2 ldb database library - ildap backend
4 Copyright (C) Andrew Tridgell 2005
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 2 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, write to the Free Software
22 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 This is a ldb backend for the internal ldap client library in
27 Samba4. By using this backend we are independent of a system ldap
33 #include "ldb/include/ldb.h"
34 #include "ldb/include/ldb_private.h"
35 #include "libcli/ldap/ldap.h"
36 #include "libcli/ldap/ldap_client.h"
37 #include "lib/cmdline/popt_common.h"
40 struct ldap_connection *ldap;
42 struct ldb_message *rootDSE;
48 static int ildb_rename(struct ldb_module *module, const struct ldb_dn *olddn, const struct ldb_dn *newdn)
50 TALLOC_CTX *local_ctx;
51 struct ildb_private *ildb = module->private_data;
54 char *newrdn, *parentdn;
56 /* ignore ltdb specials */
57 if (ldb_dn_is_special(olddn) || ldb_dn_is_special(newdn)) {
61 local_ctx = talloc_named(ildb, 0, "ildb_rename local context");
62 if (local_ctx == NULL) {
66 old_dn = ldb_dn_linearize(local_ctx, olddn);
71 newrdn = talloc_asprintf(local_ctx, "%s=%s",
72 newdn->components[0].name,
73 ldb_dn_escape_value(ildb, newdn->components[0].value));
78 parentdn = ldb_dn_linearize(local_ctx, ldb_dn_get_parent(ildb, newdn));
79 if (parentdn == NULL) {
83 ildb->last_rc = ildap_rename(ildb->ldap, old_dn, newrdn, parentdn, True);
84 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
88 talloc_free(local_ctx);
92 talloc_free(local_ctx);
99 static int ildb_delete(struct ldb_module *module, const struct ldb_dn *dn)
101 struct ildb_private *ildb = module->private_data;
105 /* ignore ltdb specials */
106 if (ldb_dn_is_special(dn)) {
110 del_dn = ldb_dn_linearize(ildb, dn);
112 ildb->last_rc = ildap_delete(ildb->ldap, del_dn);
113 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
123 static void ildb_rootdse(struct ldb_module *module);
126 search for matching records
128 static int ildb_search(struct ldb_module *module, const struct ldb_dn *base,
129 enum ldb_scope scope, const char *expression,
130 const char * const *attrs, struct ldb_message ***res)
132 struct ildb_private *ildb = module->private_data;
134 struct ldap_message **ldapres, *msg;
137 if (scope == LDB_SCOPE_DEFAULT) {
138 scope = LDB_SCOPE_SUBTREE;
142 if (ildb->rootDSE == NULL) {
143 ildb_rootdse(module);
145 if (ildb->rootDSE != NULL) {
146 search_base = talloc_strdup(ildb,
147 ldb_msg_find_string(ildb->rootDSE,
148 "defaultNamingContext", ""));
150 search_base = talloc_strdup(ildb, "");
153 search_base = ldb_dn_linearize(ildb, base);
155 if (search_base == NULL) {
159 if (expression == NULL || expression[0] == '\0') {
160 expression = "objectClass=*";
163 ildb->last_rc = ildap_search(ildb->ldap, search_base, scope, expression, attrs,
165 talloc_free(search_base);
166 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
170 count = ildap_count_entries(ildb->ldap, ldapres);
171 if (count == -1 || count == 0) {
172 talloc_free(ldapres);
176 (*res) = talloc_array(ildb, struct ldb_message *, count+1);
178 talloc_free(ldapres);
184 /* loop over all messages */
185 for (i=0;i<count;i++) {
186 struct ldap_SearchResEntry *search;
189 search = &msg->r.SearchResultEntry;
191 (*res)[i] = talloc(*res, struct ldb_message);
197 (*res)[i]->dn = ldb_dn_explode((*res)[i], search->dn);
198 if ((*res)[i]->dn == NULL) {
201 (*res)[i]->num_elements = search->num_attributes;
202 (*res)[i]->elements = talloc_steal((*res)[i], search->attributes);
203 (*res)[i]->private_data = NULL;
206 talloc_free(ldapres);
211 if (*res) talloc_free(*res);
217 search for matching records using a ldb_parse_tree
219 static int ildb_search_bytree(struct ldb_module *module, const struct ldb_dn *base,
220 enum ldb_scope scope, struct ldb_parse_tree *tree,
221 const char * const *attrs, struct ldb_message ***res)
223 struct ildb_private *ildb = module->private_data;
227 expression = ldb_filter_from_tree(ildb, tree);
228 if (expression == NULL) {
231 ret = ildb_search(module, base, scope, expression, attrs, res);
232 talloc_free(expression);
238 convert a ldb_message structure to a list of ldap_mod structures
