4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include "ldb_private.h"
57 prevent memory errors on callbacks
60 struct ltdb_context *ctx;
64 map a tdb error code to a ldb error code
66 int ltdb_err_map(enum TDB_ERROR tdb_code)
74 return LDB_ERR_OPERATIONS_ERROR;
76 return LDB_ERR_PROTOCOL_ERROR;
80 case TDB_ERR_LOCK_TIMEOUT:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED;
83 return LDB_ERR_ENTRY_ALREADY_EXISTS;
85 return LDB_ERR_NO_SUCH_OBJECT;
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
97 int ltdb_lock_read(struct ldb_module *module)
99 void *data = ldb_module_get_private(module);
100 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
103 if (ltdb->in_transaction == 0 &&
104 ltdb->read_lock_count == 0) {
105 ret = tdb_lockall_read(ltdb->tdb);
108 ltdb->read_lock_count++;
114 unlock the database after a ltdb_lock_read()
116 int ltdb_unlock_read(struct ldb_module *module)
118 void *data = ldb_module_get_private(module);
119 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
120 if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
121 tdb_unlockall_read(ltdb->tdb);
122 ltdb->read_lock_count--;
125 ltdb->read_lock_count--;
131 form a TDB_DATA for a record key
134 note that the key for a record can depend on whether the
135 dn refers to a case sensitive index record or not
137 TDB_DATA ltdb_key(struct ldb_module *module, struct ldb_dn *dn)
139 struct ldb_context *ldb = ldb_module_get_ctx(module);
141 char *key_str = NULL;
142 const char *dn_folded = NULL;
145 most DNs are case insensitive. The exception is index DNs for
146 case sensitive attributes
148 there are 3 cases dealt with in this code:
150 1) if the dn doesn't start with @ then uppercase the attribute
151 names and the attributes values of case insensitive attributes
152 2) if the dn starts with @ then leave it alone -
153 the indexing code handles the rest
156 dn_folded = ldb_dn_get_casefold(dn);
161 key_str = talloc_strdup(ldb, "DN=");
166 key_str = talloc_strdup_append_buffer(key_str, dn_folded);
171 key.dptr = (uint8_t *)key_str;
172 key.dsize = strlen(key_str) + 1;
184 check special dn's have valid attributes
185 currently only @ATTRIBUTES is checked
187 static int ltdb_check_special_dn(struct ldb_module *module,
188 const struct ldb_message *msg)
190 struct ldb_context *ldb = ldb_module_get_ctx(module);
193 if (! ldb_dn_is_special(msg->dn) ||
194 ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
198 /* we have @ATTRIBUTES, let's check attributes are fine */
199 /* should we check that we deny multivalued attributes ? */
200 for (i = 0; i < msg->num_elements; i++) {
201 if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) continue;
203 for (j = 0; j < msg->elements[i].num_values; j++) {
204 if (ltdb_check_at_attributes_values(&msg->elements[i].values[j]) != 0) {
205 ldb_set_errstring(ldb, "Invalid attribute value in an @ATTRIBUTES entry");
206 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
216 we've made a modification to a dn - possibly reindex and
217 update sequence number
219 static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
221 int ret = LDB_SUCCESS;
222 struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
224 /* only allow modifies inside a transaction, otherwise the
226 if (ltdb->in_transaction == 0) {
227 ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
228 return LDB_ERR_OPERATIONS_ERROR;
231 if (ldb_dn_is_special(dn) &&
232 (ldb_dn_check_special(dn, LTDB_INDEXLIST) ||
233 ldb_dn_check_special(dn, LTDB_ATTRIBUTES)) )
235 if (ltdb->warn_reindex) {
236 ldb_debug(ldb_module_get_ctx(module),
237 LDB_DEBUG_ERROR, "Reindexing %s due to modification on %s",
238 tdb_name(ltdb->tdb), ldb_dn_get_linearized(dn));
240 ret = ltdb_reindex(module);
243 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
244 if (ret == LDB_SUCCESS &&
245 !(ldb_dn_is_special(dn) &&
246 ldb_dn_check_special(dn, LTDB_BASEINFO)) ) {
247 ret = ltdb_increase_sequence_number(module);
250 /* If the modify was to @OPTIONS, reload the cache */
251 if (ret == LDB_SUCCESS &&
252 ldb_dn_is_special(dn) &&
253 (ldb_dn_check_special(dn, LTDB_OPTIONS)) ) {
254 ret = ltdb_cache_reload(module);
261 store a record into the db
263 int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
265 void *data = ldb_module_get_private(module);
266 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
267 TDB_DATA tdb_key, tdb_data;
268 struct ldb_val ldb_data;
269 int ret = LDB_SUCCESS;
271 tdb_key = ltdb_key(module, msg->dn);
272 if (tdb_key.dptr == NULL) {
273 return LDB_ERR_OTHER;
276 ret = ldb_pack_data(ldb_module_get_ctx(module),
279 talloc_free(tdb_key.dptr);
280 return LDB_ERR_OTHER;
283 tdb_data.dptr = ldb_data.data;
284 tdb_data.dsize = ldb_data.length;
286 ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
288 ret = ltdb_err_map(tdb_error(ltdb->tdb));
293 talloc_free(tdb_key.dptr);
294 talloc_free(ldb_data.data);
301 check if a attribute is a single valued, for a given element
303 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute *a,
