4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2006-2008
7 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
9 ** NOTE! The following LGPL license applies to the ldb
10 ** library. This does NOT imply that all of Samba is released
13 This library is free software; you can redistribute it and/or
14 modify it under the terms of the GNU Lesser General Public
15 License as published by the Free Software Foundation; either
16 version 3 of the License, or (at your option) any later version.
18 This library is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 Lesser General Public License for more details.
23 You should have received a copy of the GNU Lesser General Public
24 License along with this library; if not, see <http://www.gnu.org/licenses/>.
30 * Component: ldb tdb backend
32 * Description: core functions for tdb backend
34 * Author: Andrew Tridgell
35 * Author: Stefan Metzmacher
39 * - description: make the module use asynchronous calls
43 * - description: make it possible to use event contexts
47 * - description: fix up memory leaks and small bugs
49 * Author: Matthias Dieter Wallnöfer
53 #include "ldb_private.h"
57 prevent memory errors on callbacks
60 struct ltdb_context *ctx;
64 map a tdb error code to a ldb error code
66 int ltdb_err_map(enum TDB_ERROR tdb_code)
74 return LDB_ERR_OPERATIONS_ERROR;
76 return LDB_ERR_PROTOCOL_ERROR;
80 case TDB_ERR_LOCK_TIMEOUT:
81 return LDB_ERR_TIME_LIMIT_EXCEEDED;
83 return LDB_ERR_ENTRY_ALREADY_EXISTS;
85 return LDB_ERR_NO_SUCH_OBJECT;
87 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
95 lock the database for read - use by ltdb_search and ltdb_sequence_number
97 int ltdb_lock_read(struct ldb_module *module)
99 void *data = ldb_module_get_private(module);
100 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
104 if (ltdb->in_transaction == 0 &&
105 ltdb->read_lock_count == 0) {
106 tdb_ret = tdb_lockall_read(ltdb->tdb);
109 ltdb->read_lock_count++;
112 ret = ltdb_err_map(tdb_error(ltdb->tdb));
113 if (ret == LDB_SUCCESS) {
114 ret = LDB_ERR_OPERATIONS_ERROR;
116 ldb_debug_set(ldb_module_get_ctx(module),
118 "Failure during ltdb_lock_read(): %s -> %s",
119 tdb_errorstr(ltdb->tdb),
125 unlock the database after a ltdb_lock_read()
127 int ltdb_unlock_read(struct ldb_module *module)
129 void *data = ldb_module_get_private(module);
130 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
131 if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
132 tdb_unlockall_read(ltdb->tdb);
133 ltdb->read_lock_count--;
136 ltdb->read_lock_count--;
142 * Determine if this key could hold a record. We allow the new GUID
143 * index, the old DN index and a possible future ID=
145 bool ltdb_key_is_record(TDB_DATA key)
151 if (memcmp(key.dptr, "DN=", 3) == 0) {
155 if (memcmp(key.dptr, "ID=", 3) == 0) {
159 if (key.dsize < sizeof(LTDB_GUID_KEY_PREFIX)) {
163 if (memcmp(key.dptr, LTDB_GUID_KEY_PREFIX,
164 sizeof(LTDB_GUID_KEY_PREFIX) - 1) == 0) {
172 form a TDB_DATA for a record key
175 note that the key for a record can depend on whether the
176 dn refers to a case sensitive index record or not
178 TDB_DATA ltdb_key_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx,
182 char *key_str = NULL;
183 const char *dn_folded = NULL;
186 most DNs are case insensitive. The exception is index DNs for
187 case sensitive attributes
189 there are 3 cases dealt with in this code:
191 1) if the dn doesn't start with @ then uppercase the attribute
192 names and the attributes values of case insensitive attributes
193 2) if the dn starts with @ then leave it alone -
194 the indexing code handles the rest
197 dn_folded = ldb_dn_get_casefold(dn);
202 key_str = talloc_strdup(mem_ctx, "DN=");
207 key_str = talloc_strdup_append_buffer(key_str, dn_folded);
212 key.dptr = (uint8_t *)key_str;
213 key.dsize = strlen(key_str) + 1;
