4 Copyright (C) Andrew Tridgell 2004
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb search functions
29 * Description: functions to search ldb+tdb databases
31 * Author: Andrew Tridgell
35 #include "ldb_private.h"
39 add one element to a message
41 static int msg_add_element(struct ldb_message *ret,
42 const struct ldb_message_element *el,
46 struct ldb_message_element *e2, *elnew;
48 if (check_duplicates && ldb_msg_find_element(ret, el->name)) {
49 /* its already there */
53 e2 = talloc_realloc(ret, ret->elements, struct ldb_message_element, ret->num_elements+1);
59 elnew = &e2[ret->num_elements];
61 elnew->name = talloc_strdup(ret->elements, el->name);
67 elnew->values = talloc_array(ret->elements, struct ldb_val, el->num_values);
75 for (i=0;i<el->num_values;i++) {
76 elnew->values[i] = ldb_val_dup(elnew->values, &el->values[i]);
77 if (elnew->values[i].length != el->values[i].length) {
82 elnew->num_values = el->num_values;
83 elnew->flags = el->flags;
91 add the special distinguishedName element
93 static int msg_add_distinguished_name(struct ldb_message *msg)
95 struct ldb_message_element el;
100 el.name = "distinguishedName";
104 val.data = (uint8_t *)ldb_dn_alloc_linearized(msg, msg->dn);
105 if (val.data == NULL) {
108 val.length = strlen((char *)val.data);
110 ret = msg_add_element(msg, &el, 1);
115 search the database for a single simple dn.
116 return LDB_ERR_NO_SUCH_OBJECT on record-not-found
117 and LDB_SUCCESS on success
119 int ltdb_search_base(struct ldb_module *module,
122 struct ldb_dn **ret_dn)
126 struct ldb_message *msg = NULL;
128 if (ldb_dn_is_null(dn)) {
129 return LDB_ERR_NO_SUCH_OBJECT;
133 * We can't use tdb_exists() directly on a key when the TDB
134 * key is the GUID one, not the DN based one. So we just do a
135 * normal search and avoid most of the allocation with the
136 * LDB_UNPACK_DATA_FLAG_NO_DN and
137 * LDB_UNPACK_DATA_FLAG_NO_ATTRS flags
139 msg = ldb_msg_new(module);
141 return LDB_ERR_OPERATIONS_ERROR;
144 ret = ltdb_search_dn1(module, dn,
146 LDB_UNPACK_DATA_FLAG_NO_ATTRS);
147 if (ret == LDB_SUCCESS) {
148 const char *dn_linearized
149 = ldb_dn_get_linearized(dn);
150 const char *msg_dn_linearlized
151 = ldb_dn_get_linearized(msg->dn);
153 if (strcmp(dn_linearized, msg_dn_linearlized) == 0) {
155 * Re-use the full incoming DN for
161 * Use the string DN from the unpack, so that
162 * we have a case-exact match of the base
164 *ret_dn = talloc_steal(mem_ctx, msg->dn);
167 } else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
177 return LDB_ERR_NO_SUCH_OBJECT;
180 struct ltdb_parse_data_unpack_ctx {
181 struct ldb_message *msg;
182 struct ldb_module *module;
183 unsigned int unpack_flags;
186 static int ltdb_parse_data_unpack(TDB_DATA key, TDB_DATA data,
189 struct ltdb_parse_data_unpack_ctx *ctx = private_data;
190 unsigned int nb_elements_in_db;
192 struct ldb_context *ldb = ldb_module_get_ctx(ctx->module);
193 struct ldb_val data_parse = {
198 if (ctx->unpack_flags & LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC) {
200 * If we got LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC
201 * we need at least do a memdup on the whole
202 * data buffer as that may change later
203 * and the caller needs a stable result.