304 struct ldb_message_element *el)
306 if (!a) return false;
308 if (el->flags & LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK) {
309 /* override from a ldb module, for example
310 used for the description field, which is
311 marked multi-valued in the schema but which
312 should not actually accept multiple
316 if (el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK) {
317 /* override from a ldb module, for example used for
318 deleted linked attribute entries */
322 if (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
328 static int ltdb_add_internal(struct ldb_module *module,
329 const struct ldb_message *msg,
330 bool check_single_value)
332 struct ldb_context *ldb = ldb_module_get_ctx(module);
333 int ret = LDB_SUCCESS;
336 for (i=0;i<msg->num_elements;i++) {
337 struct ldb_message_element *el = &msg->elements[i];
338 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
340 if (el->num_values == 0) {
341 ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
342 el->name, ldb_dn_get_linearized(msg->dn));
343 return LDB_ERR_CONSTRAINT_VIOLATION;
345 if (check_single_value &&
346 el->num_values > 1 &&
347 ldb_tdb_single_valued(a, el)) {
348 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
349 el->name, ldb_dn_get_linearized(msg->dn));
350 return LDB_ERR_CONSTRAINT_VIOLATION;
353 /* Do not check "@ATTRIBUTES" for duplicated values */
354 if (ldb_dn_is_special(msg->dn) &&
355 ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
359 if (check_single_value &&
361 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
362 struct ldb_val *duplicate = NULL;
364 ret = ldb_msg_find_duplicate_val(ldb, discard_const(msg),
366 if (ret != LDB_SUCCESS) {
369 if (duplicate != NULL) {
370 ldb_asprintf_errstring(
372 "attribute '%s': value '%.*s' on '%s' "
373 "provided more than once in ADD object",
375 (int)duplicate->length,
377 ldb_dn_get_linearized(msg->dn));
378 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
383 ret = ltdb_store(module, msg, TDB_INSERT);
384 if (ret != LDB_SUCCESS) {
385 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
386 ldb_asprintf_errstring(ldb,
387 "Entry %s already exists",
388 ldb_dn_get_linearized(msg->dn));
393 ret = ltdb_index_add_new(module, msg);
394 if (ret != LDB_SUCCESS) {
398 ret = ltdb_modified(module, msg->dn);
404 add a record to the database
406 static int ltdb_add(struct ltdb_context *ctx)
408 struct ldb_module *module = ctx->module;
409 struct ldb_request *req = ctx->req;
410 int ret = LDB_SUCCESS;
412 ret = ltdb_check_special_dn(module, req->op.add.message);
413 if (ret != LDB_SUCCESS) {
417 ldb_request_set_state(req, LDB_ASYNC_PENDING);
419 if (ltdb_cache_load(module) != 0) {
420 return LDB_ERR_OPERATIONS_ERROR;
423 ret = ltdb_add_internal(module, req->op.add.message, true);
429 delete a record from the database, not updating indexes (used for deleting
432 int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
434 void *data = ldb_module_get_private(module);
435 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
439 tdb_key = ltdb_key(module, dn);
441 return LDB_ERR_OTHER;
444 ret = tdb_delete(ltdb->tdb, tdb_key);
445 talloc_free(tdb_key.dptr);
448 ret = ltdb_err_map(tdb_error(ltdb->tdb));
454 static int ltdb_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
456 struct ldb_message *msg;
457 int ret = LDB_SUCCESS;
459 msg = ldb_msg_new(module);
461 return LDB_ERR_OPERATIONS_ERROR;
464 /* in case any attribute of the message was indexed, we need
465 to fetch the old record */
466 ret = ltdb_search_dn1(module, dn, msg, LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
467 if (ret != LDB_SUCCESS) {
468 /* not finding the old record is an error */
472 ret = ltdb_delete_noindex(module, dn);
473 if (ret != LDB_SUCCESS) {
477 /* remove any indexed attributes */
478 ret = ltdb_index_delete(module, msg);
479 if (ret != LDB_SUCCESS) {
483 ret = ltdb_modified(module, dn);
484 if (ret != LDB_SUCCESS) {
494 delete a record from the database
496 static int ltdb_delete(struct ltdb_context *ctx)
498 struct ldb_module *module = ctx->module;
499 struct ldb_request *req = ctx->req;
500 int ret = LDB_SUCCESS;
502 ldb_request_set_state(req, LDB_ASYNC_PENDING);
504 if (ltdb_cache_load(module) != 0) {
505 return LDB_ERR_OPERATIONS_ERROR;
508 ret = ltdb_delete_internal(module, req->op.del.dn);
514 find an element by attribute name. At the moment this does a linear search,
515 it should be re-coded to use a binary search once all places that modify
516 records guarantee sorted order
518 return the index of the first matching element if found, otherwise -1
520 static int find_element(const struct ldb_message *msg, const char *name)
523 for (i=0;i<msg->num_elements;i++) {
524 if (ldb_attr_cmp(msg->elements[i].name, name) == 0) {
533 add an element to an existing record. Assumes a elements array that we
534 can call re-alloc on, and assumed that we can re-use the data pointers from
535 the passed in additional values. Use with care!
