4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include <lib/tdb_compat/tdb_compat.h>
57 map a tdb error code to a ldb error code
59 int ltdb_err_map(enum TDB_ERROR tdb_code)
67 return LDB_ERR_OPERATIONS_ERROR;
69 return LDB_ERR_PROTOCOL_ERROR;
76 case TDB_ERR_LOCK_TIMEOUT:
78 return LDB_ERR_TIME_LIMIT_EXCEEDED;
80 return LDB_ERR_ENTRY_ALREADY_EXISTS;
82 return LDB_ERR_NO_SUCH_OBJECT;
84 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
92 lock the database for read - use by ltdb_search and ltdb_sequence_number
94 int ltdb_lock_read(struct ldb_module *module)
96 void *data = ldb_module_get_private(module);
97 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
100 if (ltdb->in_transaction == 0 &&
101 ltdb->read_lock_count == 0) {
102 ret = tdb_lockall_read(ltdb->tdb);
105 ltdb->read_lock_count++;
111 unlock the database after a ltdb_lock_read()
113 int ltdb_unlock_read(struct ldb_module *module)
115 void *data = ldb_module_get_private(module);
116 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
117 if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
118 tdb_unlockall_read(ltdb->tdb);
121 ltdb->read_lock_count--;
127 form a TDB_DATA for a record key
130 note that the key for a record can depend on whether the
131 dn refers to a case sensitive index record or not
133 TDB_DATA ltdb_key(struct ldb_module *module, struct ldb_dn *dn)
135 struct ldb_context *ldb = ldb_module_get_ctx(module);
137 char *key_str = NULL;
138 const char *dn_folded = NULL;
141 most DNs are case insensitive. The exception is index DNs for
142 case sensitive attributes
144 there are 3 cases dealt with in this code:
146 1) if the dn doesn't start with @ then uppercase the attribute
147 names and the attributes values of case insensitive attributes
148 2) if the dn starts with @ then leave it alone -
149 the indexing code handles the rest
152 dn_folded = ldb_dn_get_casefold(dn);
157 key_str = talloc_strdup(ldb, "DN=");
162 key_str = talloc_strdup_append_buffer(key_str, dn_folded);
167 key.dptr = (uint8_t *)key_str;
168 key.dsize = strlen(key_str) + 1;
180 check special dn's have valid attributes
181 currently only @ATTRIBUTES is checked
183 static int ltdb_check_special_dn(struct ldb_module *module,
184 const struct ldb_message *msg)
186 struct ldb_context *ldb = ldb_module_get_ctx(module);
189 if (! ldb_dn_is_special(msg->dn) ||
190 ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
194 /* we have @ATTRIBUTES, let's check attributes are fine */
195 /* should we check that we deny multivalued attributes ? */
196 for (i = 0; i < msg->num_elements; i++) {
197 if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) continue;
199 for (j = 0; j < msg->elements[i].num_values; j++) {
200 if (ltdb_check_at_attributes_values(&msg->elements[i].values[j]) != 0) {
201 ldb_set_errstring(ldb, "Invalid attribute value in an @ATTRIBUTES entry");
202 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
212 we've made a modification to a dn - possibly reindex and
213 update sequence number
215 static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
217 int ret = LDB_SUCCESS;
218 struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
220 /* only allow modifies inside a transaction, otherwise the
222 if (ltdb->in_transaction == 0) {
223 ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
224 return LDB_ERR_OPERATIONS_ERROR;
227 if (ldb_dn_is_special(dn) &&
228 (ldb_dn_check_special(dn, LTDB_INDEXLIST) ||
229 ldb_dn_check_special(dn, LTDB_ATTRIBUTES)) ) {
230 ret = ltdb_reindex(module);
233 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
234 if (ret == LDB_SUCCESS &&
235 !(ldb_dn_is_special(dn) &&
236 ldb_dn_check_special(dn, LTDB_BASEINFO)) ) {
237 ret = ltdb_increase_sequence_number(module);
240 /* If the modify was to @OPTIONS, reload the cache */
241 if (ret == LDB_SUCCESS &&
242 ldb_dn_is_special(dn) &&
243 (ldb_dn_check_special(dn, LTDB_OPTIONS)) ) {
244 ret = ltdb_cache_reload(module);
251 store a record into the db
253 int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
255 void *data = ldb_module_get_private(module);
256 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
257 TDB_DATA tdb_key, tdb_data;
258 int ret = LDB_SUCCESS;
260 tdb_key = ltdb_key(module, msg->dn);
261 if (tdb_key.dptr == NULL) {
262 return LDB_ERR_OTHER;
265 ret = ltdb_pack_data(module, msg, &tdb_data);
267 talloc_free(tdb_key.dptr);
268 return LDB_ERR_OTHER;
271 ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
273 ret = ltdb_err_map(tdb_error(ltdb->tdb));
