4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include "ldb_private.h"
57 prevent memory errors on callbacks
60 struct ltdb_context *ctx;
64 map a tdb error code to a ldb error code
66 int ltdb_err_map(enum TDB_ERROR tdb_code)
74 return LDB_ERR_OPERATIONS_ERROR;
76 return LDB_ERR_PROTOCOL_ERROR;
80 case TDB_ERR_LOCK_TIMEOUT:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED;
83 return LDB_ERR_ENTRY_ALREADY_EXISTS;
85 return LDB_ERR_NO_SUCH_OBJECT;
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
97 int ltdb_lock_read(struct ldb_module *module)
99 void *data = ldb_module_get_private(module);
100 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
104 if (ltdb->in_transaction == 0 &&
105 ltdb->read_lock_count == 0) {
106 tdb_ret = tdb_lockall_read(ltdb->tdb);
109 ltdb->read_lock_count++;
112 ret = ltdb_err_map(tdb_error(ltdb->tdb));
113 if (ret == LDB_SUCCESS) {
114 ret = LDB_ERR_OPERATIONS_ERROR;
116 ldb_debug_set(ldb_module_get_ctx(module),
118 "Failure during ltdb_lock_read(): %s -> %s",
119 tdb_errorstr(ltdb->tdb),
125 unlock the database after a ltdb_lock_read()
127 int ltdb_unlock_read(struct ldb_module *module)
129 void *data = ldb_module_get_private(module);
130 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
131 if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
132 tdb_unlockall_read(ltdb->tdb);
133 ltdb->read_lock_count--;
136 ltdb->read_lock_count--;
142 * Determine if this key could hold a record. We allow the new GUID
143 * index, the old DN index and a possible future ID=
145 bool ltdb_key_is_record(TDB_DATA key)
151 if (memcmp(key.dptr, "DN=", 3) == 0) {
155 if (memcmp(key.dptr, "ID=", 3) == 0) {
163 if (memcmp(key.dptr, "GUID=", 5) == 0) {
171 form a TDB_DATA for a record key
174 note that the key for a record can depend on whether the
175 dn refers to a case sensitive index record or not
177 TDB_DATA ltdb_key_dn(struct ldb_module *module, struct ldb_dn *dn)
179 struct ldb_context *ldb = ldb_module_get_ctx(module);
181 char *key_str = NULL;
182 const char *dn_folded = NULL;
185 most DNs are case insensitive. The exception is index DNs for
186 case sensitive attributes
188 there are 3 cases dealt with in this code:
190 1) if the dn doesn't start with @ then uppercase the attribute
191 names and the attributes values of case insensitive attributes
192 2) if the dn starts with @ then leave it alone -
193 the indexing code handles the rest
196 dn_folded = ldb_dn_get_casefold(dn);
201 key_str = talloc_strdup(ldb, "DN=");
206 key_str = talloc_strdup_append_buffer(key_str, dn_folded);
211 key.dptr = (uint8_t *)key_str;
212 key.dsize = strlen(key_str) + 1;
224 form a TDB_DATA for a record key
227 note that the key for a record can depend on whether the
228 dn refers to a case sensitive index record or not
230 TDB_DATA ltdb_key_msg(struct ldb_module *module,
231 const struct ldb_message *msg)
233 return ltdb_key_dn(module, msg->dn);
237 check special dn's have valid attributes
238 currently only @ATTRIBUTES is checked
240 static int ltdb_check_special_dn(struct ldb_module *module,
241 const struct ldb_message *msg)
243 struct ldb_context *ldb = ldb_module_get_ctx(module);
246 if (! ldb_dn_is_special(msg->dn) ||
247 ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
251 /* we have @ATTRIBUTES, let's check attributes are fine */
252 /* should we check that we deny multivalued attributes ? */
253 for (i = 0; i < msg->num_elements; i++) {
254 if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) continue;
256 for (j = 0; j < msg->elements[i].num_values; j++) {
257 if (ltdb_check_at_attributes_values(&msg->elements[i].values[j]) != 0) {
258 ldb_set_errstring(ldb, "Invalid attribute value in an @ATTRIBUTES entry");
259 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
269 we've made a modification to a dn - possibly reindex and
270 update sequence number
272 static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
274 int ret = LDB_SUCCESS;
275 struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
277 /* only allow modifies inside a transaction, otherwise the
279 if (ltdb->in_transaction == 0) {
280 ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
281 return LDB_ERR_OPERATIONS_ERROR;
284 if (ldb_dn_is_special(dn) &&
285 (ldb_dn_check_special(dn, LTDB_INDEXLIST) ||
286 ldb_dn_check_special(dn, LTDB_ATTRIBUTES)) )
288 if (ltdb->warn_reindex) {
289 ldb_debug(ldb_module_get_ctx(module),
290 LDB_DEBUG_ERROR, "Reindexing %s due to modification on %s",
291 tdb_name(ltdb->tdb), ldb_dn_get_linearized(dn));
