This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
- version 2 of the License, or (at your option) any later version.
+ version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
/*
* Author: Andrew Tridgell
*/
-#include "ldb_includes.h"
-
#include "ldb_tdb.h"
/*
static int msg_add_all_elements(struct ldb_module *module, struct ldb_message *ret,
const struct ldb_message *msg)
{
- struct ldb_context *ldb = module->ldb;
+ struct ldb_context *ldb;
unsigned int i;
int check_duplicates = (ret->num_elements != 0);
+ ldb = ldb_module_get_ctx(module);
+
if (msg_add_distinguished_name(ret) != 0) {
return -1;
}
return ret;
}
+/*
+ search the database for a single simple dn.
+ return LDB_ERR_NO_SUCH_OBJECT on record-not-found
+ and LDB_SUCCESS on success
+*/
+static int ltdb_search_base(struct ldb_module *module, struct ldb_dn *dn)
+{
+ void *data = ldb_module_get_private(module);
+ struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
+ TDB_DATA tdb_key, tdb_data;
+
+ if (ldb_dn_is_null(dn)) {
+ return LDB_ERR_NO_SUCH_OBJECT;
+ }
+
+ /* form the key */
+ tdb_key = ltdb_key(module, dn);
+ if (!tdb_key.dptr) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ tdb_data = tdb_fetch(ltdb->tdb, tdb_key);
+ talloc_free(tdb_key.dptr);
+ if (!tdb_data.dptr) {
+ return LDB_ERR_NO_SUCH_OBJECT;
+ }
+
+ free(tdb_data.dptr);
+ return LDB_SUCCESS;
+}
/*
search the database for a single simple dn, returning all attributes
*/
int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_message *msg)
{
- struct ltdb_private *ltdb = module->private_data;
+ void *data = ldb_module_get_private(module);
+ struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
int ret;
TDB_DATA tdb_key, tdb_data;
if (!tdb_data.dptr) {
return LDB_ERR_NO_SUCH_OBJECT;
}
-
+
msg->num_elements = 0;
msg->elements = NULL;
ret = ltdb_unpack_data(module, &tdb_data, msg);
free(tdb_data.dptr);
if (ret == -1) {
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index %s\n",
+ ldb_dn_get_linearized(msg->dn));
return LDB_ERR_OPERATIONS_ERROR;
}
return LDB_SUCCESS;
}
-/*
- lock the database for read - use by ltdb_search
-*/
-static int ltdb_lock_read(struct ldb_module *module)
-{
- struct ltdb_private *ltdb = module->private_data;
- return tdb_lockall_read(ltdb->tdb);
-}
-
-/*
- unlock the database after a ltdb_lock_read()
-*/
-static int ltdb_unlock_read(struct ldb_module *module)
-{
- struct ltdb_private *ltdb = module->private_data;
- return tdb_unlockall_read(ltdb->tdb);
-}
-
/*
add a set of attributes from a record to a set of results
return 0 on success, -1 on failure
*/
static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state)
{
- struct ldb_handle *handle = talloc_get_type(state, struct ldb_handle);
- struct ltdb_context *ac = talloc_get_type(handle->private_data, struct ltdb_context);
- struct ldb_reply *ares = NULL;
+ struct ldb_context *ldb;
+ struct ltdb_context *ac;
+ struct ldb_message *msg;
int ret;
+ ac = talloc_get_type(state, struct ltdb_context);
+ ldb = ldb_module_get_ctx(ac->module);
+
if (key.dsize < 4 ||
strncmp((char *)key.dptr, "DN=", 3) != 0) {
return 0;
}
- ares = talloc_zero(ac, struct ldb_reply);
- if (!ares) {
- handle->status = LDB_ERR_OPERATIONS_ERROR;
- handle->state = LDB_ASYNC_DONE;
- return -1;
- }
-
- ares->message = ldb_msg_new(ares);
- if (!ares->message) {
- handle->status = LDB_ERR_OPERATIONS_ERROR;
- handle->state = LDB_ASYNC_DONE;
- talloc_free(ares);
+ msg = ldb_msg_new(ac);
+ if (!msg) {
return -1;
}
/* unpack the record */