537 returns 0 on success, -1 on failure (and sets errno)
539 static int ltdb_msg_add_element(struct ldb_message *msg,
540 struct ldb_message_element *el)
542 struct ldb_message_element *e2;
545 if (el->num_values == 0) {
546 /* nothing to do here - we don't add empty elements */
550 e2 = talloc_realloc(msg, msg->elements, struct ldb_message_element,
551 msg->num_elements+1);
559 e2 = &msg->elements[msg->num_elements];
562 e2->flags = el->flags;
563 e2->values = talloc_array(msg->elements,
564 struct ldb_val, el->num_values);
569 for (i=0;i<el->num_values;i++) {
570 e2->values[i] = el->values[i];
572 e2->num_values = el->num_values;
580 delete all elements having a specified attribute name
582 static int msg_delete_attribute(struct ldb_module *module,
583 struct ldb_message *msg, const char *name)
587 struct ldb_message_element *el;
589 el = ldb_msg_find_element(msg, name);
591 return LDB_ERR_NO_SUCH_ATTRIBUTE;
593 i = el - msg->elements;
595 ret = ltdb_index_del_element(module, msg->dn, el);
596 if (ret != LDB_SUCCESS) {
600 talloc_free(el->values);
601 if (msg->num_elements > (i+1)) {
602 memmove(el, el+1, sizeof(*el) * (msg->num_elements - (i+1)));
605 msg->elements = talloc_realloc(msg, msg->elements,
606 struct ldb_message_element,
612 delete all elements matching an attribute name/value
614 return LDB Error on failure
616 static int msg_delete_element(struct ldb_module *module,
617 struct ldb_message *msg,
619 const struct ldb_val *val)
621 struct ldb_context *ldb = ldb_module_get_ctx(module);
624 struct ldb_message_element *el;
625 const struct ldb_schema_attribute *a;
627 found = find_element(msg, name);
629 return LDB_ERR_NO_SUCH_ATTRIBUTE;
632 i = (unsigned int) found;
633 el = &(msg->elements[i]);
635 a = ldb_schema_attribute_by_name(ldb, el->name);
637 for (i=0;i<el->num_values;i++) {
639 if (a->syntax->operator_fn) {
640 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
641 &el->values[i], val, &matched);
642 if (ret != LDB_SUCCESS) return ret;
644 matched = (a->syntax->comparison_fn(ldb, ldb,
645 &el->values[i], val) == 0);
648 if (el->num_values == 1) {
649 return msg_delete_attribute(module, msg, name);
652 ret = ltdb_index_del_value(module, msg->dn, el, i);
653 if (ret != LDB_SUCCESS) {
657 if (i<el->num_values-1) {
658 memmove(&el->values[i], &el->values[i+1],
659 sizeof(el->values[i])*
660 (el->num_values-(i+1)));
664 /* per definition we find in a canonicalised message an
665 attribute value only once. So we are finished here */
671 return LDB_ERR_NO_SUCH_ATTRIBUTE;
676 modify a record - internal interface
678 yuck - this is O(n^2). Luckily n is usually small so we probably
679 get away with it, but if we ever have really large attribute lists
680 then we'll need to look at this again
682 'req' is optional, and is used to specify controls if supplied
684 int ltdb_modify_internal(struct ldb_module *module,
685 const struct ldb_message *msg,
686 struct ldb_request *req)
688 struct ldb_context *ldb = ldb_module_get_ctx(module);
689 void *data = ldb_module_get_private(module);
690 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
691 TDB_DATA tdb_key, tdb_data;
692 struct ldb_val ldb_data;
693 struct ldb_message *msg2;
695 int ret = LDB_SUCCESS, idx;
696 struct ldb_control *control_permissive = NULL;
699 control_permissive = ldb_request_get_control(req,
700 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
703 tdb_key = ltdb_key(module, msg->dn);
705 return LDB_ERR_OTHER;
708 tdb_data = tdb_fetch(ltdb->tdb, tdb_key);
709 if (!tdb_data.dptr) {
710 talloc_free(tdb_key.dptr);
711 return ltdb_err_map(tdb_error(ltdb->tdb));
714 msg2 = ldb_msg_new(tdb_key.dptr);
721 ldb_data.data = tdb_data.dptr;