293 ret = ltdb_reindex(module);
296 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
297 if (ret == LDB_SUCCESS &&
298 !(ldb_dn_is_special(dn) &&
299 ldb_dn_check_special(dn, LTDB_BASEINFO)) ) {
300 ret = ltdb_increase_sequence_number(module);
303 /* If the modify was to @OPTIONS, reload the cache */
304 if (ret == LDB_SUCCESS &&
305 ldb_dn_is_special(dn) &&
306 (ldb_dn_check_special(dn, LTDB_OPTIONS)) ) {
307 ret = ltdb_cache_reload(module);
314 store a record into the db
316 int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
318 void *data = ldb_module_get_private(module);
319 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
320 TDB_DATA tdb_key, tdb_data;
321 struct ldb_val ldb_data;
322 int ret = LDB_SUCCESS;
324 if (ltdb->read_only) {
325 return LDB_ERR_UNWILLING_TO_PERFORM;
328 tdb_key = ltdb_key_msg(module, msg);
329 if (tdb_key.dptr == NULL) {
330 return LDB_ERR_OTHER;
333 ret = ldb_pack_data(ldb_module_get_ctx(module),
336 talloc_free(tdb_key.dptr);
337 return LDB_ERR_OTHER;
340 tdb_data.dptr = ldb_data.data;
341 tdb_data.dsize = ldb_data.length;
343 ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
345 ret = ltdb_err_map(tdb_error(ltdb->tdb));
350 talloc_free(tdb_key.dptr);
351 talloc_free(ldb_data.data);
358 check if a attribute is a single valued, for a given element
360 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute *a,
361 struct ldb_message_element *el)
363 if (!a) return false;
365 if (el->flags & LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK) {
366 /* override from a ldb module, for example
367 used for the description field, which is
368 marked multi-valued in the schema but which
369 should not actually accept multiple
373 if (el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK) {
374 /* override from a ldb module, for example used for
375 deleted linked attribute entries */
379 if (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
385 static int ltdb_add_internal(struct ldb_module *module,
386 const struct ldb_message *msg,
387 bool check_single_value)
389 struct ldb_context *ldb = ldb_module_get_ctx(module);
390 int ret = LDB_SUCCESS;
393 for (i=0;i<msg->num_elements;i++) {
394 struct ldb_message_element *el = &msg->elements[i];
395 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
397 if (el->num_values == 0) {
398 ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
399 el->name, ldb_dn_get_linearized(msg->dn));
400 return LDB_ERR_CONSTRAINT_VIOLATION;
402 if (check_single_value &&
403 el->num_values > 1 &&
404 ldb_tdb_single_valued(a, el)) {
405 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
406 el->name, ldb_dn_get_linearized(msg->dn));
407 return LDB_ERR_CONSTRAINT_VIOLATION;
410 /* Do not check "@ATTRIBUTES" for duplicated values */
411 if (ldb_dn_is_special(msg->dn) &&
412 ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
416 if (check_single_value &&
418 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
419 struct ldb_val *duplicate = NULL;
421 ret = ldb_msg_find_duplicate_val(ldb, discard_const(msg),
423 if (ret != LDB_SUCCESS) {
426 if (duplicate != NULL) {
427 ldb_asprintf_errstring(
429 "attribute '%s': value '%.*s' on '%s' "
430 "provided more than once in ADD object",
432 (int)duplicate->length,
434 ldb_dn_get_linearized(msg->dn));
435 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
440 ret = ltdb_store(module, msg, TDB_INSERT);
441 if (ret != LDB_SUCCESS) {
442 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
443 ldb_asprintf_errstring(ldb,
444 "Entry %s already exists",
445 ldb_dn_get_linearized(msg->dn));
450 ret = ltdb_index_add_new(module, msg);
451 if (ret != LDB_SUCCESS) {
455 ret = ltdb_modified(module, msg->dn);
461 add a record to the database
463 static int ltdb_add(struct ltdb_context *ctx)
465 struct ldb_module *module = ctx->module;
466 struct ldb_request *req = ctx->req;
467 int ret = LDB_SUCCESS;
469 ret = ltdb_check_special_dn(module, req->op.add.message);
470 if (ret != LDB_SUCCESS) {
474 ldb_request_set_state(req, LDB_ASYNC_PENDING);
476 if (ltdb_cache_load(module) != 0) {
477 return LDB_ERR_OPERATIONS_ERROR;
480 ret = ltdb_add_internal(module, req->op.add.message, true);
486 delete a record from the database, not updating indexes (used for deleting
489 int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
491 void *data = ldb_module_get_private(module);
492 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
496 if (ltdb->read_only) {
497 return LDB_ERR_UNWILLING_TO_PERFORM;