278 talloc_free(tdb_key.dptr);
279 talloc_free(tdb_data.dptr);
286 check if a attribute is a single valued, for a given element
288 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute *a,
289 struct ldb_message_element *el)
291 if (!a) return false;
293 if (el->flags & LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK) {
294 /* override from a ldb module, for example
295 used for the description field, which is
296 marked multi-valued in the schema but which
297 should not actually accept multiple
301 if (el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK) {
302 /* override from a ldb module, for example used for
303 deleted linked attribute entries */
307 if (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
313 static int ltdb_add_internal(struct ldb_module *module,
314 const struct ldb_message *msg,
315 bool check_single_value)
317 struct ldb_context *ldb = ldb_module_get_ctx(module);
318 int ret = LDB_SUCCESS;
321 for (i=0;i<msg->num_elements;i++) {
322 struct ldb_message_element *el = &msg->elements[i];
323 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
325 if (el->num_values == 0) {
326 ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
327 el->name, ldb_dn_get_linearized(msg->dn));
328 return LDB_ERR_CONSTRAINT_VIOLATION;
330 if (check_single_value &&
331 el->num_values > 1 &&
332 ldb_tdb_single_valued(a, el)) {
333 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
334 el->name, ldb_dn_get_linearized(msg->dn));
335 return LDB_ERR_CONSTRAINT_VIOLATION;
339 ret = ltdb_store(module, msg, TDB_INSERT);
340 if (ret != LDB_SUCCESS) {
341 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
342 ldb_asprintf_errstring(ldb,
343 "Entry %s already exists",
344 ldb_dn_get_linearized(msg->dn));
349 ret = ltdb_index_add_new(module, msg);
350 if (ret != LDB_SUCCESS) {
354 ret = ltdb_modified(module, msg->dn);
360 add a record to the database
362 static int ltdb_add(struct ltdb_context *ctx)
364 struct ldb_module *module = ctx->module;
365 struct ldb_request *req = ctx->req;
366 int ret = LDB_SUCCESS;
368 ret = ltdb_check_special_dn(module, req->op.add.message);
369 if (ret != LDB_SUCCESS) {
373 ldb_request_set_state(req, LDB_ASYNC_PENDING);
375 if (ltdb_cache_load(module) != 0) {
376 return LDB_ERR_OPERATIONS_ERROR;
379 ret = ltdb_add_internal(module, req->op.add.message, true);
385 delete a record from the database, not updating indexes (used for deleting
388 int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
390 void *data = ldb_module_get_private(module);
391 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
395 tdb_key = ltdb_key(module, dn);
397 return LDB_ERR_OTHER;
400 ret = tdb_delete(ltdb->tdb, tdb_key);
401 talloc_free(tdb_key.dptr);
404 ret = ltdb_err_map(tdb_error(ltdb->tdb));
410 static int ltdb_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
412 struct ldb_message *msg;
413 int ret = LDB_SUCCESS;
415 msg = ldb_msg_new(module);
417 return LDB_ERR_OPERATIONS_ERROR;
420 /* in case any attribute of the message was indexed, we need
421 to fetch the old record */
422 ret = ltdb_search_dn1(module, dn, msg);
423 if (ret != LDB_SUCCESS) {
424 /* not finding the old record is an error */
428 ret = ltdb_delete_noindex(module, dn);
429 if (ret != LDB_SUCCESS) {
433 /* remove any indexed attributes */
434 ret = ltdb_index_delete(module, msg);
435 if (ret != LDB_SUCCESS) {
439 ret = ltdb_modified(module, dn);
440 if (ret != LDB_SUCCESS) {
450 delete a record from the database
452 static int ltdb_delete(struct ltdb_context *ctx)
454 struct ldb_module *module = ctx->module;
455 struct ldb_request *req = ctx->req;
456 int ret = LDB_SUCCESS;
458 ldb_request_set_state(req, LDB_ASYNC_PENDING);
460 if (ltdb_cache_load(module) != 0) {
461 return LDB_ERR_OPERATIONS_ERROR;
464 ret = ltdb_delete_internal(module, req->op.del.dn);
470 find an element by attribute name. At the moment this does a linear search,
471 it should be re-coded to use a binary search once all places that modify
472 records guarantee sorted order
474 return the index of the first matching element if found, otherwise -1
476 static int find_element(const struct ldb_message *msg, const char *name)
479 for (i=0;i<msg->num_elements;i++) {
480 if (ldb_attr_cmp(msg->elements[i].name, name) == 0) {
489 add an element to an existing record. Assumes a elements array that we
490 can call re-alloc on, and assumed that we can re-use the data pointers from
491 the passed in additional values. Use with care!
