 ltdb_index_transaction_start(module);
1154 static int ltdb_prepare_commit(struct ldb_module *module)
1157 void *data = ldb_module_get_private(module);
1158 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1160 if (ltdb->in_transaction != 1) {
1164 ret = ltdb_index_transaction_commit(module);
1165 if (ret != LDB_SUCCESS) {
1166 tdb_transaction_cancel(ltdb->tdb);
1167 ltdb->in_transaction--;
1171 if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
1172 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1173 ltdb->in_transaction--;
1174 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1175 "Failure during tdb_transaction_prepare_commit(): %s -> %s",
1176 tdb_errorstr(ltdb->tdb),
1181 ltdb->prepared_commit = true;
1186 static int ltdb_end_trans(struct ldb_module *module)
1189 void *data = ldb_module_get_private(module);
1190 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1192 if (!ltdb->prepared_commit) {
1193 ret = ltdb_prepare_commit(module);
1194 if (ret != LDB_SUCCESS) {
1199 ltdb->in_transaction--;
1200 ltdb->prepared_commit = false;
1202 if (tdb_transaction_commit(ltdb->tdb) != 0) {
1203 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1204 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1205 "Failure during tdb_transaction_commit(): %s -> %s",
1206 tdb_errorstr(ltdb->tdb),
1214 static int ltdb_del_trans(struct ldb_module *module)
1216 void *data = ldb_module_get_private(module);
1217 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1219 ltdb->in_transaction--;
1221 if (ltdb_index_transaction_cancel(module) != 0) {
1222 tdb_transaction_cancel(ltdb->tdb);
1223 return ltdb_err_map(tdb_error(ltdb->tdb));
1226 tdb_transaction_cancel(ltdb->tdb);
1231 return sequenceNumber from @BASEINFO
1233 static int ltdb_sequence_number(struct ltdb_context *ctx,
1234 struct ldb_extended **ext)
1236 struct ldb_context *ldb;
1237 struct ldb_module *module = ctx->module;
1238 struct ldb_request *req = ctx->req;
1239 TALLOC_CTX *tmp_ctx = NULL;
1240 struct ldb_seqnum_request *seq;
1241 struct ldb_seqnum_result *res;
1242 struct ldb_message *msg = NULL;
1245 int ret = LDB_SUCCESS;
1247 ldb = ldb_module_get_ctx(module);
1249 seq = talloc_get_type(req->op.extended.data,
1250 struct ldb_seqnum_request);
1252 return LDB_ERR_OPERATIONS_ERROR;
1255 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1257 if (ltdb_lock_read(module) != 0) {
1258 return LDB_ERR_OPERATIONS_ERROR;
1261 res = talloc_zero(req, struct ldb_seqnum_result);
1263 ret = LDB_ERR_OPERATIONS_ERROR;
1267 tmp_ctx = talloc_new(req);
1268 if (tmp_ctx == NULL) {
1269 ret = LDB_ERR_OPERATIONS_ERROR;
1273 dn = ldb_dn_new(tmp_ctx, ldb, LTDB_BASEINFO);
1275 ret = LDB_ERR_OPERATIONS_ERROR;
1279 msg = ldb_msg_new(tmp_ctx);
1281 ret = LDB_ERR_OPERATIONS_ERROR;
1285 ret = ltdb_search_dn1(module, dn, msg, 0);
1286 if (ret != LDB_SUCCESS) {
1290 switch (seq->type) {
1291 case LDB_SEQ_HIGHEST_SEQ:
1292 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1295 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1298 case LDB_SEQ_HIGHEST_TIMESTAMP:
1299 date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL);
1301 res->seq_num = ldb_string_to_time(date);
1304 /* zero is as good as anything when we don't know */
1309 *ext = talloc_zero(req, struct ldb_extended);
1311 ret = LDB_ERR_OPERATIONS_ERROR;
1314 (*ext)->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
1315 (*ext)->data = talloc_steal(*ext, res);
1318 talloc_free(tmp_ctx);
1319 ltdb_unlock_read(module);
1323 static void ltdb_request_done(struct ltdb_context *ctx, int error)
1325 struct ldb_context *ldb;
1326 struct ldb_request *req;
1327 struct ldb_reply *ares;