500 tdb_key = ltdb_key_dn(module, dn);
502 return LDB_ERR_OTHER;
505 ret = tdb_delete(ltdb->tdb, tdb_key);
506 talloc_free(tdb_key.dptr);
509 ret = ltdb_err_map(tdb_error(ltdb->tdb));
515 static int ltdb_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
517 struct ldb_message *msg;
518 int ret = LDB_SUCCESS;
520 msg = ldb_msg_new(module);
522 return LDB_ERR_OPERATIONS_ERROR;
525 /* in case any attribute of the message was indexed, we need
526 to fetch the old record */
527 ret = ltdb_search_dn1(module, dn, msg, LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
528 if (ret != LDB_SUCCESS) {
529 /* not finding the old record is an error */
533 ret = ltdb_delete_noindex(module, dn);
534 if (ret != LDB_SUCCESS) {
538 /* remove any indexed attributes */
539 ret = ltdb_index_delete(module, msg);
540 if (ret != LDB_SUCCESS) {
544 ret = ltdb_modified(module, dn);
545 if (ret != LDB_SUCCESS) {
555 delete a record from the database
557 static int ltdb_delete(struct ltdb_context *ctx)
559 struct ldb_module *module = ctx->module;
560 struct ldb_request *req = ctx->req;
561 int ret = LDB_SUCCESS;
563 ldb_request_set_state(req, LDB_ASYNC_PENDING);
565 if (ltdb_cache_load(module) != 0) {
566 return LDB_ERR_OPERATIONS_ERROR;
569 ret = ltdb_delete_internal(module, req->op.del.dn);
575 find an element by attribute name. At the moment this does a linear search,
576 it should be re-coded to use a binary search once all places that modify
577 records guarantee sorted order
579 return the index of the first matching element if found, otherwise -1
581 static int find_element(const struct ldb_message *msg, const char *name)
584 for (i=0;i<msg->num_elements;i++) {
585 if (ldb_attr_cmp(msg->elements[i].name, name) == 0) {
594 add an element to an existing record. Assumes a elements array that we
595 can call re-alloc on, and assumed that we can re-use the data pointers from
596 the passed in additional values. Use with care!
598 returns 0 on success, -1 on failure (and sets errno)
600 static int ltdb_msg_add_element(struct ldb_message *msg,
601 struct ldb_message_element *el)
603 struct ldb_message_element *e2;
606 if (el->num_values == 0) {
607 /* nothing to do here - we don't add empty elements */
611 e2 = talloc_realloc(msg, msg->elements, struct ldb_message_element,
612 msg->num_elements+1);
620 e2 = &msg->elements[msg->num_elements];
623 e2->flags = el->flags;
624 e2->values = talloc_array(msg->elements,
625 struct ldb_val, el->num_values);
630 for (i=0;i<el->num_values;i++) {
631 e2->values[i] = el->values[i];
633 e2->num_values = el->num_values;
641 delete all elements having a specified attribute name
643 static int msg_delete_attribute(struct ldb_module *module,
644 struct ldb_message *msg, const char *name)
648 struct ldb_message_element *el;
650 el = ldb_msg_find_element(msg, name);
652 return LDB_ERR_NO_SUCH_ATTRIBUTE;
654 i = el - msg->elements;
656 ret = ltdb_index_del_element(module, msg->dn, el);
657 if (ret != LDB_SUCCESS) {
661 talloc_free(el->values);
662 if (msg->num_elements > (i+1)) {
663 memmove(el, el+1, sizeof(*el) * (msg->num_elements - (i+1)));
666 msg->elements = talloc_realloc(msg, msg->elements,
667 struct ldb_message_element,
673 delete all elements matching an attribute name/value
675 return LDB Error on failure
677 static int msg_delete_element(struct ldb_module *module,
678 struct ldb_message *msg,
680 const struct ldb_val *val)
682 struct ldb_context *ldb = ldb_module_get_ctx(module);
685 struct ldb_message_element *el;
686 const struct ldb_schema_attribute *a;
688 found = find_element(msg, name);
690 return LDB_ERR_NO_SUCH_ATTRIBUTE;
693 i = (unsigned int) found;
694 el = &(msg->elements[i]);
696 a = ldb_schema_attribute_by_name(ldb, el->name);
698 for (i=0;i<el->num_values;i++) {
700 if (a->syntax->operator_fn) {
701 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
702 &el->values[i], val, &matched);
703 if (ret != LDB_SUCCESS) return ret;
705 matched = (a->syntax->comparison_fn(ldb, ldb,
706 &el->values[i], val) == 0);
709 if (el->num_values == 1) {
710 return msg_delete_attribute(module, msg, name);
713 ret = ltdb_index_del_value(module, msg->dn, el, i);
714 if (ret != LDB_SUCCESS) {
718 if (i<el->num_values-1) {
719 memmove(&el->values[i], &el->values[i+1],
720 sizeof(el->values[i])*
721 (el->num_values-(i+1)));
725 /* per definition we find in a canonicalised message an
726 attribute value only once. So we are finished here */
732 return LDB_ERR_NO_SUCH_ATTRIBUTE;
737 modify a record - internal interface