493 returns 0 on success, -1 on failure (and sets errno)
495 static int ltdb_msg_add_element(struct ldb_context *ldb,
496 struct ldb_message *msg,
497 struct ldb_message_element *el)
499 struct ldb_message_element *e2;
502 if (el->num_values == 0) {
503 /* nothing to do here - we don't add empty elements */
507 e2 = talloc_realloc(msg, msg->elements, struct ldb_message_element,
508 msg->num_elements+1);
516 e2 = &msg->elements[msg->num_elements];
519 e2->flags = el->flags;
520 e2->values = talloc_array(msg->elements,
521 struct ldb_val, el->num_values);
526 for (i=0;i<el->num_values;i++) {
527 e2->values[i] = el->values[i];
529 e2->num_values = el->num_values;
537 delete all elements having a specified attribute name
539 static int msg_delete_attribute(struct ldb_module *module,
540 struct ldb_context *ldb,
541 struct ldb_message *msg, const char *name)
545 struct ldb_message_element *el;
547 el = ldb_msg_find_element(msg, name);
549 return LDB_ERR_NO_SUCH_ATTRIBUTE;
551 i = el - msg->elements;
553 ret = ltdb_index_del_element(module, msg->dn, el);
554 if (ret != LDB_SUCCESS) {
558 talloc_free(el->values);
559 if (msg->num_elements > (i+1)) {
560 memmove(el, el+1, sizeof(*el) * (msg->num_elements - (i+1)));
563 msg->elements = talloc_realloc(msg, msg->elements,
564 struct ldb_message_element,
570 delete all elements matching an attribute name/value
572 return LDB Error on failure
574 static int msg_delete_element(struct ldb_module *module,
575 struct ldb_message *msg,
577 const struct ldb_val *val)
579 struct ldb_context *ldb = ldb_module_get_ctx(module);
582 struct ldb_message_element *el;
583 const struct ldb_schema_attribute *a;
585 found = find_element(msg, name);
587 return LDB_ERR_NO_SUCH_ATTRIBUTE;
590 i = (unsigned int) found;
591 el = &(msg->elements[i]);
593 a = ldb_schema_attribute_by_name(ldb, el->name);
595 for (i=0;i<el->num_values;i++) {
597 if (a->syntax->operator_fn) {
598 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
599 &el->values[i], val, &matched);
600 if (ret != LDB_SUCCESS) return ret;
602 matched = (a->syntax->comparison_fn(ldb, ldb,
603 &el->values[i], val) == 0);
606 if (el->num_values == 1) {
607 return msg_delete_attribute(module, ldb, msg, name);
610 ret = ltdb_index_del_value(module, msg->dn, el, i);
611 if (ret != LDB_SUCCESS) {
615 if (i<el->num_values-1) {
616 memmove(&el->values[i], &el->values[i+1],
617 sizeof(el->values[i])*
618 (el->num_values-(i+1)));
622 /* per definition we find in a canonicalised message an
623 attribute value only once. So we are finished here */
629 return LDB_ERR_NO_SUCH_ATTRIBUTE;
634 modify a record - internal interface
636 yuck - this is O(n^2). Luckily n is usually small so we probably
637 get away with it, but if we ever have really large attribute lists
638 then we'll need to look at this again
640 'req' is optional, and is used to specify controls if supplied
642 int ltdb_modify_internal(struct ldb_module *module,
643 const struct ldb_message *msg,
644 struct ldb_request *req)
646 struct ldb_context *ldb = ldb_module_get_ctx(module);
647 void *data = ldb_module_get_private(module);
648 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
649 TDB_DATA tdb_key, tdb_data;
650 struct ldb_message *msg2;
651 unsigned int i, j, k;
652 int ret = LDB_SUCCESS, idx;
653 struct ldb_control *control_permissive = NULL;
656 control_permissive = ldb_request_get_control(req,
657 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
660 tdb_key = ltdb_key(module, msg->dn);
662 return LDB_ERR_OTHER;
665 tdb_data = tdb_fetch_compat(ltdb->tdb, tdb_key);