205 data_parse.data = talloc_memdup(ctx->msg,
208 if (data_parse.data == NULL) {
209 ldb_debug(ldb, LDB_DEBUG_ERROR,
210 "Unable to allocate data(%d) for %*.*s\n",
212 (int)key.dsize, (int)key.dsize, key.dptr);
213 return LDB_ERR_OPERATIONS_ERROR;
217 ret = ldb_unpack_data_only_attr_list_flags(ldb, &data_parse,
223 if (data_parse.data != data.dptr) {
224 talloc_free(data_parse.data);
227 ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid data for index %*.*s\n",
228 (int)key.dsize, (int)key.dsize, key.dptr);
229 return LDB_ERR_OPERATIONS_ERROR;
235 search the database for a single simple dn, returning all attributes
238 return LDB_ERR_NO_SUCH_OBJECT on record-not-found
239 and LDB_SUCCESS on success
241 int ltdb_search_key(struct ldb_module *module, struct ltdb_private *ltdb,
242 const struct TDB_DATA tdb_key,
243 struct ldb_message *msg,
244 unsigned int unpack_flags)
247 struct ltdb_parse_data_unpack_ctx ctx = {
250 .unpack_flags = unpack_flags
253 memset(msg, 0, sizeof(*msg));
255 msg->num_elements = 0;
256 msg->elements = NULL;
258 ret = tdb_parse_record(ltdb->tdb, tdb_key,
259 ltdb_parse_data_unpack, &ctx);
262 ret = ltdb_err_map(tdb_error(ltdb->tdb));
263 if (ret == LDB_SUCCESS) {
265 * Just to be sure we don't turn errors
268 return LDB_ERR_OPERATIONS_ERROR;
271 } else if (ret != LDB_SUCCESS) {
279 search the database for a single simple dn, returning all attributes
282 return LDB_ERR_NO_SUCH_OBJECT on record-not-found
283 and LDB_SUCCESS on success
285 int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_message *msg,
286 unsigned int unpack_flags)
288 void *data = ldb_module_get_private(module);
289 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
291 uint8_t guid_key[LTDB_GUID_KEY_SIZE];
294 .dsize = sizeof(guid_key)
296 TALLOC_CTX *tdb_key_ctx = NULL;
298 if (ltdb->cache->GUID_index_attribute == NULL) {
299 tdb_key_ctx = talloc_new(msg);
301 return ldb_module_oom(module);
305 tdb_key = ltdb_key_dn(module, tdb_key_ctx, dn);
307 TALLOC_FREE(tdb_key_ctx);
308 return LDB_ERR_OPERATIONS_ERROR;
310 } else if (ldb_dn_is_special(dn)) {
311 tdb_key_ctx = talloc_new(msg);
313 return ldb_module_oom(module);
317 tdb_key = ltdb_key_dn(module, tdb_key_ctx, dn);
319 TALLOC_FREE(tdb_key_ctx);
320 return LDB_ERR_OPERATIONS_ERROR;
324 * Look in the index to find the key for this DN.
326 * the tdb_key memory is allocated above, msg is just
327 * used for internal memory.
330 ret = ltdb_key_dn_from_idx(module, ltdb,
333 if (ret != LDB_SUCCESS) {
338 ret = ltdb_search_key(module, ltdb, tdb_key, msg, unpack_flags);
340 TALLOC_FREE(tdb_key_ctx);
342 if (ret != LDB_SUCCESS) {
346 if ((unpack_flags & LDB_UNPACK_DATA_FLAG_NO_DN) == 0) {
348 msg->dn = ldb_dn_copy(msg, dn);
351 return LDB_ERR_OPERATIONS_ERROR;
359 filter the specified list of attributes from a message
360 removing not requested attrs from the new message constructed.
362 The reason this makes a new message is that the old one may not be
363 individually allocated, which is what our callers expect.