739 yuck - this is O(n^2). Luckily n is usually small so we probably
740 get away with it, but if we ever have really large attribute lists
741 then we'll need to look at this again
743 'req' is optional, and is used to specify controls if supplied
745 int ltdb_modify_internal(struct ldb_module *module,
746 const struct ldb_message *msg,
747 struct ldb_request *req)
749 struct ldb_context *ldb = ldb_module_get_ctx(module);
750 struct ldb_message *msg2;
752 int ret = LDB_SUCCESS, idx;
753 struct ldb_control *control_permissive = NULL;
754 TALLOC_CTX *mem_ctx = talloc_new(req);
756 if (mem_ctx == NULL) {
757 return ldb_module_oom(module);
761 control_permissive = ldb_request_get_control(req,
762 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
765 msg2 = ldb_msg_new(mem_ctx);
771 ret = ltdb_search_dn1(module, msg->dn,
773 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
774 if (ret != LDB_SUCCESS) {
778 for (i=0; i<msg->num_elements; i++) {
779 struct ldb_message_element *el = &msg->elements[i], *el2;
780 struct ldb_val *vals;
781 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
783 uint32_t options = 0;
784 if (control_permissive != NULL) {
785 options |= LDB_MSG_FIND_COMMON_REMOVE_DUPLICATES;
788 switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
789 case LDB_FLAG_MOD_ADD:
791 if (el->num_values == 0) {
792 ldb_asprintf_errstring(ldb,
793 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
794 el->name, ldb_dn_get_linearized(msg2->dn));
795 ret = LDB_ERR_CONSTRAINT_VIOLATION;
799 /* make a copy of the array so that a permissive
800 * control can remove duplicates without changing the
801 * original values, but do not copy data as we do not
802 * need to keep it around once the operation is
804 if (control_permissive) {
805 el = talloc(msg2, struct ldb_message_element);
810 *el = msg->elements[i];
811 el->values = talloc_array(el, struct ldb_val, el->num_values);
812 if (el->values == NULL) {
816 for (j = 0; j < el->num_values; j++) {
817 el->values[j] = msg->elements[i].values[j];
821 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
822 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
823 el->name, ldb_dn_get_linearized(msg2->dn));
824 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
828 /* Checks if element already exists */
829 idx = find_element(msg2, el->name);
831 if (ltdb_msg_add_element(msg2, el) != 0) {
835 ret = ltdb_index_add_element(module, msg2->dn,
837 if (ret != LDB_SUCCESS) {
841 j = (unsigned int) idx;
842 el2 = &(msg2->elements[j]);
844 /* We cannot add another value on a existing one
845 if the attribute is single-valued */
846 if (ldb_tdb_single_valued(a, el)) {
847 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
848 el->name, ldb_dn_get_linearized(msg2->dn));
849 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
853 /* Check that values don't exist yet on multi-
854 valued attributes or aren't provided twice */
856 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
857 struct ldb_val *duplicate = NULL;
858 ret = ldb_msg_find_common_values(ldb,
865 LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
866 ldb_asprintf_errstring(ldb,
867 "attribute '%s': value "
868 "#%u on '%s' already "
869 "exists", el->name, j,
870 ldb_dn_get_linearized(msg2->dn));
872 } else if (ret != LDB_SUCCESS) {
876 ret = ldb_msg_find_duplicate_val(
877 ldb, msg2, el, &duplicate, 0);
878 if (ret != LDB_SUCCESS) {
881 if (duplicate != NULL) {
882 ldb_asprintf_errstring(
884 "attribute '%s': value "
886 "provided more than "
889 (int)duplicate->length,
891 ldb_dn_get_linearized(msg->dn));
892 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
897 /* Now combine existing and new values to a new
899 vals = talloc_realloc(msg2->elements,
900 el2->values, struct ldb_val,
901 el2->num_values + el->num_values);
908 for (j=0; j<el->num_values; j++) {
909 vals[el2->num_values + j] =
910 ldb_val_dup(vals, &el->values[j]);
914 el2->num_values += el->num_values;
916 ret = ltdb_index_add_element(module, msg2->dn, el);
917 if (ret != LDB_SUCCESS) {
924 case LDB_FLAG_MOD_REPLACE:
926 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
927 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
928 el->name, ldb_dn_get_linearized(msg2->dn));
929 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
934 * We don't need to check this if we have been
935 * pre-screened by the repl_meta_data module
936 * in Samba, or someone else who can claim to
937 * know what they are doing.