666 if (!tdb_data.dptr) {
667 talloc_free(tdb_key.dptr);
668 return ltdb_err_map(tdb_error(ltdb->tdb));
671 msg2 = ldb_msg_new(tdb_key.dptr);
678 ret = ltdb_unpack_data(module, &tdb_data, msg2);
689 for (i=0; i<msg->num_elements; i++) {
690 struct ldb_message_element *el = &msg->elements[i], *el2;
691 struct ldb_val *vals;
692 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
695 switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
696 case LDB_FLAG_MOD_ADD:
698 if (el->num_values == 0) {
699 ldb_asprintf_errstring(ldb,
700 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
701 el->name, ldb_dn_get_linearized(msg2->dn));
702 ret = LDB_ERR_CONSTRAINT_VIOLATION;
706 /* make a copy of the array so that a permissive
707 * control can remove duplicates without changing the
708 * original values, but do not copy data as we do not
709 * need to keep it around once the operation is
711 if (control_permissive) {
712 el = talloc(msg2, struct ldb_message_element);
717 *el = msg->elements[i];
718 el->values = talloc_array(el, struct ldb_val, el->num_values);
719 if (el->values == NULL) {
723 for (j = 0; j < el->num_values; j++) {
724 el->values[j] = msg->elements[i].values[j];
728 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
729 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
730 el->name, ldb_dn_get_linearized(msg2->dn));
731 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
735 /* Checks if element already exists */
736 idx = find_element(msg2, el->name);
738 if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
742 ret = ltdb_index_add_element(module, msg2->dn,
744 if (ret != LDB_SUCCESS) {
748 j = (unsigned int) idx;
749 el2 = &(msg2->elements[j]);
751 /* We cannot add another value on a existing one
752 if the attribute is single-valued */
753 if (ldb_tdb_single_valued(a, el)) {
754 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
755 el->name, ldb_dn_get_linearized(msg2->dn));
756 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
760 /* Check that values don't exist yet on multi-
761 valued attributes or aren't provided twice */
762 for (j = 0; j < el->num_values; j++) {
763 if (ldb_msg_find_val(el2, &el->values[j]) != NULL) {
764 if (control_permissive) {
765 /* remove this one as if it was never added */
767 for (k = j; k < el->num_values; k++) {
768 el->values[k] = el->values[k + 1];
775 ldb_asprintf_errstring(ldb,
776 "attribute '%s': value #%u on '%s' already exists",
777 el->name, j, ldb_dn_get_linearized(msg2->dn));
778 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
781 if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
782 ldb_asprintf_errstring(ldb,
783 "attribute '%s': value #%u on '%s' provided more than once",
784 el->name, j, ldb_dn_get_linearized(msg2->dn));
785 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
790 /* Now combine existing and new values to a new
792 vals = talloc_realloc(msg2->elements,
793 el2->values, struct ldb_val,
794 el2->num_values + el->num_values);
801 for (j=0; j<el->num_values; j++) {
802 vals[el2->num_values + j] =
803 ldb_val_dup(vals, &el->values[j]);
807 el2->num_values += el->num_values;
809 ret = ltdb_index_add_element(module, msg2->dn, el);
810 if (ret != LDB_SUCCESS) {
817 case LDB_FLAG_MOD_REPLACE:
819 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
820 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
821 el->name, ldb_dn_get_linearized(msg2->dn));
822 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
826 /* TODO: This is O(n^2) - replace with more efficient check */
