4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include "ldb_private.h"
57 prevent memory errors on callbacks
60 struct ltdb_context *ctx;
64 map a tdb error code to a ldb error code
66 int ltdb_err_map(enum TDB_ERROR tdb_code)
74 return LDB_ERR_OPERATIONS_ERROR;
76 return LDB_ERR_PROTOCOL_ERROR;
80 case TDB_ERR_LOCK_TIMEOUT:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED;
83 return LDB_ERR_ENTRY_ALREADY_EXISTS;
85 return LDB_ERR_NO_SUCH_OBJECT;
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
97 int ltdb_lock_read(struct ldb_module *module)
99 void *data = ldb_module_get_private(module);
100 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
103 if (ltdb->in_transaction == 0 &&
104 ltdb->read_lock_count == 0) {
105 ret = tdb_lockall_read(ltdb->tdb);
108 ltdb->read_lock_count++;
114 unlock the database after a ltdb_lock_read()
116 int ltdb_unlock_read(struct ldb_module *module)
118 void *data = ldb_module_get_private(module);
119 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
120 if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
121 tdb_unlockall_read(ltdb->tdb);
124 ltdb->read_lock_count--;
130 form a TDB_DATA for a record key
133 note that the key for a record can depend on whether the
134 dn refers to a case sensitive index record or not
136 TDB_DATA ltdb_key(struct ldb_module *module, struct ldb_dn *dn)
138 struct ldb_context *ldb = ldb_module_get_ctx(module);
140 char *key_str = NULL;
141 const char *dn_folded = NULL;
144 most DNs are case insensitive. The exception is index DNs for
145 case sensitive attributes
147 there are 3 cases dealt with in this code:
149 1) if the dn doesn't start with @ then uppercase the attribute
150 names and the attributes values of case insensitive attributes
151 2) if the dn starts with @ then leave it alone -
152 the indexing code handles the rest
155 dn_folded = ldb_dn_get_casefold(dn);
160 key_str = talloc_strdup(ldb, "DN=");
165 key_str = talloc_strdup_append_buffer(key_str, dn_folded);
170 key.dptr = (uint8_t *)key_str;
171 key.dsize = strlen(key_str) + 1;
183 check special dn's have valid attributes
184 currently only @ATTRIBUTES is checked
186 static int ltdb_check_special_dn(struct ldb_module *module,
187 const struct ldb_message *msg)
189 struct ldb_context *ldb = ldb_module_get_ctx(module);
192 if (! ldb_dn_is_special(msg->dn) ||
193 ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
197 /* we have @ATTRIBUTES, let's check attributes are fine */
198 /* should we check that we deny multivalued attributes ? */
199 for (i = 0; i < msg->num_elements; i++) {
200 if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) continue;
202 for (j = 0; j < msg->elements[i].num_values; j++) {
203 if (ltdb_check_at_attributes_values(&msg->elements[i].values[j]) != 0) {
204 ldb_set_errstring(ldb, "Invalid attribute value in an @ATTRIBUTES entry");
205 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
215 we've made a modification to a dn - possibly reindex and
216 update sequence number
218 static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
220 int ret = LDB_SUCCESS;
221 struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
223 /* only allow modifies inside a transaction, otherwise the
225 if (ltdb->in_transaction == 0) {
226 ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
227 return LDB_ERR_OPERATIONS_ERROR;
230 if (ldb_dn_is_special(dn) &&
231 (ldb_dn_check_special(dn, LTDB_INDEXLIST) ||
232 ldb_dn_check_special(dn, LTDB_ATTRIBUTES)) )
234 if (ltdb->warn_reindex) {
235 ldb_debug(ldb_module_get_ctx(module),
236 LDB_DEBUG_ERROR, "Reindexing %s due to modification on %s",
237 tdb_name(ltdb->tdb), ldb_dn_get_linearized(dn));
239 ret = ltdb_reindex(module);
242 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
243 if (ret == LDB_SUCCESS &&
244 !(ldb_dn_is_special(dn) &&
245 ldb_dn_check_special(dn, LTDB_BASEINFO)) ) {
246 ret = ltdb_increase_sequence_number(module);
249 /* If the modify was to @OPTIONS, reload the cache */
250 if (ret == LDB_SUCCESS &&
251 ldb_dn_is_special(dn) &&
252 (ldb_dn_check_special(dn, LTDB_OPTIONS)) ) {
253 ret = ltdb_cache_reload(module);
260 store a record into the db
262 int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
264 void *data = ldb_module_get_private(module);
265 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
266 TDB_DATA tdb_key, tdb_data;
267 struct ldb_val ldb_data;
268 int ret = LDB_SUCCESS;
270 tdb_key = ltdb_key(module, msg->dn);
271 if (tdb_key.dptr == NULL) {
272 return LDB_ERR_OTHER;
275 ret = ldb_pack_data(ldb_module_get_ctx(module),
278 talloc_free(tdb_key.dptr);
279 return LDB_ERR_OTHER;
282 tdb_data.dptr = ldb_data.data;
283 tdb_data.dsize = ldb_data.length;
285 ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
287 ret = ltdb_err_map(tdb_error(ltdb->tdb));
292 talloc_free(tdb_key.dptr);
293 talloc_free(ldb_data.data);
300 check if a attribute is a single valued, for a given element