- ret = ltdb_unpack_data(ac->module, &data, ares->message);
+ ret = ltdb_unpack_data(ac->module, &data, msg);
if (ret == -1) {
- talloc_free(ares);
+ talloc_free(msg);
return -1;
}
- if (!ares->message->dn) {
- ares->message->dn = ldb_dn_new(ares->message, ac->module->ldb, (char *)key.dptr + 3);
- if (ares->message->dn == NULL) {
- handle->status = LDB_ERR_OPERATIONS_ERROR;
- handle->state = LDB_ASYNC_DONE;
- talloc_free(ares);
- return -1;
- }
- }
-
/* see if it matches the given expression */
- if (!ldb_match_msg(ac->module->ldb, ares->message, ac->tree,
- ac->base, ac->scope)) {
- talloc_free(ares);
+ if (!ldb_match_msg(ldb, msg,
+ ac->tree, ac->base, ac->scope)) {
+ talloc_free(msg);
return 0;
}
/* filter the attributes that the user wants */
- ret = ltdb_filter_attrs(ares->message, ac->attrs);
+ ret = ltdb_filter_attrs(msg, ac->attrs);
if (ret == -1) {
- handle->status = LDB_ERR_OPERATIONS_ERROR;
- handle->state = LDB_ASYNC_DONE;
- talloc_free(ares);
+ talloc_free(msg);
return -1;
}
- ares->type = LDB_REPLY_ENTRY;
- handle->state = LDB_ASYNC_PENDING;
- handle->status = ac->callback(ac->module->ldb, ac->context, ares);
-
- if (handle->status != LDB_SUCCESS) {
- /* don't try to free ares here, the callback is in charge of that */
+ ret = ldb_module_send_entry(ac->req, msg, NULL);
+ if (ret != LDB_SUCCESS) {
+ ac->request_terminated = true;
+ /* the callback failed, abort the operation */
return -1;
- }
+ }
return 0;
}
search the database with a LDAP-like expression.
this is the "full search" non-indexed variant
*/
-static int ltdb_search_full(struct ldb_handle *handle)
+static int ltdb_search_full(struct ltdb_context *ctx)
{
- struct ltdb_context *ac = talloc_get_type(handle->private_data, struct ltdb_context);
- struct ltdb_private *ltdb = talloc_get_type(ac->module->private_data, struct ltdb_private);
+ void *data = ldb_module_get_private(ctx->module);
+ struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
int ret;
- ret = tdb_traverse_read(ltdb->tdb, search_func, handle);
+ if (ltdb->in_transaction != 0) {
+ ret = tdb_traverse(ltdb->tdb, search_func, ctx);
+ } else {
+ ret = tdb_traverse_read(ltdb->tdb, search_func, ctx);
+ }
if (ret == -1) {
- handle->status = LDB_ERR_OPERATIONS_ERROR;
+ return LDB_ERR_OPERATIONS_ERROR;
}
- handle->state = LDB_ASYNC_DONE;
return LDB_SUCCESS;
}
search the database with a LDAP-like expression.
choses a search method
*/
-int ltdb_search(struct ldb_module *module, struct ldb_request *req)
+int ltdb_search(struct ltdb_context *ctx)
{
- struct ltdb_private *ltdb = talloc_get_type(module->private_data, struct ltdb_private);
- struct ltdb_context *ltdb_ac;
- struct ldb_reply *ares;
+ struct ldb_context *ldb;
+ struct ldb_module *module = ctx->module;
+ struct ldb_request *req = ctx->req;
+ void *data = ldb_module_get_private(module);
+ struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
int ret;
- if ((( ! ldb_dn_is_valid(req->op.search.base)) || ldb_dn_is_null(req->op.search.base)) &&
- (req->op.search.scope == LDB_SCOPE_BASE || req->op.search.scope == LDB_SCOPE_ONELEVEL))
- return LDB_ERR_OPERATIONS_ERROR;
+ ldb = ldb_module_get_ctx(module);
+
+ ldb_request_set_state(req, LDB_ASYNC_PENDING);
if (ltdb_lock_read(module) != 0) {
return LDB_ERR_OPERATIONS_ERROR;
return LDB_ERR_OPERATIONS_ERROR;
}
- req->handle = init_ltdb_handle(ltdb, module, req);
- if (req->handle == NULL) {
- ltdb_unlock_read(module);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- ltdb_ac = talloc_get_type(req->handle->private_data, struct ltdb_context);