827 for (j=0; j<el->num_values; j++) {
828 if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
829 ldb_asprintf_errstring(ldb,
830 "attribute '%s': value #%u on '%s' provided more than once",
831 el->name, j, ldb_dn_get_linearized(msg2->dn));
832 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
837 /* Checks if element already exists */
838 idx = find_element(msg2, el->name);
840 j = (unsigned int) idx;
841 el2 = &(msg2->elements[j]);
842 if (ldb_msg_element_compare(el, el2) == 0) {
843 /* we are replacing with the same values */
847 /* Delete the attribute if it exists in the DB */
848 if (msg_delete_attribute(module, ldb, msg2,
855 /* Recreate it with the new values */
856 if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
861 ret = ltdb_index_add_element(module, msg2->dn, el);
862 if (ret != LDB_SUCCESS) {
868 case LDB_FLAG_MOD_DELETE:
869 dn = ldb_dn_get_linearized(msg2->dn);
875 if (msg->elements[i].num_values == 0) {
876 /* Delete the whole attribute */
877 ret = msg_delete_attribute(module, ldb, msg2,
878 msg->elements[i].name);
879 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
880 control_permissive) {
883 ldb_asprintf_errstring(ldb,
884 "attribute '%s': no such attribute for delete on '%s'",
885 msg->elements[i].name, dn);
887 if (ret != LDB_SUCCESS) {
891 /* Delete specified values from an attribute */
892 for (j=0; j < msg->elements[i].num_values; j++) {
893 ret = msg_delete_element(module,
895 msg->elements[i].name,
896 &msg->elements[i].values[j]);
897 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
898 control_permissive) {
901 ldb_asprintf_errstring(ldb,
902 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
903 msg->elements[i].name, dn);
905 if (ret != LDB_SUCCESS) {
912 ldb_asprintf_errstring(ldb,
913 "attribute '%s': invalid modify flags on '%s': 0x%x",
914 msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
915 msg->elements[i].flags & LDB_FLAG_MOD_MASK);
916 ret = LDB_ERR_PROTOCOL_ERROR;
921 ret = ltdb_store(module, msg2, TDB_MODIFY);
922 if (ret != LDB_SUCCESS) {
926 ret = ltdb_modified(module, msg2->dn);
927 if (ret != LDB_SUCCESS) {
932 talloc_free(tdb_key.dptr);
939 static int ltdb_modify(struct ltdb_context *ctx)
941 struct ldb_module *module = ctx->module;
942 struct ldb_request *req = ctx->req;
943 int ret = LDB_SUCCESS;
945 ret = ltdb_check_special_dn(module, req->op.mod.message);
946 if (ret != LDB_SUCCESS) {
950 ldb_request_set_state(req, LDB_ASYNC_PENDING);
952 if (ltdb_cache_load(module) != 0) {
953 return LDB_ERR_OPERATIONS_ERROR;
956 ret = ltdb_modify_internal(module, req->op.mod.message, req);
964 static int ltdb_rename(struct ltdb_context *ctx)
966 struct ldb_module *module = ctx->module;
967 struct ldb_request *req = ctx->req;
968 struct ldb_message *msg;
969 int ret = LDB_SUCCESS;
971 ldb_request_set_state(req, LDB_ASYNC_PENDING);
973 if (ltdb_cache_load(ctx->module) != 0) {
974 return LDB_ERR_OPERATIONS_ERROR;
977 msg = ldb_msg_new(ctx);
979 return LDB_ERR_OPERATIONS_ERROR;
982 /* in case any attribute of the message was indexed, we need
983 to fetch the old record */
984 ret = ltdb_search_dn1(module, req->op.rename.olddn, msg);
985 if (ret != LDB_SUCCESS) {
986 /* not finding the old record is an error */
990 /* Always delete first then add, to avoid conflicts with
991 * unique indexes. We rely on the transaction to make this
994 ret = ltdb_delete_internal(module, msg->dn);
995 if (ret != LDB_SUCCESS) {
999 msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
1000 if (msg->dn == NULL) {
1001 return LDB_ERR_OPERATIONS_ERROR;