302 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute *a,
303 struct ldb_message_element *el)
305 if (!a) return false;
307 if (el->flags & LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK) {
308 /* override from a ldb module, for example
309 used for the description field, which is
310 marked multi-valued in the schema but which
311 should not actually accept multiple
315 if (el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK) {
316 /* override from a ldb module, for example used for
317 deleted linked attribute entries */
321 if (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
327 static int ltdb_add_internal(struct ldb_module *module,
328 const struct ldb_message *msg,
329 bool check_single_value)
331 struct ldb_context *ldb = ldb_module_get_ctx(module);
332 int ret = LDB_SUCCESS;
335 for (i=0;i<msg->num_elements;i++) {
336 struct ldb_message_element *el = &msg->elements[i];
337 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
339 if (el->num_values == 0) {
340 ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
341 el->name, ldb_dn_get_linearized(msg->dn));
342 return LDB_ERR_CONSTRAINT_VIOLATION;
344 if (check_single_value &&
345 el->num_values > 1 &&
346 ldb_tdb_single_valued(a, el)) {
347 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
348 el->name, ldb_dn_get_linearized(msg->dn));
349 return LDB_ERR_CONSTRAINT_VIOLATION;
352 /* Do not check "@ATTRIBUTES" for duplicated values */
353 if (ldb_dn_is_special(msg->dn) &&
354 ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
358 if (check_single_value) {
359 /* TODO: This is O(n^2) - replace with more efficient check */
360 for (j=0; j<el->num_values; j++) {
361 if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
362 ldb_asprintf_errstring(ldb,
363 "attribute '%s': value #%u on '%s' "
364 "provided more than once in ADD object",
366 ldb_dn_get_linearized(msg->dn));
367 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
373 ret = ltdb_store(module, msg, TDB_INSERT);
374 if (ret != LDB_SUCCESS) {
375 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
376 ldb_asprintf_errstring(ldb,
377 "Entry %s already exists",
378 ldb_dn_get_linearized(msg->dn));
383 ret = ltdb_index_add_new(module, msg);
384 if (ret != LDB_SUCCESS) {
388 ret = ltdb_modified(module, msg->dn);
394 add a record to the database
396 static int ltdb_add(struct ltdb_context *ctx)
398 struct ldb_module *module = ctx->module;
399 struct ldb_request *req = ctx->req;
400 int ret = LDB_SUCCESS;
402 ret = ltdb_check_special_dn(module, req->op.add.message);
403 if (ret != LDB_SUCCESS) {
407 ldb_request_set_state(req, LDB_ASYNC_PENDING);
409 if (ltdb_cache_load(module) != 0) {
410 return LDB_ERR_OPERATIONS_ERROR;
413 ret = ltdb_add_internal(module, req->op.add.message, true);
419 delete a record from the database, not updating indexes (used for deleting
422 int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
424 void *data = ldb_module_get_private(module);
425 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
429 tdb_key = ltdb_key(module, dn);
431 return LDB_ERR_OTHER;
434 ret = tdb_delete(ltdb->tdb, tdb_key);
435 talloc_free(tdb_key.dptr);
438 ret = ltdb_err_map(tdb_error(ltdb->tdb));
444 static int ltdb_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
446 struct ldb_message *msg;
447 int ret = LDB_SUCCESS;
449 msg = ldb_msg_new(module);
451 return LDB_ERR_OPERATIONS_ERROR;
454 /* in case any attribute of the message was indexed, we need
455 to fetch the old record */
456 ret = ltdb_search_dn1(module, dn, msg, LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
457 if (ret != LDB_SUCCESS) {
458 /* not finding the old record is an error */
462 ret = ltdb_delete_noindex(module, dn);
463 if (ret != LDB_SUCCESS) {
467 /* remove any indexed attributes */
468 ret = ltdb_index_delete(module, msg);
469 if (ret != LDB_SUCCESS) {
473 ret = ltdb_modified(module, dn);
474 if (ret != LDB_SUCCESS) {
484 delete a record from the database
486 static int ltdb_delete(struct ltdb_context *ctx)
488 struct ldb_module *module = ctx->module;
489 struct ldb_request *req = ctx->req;
490 int ret = LDB_SUCCESS;
492 ldb_request_set_state(req, LDB_ASYNC_PENDING);
494 if (ltdb_cache_load(module) != 0) {
495 return LDB_ERR_OPERATIONS_ERROR;
498 ret = ltdb_delete_internal(module, req->op.del.dn);
504 find an element by attribute name. At the moment this does a linear search,
505 it should be re-coded to use a binary search once all places that modify
506 records guarantee sorted order
508 return the index of the first matching element if found, otherwise -1
510 static int find_element(const struct ldb_message *msg, const char *name)
513 for (i=0;i<msg->num_elements;i++) {
514 if (ldb_attr_cmp(msg->elements[i].name, name) == 0) {
523 add an element to an existing record. Assumes a elements array that we
524 can call re-alloc on, and assumed that we can re-use the data pointers from
525 the passed in additional values. Use with care!