722 ldb_data.length = tdb_data.dsize;
724 ret = ldb_unpack_data(ldb_module_get_ctx(module), &ldb_data, msg2);
735 for (i=0; i<msg->num_elements; i++) {
736 struct ldb_message_element *el = &msg->elements[i], *el2;
737 struct ldb_val *vals;
738 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
740 uint32_t options = 0;
741 if (control_permissive != NULL) {
742 options |= LDB_MSG_FIND_COMMON_REMOVE_DUPLICATES;
745 switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
746 case LDB_FLAG_MOD_ADD:
748 if (el->num_values == 0) {
749 ldb_asprintf_errstring(ldb,
750 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
751 el->name, ldb_dn_get_linearized(msg2->dn));
752 ret = LDB_ERR_CONSTRAINT_VIOLATION;
756 /* make a copy of the array so that a permissive
757 * control can remove duplicates without changing the
758 * original values, but do not copy data as we do not
759 * need to keep it around once the operation is
761 if (control_permissive) {
762 el = talloc(msg2, struct ldb_message_element);
767 *el = msg->elements[i];
768 el->values = talloc_array(el, struct ldb_val, el->num_values);
769 if (el->values == NULL) {
773 for (j = 0; j < el->num_values; j++) {
774 el->values[j] = msg->elements[i].values[j];
778 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
779 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
780 el->name, ldb_dn_get_linearized(msg2->dn));
781 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
785 /* Checks if element already exists */
786 idx = find_element(msg2, el->name);
788 if (ltdb_msg_add_element(msg2, el) != 0) {
792 ret = ltdb_index_add_element(module, msg2->dn,
794 if (ret != LDB_SUCCESS) {
798 j = (unsigned int) idx;
799 el2 = &(msg2->elements[j]);
801 /* We cannot add another value on a existing one
802 if the attribute is single-valued */
803 if (ldb_tdb_single_valued(a, el)) {
804 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
805 el->name, ldb_dn_get_linearized(msg2->dn));
806 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
810 /* Check that values don't exist yet on multi-
811 valued attributes or aren't provided twice */
813 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
814 struct ldb_val *duplicate = NULL;
815 ret = ldb_msg_find_common_values(ldb,
822 LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
823 ldb_asprintf_errstring(ldb,
824 "attribute '%s': value "
825 "#%u on '%s' already "
826 "exists", el->name, j,
827 ldb_dn_get_linearized(msg2->dn));
829 } else if (ret != LDB_SUCCESS) {
833 ret = ldb_msg_find_duplicate_val(
834 ldb, msg2, el, &duplicate, 0);
835 if (ret != LDB_SUCCESS) {
838 if (duplicate != NULL) {
839 ldb_asprintf_errstring(
841 "attribute '%s': value "
843 "provided more than "
846 (int)duplicate->length,
848 ldb_dn_get_linearized(msg->dn));
849 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
854 /* Now combine existing and new values to a new
856 vals = talloc_realloc(msg2->elements,
857 el2->values, struct ldb_val,
858 el2->num_values + el->num_values);
865 for (j=0; j<el->num_values; j++) {
866 vals[el2->num_values + j] =
867 ldb_val_dup(vals, &el->values[j]);
871 el2->num_values += el->num_values;
873 ret = ltdb_index_add_element(module, msg2->dn, el);
874 if (ret != LDB_SUCCESS) {
881 case LDB_FLAG_MOD_REPLACE:
883 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
884 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
885 el->name, ldb_dn_get_linearized(msg2->dn));
886 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
891 * We don't need to check this if we have been
892 * pre-screened by the repl_meta_data module
893 * in Samba, or someone else who can claim to
894 * know what they are doing.