1004 /* We don't check single value as we can have more than 1 with
1005 * deleted attributes. We could go through all elements but that's
1006 * maybe not the most efficient way
1008 ret = ltdb_add_internal(module, msg, false);
1013 static int ltdb_start_trans(struct ldb_module *module)
1015 void *data = ldb_module_get_private(module);
1016 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1018 if (tdb_transaction_start(ltdb->tdb) != 0) {
1019 return ltdb_err_map(tdb_error(ltdb->tdb));
1022 ltdb->in_transaction++;
1024 ltdb_index_transaction_start(module);
1029 static int ltdb_prepare_commit(struct ldb_module *module)
1031 void *data = ldb_module_get_private(module);
1032 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1034 if (ltdb->in_transaction != 1) {
1038 if (ltdb_index_transaction_commit(module) != 0) {
1039 tdb_transaction_cancel(ltdb->tdb);
1040 ltdb->in_transaction--;
1041 return ltdb_err_map(tdb_error(ltdb->tdb));
1044 if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
1045 ltdb->in_transaction--;
1046 return ltdb_err_map(tdb_error(ltdb->tdb));
1049 ltdb->prepared_commit = true;
1054 static int ltdb_end_trans(struct ldb_module *module)
1056 void *data = ldb_module_get_private(module);
1057 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1059 if (!ltdb->prepared_commit) {
1060 int ret = ltdb_prepare_commit(module);
1061 if (ret != LDB_SUCCESS) {
1066 ltdb->in_transaction--;
1067 ltdb->prepared_commit = false;
1069 if (tdb_transaction_commit(ltdb->tdb) != 0) {
1070 return ltdb_err_map(tdb_error(ltdb->tdb));
1076 static int ltdb_del_trans(struct ldb_module *module)
1078 void *data = ldb_module_get_private(module);
1079 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1081 ltdb->in_transaction--;
1083 if (ltdb_index_transaction_cancel(module) != 0) {
1084 tdb_transaction_cancel(ltdb->tdb);
1085 return ltdb_err_map(tdb_error(ltdb->tdb));
1088 tdb_transaction_cancel(ltdb->tdb);
1093 return sequenceNumber from @BASEINFO
1095 static int ltdb_sequence_number(struct ltdb_context *ctx,
1096 struct ldb_extended **ext)
1098 struct ldb_context *ldb;
1099 struct ldb_module *module = ctx->module;
1100 struct ldb_request *req = ctx->req;
1101 TALLOC_CTX *tmp_ctx = NULL;
1102 struct ldb_seqnum_request *seq;
1103 struct ldb_seqnum_result *res;
1104 struct ldb_message *msg = NULL;
1107 int ret = LDB_SUCCESS;
1109 ldb = ldb_module_get_ctx(module);
1111 seq = talloc_get_type(req->op.extended.data,
1112 struct ldb_seqnum_request);
1114 return LDB_ERR_OPERATIONS_ERROR;
1117 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1119 if (ltdb_lock_read(module) != 0) {
1120 return LDB_ERR_OPERATIONS_ERROR;
1123 res = talloc_zero(req, struct ldb_seqnum_result);
1125 ret = LDB_ERR_OPERATIONS_ERROR;
1129 tmp_ctx = talloc_new(req);
1130 if (tmp_ctx == NULL) {
1131 ret = LDB_ERR_OPERATIONS_ERROR;
1135 dn = ldb_dn_new(tmp_ctx, ldb, LTDB_BASEINFO);
1137 ret = LDB_ERR_OPERATIONS_ERROR;
1141 msg = ldb_msg_new(tmp_ctx);
1143 ret = LDB_ERR_OPERATIONS_ERROR;
1147 ret = ltdb_search_dn1(module, dn, msg);
1148 if (ret != LDB_SUCCESS) {
1152 switch (seq->type) {
1153 case LDB_SEQ_HIGHEST_SEQ:
1154 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1157 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1160 case LDB_SEQ_HIGHEST_TIMESTAMP:
1161 date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL);
1163 res->seq_num = ldb_string_to_time(date);
1166 /* zero is as good as anything when we don't know */
1171 *ext = talloc_zero(req, struct ldb_extended);
1173 ret = LDB_ERR_OPERATIONS_ERROR;