527 returns 0 on success, -1 on failure (and sets errno)
529 static int ltdb_msg_add_element(struct ldb_context *ldb,
530 struct ldb_message *msg,
531 struct ldb_message_element *el)
533 struct ldb_message_element *e2;
536 if (el->num_values == 0) {
537 /* nothing to do here - we don't add empty elements */
541 e2 = talloc_realloc(msg, msg->elements, struct ldb_message_element,
542 msg->num_elements+1);
550 e2 = &msg->elements[msg->num_elements];
553 e2->flags = el->flags;
554 e2->values = talloc_array(msg->elements,
555 struct ldb_val, el->num_values);
560 for (i=0;i<el->num_values;i++) {
561 e2->values[i] = el->values[i];
563 e2->num_values = el->num_values;
571 delete all elements having a specified attribute name
573 static int msg_delete_attribute(struct ldb_module *module,
574 struct ldb_context *ldb,
575 struct ldb_message *msg, const char *name)
579 struct ldb_message_element *el;
581 el = ldb_msg_find_element(msg, name);
583 return LDB_ERR_NO_SUCH_ATTRIBUTE;
585 i = el - msg->elements;
587 ret = ltdb_index_del_element(module, msg->dn, el);
588 if (ret != LDB_SUCCESS) {
592 talloc_free(el->values);
593 if (msg->num_elements > (i+1)) {
594 memmove(el, el+1, sizeof(*el) * (msg->num_elements - (i+1)));
597 msg->elements = talloc_realloc(msg, msg->elements,
598 struct ldb_message_element,
604 delete all elements matching an attribute name/value
606 return LDB Error on failure
608 static int msg_delete_element(struct ldb_module *module,
609 struct ldb_message *msg,
611 const struct ldb_val *val)
613 struct ldb_context *ldb = ldb_module_get_ctx(module);
616 struct ldb_message_element *el;
617 const struct ldb_schema_attribute *a;
619 found = find_element(msg, name);
621 return LDB_ERR_NO_SUCH_ATTRIBUTE;
624 i = (unsigned int) found;
625 el = &(msg->elements[i]);
627 a = ldb_schema_attribute_by_name(ldb, el->name);
629 for (i=0;i<el->num_values;i++) {
631 if (a->syntax->operator_fn) {
632 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
633 &el->values[i], val, &matched);
634 if (ret != LDB_SUCCESS) return ret;
636 matched = (a->syntax->comparison_fn(ldb, ldb,
637 &el->values[i], val) == 0);
640 if (el->num_values == 1) {
641 return msg_delete_attribute(module, ldb, msg, name);
644 ret = ltdb_index_del_value(module, msg->dn, el, i);
645 if (ret != LDB_SUCCESS) {
649 if (i<el->num_values-1) {
650 memmove(&el->values[i], &el->values[i+1],
651 sizeof(el->values[i])*
652 (el->num_values-(i+1)));
656 /* per definition we find in a canonicalised message an
657 attribute value only once. So we are finished here */
663 return LDB_ERR_NO_SUCH_ATTRIBUTE;
668 modify a record - internal interface
670 yuck - this is O(n^2). Luckily n is usually small so we probably
671 get away with it, but if we ever have really large attribute lists
672 then we'll need to look at this again
674 'req' is optional, and is used to specify controls if supplied
676 int ltdb_modify_internal(struct ldb_module *module,
677 const struct ldb_message *msg,
678 struct ldb_request *req)
680 struct ldb_context *ldb = ldb_module_get_ctx(module);
681 void *data = ldb_module_get_private(module);
682 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
683 TDB_DATA tdb_key, tdb_data;
684 struct ldb_val ldb_data;
685 struct ldb_message *msg2;
686 unsigned int i, j, k;
687 int ret = LDB_SUCCESS, idx;
688 struct ldb_control *control_permissive = NULL;
691 control_permissive = ldb_request_get_control(req,
692 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
695 tdb_key = ltdb_key(module, msg->dn);
697 return LDB_ERR_OTHER;
700 tdb_data = tdb_fetch(ltdb->tdb, tdb_key);
701 if (!tdb_data.dptr) {
702 talloc_free(tdb_key.dptr);
703 return ltdb_err_map(tdb_error(ltdb->tdb));
706 msg2 = ldb_msg_new(tdb_key.dptr);