939 if (!(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
940 struct ldb_val *duplicate = NULL;
942 ret = ldb_msg_find_duplicate_val(ldb, msg2, el,
944 if (ret != LDB_SUCCESS) {
947 if (duplicate != NULL) {
948 ldb_asprintf_errstring(
950 "attribute '%s': value '%.*s' "
951 "on '%s' provided more than "
954 (int)duplicate->length,
956 ldb_dn_get_linearized(msg2->dn));
957 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
962 /* Checks if element already exists */
963 idx = find_element(msg2, el->name);
965 j = (unsigned int) idx;
966 el2 = &(msg2->elements[j]);
968 /* we consider two elements to be
969 * equal only if the order
970 * matches. This allows dbcheck to
971 * fix the ordering on attributes
972 * where order matters, such as
975 if (ldb_msg_element_equal_ordered(el, el2)) {
979 /* Delete the attribute if it exists in the DB */
980 if (msg_delete_attribute(module, msg2,
987 /* Recreate it with the new values */
988 if (ltdb_msg_add_element(msg2, el) != 0) {
993 ret = ltdb_index_add_element(module, msg2->dn, el);
994 if (ret != LDB_SUCCESS) {
1000 case LDB_FLAG_MOD_DELETE:
1001 dn = ldb_dn_get_linearized(msg2->dn);
1003 ret = LDB_ERR_OTHER;
1007 if (msg->elements[i].num_values == 0) {
1008 /* Delete the whole attribute */
1009 ret = msg_delete_attribute(module, msg2,
1010 msg->elements[i].name);
1011 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
1012 control_permissive) {
1015 ldb_asprintf_errstring(ldb,
1016 "attribute '%s': no such attribute for delete on '%s'",
1017 msg->elements[i].name, dn);
1019 if (ret != LDB_SUCCESS) {
1023 /* Delete specified values from an attribute */
1024 for (j=0; j < msg->elements[i].num_values; j++) {
1025 ret = msg_delete_element(module,
1027 msg->elements[i].name,
1028 &msg->elements[i].values[j]);
1029 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
1030 control_permissive) {
1032 } else if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
1033 ldb_asprintf_errstring(ldb,
1034 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
1035 msg->elements[i].name, dn);
1037 if (ret != LDB_SUCCESS) {
1044 ldb_asprintf_errstring(ldb,
1045 "attribute '%s': invalid modify flags on '%s': 0x%x",
1046 msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
1047 msg->elements[i].flags & LDB_FLAG_MOD_MASK);
1048 ret = LDB_ERR_PROTOCOL_ERROR;
1053 ret = ltdb_store(module, msg2, TDB_MODIFY);
1054 if (ret != LDB_SUCCESS) {
1058 ret = ltdb_modified(module, msg2->dn);
1059 if (ret != LDB_SUCCESS) {
1064 TALLOC_FREE(mem_ctx);
1071 static int ltdb_modify(struct ltdb_context *ctx)
1073 struct ldb_module *module = ctx->module;
1074 struct ldb_request *req = ctx->req;
1075 int ret = LDB_SUCCESS;
1077 ret = ltdb_check_special_dn(module, req->op.mod.message);
1078 if (ret != LDB_SUCCESS) {
1082 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1084 if (ltdb_cache_load(module) != 0) {
1085 return LDB_ERR_OPERATIONS_ERROR;
1088 ret = ltdb_modify_internal(module, req->op.mod.message, req);
1096 static int ltdb_rename(struct ltdb_context *ctx)
1098 struct ldb_module *module = ctx->module;
1099 void *data = ldb_module_get_private(module);
1100 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1101 struct ldb_request *req = ctx->req;
1102 struct ldb_message *msg;
1103 int ret = LDB_SUCCESS;
1104 TDB_DATA tdb_key, tdb_key_old;
1106 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1108 if (ltdb_cache_load(ctx->module) != 0) {
1109 return LDB_ERR_OPERATIONS_ERROR;
1112 msg = ldb_msg_new(ctx);
1114 return LDB_ERR_OPERATIONS_ERROR;
1117 /* we need to fetch the old record to re-add under the new name */
1118 ret = ltdb_search_dn1(module, req->op.rename.olddn, msg,
1119 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
1120 if (ret != LDB_SUCCESS) {
1121 /* not finding the old record is an error */
1125 /* We need to, before changing the DB, check if the new DN
1126 * exists, so we can return this error to the caller with an
1128 tdb_key = ltdb_key_dn(module, req->op.rename.newdn);
1129 if (!tdb_key.dptr) {
1131 return LDB_ERR_OPERATIONS_ERROR;
1134 tdb_key_old = ltdb_key_dn(module, req->op.rename.olddn);
1135 if (!tdb_key_old.dptr) {
1137 talloc_free(tdb_key.dptr);
1138 return LDB_ERR_OPERATIONS_ERROR;
1141 /* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