1176 (*ext)->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
1177 (*ext)->data = talloc_steal(*ext, res);
1180 talloc_free(tmp_ctx);
1181 ltdb_unlock_read(module);
1185 static void ltdb_request_done(struct ltdb_context *ctx, int error)
1187 struct ldb_context *ldb;
1188 struct ldb_request *req;
1189 struct ldb_reply *ares;
1191 ldb = ldb_module_get_ctx(ctx->module);
1194 /* if we already returned an error just return */
1195 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1199 ares = talloc_zero(req, struct ldb_reply);
1202 req->callback(req, NULL);
1205 ares->type = LDB_REPLY_DONE;
1206 ares->error = error;
1208 req->callback(req, ares);
1211 static void ltdb_timeout(struct tevent_context *ev,
1212 struct tevent_timer *te,
1216 struct ltdb_context *ctx;
1217 ctx = talloc_get_type(private_data, struct ltdb_context);
1219 if (!ctx->request_terminated) {
1220 /* request is done now */
1221 ltdb_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED);
1224 if (!ctx->request_terminated) {
1225 /* neutralize the spy */
1226 ctx->spy->ctx = NULL;
1231 static void ltdb_request_extended_done(struct ltdb_context *ctx,
1232 struct ldb_extended *ext,
1235 struct ldb_context *ldb;
1236 struct ldb_request *req;
1237 struct ldb_reply *ares;
1239 ldb = ldb_module_get_ctx(ctx->module);
1242 /* if we already returned an error just return */
1243 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1247 ares = talloc_zero(req, struct ldb_reply);
1250 req->callback(req, NULL);
1253 ares->type = LDB_REPLY_DONE;
1254 ares->response = ext;
1255 ares->error = error;
1257 req->callback(req, ares);
1260 static void ltdb_handle_extended(struct ltdb_context *ctx)
1262 struct ldb_extended *ext = NULL;
1265 if (strcmp(ctx->req->op.extended.oid,
1266 LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
1267 /* get sequence number */
1268 ret = ltdb_sequence_number(ctx, &ext);
1270 /* not recognized */
1271 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1274 ltdb_request_extended_done(ctx, ext, ret);
1277 static void ltdb_callback(struct tevent_context *ev,
1278 struct tevent_timer *te,
1282 struct ltdb_context *ctx;
1285 ctx = talloc_get_type(private_data, struct ltdb_context);
1287 if (ctx->request_terminated) {
1291 switch (ctx->req->operation) {
1293 ret = ltdb_search(ctx);
1296 ret = ltdb_add(ctx);
1299 ret = ltdb_modify(ctx);
1302 ret = ltdb_delete(ctx);
1305 ret = ltdb_rename(ctx);
1308 ltdb_handle_extended(ctx);
1311 /* no other op supported */
1312 ret = LDB_ERR_PROTOCOL_ERROR;
1315 if (!ctx->request_terminated) {
1316 /* request is done now */
1317 ltdb_request_done(ctx, ret);
1321 if (!ctx->request_terminated) {
1322 /* neutralize the spy */
1323 ctx->spy->ctx = NULL;
1328 static int ltdb_request_destructor(void *ptr)
1330 struct ltdb_req_spy *spy = talloc_get_type(ptr, struct ltdb_req_spy);
1332 if (spy->ctx != NULL) {
1333 spy->ctx->request_terminated = true;
1339 static int ltdb_handle_request(struct ldb_module *module,
1340 struct ldb_request *req)
1342 struct ldb_control *control_permissive;
1343 struct ldb_context *ldb;
1344 struct tevent_context *ev;
1345 struct ltdb_context *ac;
1346 struct tevent_timer *te;
1350 ldb = ldb_module_get_ctx(module);
1352 control_permissive = ldb_request_get_control(req,
1353 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1355 for (i = 0; req->controls && req->controls[i]; i++) {
1356 if (req->controls[i]->critical &&
1357 req->controls[i] != control_permissive) {
1358 ldb_asprintf_errstring(ldb, "Unsupported critical extension %s",