713 ldb_data.data = tdb_data.dptr;
714 ldb_data.length = tdb_data.dsize;
716 ret = ldb_unpack_data(ldb_module_get_ctx(module), &ldb_data, msg2);
727 for (i=0; i<msg->num_elements; i++) {
728 struct ldb_message_element *el = &msg->elements[i], *el2;
729 struct ldb_val *vals;
730 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
733 switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
734 case LDB_FLAG_MOD_ADD:
736 if (el->num_values == 0) {
737 ldb_asprintf_errstring(ldb,
738 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
739 el->name, ldb_dn_get_linearized(msg2->dn));
740 ret = LDB_ERR_CONSTRAINT_VIOLATION;
744 /* make a copy of the array so that a permissive
745 * control can remove duplicates without changing the
746 * original values, but do not copy data as we do not
747 * need to keep it around once the operation is
749 if (control_permissive) {
750 el = talloc(msg2, struct ldb_message_element);
755 *el = msg->elements[i];
756 el->values = talloc_array(el, struct ldb_val, el->num_values);
757 if (el->values == NULL) {
761 for (j = 0; j < el->num_values; j++) {
762 el->values[j] = msg->elements[i].values[j];
766 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
767 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
768 el->name, ldb_dn_get_linearized(msg2->dn));
769 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
773 /* Checks if element already exists */
774 idx = find_element(msg2, el->name);
776 if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
780 ret = ltdb_index_add_element(module, msg2->dn,
782 if (ret != LDB_SUCCESS) {
786 j = (unsigned int) idx;
787 el2 = &(msg2->elements[j]);
789 /* We cannot add another value on a existing one
790 if the attribute is single-valued */
791 if (ldb_tdb_single_valued(a, el)) {
792 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
793 el->name, ldb_dn_get_linearized(msg2->dn));
794 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
798 /* Check that values don't exist yet on multi-
799 valued attributes or aren't provided twice */
800 /* TODO: This is O(n^2) - replace with more efficient check */
801 if (!(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
802 for (j = 0; j < el->num_values; j++) {
803 if (ldb_msg_find_val(el2, &el->values[j]) != NULL) {
804 if (control_permissive) {
805 /* remove this one as if it was never added */
807 for (k = j; k < el->num_values; k++) {
808 el->values[k] = el->values[k + 1];
815 ldb_asprintf_errstring(ldb,
816 "attribute '%s': value #%u on '%s' already exists",
817 el->name, j, ldb_dn_get_linearized(msg2->dn));
818 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
821 if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
822 ldb_asprintf_errstring(ldb,
823 "attribute '%s': value #%u on '%s' provided more than once in ADD",
824 el->name, j, ldb_dn_get_linearized(msg2->dn));
825 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
831 /* Now combine existing and new values to a new
833 vals = talloc_realloc(msg2->elements,
834 el2->values, struct ldb_val,
835 el2->num_values + el->num_values);
842 for (j=0; j<el->num_values; j++) {
843 vals[el2->num_values + j] =
844 ldb_val_dup(vals, &el->values[j]);
848 el2->num_values += el->num_values;
850 ret = ltdb_index_add_element(module, msg2->dn, el);
851 if (ret != LDB_SUCCESS) {
858 case LDB_FLAG_MOD_REPLACE:
860 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
861 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
862 el->name, ldb_dn_get_linearized(msg2->dn));
863 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
868 * We don't need to check this if we have been
869 * pre-screened by the repl_meta_data module
870 * in Samba, or someone else who can claim to
871 * know what they are doing.