1329 ldb = ldb_module_get_ctx(ctx->module);
1332 /* if we already returned an error just return */
1333 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1337 ares = talloc_zero(req, struct ldb_reply);
1340 req->callback(req, NULL);
1343 ares->type = LDB_REPLY_DONE;
1344 ares->error = error;
1346 req->callback(req, ares);
1349 static void ltdb_timeout(struct tevent_context *ev,
1350 struct tevent_timer *te,
1354 struct ltdb_context *ctx;
1355 ctx = talloc_get_type(private_data, struct ltdb_context);
1357 if (!ctx->request_terminated) {
1358 /* request is done now */
1359 ltdb_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED);
1363 /* neutralize the spy */
1364 ctx->spy->ctx = NULL;
1370 static void ltdb_request_extended_done(struct ltdb_context *ctx,
1371 struct ldb_extended *ext,
1374 struct ldb_context *ldb;
1375 struct ldb_request *req;
1376 struct ldb_reply *ares;
1378 ldb = ldb_module_get_ctx(ctx->module);
1381 /* if we already returned an error just return */
1382 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1386 ares = talloc_zero(req, struct ldb_reply);
1389 req->callback(req, NULL);
1392 ares->type = LDB_REPLY_DONE;
1393 ares->response = ext;
1394 ares->error = error;
1396 req->callback(req, ares);
1399 static void ltdb_handle_extended(struct ltdb_context *ctx)
1401 struct ldb_extended *ext = NULL;
1404 if (strcmp(ctx->req->op.extended.oid,
1405 LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
1406 /* get sequence number */
1407 ret = ltdb_sequence_number(ctx, &ext);
1409 /* not recognized */
1410 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1413 ltdb_request_extended_done(ctx, ext, ret);
1416 static void ltdb_callback(struct tevent_context *ev,
1417 struct tevent_timer *te,
1421 struct ltdb_context *ctx;
1424 ctx = talloc_get_type(private_data, struct ltdb_context);
1426 if (ctx->request_terminated) {
1430 switch (ctx->req->operation) {
1432 ret = ltdb_search(ctx);
1435 ret = ltdb_add(ctx);
1438 ret = ltdb_modify(ctx);
1441 ret = ltdb_delete(ctx);
1444 ret = ltdb_rename(ctx);
1447 ltdb_handle_extended(ctx);
1450 /* no other op supported */
1451 ret = LDB_ERR_PROTOCOL_ERROR;
1454 if (!ctx->request_terminated) {
1455 /* request is done now */
1456 ltdb_request_done(ctx, ret);
1461 /* neutralize the spy */
1462 ctx->spy->ctx = NULL;
1468 static int ltdb_request_destructor(void *ptr)
1470 struct ltdb_req_spy *spy = talloc_get_type(ptr, struct ltdb_req_spy);
1472 if (spy->ctx != NULL) {
1473 spy->ctx->spy = NULL;
1474 spy->ctx->request_terminated = true;
1481 static int ltdb_handle_request(struct ldb_module *module,
1482 struct ldb_request *req)
1484 struct ldb_control *control_permissive;
1485 struct ldb_context *ldb;
1486 struct tevent_context *ev;
1487 struct ltdb_context *ac;
1488 struct tevent_timer *te;
1492 ldb = ldb_module_get_ctx(module);
1494 control_permissive = ldb_request_get_control(req,
1495 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1497 for (i = 0; req->controls && req->controls[i]; i++) {
1498 if (req->controls[i]->critical &&
1499 req->controls[i] != control_permissive) {
1500 ldb_asprintf_errstring(ldb, "Unsupported critical extension %s",
1501 req->controls[i]->oid);
1502 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1506 if (req->starttime == 0 || req->timeout == 0) {
1507 ldb_set_errstring(ldb, "Invalid timeout settings");
1508 return LDB_ERR_TIME_LIMIT_EXCEEDED;
1511 ev = ldb_handle_get_event_context(req->handle);
1513 ac = talloc_zero(ldb, struct ltdb_context);
1516 return LDB_ERR_OPERATIONS_ERROR;
1519 ac->module = module;
1524 te = tevent_add_timer(ev, ac, tv, ltdb_callback, ac);