1359 req->controls[i]->oid);
1360 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1364 if (req->starttime == 0 || req->timeout == 0) {
1365 ldb_set_errstring(ldb, "Invalid timeout settings");
1366 return LDB_ERR_TIME_LIMIT_EXCEEDED;
1369 ev = ldb_get_event_context(ldb);
1371 ac = talloc_zero(ldb, struct ltdb_context);
1374 return LDB_ERR_OPERATIONS_ERROR;
1377 ac->module = module;
1382 te = tevent_add_timer(ev, ac, tv, ltdb_callback, ac);
1385 return LDB_ERR_OPERATIONS_ERROR;
1388 tv.tv_sec = req->starttime + req->timeout;
1389 ac->timeout_event = tevent_add_timer(ev, ac, tv, ltdb_timeout, ac);
1390 if (NULL == ac->timeout_event) {
1392 return LDB_ERR_OPERATIONS_ERROR;
1395 /* set a spy so that we do not try to use the request context
1396 * if it is freed before ltdb_callback fires */
1397 ac->spy = talloc(req, struct ltdb_req_spy);
1398 if (NULL == ac->spy) {
1400 return LDB_ERR_OPERATIONS_ERROR;
1404 talloc_set_destructor((TALLOC_CTX *)ac->spy, ltdb_request_destructor);
1409 static int ltdb_init_rootdse(struct ldb_module *module)
1411 struct ldb_context *ldb;
1414 ldb = ldb_module_get_ctx(module);
1416 ret = ldb_mod_register_control(module,
1417 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1418 /* ignore errors on this - we expect it for non-sam databases */
1420 /* there can be no module beyond the backend, just return */
1424 static const struct ldb_module_ops ltdb_ops = {
1426 .init_context = ltdb_init_rootdse,
1427 .search = ltdb_handle_request,
1428 .add = ltdb_handle_request,
1429 .modify = ltdb_handle_request,
1430 .del = ltdb_handle_request,
1431 .rename = ltdb_handle_request,
1432 .extended = ltdb_handle_request,
1433 .start_transaction = ltdb_start_trans,
1434 .end_transaction = ltdb_end_trans,
1435 .prepare_commit = ltdb_prepare_commit,
1436 .del_transaction = ltdb_del_trans,
1440 connect to the database
1442 static int ltdb_connect(struct ldb_context *ldb, const char *url,
1443 unsigned int flags, const char *options[],
1444 struct ldb_module **_module)
1446 struct ldb_module *module;
1448 int tdb_flags, open_flags;
1449 struct ltdb_private *ltdb;
1452 if (strchr(url, ':')) {
1453 if (strncmp(url, "tdb://", 6) != 0) {
1454 ldb_debug(ldb, LDB_DEBUG_ERROR,
1455 "Invalid tdb URL '%s'", url);
1456 return LDB_ERR_OPERATIONS_ERROR;
1463 tdb_flags = TDB_DEFAULT | TDB_SEQNUM;
1465 /* check for the 'nosync' option */
1466 if (flags & LDB_FLG_NOSYNC) {
1467 tdb_flags |= TDB_NOSYNC;
1470 /* and nommap option */
1471 if (flags & LDB_FLG_NOMMAP) {
1472 tdb_flags |= TDB_NOMMAP;
1475 if (flags & LDB_FLG_RDONLY) {
1476 open_flags = O_RDONLY;
1478 open_flags = O_CREAT | O_RDWR;
1481 ltdb = talloc_zero(ldb, struct ltdb_private);
1484 return LDB_ERR_OPERATIONS_ERROR;
1487 /* note that we use quite a large default hash size */
1488 ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
1489 tdb_flags, open_flags,
1490 ldb_get_create_perms(ldb), ldb);
1492 ldb_debug(ldb, LDB_DEBUG_ERROR,
1493 "Unable to open tdb '%s'", path);
1495 return LDB_ERR_OPERATIONS_ERROR;
1498 if (getenv("LDB_WARN_UNINDEXED")) {
1499 ltdb->warn_unindexed = true;
1502 ltdb->sequence_number = 0;
1504 module = ldb_module_new(ldb, ldb, "ldb_tdb backend", <db_ops);
1507 return LDB_ERR_OPERATIONS_ERROR;
1509 ldb_module_set_private(module, ltdb);
1510 talloc_steal(module, ltdb);
1512 if (ltdb_cache_load(module) != 0) {
1513 talloc_free(module);
1515 return LDB_ERR_OPERATIONS_ERROR;
1522 int ldb_tdb_init(const char *version)
1524 LDB_MODULE_CHECK_VERSION(version);
1525 return ldb_register_backend("tdb", ltdb_connect, false);