1142 if (tdb_key_old.dsize != tdb_key.dsize || memcmp(tdb_key.dptr, tdb_key_old.dptr, tdb_key.dsize) != 0) {
1143 if (tdb_exists(ltdb->tdb, tdb_key)) {
1144 talloc_free(tdb_key_old.dptr);
1145 talloc_free(tdb_key.dptr);
1146 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1147 "Entry %s already exists",
1148 ldb_dn_get_linearized(req->op.rename.newdn));
1149 /* finding the new record already in the DB is an error */
1151 return LDB_ERR_ENTRY_ALREADY_EXISTS;
1154 talloc_free(tdb_key_old.dptr);
1155 talloc_free(tdb_key.dptr);
1157 /* Always delete first then add, to avoid conflicts with
1158 * unique indexes. We rely on the transaction to make this
1161 ret = ltdb_delete_internal(module, msg->dn);
1162 if (ret != LDB_SUCCESS) {
1167 msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
1168 if (msg->dn == NULL) {
1170 return LDB_ERR_OPERATIONS_ERROR;
1173 /* We don't check single value as we can have more than 1 with
1174 * deleted attributes. We could go through all elements but that's
1175 * maybe not the most efficient way
1177 ret = ltdb_add_internal(module, msg, false);
1184 static int ltdb_start_trans(struct ldb_module *module)
1186 void *data = ldb_module_get_private(module);
1187 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1189 /* Do not take out the transaction lock on a read-only DB */
1190 if (ltdb->read_only) {
1191 return LDB_ERR_UNWILLING_TO_PERFORM;
1194 if (tdb_transaction_start(ltdb->tdb) != 0) {
1195 return ltdb_err_map(tdb_error(ltdb->tdb));
1198 ltdb->in_transaction++;
1200 ltdb_index_transaction_start(module);
1205 static int ltdb_prepare_commit(struct ldb_module *module)
1208 void *data = ldb_module_get_private(module);
1209 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1211 if (ltdb->in_transaction != 1) {
1215 ret = ltdb_index_transaction_commit(module);
1216 if (ret != LDB_SUCCESS) {
1217 tdb_transaction_cancel(ltdb->tdb);
1218 ltdb->in_transaction--;
1222 if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
1223 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1224 ltdb->in_transaction--;
1225 ldb_debug_set(ldb_module_get_ctx(module),
1228 "tdb_transaction_prepare_commit(): %s -> %s",
1229 tdb_errorstr(ltdb->tdb),
1234 ltdb->prepared_commit = true;
1239 static int ltdb_end_trans(struct ldb_module *module)
1242 void *data = ldb_module_get_private(module);
1243 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1245 if (!ltdb->prepared_commit) {
1246 ret = ltdb_prepare_commit(module);
1247 if (ret != LDB_SUCCESS) {
1252 ltdb->in_transaction--;
1253 ltdb->prepared_commit = false;
1255 if (tdb_transaction_commit(ltdb->tdb) != 0) {
1256 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1257 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1258 "Failure during tdb_transaction_commit(): %s -> %s",
1259 tdb_errorstr(ltdb->tdb),
1267 static int ltdb_del_trans(struct ldb_module *module)
1269 void *data = ldb_module_get_private(module);
1270 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1272 ltdb->in_transaction--;
1274 if (ltdb_index_transaction_cancel(module) != 0) {
1275 tdb_transaction_cancel(ltdb->tdb);
1276 return ltdb_err_map(tdb_error(ltdb->tdb));
1279 tdb_transaction_cancel(ltdb->tdb);
1284 return sequenceNumber from @BASEINFO
1286 static int ltdb_sequence_number(struct ltdb_context *ctx,
1287 struct ldb_extended **ext)
1289 struct ldb_context *ldb;
1290 struct ldb_module *module = ctx->module;
1291 struct ldb_request *req = ctx->req;
1292 TALLOC_CTX *tmp_ctx = NULL;
1293 struct ldb_seqnum_request *seq;
1294 struct ldb_seqnum_result *res;
1295 struct ldb_message *msg = NULL;
1298 int ret = LDB_SUCCESS;
1300 ldb = ldb_module_get_ctx(module);
1302 seq = talloc_get_type(req->op.extended.data,
1303 struct ldb_seqnum_request);
1305 return LDB_ERR_OPERATIONS_ERROR;
1308 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1310 if (ltdb_lock_read(module) != 0) {
1311 return LDB_ERR_OPERATIONS_ERROR;
1314 res = talloc_zero(req, struct ldb_seqnum_result);
1316 ret = LDB_ERR_OPERATIONS_ERROR;
1320 tmp_ctx = talloc_new(req);
1321 if (tmp_ctx == NULL) {
1322 ret = LDB_ERR_OPERATIONS_ERROR;
1326 dn = ldb_dn_new(tmp_ctx, ldb, LTDB_BASEINFO);
1328 ret = LDB_ERR_OPERATIONS_ERROR;
1332 msg = ldb_msg_new(tmp_ctx);
1334 ret = LDB_ERR_OPERATIONS_ERROR;