+ if ((req->op.search.base == NULL) || (ldb_dn_is_null(req->op.search.base) == true)) {
+
+ /* Check what we should do with a NULL dn */
+ switch (req->op.search.scope) {
+ case LDB_SCOPE_BASE:
+ ldb_asprintf_errstring(ldb,
+ "NULL Base DN invalid for a base search");
+ ret = LDB_ERR_INVALID_DN_SYNTAX;
+ break;
+ case LDB_SCOPE_ONELEVEL:
+ ldb_asprintf_errstring(ldb,
+ "NULL Base DN invalid for a one-level search");
+ ret = LDB_ERR_INVALID_DN_SYNTAX;
+ break;
+ case LDB_SCOPE_SUBTREE:
+ default:
+ /* We accept subtree searches from a NULL base DN, ie over the whole DB */
+ ret = LDB_SUCCESS;
+ }
+ } else if (ldb_dn_is_valid(req->op.search.base) == false) {
- ltdb_ac->tree = req->op.search.tree;
- ltdb_ac->scope = req->op.search.scope;
- ltdb_ac->base = req->op.search.base;
- ltdb_ac->attrs = req->op.search.attrs;
+ /* We don't want invalid base DNs here */
+ ldb_asprintf_errstring(ldb,
+ "Invalid Base DN: %s",
+ ldb_dn_get_linearized(req->op.search.base));
+ ret = LDB_ERR_INVALID_DN_SYNTAX;
- ret = ltdb_search_indexed(req->handle);
- if (ret == LDB_ERR_OPERATIONS_ERROR) {
- ret = ltdb_search_full(req->handle);
- }
- if (ret != LDB_SUCCESS) {
- ldb_set_errstring(module->ldb, "Indexed and full searches both failed!\n");
- req->handle->state = LDB_ASYNC_DONE;
- req->handle->status = ret;
+ } else if (ltdb->check_base) {
+ /* This database has been marked as 'checkBaseOnSearch', so do a spot check of the base dn */
+ ret = ltdb_search_base(module, req->op.search.base);
+
+ if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ ldb_asprintf_errstring(ldb,
+ "No such Base DN: %s",
+ ldb_dn_get_linearized(req->op.search.base));
+ }
+
+ } else {
+ /* If we are not checking the base DN life is easy */
+ ret = LDB_SUCCESS;
}
- /* Finally send an LDB_REPLY_DONE packet when searching is finished */
-
- ares = talloc_zero(req, struct ldb_reply);
- if (!ares) {
- ltdb_unlock_read(module);
- return LDB_ERR_OPERATIONS_ERROR;
- }
+ ctx->tree = req->op.search.tree;
+ ctx->scope = req->op.search.scope;
+ ctx->base = req->op.search.base;
+ ctx->attrs = req->op.search.attrs;
- req->handle->state = LDB_ASYNC_DONE;
- ares->type = LDB_REPLY_DONE;
+ if (ret == LDB_SUCCESS) {
+ uint32_t match_count = 0;
- ret = req->callback(module->ldb, req->context, ares);
- req->handle->status = ret;
+ ret = ltdb_search_indexed(ctx, &match_count);
+ if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ /* Not in the index, therefore OK! */
+ ret = LDB_SUCCESS;
+
+ }
+ /* Check if we got just a normal error.
+ * In that case proceed to a full search unless we got a
+ * callback error */
+ if ( ! ctx->request_terminated && ret != LDB_SUCCESS) {
+ /* Not indexed, so we need to do a full scan */
+#if 0
+ /* useful for debugging when slow performance
+ * is caused by unindexed searches */
+ char *expression = ldb_filter_from_tree(ctx, ctx->tree);
+ printf("FULL SEARCH: %s\n", expression);
+ talloc_free(expression);
+#endif
+ if (match_count != 0) {
+ /* the indexing code gave an error
+ * after having returned at least one
+ * entry. This means the indexes are
+ * corrupt or a database record is
+ * corrupt. We cannot continue with a
+ * full search or we may return
+ * duplicate entries
+ */
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ ret = ltdb_search_full(ctx);
+ if (ret != LDB_SUCCESS) {
+ ldb_set_errstring(ldb, "Indexed and full searches both failed!\n");
+ }
+ }
+ }
ltdb_unlock_read(module);
- return LDB_SUCCESS;
+ return ret;
}