239 ready for ildap_add() or ildap_modify()
241 static struct ldap_mod **ildb_msg_to_mods(struct ldb_context *ldb,
242 const struct ldb_message *msg, int use_flags)
244 struct ldap_mod **mods;
248 /* allocate maximum number of elements needed */
249 mods = talloc_array(ldb, struct ldap_mod *, msg->num_elements+1);
256 for (i=0;i<msg->num_elements;i++) {
257 const struct ldb_message_element *el = &msg->elements[i];
259 mods[num_mods] = talloc(ldb, struct ldap_mod);
260 if (!mods[num_mods]) {
263 mods[num_mods+1] = NULL;
264 mods[num_mods]->type = 0;
265 mods[num_mods]->attrib = *el;
267 switch (el->flags & LDB_FLAG_MOD_MASK) {
268 case LDB_FLAG_MOD_ADD:
269 mods[num_mods]->type = LDAP_MODIFY_ADD;
271 case LDB_FLAG_MOD_DELETE:
272 mods[num_mods]->type = LDAP_MODIFY_DELETE;
274 case LDB_FLAG_MOD_REPLACE:
275 mods[num_mods]->type = LDAP_MODIFY_REPLACE;
293 static int ildb_add(struct ldb_module *module, const struct ldb_message *msg)
295 struct ldb_context *ldb = module->ldb;
296 struct ildb_private *ildb = module->private_data;
297 struct ldap_mod **mods;
301 /* ignore ltdb specials */
302 if (ldb_dn_is_special(msg->dn)) {
306 mods = ildb_msg_to_mods(ldb, msg, 0);
311 dn = ldb_dn_linearize(mods, msg->dn);
317 ildb->last_rc = ildap_add(ildb->ldap, dn, mods);
318 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
331 static int ildb_modify(struct ldb_module *module, const struct ldb_message *msg)
333 struct ldb_context *ldb = module->ldb;
334 struct ildb_private *ildb = module->private_data;
335 struct ldap_mod **mods;
339 /* ignore ltdb specials */
340 if (ldb_dn_is_special(msg->dn)) {
344 mods = ildb_msg_to_mods(ldb, msg, 1);
349 dn = ldb_dn_linearize(mods, msg->dn);
355 ildb->last_rc = ildap_modify(ildb->ldap, dn, mods);
356 if (!NT_STATUS_IS_OK(ildb->last_rc)) {
365 static int ildb_start_trans(struct ldb_module *module)
367 /* TODO implement a local locking mechanism here */
372 static int ildb_end_trans(struct ldb_module *module, int status)
374 /* TODO implement a local transaction mechanism here */
380 return extended error information
382 static const char *ildb_errstring(struct ldb_module *module)
384 struct ildb_private *ildb = talloc_get_type(module->private_data,
385 struct ildb_private);
387 return "ildap not connected";
389 return ldap_errstr(ildb->ldap, ildb->last_rc);
393 static const struct ldb_module_ops ildb_ops = {
395 .search = ildb_search,
396 .search_bytree = ildb_search_bytree,
397 .add_record = ildb_add,
398 .modify_record = ildb_modify,
399 .delete_record = ildb_delete,
400 .rename_record = ildb_rename,
401 .start_transaction = ildb_start_trans,
402 .end_transaction = ildb_end_trans,
403 .errstring = ildb_errstring
410 static void ildb_rootdse(struct ldb_module *module)
412 struct ildb_private *ildb = module->private_data;
413 struct ldb_message **res = NULL;
414 struct ldb_dn *empty_dn = ldb_dn_new(ildb);
416 ret = ildb_search(module, empty_dn, LDB_SCOPE_BASE, "dn=dc=rootDSE", NULL, &res);
418 ildb->rootDSE = talloc_steal(ildb, res[0]);
420 if (ret != -1) talloc_free(res);
421 talloc_free(empty_dn);
426 connect to the database
428 int ildb_connect(struct ldb_context *ldb, const char *url,
429 unsigned int flags, const char *options[])
431 struct ildb_private *ildb = NULL;
434 ildb = talloc(ldb, struct ildb_private);
440 ildb->rootDSE = NULL;
442 ildb->ldap = ldap_new_connection(ildb, ldb_get_opaque(ldb, "EventContext"));
448 status = ldap_connect(ildb->ldap, url);
449 if (!NT_STATUS_IS_OK(status)) {
450 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to connect to ldap URL '%s' - %s\n",
451 url, ldap_errstr(ildb->ldap, status));
455 ldb->modules = talloc(ldb, struct ldb_module);
460 ldb->modules->ldb = ldb;
461 ldb->modules->prev = ldb->modules->next = NULL;
462 ldb->modules->private_data = ildb;
463 ldb->modules->ops = &ildb_ops;
465 if (cmdline_credentials != NULL && cli_credentials_authentication_requested(cmdline_credentials)) {
466 status = ldap_bind_sasl(ildb->ldap, cmdline_credentials);
467 if (!NT_STATUS_IS_OK(status)) {
468 ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
469 ldap_errstr(ildb->ldap, status));
478 ldb->modules->private_data = NULL;