873 if (!(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
874 /* TODO: This is O(n^2) - replace with more efficient check */
875 for (j=0; j<el->num_values; j++) {
876 if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
877 ldb_asprintf_errstring(ldb,
878 "attribute '%s': value #%u on '%s' provided more than once in REPLACE",
879 el->name, j, ldb_dn_get_linearized(msg2->dn));
880 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
886 /* Checks if element already exists */
887 idx = find_element(msg2, el->name);
889 j = (unsigned int) idx;
890 el2 = &(msg2->elements[j]);
892 /* we consider two elements to be
893 * equal only if the order
894 * matches. This allows dbcheck to
895 * fix the ordering on attributes
896 * where order matters, such as
899 if (ldb_msg_element_equal_ordered(el, el2)) {
903 /* Delete the attribute if it exists in the DB */
904 if (msg_delete_attribute(module, ldb, msg2,
911 /* Recreate it with the new values */
912 if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
917 ret = ltdb_index_add_element(module, msg2->dn, el);
918 if (ret != LDB_SUCCESS) {
924 case LDB_FLAG_MOD_DELETE:
925 dn = ldb_dn_get_linearized(msg2->dn);
931 if (msg->elements[i].num_values == 0) {
932 /* Delete the whole attribute */
933 ret = msg_delete_attribute(module, ldb, msg2,
934 msg->elements[i].name);
935 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
936 control_permissive) {
939 ldb_asprintf_errstring(ldb,
940 "attribute '%s': no such attribute for delete on '%s'",
941 msg->elements[i].name, dn);
943 if (ret != LDB_SUCCESS) {
947 /* Delete specified values from an attribute */
948 for (j=0; j < msg->elements[i].num_values; j++) {
949 ret = msg_delete_element(module,
951 msg->elements[i].name,
952 &msg->elements[i].values[j]);
953 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
954 control_permissive) {
956 } else if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
957 ldb_asprintf_errstring(ldb,
958 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
959 msg->elements[i].name, dn);
961 if (ret != LDB_SUCCESS) {
968 ldb_asprintf_errstring(ldb,
969 "attribute '%s': invalid modify flags on '%s': 0x%x",
970 msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
971 msg->elements[i].flags & LDB_FLAG_MOD_MASK);
972 ret = LDB_ERR_PROTOCOL_ERROR;
977 ret = ltdb_store(module, msg2, TDB_MODIFY);
978 if (ret != LDB_SUCCESS) {
982 ret = ltdb_modified(module, msg2->dn);
983 if (ret != LDB_SUCCESS) {
988 talloc_free(tdb_key.dptr);
995 static int ltdb_modify(struct ltdb_context *ctx)
997 struct ldb_module *module = ctx->module;
998 struct ldb_request *req = ctx->req;
999 int ret = LDB_SUCCESS;
1001 ret = ltdb_check_special_dn(module, req->op.mod.message);
1002 if (ret != LDB_SUCCESS) {
1006 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1008 if (ltdb_cache_load(module) != 0) {
1009 return LDB_ERR_OPERATIONS_ERROR;
1012 ret = ltdb_modify_internal(module, req->op.mod.message, req);
1020 static int ltdb_rename(struct ltdb_context *ctx)
1022 struct ldb_module *module = ctx->module;
1023 void *data = ldb_module_get_private(module);
1024 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1025 struct ldb_request *req = ctx->req;
1026 struct ldb_message *msg;
1027 int ret = LDB_SUCCESS;
1028 TDB_DATA tdb_key, tdb_key_old;
1030 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1032 if (ltdb_cache_load(ctx->module) != 0) {
1033 return LDB_ERR_OPERATIONS_ERROR;
1036 msg = ldb_msg_new(ctx);
1038 return LDB_ERR_OPERATIONS_ERROR;
1041 /* we need to fetch the old record to re-add under the new name */
1042 ret = ltdb_search_dn1(module, req->op.rename.olddn, msg,
1043 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
1044 if (ret != LDB_SUCCESS) {
1045 /* not finding the old record is an error */
1049 /* We need to, before changing the DB, check if the new DN
1050 * exists, so we can return this error to the caller with an
1052 tdb_key = ltdb_key(module, req->op.rename.newdn);
1053 if (!tdb_key.dptr) {
1055 return LDB_ERR_OPERATIONS_ERROR;