1338 ret = ltdb_search_dn1(module, dn, msg, 0);
1339 if (ret != LDB_SUCCESS) {
1343 switch (seq->type) {
1344 case LDB_SEQ_HIGHEST_SEQ:
1345 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1348 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1351 case LDB_SEQ_HIGHEST_TIMESTAMP:
1352 date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL);
1354 res->seq_num = ldb_string_to_time(date);
1357 /* zero is as good as anything when we don't know */
1362 *ext = talloc_zero(req, struct ldb_extended);
1364 ret = LDB_ERR_OPERATIONS_ERROR;
1367 (*ext)->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
1368 (*ext)->data = talloc_steal(*ext, res);
1371 talloc_free(tmp_ctx);
1372 ltdb_unlock_read(module);
1376 static void ltdb_request_done(struct ltdb_context *ctx, int error)
1378 struct ldb_context *ldb;
1379 struct ldb_request *req;
1380 struct ldb_reply *ares;
1382 ldb = ldb_module_get_ctx(ctx->module);
1385 /* if we already returned an error just return */
1386 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1390 ares = talloc_zero(req, struct ldb_reply);
1393 req->callback(req, NULL);
1396 ares->type = LDB_REPLY_DONE;
1397 ares->error = error;
1399 req->callback(req, ares);
1402 static void ltdb_timeout(struct tevent_context *ev,
1403 struct tevent_timer *te,
1407 struct ltdb_context *ctx;
1408 ctx = talloc_get_type(private_data, struct ltdb_context);
1410 if (!ctx->request_terminated) {
1411 /* request is done now */
1412 ltdb_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED);
1416 /* neutralize the spy */
1417 ctx->spy->ctx = NULL;
1423 static void ltdb_request_extended_done(struct ltdb_context *ctx,
1424 struct ldb_extended *ext,
1427 struct ldb_context *ldb;
1428 struct ldb_request *req;
1429 struct ldb_reply *ares;
1431 ldb = ldb_module_get_ctx(ctx->module);
1434 /* if we already returned an error just return */
1435 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1439 ares = talloc_zero(req, struct ldb_reply);
1442 req->callback(req, NULL);
1445 ares->type = LDB_REPLY_DONE;
1446 ares->response = ext;
1447 ares->error = error;
1449 req->callback(req, ares);
1452 static void ltdb_handle_extended(struct ltdb_context *ctx)
1454 struct ldb_extended *ext = NULL;
1457 if (strcmp(ctx->req->op.extended.oid,
1458 LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
1459 /* get sequence number */
1460 ret = ltdb_sequence_number(ctx, &ext);
1462 /* not recognized */
1463 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1466 ltdb_request_extended_done(ctx, ext, ret);
1469 static void ltdb_callback(struct tevent_context *ev,
1470 struct tevent_timer *te,
1474 struct ltdb_context *ctx;
1477 ctx = talloc_get_type(private_data, struct ltdb_context);
1479 if (ctx->request_terminated) {
1483 switch (ctx->req->operation) {
1485 ret = ltdb_search(ctx);
1488 ret = ltdb_add(ctx);
1491 ret = ltdb_modify(ctx);
1494 ret = ltdb_delete(ctx);
1497 ret = ltdb_rename(ctx);
1500 ltdb_handle_extended(ctx);
1503 /* no other op supported */
1504 ret = LDB_ERR_PROTOCOL_ERROR;
1507 if (!ctx->request_terminated) {
1508 /* request is done now */
1509 ltdb_request_done(ctx, ret);
1514 /* neutralize the spy */
1515 ctx->spy->ctx = NULL;
1521 static int ltdb_request_destructor(void *ptr)
1523 struct ltdb_req_spy *spy = talloc_get_type(ptr, struct ltdb_req_spy);
1525 if (spy->ctx != NULL) {
1526 spy->ctx->spy = NULL;
1527 spy->ctx->request_terminated = true;
1534 static int ltdb_handle_request(struct ldb_module *module,
1535 struct ldb_request *req)
1537 struct ldb_control *control_permissive;
1538 struct ldb_context *ldb;
1539 struct tevent_context *ev;
1540 struct ltdb_context *ac;
1541 struct tevent_timer *te;
1545 ldb = ldb_module_get_ctx(module);
1547 control_permissive = ldb_request_get_control(req,
1548 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1550 for (i = 0; req->controls && req->controls[i]; i++) {
1551 if (req->controls[i]->critical &&
1552 req->controls[i] != control_permissive) {
1553 ldb_asprintf_errstring(ldb, "Unsupported critical extension %s",
1554 req->controls[i]->oid);
1555 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1559 if (req->starttime == 0 || req->timeout == 0) {
1560 ldb_set_errstring(ldb, "Invalid timeout settings");
1561 return LDB_ERR_TIME_LIMIT_EXCEEDED;
1564 ev = ldb_handle_get_event_context(req->handle);