896 if (!(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
897 struct ldb_val *duplicate = NULL;
899 ret = ldb_msg_find_duplicate_val(ldb, msg2, el,
901 if (ret != LDB_SUCCESS) {
904 if (duplicate != NULL) {
905 ldb_asprintf_errstring(
907 "attribute '%s': value '%.*s' "
908 "on '%s' provided more than "
911 (int)duplicate->length,
913 ldb_dn_get_linearized(msg2->dn));
914 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
919 /* Checks if element already exists */
920 idx = find_element(msg2, el->name);
922 j = (unsigned int) idx;
923 el2 = &(msg2->elements[j]);
925 /* we consider two elements to be
926 * equal only if the order
927 * matches. This allows dbcheck to
928 * fix the ordering on attributes
929 * where order matters, such as
932 if (ldb_msg_element_equal_ordered(el, el2)) {
936 /* Delete the attribute if it exists in the DB */
937 if (msg_delete_attribute(module, msg2,
944 /* Recreate it with the new values */
945 if (ltdb_msg_add_element(msg2, el) != 0) {
950 ret = ltdb_index_add_element(module, msg2->dn, el);
951 if (ret != LDB_SUCCESS) {
957 case LDB_FLAG_MOD_DELETE:
958 dn = ldb_dn_get_linearized(msg2->dn);
964 if (msg->elements[i].num_values == 0) {
965 /* Delete the whole attribute */
966 ret = msg_delete_attribute(module, msg2,
967 msg->elements[i].name);
968 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
969 control_permissive) {
972 ldb_asprintf_errstring(ldb,
973 "attribute '%s': no such attribute for delete on '%s'",
974 msg->elements[i].name, dn);
976 if (ret != LDB_SUCCESS) {
980 /* Delete specified values from an attribute */
981 for (j=0; j < msg->elements[i].num_values; j++) {
982 ret = msg_delete_element(module,
984 msg->elements[i].name,
985 &msg->elements[i].values[j]);
986 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
987 control_permissive) {
989 } else if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
990 ldb_asprintf_errstring(ldb,
991 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
992 msg->elements[i].name, dn);
994 if (ret != LDB_SUCCESS) {
1001 ldb_asprintf_errstring(ldb,
1002 "attribute '%s': invalid modify flags on '%s': 0x%x",
1003 msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
1004 msg->elements[i].flags & LDB_FLAG_MOD_MASK);
1005 ret = LDB_ERR_PROTOCOL_ERROR;
1010 ret = ltdb_store(module, msg2, TDB_MODIFY);
1011 if (ret != LDB_SUCCESS) {
1015 ret = ltdb_modified(module, msg2->dn);
1016 if (ret != LDB_SUCCESS) {
1021 talloc_free(tdb_key.dptr);
1028 static int ltdb_modify(struct ltdb_context *ctx)
1030 struct ldb_module *module = ctx->module;
1031 struct ldb_request *req = ctx->req;
1032 int ret = LDB_SUCCESS;
1034 ret = ltdb_check_special_dn(module, req->op.mod.message);
1035 if (ret != LDB_SUCCESS) {
1039 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1041 if (ltdb_cache_load(module) != 0) {
1042 return LDB_ERR_OPERATIONS_ERROR;
1045 ret = ltdb_modify_internal(module, req->op.mod.message, req);
1053 static int ltdb_rename(struct ltdb_context *ctx)
1055 struct ldb_module *module = ctx->module;
1056 void *data = ldb_module_get_private(module);
1057 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1058 struct ldb_request *req = ctx->req;
1059 struct ldb_message *msg;
1060 int ret = LDB_SUCCESS;
1061 TDB_DATA tdb_key, tdb_key_old;
1063 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1065 if (ltdb_cache_load(ctx->module) != 0) {
1066 return LDB_ERR_OPERATIONS_ERROR;
1069 msg = ldb_msg_new(ctx);
1071 return LDB_ERR_OPERATIONS_ERROR;
1074 /* we need to fetch the old record to re-add under the new name */
1075 ret = ltdb_search_dn1(module, req->op.rename.olddn, msg,
1076 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
1077 if (ret != LDB_SUCCESS) {
1078 /* not finding the old record is an error */
1082 /* We need to, before changing the DB, check if the new DN
1083 * exists, so we can return this error to the caller with an
1085 tdb_key = ltdb_key(module, req->op.rename.newdn);
1086 if (!tdb_key.dptr) {
1088 return LDB_ERR_OPERATIONS_ERROR;
1091 tdb_key_old = ltdb_key(module, req->op.rename.olddn);
1092 if (!tdb_key_old.dptr) {
1094 talloc_free(tdb_key.dptr);