366 int ltdb_filter_attrs(TALLOC_CTX *mem_ctx,
367 const struct ldb_message *msg, const char * const *attrs,
368 struct ldb_message **filtered_msg)
371 bool keep_all = false;
373 uint32_t num_elements;
374 uint32_t elements_size;
375 struct ldb_message *msg2;
377 msg2 = ldb_msg_new(mem_ctx);
382 msg2->dn = ldb_dn_copy(msg2, msg->dn);
383 if (msg2->dn == NULL) {
388 /* check for special attrs */
389 for (i = 0; attrs[i]; i++) {
390 int cmp = strcmp(attrs[i], "*");
395 cmp = ldb_attr_cmp(attrs[i], "distinguishedName");
406 elements_size = msg->num_elements + 1;
408 /* Shortcuts for the simple cases */
409 } else if (add_dn && i == 1) {
410 if (msg_add_distinguished_name(msg2) != 0) {
413 *filtered_msg = msg2;
416 *filtered_msg = msg2;
419 /* Otherwise we are copying at most as many element as we have attributes */
424 msg2->elements = talloc_array(msg2, struct ldb_message_element,
426 if (msg2->elements == NULL) goto failed;
430 for (i = 0; i < msg->num_elements; i++) {
431 struct ldb_message_element *el = &msg->elements[i];
432 struct ldb_message_element *el2 = &msg2->elements[num_elements];
435 if (keep_all == false) {
437 for (j = 0; attrs[j]; j++) {
438 int cmp = ldb_attr_cmp(el->name, attrs[j]);
444 if (found == false) {
449 el2->name = talloc_strdup(msg2->elements, el->name);
450 if (el2->name == NULL) {
453 el2->values = talloc_array(msg2->elements, struct ldb_val, el->num_values);
454 if (el2->values == NULL) {
457 for (j=0;j<el->num_values;j++) {
458 el2->values[j] = ldb_val_dup(el2->values, &el->values[j]);
459 if (el2->values[j].data == NULL && el->values[j].length != 0) {
465 /* Pidginhole principle: we can't have more elements
466 * than the number of attributes if they are unique in
468 if (num_elements > elements_size) {
473 msg2->num_elements = num_elements;
476 if (msg_add_distinguished_name(msg2) != 0) {
481 if (msg2->num_elements > 0) {
482 msg2->elements = talloc_realloc(msg2, msg2->elements,
483 struct ldb_message_element,
485 if (msg2->elements == NULL) {
489 talloc_free(msg2->elements);
490 msg2->elements = NULL;
493 *filtered_msg = msg2;
502 search function for a non-indexed search
504 static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state)
506 struct ldb_context *ldb;
507 struct ltdb_context *ac;
508 struct ldb_message *msg, *filtered_msg;
509 const struct ldb_val val = {
511 .length = data.dsize,
515 unsigned int nb_elements_in_db;
517 ac = talloc_get_type(state, struct ltdb_context);
518 ldb = ldb_module_get_ctx(ac->module);
520 if (ltdb_key_is_record(key) == false) {
524 msg = ldb_msg_new(ac);
526 ac->error = LDB_ERR_OPERATIONS_ERROR;
530 /* unpack the record */
531 ret = ldb_unpack_data_only_attr_list_flags(ldb, &val,
534 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC|
535 LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC,
539 ac->error = LDB_ERR_OPERATIONS_ERROR;
544 msg->dn = ldb_dn_new(msg, ldb,
545 (char *)key.dptr + 3);
546 if (msg->dn == NULL) {
548 ac->error = LDB_ERR_OPERATIONS_ERROR;
553 /* see if it matches the given expression */
554 ret = ldb_match_msg_error(ldb, msg,
555 ac->tree, ac->base, ac->scope, &matched);
556 if (ret != LDB_SUCCESS) {
558 ac->error = LDB_ERR_OPERATIONS_ERROR;
566 /* filter the attributes that the user wants */
567 ret = ltdb_filter_attrs(ac, msg, ac->attrs, &filtered_msg);
571 ac->error = LDB_ERR_OPERATIONS_ERROR;
575 ret = ldb_module_send_entry(ac->req, filtered_msg, NULL);
576 if (ret != LDB_SUCCESS) {
577 ac->request_terminated = true;
578 /* the callback failed, abort the operation */
579 ac->error = LDB_ERR_OPERATIONS_ERROR;
588 search the database with a LDAP-like expression.