1566 ac = talloc_zero(ldb, struct ltdb_context);
1569 return LDB_ERR_OPERATIONS_ERROR;
1572 ac->module = module;
1577 te = tevent_add_timer(ev, ac, tv, ltdb_callback, ac);
1580 return LDB_ERR_OPERATIONS_ERROR;
1583 if (req->timeout > 0) {
1584 tv.tv_sec = req->starttime + req->timeout;
1586 ac->timeout_event = tevent_add_timer(ev, ac, tv,
1588 if (NULL == ac->timeout_event) {
1590 return LDB_ERR_OPERATIONS_ERROR;
1594 /* set a spy so that we do not try to use the request context
1595 * if it is freed before ltdb_callback fires */
1596 ac->spy = talloc(req, struct ltdb_req_spy);
1597 if (NULL == ac->spy) {
1599 return LDB_ERR_OPERATIONS_ERROR;
1603 talloc_set_destructor((TALLOC_CTX *)ac->spy, ltdb_request_destructor);
1608 static int ltdb_init_rootdse(struct ldb_module *module)
1610 /* ignore errors on this - we expect it for non-sam databases */
1611 ldb_mod_register_control(module, LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1613 /* there can be no module beyond the backend, just return */
1617 static const struct ldb_module_ops ltdb_ops = {
1619 .init_context = ltdb_init_rootdse,
1620 .search = ltdb_handle_request,
1621 .add = ltdb_handle_request,
1622 .modify = ltdb_handle_request,
1623 .del = ltdb_handle_request,
1624 .rename = ltdb_handle_request,
1625 .extended = ltdb_handle_request,
1626 .start_transaction = ltdb_start_trans,
1627 .end_transaction = ltdb_end_trans,
1628 .prepare_commit = ltdb_prepare_commit,
1629 .del_transaction = ltdb_del_trans,
1630 .read_lock = ltdb_lock_read,
1631 .read_unlock = ltdb_unlock_read,
1635 connect to the database
1637 static int ltdb_connect(struct ldb_context *ldb, const char *url,
1638 unsigned int flags, const char *options[],
1639 struct ldb_module **_module)
1641 struct ldb_module *module;
1643 int tdb_flags, open_flags;
1644 struct ltdb_private *ltdb;
1647 * We hold locks, so we must use a private event context
1648 * on each returned handle
1651 ldb_set_require_private_event_context(ldb);
1654 if (strchr(url, ':')) {
1655 if (strncmp(url, "tdb://", 6) != 0) {
1656 ldb_debug(ldb, LDB_DEBUG_ERROR,
1657 "Invalid tdb URL '%s'", url);
1658 return LDB_ERR_OPERATIONS_ERROR;
1665 tdb_flags = TDB_DEFAULT | TDB_SEQNUM;
1667 /* check for the 'nosync' option */
1668 if (flags & LDB_FLG_NOSYNC) {
1669 tdb_flags |= TDB_NOSYNC;
1672 /* and nommap option */
1673 if (flags & LDB_FLG_NOMMAP) {
1674 tdb_flags |= TDB_NOMMAP;
1677 ltdb = talloc_zero(ldb, struct ltdb_private);
1680 return LDB_ERR_OPERATIONS_ERROR;
1683 if (flags & LDB_FLG_RDONLY) {
1685 * This is weird, but because we can only have one tdb
1686 * in this process, and the other one could be
1687 * read-write, we can't use the tdb readonly. Plus a
1688 * read only tdb prohibits the all-record lock.
1690 open_flags = O_RDWR;
1692 ltdb->read_only = true;
1694 } else if (flags & LDB_FLG_DONT_CREATE_DB) {
1696 * This is used by ldbsearch to prevent creation of the database
1697 * if the name is wrong
1699 open_flags = O_RDWR;
1702 * This is the normal case
1704 open_flags = O_CREAT | O_RDWR;
1707 /* note that we use quite a large default hash size */
1708 ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
1709 tdb_flags, open_flags,
1710 ldb_get_create_perms(ldb), ldb);
1712 ldb_asprintf_errstring(ldb,
1713 "Unable to open tdb '%s': %s", path, strerror(errno));
1714 ldb_debug(ldb, LDB_DEBUG_ERROR,
1715 "Unable to open tdb '%s': %s", path, strerror(errno));
1717 if (errno == EACCES || errno == EPERM) {
1718 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
1720 return LDB_ERR_OPERATIONS_ERROR;
1723 if (getenv("LDB_WARN_UNINDEXED")) {
1724 ltdb->warn_unindexed = true;
1727 if (getenv("LDB_WARN_REINDEX")) {
1728 ltdb->warn_reindex = true;
1731 ltdb->sequence_number = 0;
1733 module = ldb_module_new(ldb, ldb, "ldb_tdb backend", <db_ops);
1737 return LDB_ERR_OPERATIONS_ERROR;
1739 ldb_module_set_private(module, ltdb);
1740 talloc_steal(module, ltdb);
1742 if (ltdb_cache_load(module) != 0) {
1743 ldb_asprintf_errstring(ldb,
1744 "Unable to load ltdb cache records of tdb '%s'", path);
1745 talloc_free(module);
1746 return LDB_ERR_OPERATIONS_ERROR;
1753 int ldb_tdb_init(const char *version)
1755 LDB_MODULE_CHECK_VERSION(version);
1756 return ldb_register_backend("tdb", ltdb_connect, false);