224 TDB_DATA ltdb_guid_to_key(struct ldb_module *module,
225 struct ltdb_private *ltdb,
227 const struct ldb_val *GUID_val)
230 const char *GUID_prefix = "GUID=";
231 const int GUID_prefix_len = strlen(GUID_prefix);
233 key.dptr = talloc_size(mem_ctx,
234 GUID_val->length+GUID_prefix_len);
236 if (key.dptr == NULL) {
242 memcpy(key.dptr, "GUID=", GUID_prefix_len);
243 memcpy(&key.dptr[GUID_prefix_len],
244 GUID_val->data, GUID_val->length);
246 key.dsize = talloc_get_size(key.dptr);
250 TDB_DATA ltdb_idx_to_key(struct ldb_module *module,
251 struct ltdb_private *ltdb,
253 const struct ldb_val *idx_val)
256 struct ldb_context *ldb = ldb_module_get_ctx(module);
259 if (ltdb->cache->GUID_index_attribute != NULL) {
260 return ltdb_guid_to_key(module, ltdb, mem_ctx, idx_val);
263 dn = ldb_dn_from_ldb_val(mem_ctx, ldb, idx_val);
271 key = ltdb_key_dn(module, mem_ctx, dn);
283 form a TDB_DATA for a record key
284 caller frees mem_ctx, which may or may not have the key
287 note that the key for a record can depend on whether a
288 GUID index is in use, or the DN is used as the key
290 TDB_DATA ltdb_key_msg(struct ldb_module *module, TALLOC_CTX *mem_ctx,
291 const struct ldb_message *msg)
293 void *data = ldb_module_get_private(module);
294 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
296 const struct ldb_val *guid_val;
298 if (ltdb->cache->GUID_index_attribute == NULL) {
299 return ltdb_key_dn(module, mem_ctx, msg->dn);
302 if (ldb_dn_is_special(msg->dn)) {
303 return ltdb_key_dn(module, mem_ctx, msg->dn);
306 guid_val = ldb_msg_find_ldb_val(msg,
307 ltdb->cache->GUID_index_attribute);
308 if (guid_val == NULL) {
315 return ltdb_guid_to_key(module, ltdb, mem_ctx, guid_val);
320 check special dn's have valid attributes
321 currently only @ATTRIBUTES is checked
323 static int ltdb_check_special_dn(struct ldb_module *module,
324 const struct ldb_message *msg)
326 struct ldb_context *ldb = ldb_module_get_ctx(module);
329 if (! ldb_dn_is_special(msg->dn) ||
330 ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
334 /* we have @ATTRIBUTES, let's check attributes are fine */
335 /* should we check that we deny multivalued attributes ? */
336 for (i = 0; i < msg->num_elements; i++) {
337 if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) continue;
339 for (j = 0; j < msg->elements[i].num_values; j++) {
340 if (ltdb_check_at_attributes_values(&msg->elements[i].values[j]) != 0) {
341 ldb_set_errstring(ldb, "Invalid attribute value in an @ATTRIBUTES entry");
342 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
352 we've made a modification to a dn - possibly reindex and
353 update sequence number
355 static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
357 int ret = LDB_SUCCESS;
358 struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
360 /* only allow modifies inside a transaction, otherwise the
362 if (ltdb->in_transaction == 0) {
363 ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
364 return LDB_ERR_OPERATIONS_ERROR;
367 if (ldb_dn_is_special(dn) &&
368 (ldb_dn_check_special(dn, LTDB_INDEXLIST) ||
369 ldb_dn_check_special(dn, LTDB_ATTRIBUTES)) )
371 if (ltdb->warn_reindex) {
372 ldb_debug(ldb_module_get_ctx(module),
373 LDB_DEBUG_ERROR, "Reindexing %s due to modification on %s",
374 tdb_name(ltdb->tdb), ldb_dn_get_linearized(dn));
376 ret = ltdb_reindex(module);
379 /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
380 if (ret == LDB_SUCCESS &&
381 !(ldb_dn_is_special(dn) &&
382 ldb_dn_check_special(dn, LTDB_BASEINFO)) ) {
383 ret = ltdb_increase_sequence_number(module);
386 /* If the modify was to @OPTIONS, reload the cache */
387 if (ret == LDB_SUCCESS &&
388 ldb_dn_is_special(dn) &&
389 (ldb_dn_check_special(dn, LTDB_OPTIONS)) ) {
390 ret = ltdb_cache_reload(module);
397 store a record into the db
399 int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
