4 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2007
5 Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
6 Copyright (C) Simo Sorce <idra@samba.org> 2008
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 * Component: ldb subtree delete (prevention) module
27 * Description: Prevent deletion of a subtree in LDB
29 * Author: Andrew Bartlett
32 #include "ldb_module.h"
34 struct subtree_delete_context {
35 struct ldb_module *module;
36 struct ldb_request *req;
41 static struct subtree_delete_context *subdel_ctx_init(struct ldb_module *module,
42 struct ldb_request *req)
44 struct ldb_context *ldb;
45 struct subtree_delete_context *ac;
47 ldb = ldb_module_get_ctx(module);
49 ac = talloc_zero(req, struct subtree_delete_context);
63 static int subtree_delete_search_callback(struct ldb_request *req,
64 struct ldb_reply *ares)
66 struct ldb_context *ldb;
67 struct subtree_delete_context *ac;
70 ac = talloc_get_type(req->context, struct subtree_delete_context);
71 ldb = ldb_module_get_ctx(ac->module);
74 ret = LDB_ERR_OPERATIONS_ERROR;
77 if (ares->error != LDB_SUCCESS) {
78 return ldb_module_done(ac->req, ares->controls,
79 ares->response, ares->error);
91 case LDB_REPLY_REFERRAL:
100 if (ac->num_children > 0) {
101 ldb_asprintf_errstring(ldb,
102 "Cannot delete %s, not a leaf node "
103 "(has %d children)\n",
104 ldb_dn_get_linearized(ac->req->op.del.dn),
106 return ldb_module_done(ac->req, NULL, NULL,
107 LDB_ERR_NOT_ALLOWED_ON_NON_LEAF);
110 /* ok no children, let the original request through */
111 ret = ldb_next_request(ac->module, ac->req);
116 if (ret != LDB_SUCCESS) {
117 return ldb_module_done(ac->req, NULL, NULL, ret);
123 static int subtree_delete(struct ldb_module *module, struct ldb_request *req)
125 struct ldb_context *ldb;
126 static const char * const attrs[2] = { "distinguishedName", NULL };
127 struct ldb_request *search_req;
128 struct subtree_delete_context *ac;
131 if (ldb_dn_is_special(req->op.rename.olddn)) {
132 /* do not manipulate our control entries */
133 return ldb_next_request(module, req);
136 ldb = ldb_module_get_ctx(module);
138 /* This gets complex: We need to:
139 - Do a search for all entires under this entry
140 - Wait for these results to appear
141 - In the callback for each result, count the children (if any)
142 - return an error if there are any
145 ac = subdel_ctx_init(module, req);
147 return LDB_ERR_OPERATIONS_ERROR;
150 /* we do not really need to find all descendents,
151 * if there is even one single direct child, that's
152 * enough to bail out */
153 ret = ldb_build_search_req(&search_req, ldb, ac,
154 req->op.del.dn, LDB_SCOPE_ONELEVEL,
155 "(objectClass=*)", attrs,
157 ac, subtree_delete_search_callback,
159 if (ret != LDB_SUCCESS) {
163 return ldb_next_request(module, search_req);
166 const struct ldb_module_ops ldb_subtree_delete_module_ops = {
167 .name = "subtree_delete",
168 .del = subtree_delete,