589 this is the "full search" non-indexed variant
591 static int ltdb_search_full(struct ltdb_context *ctx)
593 void *data = ldb_module_get_private(ctx->module);
594 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
597 ctx->error = LDB_SUCCESS;
598 if (ltdb->in_transaction != 0) {
599 ret = tdb_traverse(ltdb->tdb, search_func, ctx);
601 ret = tdb_traverse_read(ltdb->tdb, search_func, ctx);
605 return LDB_ERR_OPERATIONS_ERROR;
611 static int ltdb_search_and_return_base(struct ltdb_private *ltdb,
612 struct ltdb_context *ctx)
614 struct ldb_message *msg, *filtered_msg;
615 struct ldb_context *ldb = ldb_module_get_ctx(ctx->module);
616 const char *dn_linearized;
617 const char *msg_dn_linearlized;
621 msg = ldb_msg_new(ctx);
623 return LDB_ERR_OPERATIONS_ERROR;
625 ret = ltdb_search_dn1(ctx->module, ctx->base, msg,
626 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC|
627 LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC);
629 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
630 if (ltdb->check_base == false) {
632 * In this case, we are done, as no base
633 * checking is allowed in this DB
638 ldb_asprintf_errstring(ldb,
639 "No such Base DN: %s",
640 ldb_dn_get_linearized(ctx->base));
642 if (ret != LDB_SUCCESS) {
649 * We use this, not ldb_match_msg_error() as we know
650 * we matched on the scope BASE, as we just fetched
654 ret = ldb_match_message(ldb, msg,
658 if (ret != LDB_SUCCESS) {
667 dn_linearized = ldb_dn_get_linearized(ctx->base);
668 msg_dn_linearlized = ldb_dn_get_linearized(msg->dn);
670 if (strcmp(dn_linearized, msg_dn_linearlized) == 0) {
672 * If the DN is exactly the same string, then
673 * re-use the full incoming DN for the
674 * returned result, as it has already been
681 * filter the attributes that the user wants.
683 * This copies msg->dn including the casefolding, so the above
686 ret = ltdb_filter_attrs(ctx, msg, ctx->attrs, &filtered_msg);
689 * Remove any extended components possibly copied in from
690 * msg->dn, we just want the casefold components
692 ldb_dn_remove_extended_components(filtered_msg->dn);
696 return LDB_ERR_OPERATIONS_ERROR;
699 ret = ldb_module_send_entry(ctx->req, filtered_msg, NULL);
700 if (ret != LDB_SUCCESS) {
701 /* Regardless of success or failure, the msg
702 * is the callbacks responsiblity, and should
703 * not be talloc_free()'ed */
704 ctx->request_terminated = true;
712 search the database with a LDAP-like expression.