1058 tdb_key_old = ltdb_key(module, req->op.rename.olddn);
1059 if (!tdb_key_old.dptr) {
1061 talloc_free(tdb_key.dptr);
1062 return LDB_ERR_OPERATIONS_ERROR;
1065 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1066 if (tdb_key_old.dsize != tdb_key.dsize || memcmp(tdb_key.dptr, tdb_key_old.dptr, tdb_key.dsize) != 0) {
1067 if (tdb_exists(ltdb->tdb, tdb_key)) {
1068 talloc_free(tdb_key_old.dptr);
1069 talloc_free(tdb_key.dptr);
1070 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1071 "Entry %s already exists",
1072 ldb_dn_get_linearized(req->op.rename.newdn));
1073 /* finding the new record already in the DB is an error */
1075 return LDB_ERR_ENTRY_ALREADY_EXISTS;
1078 talloc_free(tdb_key_old.dptr);
1079 talloc_free(tdb_key.dptr);
1081 /* Always delete first then add, to avoid conflicts with
1082 * unique indexes. We rely on the transaction to make this
1085 ret = ltdb_delete_internal(module, msg->dn);
1086 if (ret != LDB_SUCCESS) {
1091 msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
1092 if (msg->dn == NULL) {
1094 return LDB_ERR_OPERATIONS_ERROR;
1097 /* We don't check single value as we can have more than 1 with
1098 * deleted attributes. We could go through all elements but that's
1099 * maybe not the most efficient way
1101 ret = ltdb_add_internal(module, msg, false);
1108 static int ltdb_start_trans(struct ldb_module *module)
1110 void *data = ldb_module_get_private(module);
1111 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1113 if (tdb_transaction_start(ltdb->tdb) != 0) {
1114 return ltdb_err_map(tdb_error(ltdb->tdb));
1117 ltdb->in_transaction++;
1119 ltdb_index_transaction_start(module);
1124 static int ltdb_prepare_commit(struct ldb_module *module)
1126 void *data = ldb_module_get_private(module);
1127 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1129 if (ltdb->in_transaction != 1) {
1133 if (ltdb_index_transaction_commit(module) != 0) {
1134 tdb_transaction_cancel(ltdb->tdb);
1135 ltdb->in_transaction--;
1136 return ltdb_err_map(tdb_error(ltdb->tdb));
1139 if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
1140 ltdb->in_transaction--;
1141 return ltdb_err_map(tdb_error(ltdb->tdb));
1144 ltdb->prepared_commit = true;
1149 static int ltdb_end_trans(struct ldb_module *module)
1151 void *data = ldb_module_get_private(module);
1152 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1154 if (!ltdb->prepared_commit) {
1155 int ret = ltdb_prepare_commit(module);
1156 if (ret != LDB_SUCCESS) {
1161 ltdb->in_transaction--;
1162 ltdb->prepared_commit = false;
1164 if (tdb_transaction_commit(ltdb->tdb) != 0) {
1165 return ltdb_err_map(tdb_error(ltdb->tdb));
1171 static int ltdb_del_trans(struct ldb_module *module)
1173 void *data = ldb_module_get_private(module);
1174 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1176 ltdb->in_transaction--;
1178 if (ltdb_index_transaction_cancel(module) != 0) {
1179 tdb_transaction_cancel(ltdb->tdb);
1180 return ltdb_err_map(tdb_error(ltdb->tdb));
1183 tdb_transaction_cancel(ltdb->tdb);
1188 return sequenceNumber from @BASEINFO
1190 static int ltdb_sequence_number(struct ltdb_context *ctx,
1191 struct ldb_extended **ext)
1193 struct ldb_context *ldb;
1194 struct ldb_module *module = ctx->module;
1195 struct ldb_request *req = ctx->req;
1196 TALLOC_CTX *tmp_ctx = NULL;
1197 struct ldb_seqnum_request *seq;
1198 struct ldb_seqnum_result *res;
1199 struct ldb_message *msg = NULL;
1202 int ret = LDB_SUCCESS;
1204 ldb = ldb_module_get_ctx(module);
1206 seq = talloc_get_type(req->op.extended.data,
1207 struct ldb_seqnum_request);
1209 return LDB_ERR_OPERATIONS_ERROR;
1212 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1214 if (ltdb_lock_read(module) != 0) {
1215 return LDB_ERR_OPERATIONS_ERROR;
1218 res = talloc_zero(req, struct ldb_seqnum_result);
1220 ret = LDB_ERR_OPERATIONS_ERROR;
1224 tmp_ctx = talloc_new(req);
1225 if (tmp_ctx == NULL) {
1226 ret = LDB_ERR_OPERATIONS_ERROR;
1230 dn = ldb_dn_new(tmp_ctx, ldb, LTDB_BASEINFO);
1232 ret = LDB_ERR_OPERATIONS_ERROR;