1095 return LDB_ERR_OPERATIONS_ERROR;
1098 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1099 if (tdb_key_old.dsize != tdb_key.dsize || memcmp(tdb_key.dptr, tdb_key_old.dptr, tdb_key.dsize) != 0) {
1100 if (tdb_exists(ltdb->tdb, tdb_key)) {
1101 talloc_free(tdb_key_old.dptr);
1102 talloc_free(tdb_key.dptr);
1103 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1104 "Entry %s already exists",
1105 ldb_dn_get_linearized(req->op.rename.newdn));
1106 /* finding the new record already in the DB is an error */
1108 return LDB_ERR_ENTRY_ALREADY_EXISTS;
1111 talloc_free(tdb_key_old.dptr);
1112 talloc_free(tdb_key.dptr);
1114 /* Always delete first then add, to avoid conflicts with
1115 * unique indexes. We rely on the transaction to make this
1118 ret = ltdb_delete_internal(module, msg->dn);
1119 if (ret != LDB_SUCCESS) {
1124 msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
1125 if (msg->dn == NULL) {
1127 return LDB_ERR_OPERATIONS_ERROR;
1130 /* We don't check single value as we can have more than 1 with
1131 * deleted attributes. We could go through all elements but that's
1132 * maybe not the most efficient way
1134 ret = ltdb_add_internal(module, msg, false);
1141 static int ltdb_start_trans(struct ldb_module *module)
1143 void *data = ldb_module_get_private(module);
1144 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1146 if (tdb_transaction_start(ltdb->tdb) != 0) {
1147 return ltdb_err_map(tdb_error(ltdb->tdb));
1150 ltdb->in_transaction++;
1152 ltdb_index_transaction_start(module);
1157 static int ltdb_prepare_commit(struct ldb_module *module)
1160 void *data = ldb_module_get_private(module);
1161 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1163 if (ltdb->in_transaction != 1) {
1167 ret = ltdb_index_transaction_commit(module);
1168 if (ret != LDB_SUCCESS) {
1169 tdb_transaction_cancel(ltdb->tdb);
1170 ltdb->in_transaction--;
1174 if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
1175 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1176 ltdb->in_transaction--;
1177 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1178 "Failure during tdb_transaction_prepare_commit(): %s -> %s",
1179 tdb_errorstr(ltdb->tdb),
1184 ltdb->prepared_commit = true;
1189 static int ltdb_end_trans(struct ldb_module *module)
1192 void *data = ldb_module_get_private(module);
1193 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1195 if (!ltdb->prepared_commit) {
1196 ret = ltdb_prepare_commit(module);
1197 if (ret != LDB_SUCCESS) {
1202 ltdb->in_transaction--;
1203 ltdb->prepared_commit = false;
1205 if (tdb_transaction_commit(ltdb->tdb) != 0) {
1206 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1207 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1208 "Failure during tdb_transaction_commit(): %s -> %s",
1209 tdb_errorstr(ltdb->tdb),
1217 static int ltdb_del_trans(struct ldb_module *module)
1219 void *data = ldb_module_get_private(module);
1220 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1222 ltdb->in_transaction--;
1224 if (ltdb_index_transaction_cancel(module) != 0) {
1225 tdb_transaction_cancel(ltdb->tdb);
1226 return ltdb_err_map(tdb_error(ltdb->tdb));
1229 tdb_transaction_cancel(ltdb->tdb);
1234 return sequenceNumber from @BASEINFO
1236 static int ltdb_sequence_number(struct ltdb_context *ctx,
1237 struct ldb_extended **ext)
1239 struct ldb_context *ldb;
1240 struct ldb_module *module = ctx->module;
1241 struct ldb_request *req = ctx->req;
1242 TALLOC_CTX *tmp_ctx = NULL;
1243 struct ldb_seqnum_request *seq;
1244 struct ldb_seqnum_result *res;
1245 struct ldb_message *msg = NULL;
1248 int ret = LDB_SUCCESS;
1250 ldb = ldb_module_get_ctx(module);
1252 seq = talloc_get_type(req->op.extended.data,
1253 struct ldb_seqnum_request);
1255 return LDB_ERR_OPERATIONS_ERROR;
1258 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1260 if (ltdb_lock_read(module) != 0) {
1261 return LDB_ERR_OPERATIONS_ERROR;
1264 res = talloc_zero(req, struct ldb_seqnum_result);
1266 ret = LDB_ERR_OPERATIONS_ERROR;
1270 tmp_ctx = talloc_new(req);
1271 if (tmp_ctx == NULL) {
1272 ret = LDB_ERR_OPERATIONS_ERROR;
1276 dn = ldb_dn_new(tmp_ctx, ldb, LTDB_BASEINFO);