713 choses a search method
715 int ltdb_search(struct ltdb_context *ctx)
717 struct ldb_context *ldb;
718 struct ldb_module *module = ctx->module;
719 struct ldb_request *req = ctx->req;
720 void *data = ldb_module_get_private(module);
721 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
724 ldb = ldb_module_get_ctx(module);
726 ldb_request_set_state(req, LDB_ASYNC_PENDING);
728 if (ltdb_lock_read(module) != 0) {
729 return LDB_ERR_OPERATIONS_ERROR;
732 if (ltdb_cache_load(module) != 0) {
733 ltdb_unlock_read(module);
734 return LDB_ERR_OPERATIONS_ERROR;
737 if (req->op.search.tree == NULL) {
738 ltdb_unlock_read(module);
739 return LDB_ERR_OPERATIONS_ERROR;
742 ctx->tree = req->op.search.tree;
743 ctx->scope = req->op.search.scope;
744 ctx->base = req->op.search.base;
745 ctx->attrs = req->op.search.attrs;
747 if ((req->op.search.base == NULL) || (ldb_dn_is_null(req->op.search.base) == true)) {
749 /* Check what we should do with a NULL dn */
750 switch (req->op.search.scope) {
752 ldb_asprintf_errstring(ldb,
753 "NULL Base DN invalid for a base search");
754 ret = LDB_ERR_INVALID_DN_SYNTAX;
756 case LDB_SCOPE_ONELEVEL:
757 ldb_asprintf_errstring(ldb,
758 "NULL Base DN invalid for a one-level search");
759 ret = LDB_ERR_INVALID_DN_SYNTAX;
761 case LDB_SCOPE_SUBTREE:
763 /* We accept subtree searches from a NULL base DN, ie over the whole DB */
766 } else if (ldb_dn_is_valid(req->op.search.base) == false) {
768 /* We don't want invalid base DNs here */
769 ldb_asprintf_errstring(ldb,
770 "Invalid Base DN: %s",
771 ldb_dn_get_linearized(req->op.search.base));
772 ret = LDB_ERR_INVALID_DN_SYNTAX;
774 } else if (req->op.search.scope == LDB_SCOPE_BASE) {
777 * If we are LDB_SCOPE_BASE, do just one search and
778 * return early. This is critical to ensure we do not
779 * go into the index code for special DNs, as that
780 * will try to look up an index record for a special
781 * record (which doesn't exist).
783 ret = ltdb_search_and_return_base(ltdb, ctx);
785 ltdb_unlock_read(module);
789 } else if (ltdb->check_base) {
791 * This database has been marked as
792 * 'checkBaseOnSearch', so do a spot check of the base
793 * dn. Also optimise the subsequent filter by filling
794 * in the ctx->base to be exactly case correct
796 ret = ltdb_search_base(module, ctx,
800 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
801 ldb_asprintf_errstring(ldb,
802 "No such Base DN: %s",
803 ldb_dn_get_linearized(req->op.search.base));
807 /* If we are not checking the base DN life is easy */
811 if (ret == LDB_SUCCESS) {
812 uint32_t match_count = 0;
814 ret = ltdb_search_indexed(ctx, &match_count);
815 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
816 /* Not in the index, therefore OK! */
820 /* Check if we got just a normal error.
821 * In that case proceed to a full search unless we got a
823 if ( ! ctx->request_terminated && ret != LDB_SUCCESS) {
824 /* Not indexed, so we need to do a full scan */
825 if (ltdb->warn_unindexed || ltdb->disable_full_db_scan) {
826 /* useful for debugging when slow performance
827 * is caused by unindexed searches */
828 char *expression = ldb_filter_from_tree(ctx, ctx->tree);
829 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb FULL SEARCH: %s SCOPE: %s DN: %s",
831 req->op.search.scope==LDB_SCOPE_BASE?"base":
832 req->op.search.scope==LDB_SCOPE_ONELEVEL?"one":
833 req->op.search.scope==LDB_SCOPE_SUBTREE?"sub":"UNKNOWN",
834 ldb_dn_get_linearized(req->op.search.base));
836 talloc_free(expression);
839 if (match_count != 0) {
840 /* the indexing code gave an error
841 * after having returned at least one
842 * entry. This means the indexes are
843 * corrupt or a database record is
844 * corrupt. We cannot continue with a
845 * full search or we may return
848 ltdb_unlock_read(module);
849 return LDB_ERR_OPERATIONS_ERROR;
852 if (ltdb->disable_full_db_scan) {
853 ldb_set_errstring(ldb,
854 "ldb FULL SEARCH disabled");
855 ltdb_unlock_read(module);
856 return LDB_ERR_INAPPROPRIATE_MATCHING;
859 ret = ltdb_search_full(ctx);
860 if (ret != LDB_SUCCESS) {
861 ldb_set_errstring(ldb, "Indexed and full searches both failed!\n");
866 ltdb_unlock_read(module);