1236 msg = ldb_msg_new(tmp_ctx);
1238 ret = LDB_ERR_OPERATIONS_ERROR;
1242 ret = ltdb_search_dn1(module, dn, msg, 0);
1243 if (ret != LDB_SUCCESS) {
1247 switch (seq->type) {
1248 case LDB_SEQ_HIGHEST_SEQ:
1249 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1252 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1255 case LDB_SEQ_HIGHEST_TIMESTAMP:
1256 date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL);
1258 res->seq_num = ldb_string_to_time(date);
1261 /* zero is as good as anything when we don't know */
1266 *ext = talloc_zero(req, struct ldb_extended);
1268 ret = LDB_ERR_OPERATIONS_ERROR;
1271 (*ext)->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
1272 (*ext)->data = talloc_steal(*ext, res);
1275 talloc_free(tmp_ctx);
1276 ltdb_unlock_read(module);
1280 static void ltdb_request_done(struct ltdb_context *ctx, int error)
1282 struct ldb_context *ldb;
1283 struct ldb_request *req;
1284 struct ldb_reply *ares;
1286 ldb = ldb_module_get_ctx(ctx->module);
1289 /* if we already returned an error just return */
1290 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1294 ares = talloc_zero(req, struct ldb_reply);
1297 req->callback(req, NULL);
1300 ares->type = LDB_REPLY_DONE;
1301 ares->error = error;
1303 req->callback(req, ares);
1306 static void ltdb_timeout(struct tevent_context *ev,
1307 struct tevent_timer *te,
1311 struct ltdb_context *ctx;
1312 ctx = talloc_get_type(private_data, struct ltdb_context);
1314 if (!ctx->request_terminated) {
1315 /* request is done now */
1316 ltdb_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED);
1320 /* neutralize the spy */
1321 ctx->spy->ctx = NULL;
1327 static void ltdb_request_extended_done(struct ltdb_context *ctx,
1328 struct ldb_extended *ext,
1331 struct ldb_context *ldb;
1332 struct ldb_request *req;
1333 struct ldb_reply *ares;
1335 ldb = ldb_module_get_ctx(ctx->module);
1338 /* if we already returned an error just return */
1339 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1343 ares = talloc_zero(req, struct ldb_reply);
1346 req->callback(req, NULL);
1349 ares->type = LDB_REPLY_DONE;
1350 ares->response = ext;
1351 ares->error = error;
1353 req->callback(req, ares);
1356 static void ltdb_handle_extended(struct ltdb_context *ctx)
1358 struct ldb_extended *ext = NULL;
1361 if (strcmp(ctx->req->op.extended.oid,
1362 LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
1363 /* get sequence number */
1364 ret = ltdb_sequence_number(ctx, &ext);
1366 /* not recognized */
1367 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1370 ltdb_request_extended_done(ctx, ext, ret);
1373 static void ltdb_callback(struct tevent_context *ev,
1374 struct tevent_timer *te,
1378 struct ltdb_context *ctx;
1381 ctx = talloc_get_type(private_data, struct ltdb_context);
1383 if (ctx->request_terminated) {
1387 switch (ctx->req->operation) {
1389 ret = ltdb_search(ctx);
1392 ret = ltdb_add(ctx);
1395 ret = ltdb_modify(ctx);
1398 ret = ltdb_delete(ctx);
1401 ret = ltdb_rename(ctx);
1404 ltdb_handle_extended(ctx);
1407 /* no other op supported */
1408 ret = LDB_ERR_PROTOCOL_ERROR;
1411 if (!ctx->request_terminated) {
1412 /* request is done now */
1413 ltdb_request_done(ctx, ret);
1418 /* neutralize the spy */
1419 ctx->spy->ctx = NULL;
1425 static int ltdb_request_destructor(void *ptr)
1427 struct ltdb_req_spy *spy = talloc_get_type(ptr, struct ltdb_req_spy);
1429 if (spy->ctx != NULL) {
1430 spy->ctx->spy = NULL;
1431 spy->ctx->request_terminated = true;
1438 static int ltdb_handle_request(struct ldb_module *module,
1439 struct ldb_request *req)
1441 struct ldb_control *control_permissive;
1442 struct ldb_context *ldb;
1443 struct tevent_context *ev;
1444 struct ltdb_context *ac;
1445 struct tevent_timer *te;
1449 ldb = ldb_module_get_ctx(module);
1451 control_permissive = ldb_request_get_control(req,
1452 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1454 for (i = 0; req->controls && req->controls[i]; i++) {
1455 if (req->controls[i]->critical &&
1456 req->controls[i] != control_permissive) {