1278 ret = LDB_ERR_OPERATIONS_ERROR;
1282 msg = ldb_msg_new(tmp_ctx);
1284 ret = LDB_ERR_OPERATIONS_ERROR;
1288 ret = ltdb_search_dn1(module, dn, msg, 0);
1289 if (ret != LDB_SUCCESS) {
1293 switch (seq->type) {
1294 case LDB_SEQ_HIGHEST_SEQ:
1295 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1298 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1301 case LDB_SEQ_HIGHEST_TIMESTAMP:
1302 date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL);
1304 res->seq_num = ldb_string_to_time(date);
1307 /* zero is as good as anything when we don't know */
1312 *ext = talloc_zero(req, struct ldb_extended);
1314 ret = LDB_ERR_OPERATIONS_ERROR;
1317 (*ext)->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
1318 (*ext)->data = talloc_steal(*ext, res);
1321 talloc_free(tmp_ctx);
1322 ltdb_unlock_read(module);
1326 static void ltdb_request_done(struct ltdb_context *ctx, int error)
1328 struct ldb_context *ldb;
1329 struct ldb_request *req;
1330 struct ldb_reply *ares;
1332 ldb = ldb_module_get_ctx(ctx->module);
1335 /* if we already returned an error just return */
1336 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1340 ares = talloc_zero(req, struct ldb_reply);
1343 req->callback(req, NULL);
1346 ares->type = LDB_REPLY_DONE;
1347 ares->error = error;
1349 req->callback(req, ares);
1352 static void ltdb_timeout(struct tevent_context *ev,
1353 struct tevent_timer *te,
1357 struct ltdb_context *ctx;
1358 ctx = talloc_get_type(private_data, struct ltdb_context);
1360 if (!ctx->request_terminated) {
1361 /* request is done now */
1362 ltdb_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED);
1366 /* neutralize the spy */
1367 ctx->spy->ctx = NULL;
1373 static void ltdb_request_extended_done(struct ltdb_context *ctx,
1374 struct ldb_extended *ext,
1377 struct ldb_context *ldb;
1378 struct ldb_request *req;
1379 struct ldb_reply *ares;
1381 ldb = ldb_module_get_ctx(ctx->module);
1384 /* if we already returned an error just return */
1385 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1389 ares = talloc_zero(req, struct ldb_reply);
1392 req->callback(req, NULL);
1395 ares->type = LDB_REPLY_DONE;
1396 ares->response = ext;
1397 ares->error = error;
1399 req->callback(req, ares);
1402 static void ltdb_handle_extended(struct ltdb_context *ctx)
1404 struct ldb_extended *ext = NULL;
1407 if (strcmp(ctx->req->op.extended.oid,
1408 LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
1409 /* get sequence number */
1410 ret = ltdb_sequence_number(ctx, &ext);
1412 /* not recognized */
1413 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1416 ltdb_request_extended_done(ctx, ext, ret);
1419 static void ltdb_callback(struct tevent_context *ev,
1420 struct tevent_timer *te,
1424 struct ltdb_context *ctx;
1427 ctx = talloc_get_type(private_data, struct ltdb_context);
1429 if (ctx->request_terminated) {
1433 switch (ctx->req->operation) {
1435 ret = ltdb_search(ctx);
1438 ret = ltdb_add(ctx);
1441 ret = ltdb_modify(ctx);
1444 ret = ltdb_delete(ctx);
1447 ret = ltdb_rename(ctx);
1450 ltdb_handle_extended(ctx);
1453 /* no other op supported */
1454 ret = LDB_ERR_PROTOCOL_ERROR;
1457 if (!ctx->request_terminated) {
1458 /* request is done now */
1459 ltdb_request_done(ctx, ret);
1464 /* neutralize the spy */
1465 ctx->spy->ctx = NULL;
1471 static int ltdb_request_destructor(void *ptr)
1473 struct ltdb_req_spy *spy = talloc_get_type(ptr, struct ltdb_req_spy);
1475 if (spy->ctx != NULL) {
1476 spy->ctx->spy = NULL;
1477 spy->ctx->request_terminated = true;
1484 static int ltdb_handle_request(struct ldb_module *module,
1485 struct ldb_request *req)
1487 struct ldb_control *control_permissive;
1488 struct ldb_context *ldb;
1489 struct tevent_context *ev;
1490 struct ltdb_context *ac;
1491 struct tevent_timer *te;
1495 ldb = ldb_module_get_ctx(module);
1497 control_permissive = ldb_request_get_control(req,
1498 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1500 for (i = 0; req->controls && req->controls[i]; i++) {
1501 if (req->controls[i]->critical &&
1502 req->controls[i] != control_permissive) {
1503 ldb_asprintf_errstring(ldb, "Unsupported critical extension %s",