1527 return LDB_ERR_OPERATIONS_ERROR;
1530 if (req->timeout > 0) {
1531 tv.tv_sec = req->starttime + req->timeout;
1533 ac->timeout_event = tevent_add_timer(ev, ac, tv,
1535 if (NULL == ac->timeout_event) {
1537 return LDB_ERR_OPERATIONS_ERROR;
1541 /* set a spy so that we do not try to use the request context
1542 * if it is freed before ltdb_callback fires */
1543 ac->spy = talloc(req, struct ltdb_req_spy);
1544 if (NULL == ac->spy) {
1546 return LDB_ERR_OPERATIONS_ERROR;
1550 talloc_set_destructor((TALLOC_CTX *)ac->spy, ltdb_request_destructor);
1555 static int ltdb_init_rootdse(struct ldb_module *module)
1557 /* ignore errors on this - we expect it for non-sam databases */
1558 ldb_mod_register_control(module, LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1560 /* there can be no module beyond the backend, just return */
1564 static const struct ldb_module_ops ltdb_ops = {
1566 .init_context = ltdb_init_rootdse,
1567 .search = ltdb_handle_request,
1568 .add = ltdb_handle_request,
1569 .modify = ltdb_handle_request,
1570 .del = ltdb_handle_request,
1571 .rename = ltdb_handle_request,
1572 .extended = ltdb_handle_request,
1573 .start_transaction = ltdb_start_trans,
1574 .end_transaction = ltdb_end_trans,
1575 .prepare_commit = ltdb_prepare_commit,
1576 .del_transaction = ltdb_del_trans,
1580 connect to the database
1582 static int ltdb_connect(struct ldb_context *ldb, const char *url,
1583 unsigned int flags, const char *options[],
1584 struct ldb_module **_module)
1586 struct ldb_module *module;
1588 int tdb_flags, open_flags;
1589 struct ltdb_private *ltdb;
1592 * We hold locks, so we must use a private event context
1593 * on each returned handle
1596 ldb_set_require_private_event_context(ldb);
1599 if (strchr(url, ':')) {
1600 if (strncmp(url, "tdb://", 6) != 0) {
1601 ldb_debug(ldb, LDB_DEBUG_ERROR,
1602 "Invalid tdb URL '%s'", url);
1603 return LDB_ERR_OPERATIONS_ERROR;
1610 tdb_flags = TDB_DEFAULT | TDB_SEQNUM;
1612 /* check for the 'nosync' option */
1613 if (flags & LDB_FLG_NOSYNC) {
1614 tdb_flags |= TDB_NOSYNC;
1617 /* and nommap option */
1618 if (flags & LDB_FLG_NOMMAP) {
1619 tdb_flags |= TDB_NOMMAP;
1622 if (flags & LDB_FLG_RDONLY) {
1623 open_flags = O_RDONLY;
1624 } else if (flags & LDB_FLG_DONT_CREATE_DB) {
1625 open_flags = O_RDWR;
1627 open_flags = O_CREAT | O_RDWR;
1630 ltdb = talloc_zero(ldb, struct ltdb_private);
1633 return LDB_ERR_OPERATIONS_ERROR;
1636 /* note that we use quite a large default hash size */
1637 ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
1638 tdb_flags, open_flags,
1639 ldb_get_create_perms(ldb), ldb);
1641 ldb_asprintf_errstring(ldb,
1642 "Unable to open tdb '%s': %s", path, strerror(errno));
1643 ldb_debug(ldb, LDB_DEBUG_ERROR,
1644 "Unable to open tdb '%s': %s", path, strerror(errno));
1646 if (errno == EACCES || errno == EPERM) {
1647 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
1649 return LDB_ERR_OPERATIONS_ERROR;
1652 if (getenv("LDB_WARN_UNINDEXED")) {
1653 ltdb->warn_unindexed = true;
1656 if (getenv("LDB_WARN_REINDEX")) {
1657 ltdb->warn_reindex = true;
1660 ltdb->sequence_number = 0;
1662 module = ldb_module_new(ldb, ldb, "ldb_tdb backend", <db_ops);
1666 return LDB_ERR_OPERATIONS_ERROR;
1668 ldb_module_set_private(module, ltdb);
1669 talloc_steal(module, ltdb);
1671 if (ltdb_cache_load(module) != 0) {
1672 ldb_asprintf_errstring(ldb,
1673 "Unable to load ltdb cache records of tdb '%s'", path);
1674 talloc_free(module);
1675 return LDB_ERR_OPERATIONS_ERROR;
1682 int ldb_tdb_init(const char *version)
1684 LDB_MODULE_CHECK_VERSION(version);
1685 return ldb_register_backend("tdb", ltdb_connect, false);