1457 ldb_asprintf_errstring(ldb, "Unsupported critical extension %s",
1458 req->controls[i]->oid);
1459 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1463 if (req->starttime == 0 || req->timeout == 0) {
1464 ldb_set_errstring(ldb, "Invalid timeout settings");
1465 return LDB_ERR_TIME_LIMIT_EXCEEDED;
1468 ev = ldb_get_event_context(ldb);
1470 ac = talloc_zero(ldb, struct ltdb_context);
1473 return LDB_ERR_OPERATIONS_ERROR;
1476 ac->module = module;
1481 te = tevent_add_timer(ev, ac, tv, ltdb_callback, ac);
1484 return LDB_ERR_OPERATIONS_ERROR;
1487 if (req->timeout > 0) {
1488 tv.tv_sec = req->starttime + req->timeout;
1490 ac->timeout_event = tevent_add_timer(ev, ac, tv,
1492 if (NULL == ac->timeout_event) {
1494 return LDB_ERR_OPERATIONS_ERROR;
1498 /* set a spy so that we do not try to use the request context
1499 * if it is freed before ltdb_callback fires */
1500 ac->spy = talloc(req, struct ltdb_req_spy);
1501 if (NULL == ac->spy) {
1503 return LDB_ERR_OPERATIONS_ERROR;
1507 talloc_set_destructor((TALLOC_CTX *)ac->spy, ltdb_request_destructor);
1512 static int ltdb_init_rootdse(struct ldb_module *module)
1514 /* ignore errors on this - we expect it for non-sam databases */
1515 ldb_mod_register_control(module, LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1517 /* there can be no module beyond the backend, just return */
1521 static const struct ldb_module_ops ltdb_ops = {
1523 .init_context = ltdb_init_rootdse,
1524 .search = ltdb_handle_request,
1525 .add = ltdb_handle_request,
1526 .modify = ltdb_handle_request,
1527 .del = ltdb_handle_request,
1528 .rename = ltdb_handle_request,
1529 .extended = ltdb_handle_request,
1530 .start_transaction = ltdb_start_trans,
1531 .end_transaction = ltdb_end_trans,
1532 .prepare_commit = ltdb_prepare_commit,
1533 .del_transaction = ltdb_del_trans,
1537 connect to the database
1539 static int ltdb_connect(struct ldb_context *ldb, const char *url,
1540 unsigned int flags, const char *options[],
1541 struct ldb_module **_module)
1543 struct ldb_module *module;
1545 int tdb_flags, open_flags;
1546 struct ltdb_private *ltdb;
1549 if (strchr(url, ':')) {
1550 if (strncmp(url, "tdb://", 6) != 0) {
1551 ldb_debug(ldb, LDB_DEBUG_ERROR,
1552 "Invalid tdb URL '%s'", url);
1553 return LDB_ERR_OPERATIONS_ERROR;
1560 tdb_flags = TDB_DEFAULT | TDB_SEQNUM;
1562 /* check for the 'nosync' option */
1563 if (flags & LDB_FLG_NOSYNC) {
1564 tdb_flags |= TDB_NOSYNC;
1567 /* and nommap option */
1568 if (flags & LDB_FLG_NOMMAP) {
1569 tdb_flags |= TDB_NOMMAP;
1572 if (flags & LDB_FLG_RDONLY) {
1573 open_flags = O_RDONLY;
1574 } else if (flags & LDB_FLG_DONT_CREATE_DB) {
1575 open_flags = O_RDWR;
1577 open_flags = O_CREAT | O_RDWR;
1580 ltdb = talloc_zero(ldb, struct ltdb_private);
1583 return LDB_ERR_OPERATIONS_ERROR;
1586 /* note that we use quite a large default hash size */
1587 ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
1588 tdb_flags, open_flags,
1589 ldb_get_create_perms(ldb), ldb);
1591 ldb_asprintf_errstring(ldb,
1592 "Unable to open tdb '%s': %s", path, strerror(errno));
1593 ldb_debug(ldb, LDB_DEBUG_ERROR,
1594 "Unable to open tdb '%s': %s", path, strerror(errno));
1596 if (errno == EACCES || errno == EPERM) {
1597 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
1599 return LDB_ERR_OPERATIONS_ERROR;
1602 if (getenv("LDB_WARN_UNINDEXED")) {
1603 ltdb->warn_unindexed = true;
1606 if (getenv("LDB_WARN_REINDEX")) {
1607 ltdb->warn_reindex = true;
1610 ltdb->sequence_number = 0;
1612 module = ldb_module_new(ldb, ldb, "ldb_tdb backend", <db_ops);
1616 return LDB_ERR_OPERATIONS_ERROR;
1618 ldb_module_set_private(module, ltdb);
1619 talloc_steal(module, ltdb);
1621 if (ltdb_cache_load(module) != 0) {
1622 ldb_asprintf_errstring(ldb,
1623 "Unable to load ltdb cache records of tdb '%s'", path);
1624 talloc_free(module);
1625 return LDB_ERR_OPERATIONS_ERROR;
1632 int ldb_tdb_init(const char *version)
1634 LDB_MODULE_CHECK_VERSION(version);
1635 return ldb_register_backend("tdb", ltdb_connect, false);