1504 req->controls[i]->oid);
1505 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1509 if (req->starttime == 0 || req->timeout == 0) {
1510 ldb_set_errstring(ldb, "Invalid timeout settings");
1511 return LDB_ERR_TIME_LIMIT_EXCEEDED;
1514 ev = ldb_handle_get_event_context(req->handle);
1516 ac = talloc_zero(ldb, struct ltdb_context);
1519 return LDB_ERR_OPERATIONS_ERROR;
1522 ac->module = module;
1527 te = tevent_add_timer(ev, ac, tv, ltdb_callback, ac);
1530 return LDB_ERR_OPERATIONS_ERROR;
1533 if (req->timeout > 0) {
1534 tv.tv_sec = req->starttime + req->timeout;
1536 ac->timeout_event = tevent_add_timer(ev, ac, tv,
1538 if (NULL == ac->timeout_event) {
1540 return LDB_ERR_OPERATIONS_ERROR;
1544 /* set a spy so that we do not try to use the request context
1545 * if it is freed before ltdb_callback fires */
1546 ac->spy = talloc(req, struct ltdb_req_spy);
1547 if (NULL == ac->spy) {
1549 return LDB_ERR_OPERATIONS_ERROR;
1553 talloc_set_destructor((TALLOC_CTX *)ac->spy, ltdb_request_destructor);
1558 static int ltdb_init_rootdse(struct ldb_module *module)
1560 /* ignore errors on this - we expect it for non-sam databases */
1561 ldb_mod_register_control(module, LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1563 /* there can be no module beyond the backend, just return */
1567 static const struct ldb_module_ops ltdb_ops = {
1569 .init_context = ltdb_init_rootdse,
1570 .search = ltdb_handle_request,
1571 .add = ltdb_handle_request,
1572 .modify = ltdb_handle_request,
1573 .del = ltdb_handle_request,
1574 .rename = ltdb_handle_request,
1575 .extended = ltdb_handle_request,
1576 .start_transaction = ltdb_start_trans,
1577 .end_transaction = ltdb_end_trans,
1578 .prepare_commit = ltdb_prepare_commit,
1579 .del_transaction = ltdb_del_trans,
1583 connect to the database
1585 static int ltdb_connect(struct ldb_context *ldb, const char *url,
1586 unsigned int flags, const char *options[],
1587 struct ldb_module **_module)
1589 struct ldb_module *module;
1591 int tdb_flags, open_flags;
1592 struct ltdb_private *ltdb;
1595 * We hold locks, so we must use a private event context
1596 * on each returned handle
1599 ldb_set_require_private_event_context(ldb);
1602 if (strchr(url, ':')) {
1603 if (strncmp(url, "tdb://", 6) != 0) {
1604 ldb_debug(ldb, LDB_DEBUG_ERROR,
1605 "Invalid tdb URL '%s'", url);
1606 return LDB_ERR_OPERATIONS_ERROR;
1613 tdb_flags = TDB_DEFAULT | TDB_SEQNUM;
1615 /* check for the 'nosync' option */
1616 if (flags & LDB_FLG_NOSYNC) {
1617 tdb_flags |= TDB_NOSYNC;
1620 /* and nommap option */
1621 if (flags & LDB_FLG_NOMMAP) {
1622 tdb_flags |= TDB_NOMMAP;
1625 if (flags & LDB_FLG_RDONLY) {
1626 open_flags = O_RDONLY;
1627 } else if (flags & LDB_FLG_DONT_CREATE_DB) {
1628 open_flags = O_RDWR;
1630 open_flags = O_CREAT | O_RDWR;
1633 ltdb = talloc_zero(ldb, struct ltdb_private);
1636 return LDB_ERR_OPERATIONS_ERROR;
1639 /* note that we use quite a large default hash size */
1640 ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
1641 tdb_flags, open_flags,
1642 ldb_get_create_perms(ldb), ldb);
1644 ldb_asprintf_errstring(ldb,
1645 "Unable to open tdb '%s': %s", path, strerror(errno));
1646 ldb_debug(ldb, LDB_DEBUG_ERROR,
1647 "Unable to open tdb '%s': %s", path, strerror(errno));
1649 if (errno == EACCES || errno == EPERM) {
1650 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
1652 return LDB_ERR_OPERATIONS_ERROR;
1655 if (getenv("LDB_WARN_UNINDEXED")) {
1656 ltdb->warn_unindexed = true;
1659 if (getenv("LDB_WARN_REINDEX")) {
1660 ltdb->warn_reindex = true;
1663 ltdb->sequence_number = 0;
1665 module = ldb_module_new(ldb, ldb, "ldb_tdb backend", <db_ops);
1669 return LDB_ERR_OPERATIONS_ERROR;
1671 ldb_module_set_private(module, ltdb);
1672 talloc_steal(module, ltdb);
1674 if (ltdb_cache_load(module) != 0) {
1675 ldb_asprintf_errstring(ldb,
1676 "Unable to load ltdb cache records of tdb '%s'", path);
1677 talloc_free(module);
1678 return LDB_ERR_OPERATIONS_ERROR;
1685 int ldb_tdb_init(const char *version)
1687 LDB_MODULE_CHECK_VERSION(version);
1688 return ldb_register_backend("tdb", ltdb_connect, false);