401 void *data = ldb_module_get_private(module);
402 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
403 TDB_DATA tdb_key, tdb_data;
404 struct ldb_val ldb_data;
405 int ret = LDB_SUCCESS;
406 TALLOC_CTX *tdb_key_ctx = talloc_new(module);
408 if (tdb_key_ctx == NULL) {
409 return ldb_module_oom(module);
412 if (ltdb->read_only) {
413 return LDB_ERR_UNWILLING_TO_PERFORM;
416 tdb_key = ltdb_key_msg(module, tdb_key_ctx, msg);
417 if (tdb_key.dptr == NULL) {
418 TALLOC_FREE(tdb_key_ctx);
419 return LDB_ERR_OTHER;
422 ret = ldb_pack_data(ldb_module_get_ctx(module),
425 TALLOC_FREE(tdb_key_ctx);
426 return LDB_ERR_OTHER;
429 tdb_data.dptr = ldb_data.data;
430 tdb_data.dsize = ldb_data.length;
432 ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
434 bool is_special = ldb_dn_is_special(msg->dn);
435 ret = ltdb_err_map(tdb_error(ltdb->tdb));
438 * LDB_ERR_ENTRY_ALREADY_EXISTS means the DN, not
439 * the GUID, so re-map
441 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS
443 && ltdb->cache->GUID_index_attribute != NULL) {
444 ret = LDB_ERR_CONSTRAINT_VIOLATION;
450 TALLOC_FREE(tdb_key_ctx);
451 talloc_free(ldb_data.data);
458 check if a attribute is a single valued, for a given element
460 static bool ldb_tdb_single_valued(const struct ldb_schema_attribute *a,
461 struct ldb_message_element *el)
463 if (!a) return false;
465 if (el->flags & LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK) {
466 /* override from a ldb module, for example
467 used for the description field, which is
468 marked multi-valued in the schema but which
469 should not actually accept multiple
473 if (el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK) {
474 /* override from a ldb module, for example used for
475 deleted linked attribute entries */
479 if (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
485 static int ltdb_add_internal(struct ldb_module *module,
486 struct ltdb_private *ltdb,
487 const struct ldb_message *msg,
488 bool check_single_value)
490 struct ldb_context *ldb = ldb_module_get_ctx(module);
491 int ret = LDB_SUCCESS;
494 for (i=0;i<msg->num_elements;i++) {
495 struct ldb_message_element *el = &msg->elements[i];
496 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
498 if (el->num_values == 0) {
499 ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
500 el->name, ldb_dn_get_linearized(msg->dn));
501 return LDB_ERR_CONSTRAINT_VIOLATION;
503 if (check_single_value &&
504 el->num_values > 1 &&
505 ldb_tdb_single_valued(a, el)) {
506 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
507 el->name, ldb_dn_get_linearized(msg->dn));
508 return LDB_ERR_CONSTRAINT_VIOLATION;
511 /* Do not check "@ATTRIBUTES" for duplicated values */
512 if (ldb_dn_is_special(msg->dn) &&
513 ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) {
517 if (check_single_value &&
519 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
520 struct ldb_val *duplicate = NULL;
522 ret = ldb_msg_find_duplicate_val(ldb, discard_const(msg),
524 if (ret != LDB_SUCCESS) {
527 if (duplicate != NULL) {
528 ldb_asprintf_errstring(
530 "attribute '%s': value '%.*s' on '%s' "
531 "provided more than once in ADD object",
533 (int)duplicate->length,
535 ldb_dn_get_linearized(msg->dn));
536 return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
541 ret = ltdb_store(module, msg, TDB_INSERT);
542 if (ret != LDB_SUCCESS) {
544 * Try really hard to get the right error code for
545 * a re-add situation, as this can matter!
547 if (ret == LDB_ERR_CONSTRAINT_VIOLATION) {
549 struct ldb_dn *dn2 = NULL;
550 TALLOC_CTX *mem_ctx = talloc_new(module);
551 if (mem_ctx == NULL) {
552 return ldb_module_operr(module);
554 ret2 = ltdb_search_base(module, module,
556 TALLOC_FREE(mem_ctx);
557 if (ret2 == LDB_SUCCESS) {
558 ret = LDB_ERR_ENTRY_ALREADY_EXISTS;
561 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
562 ldb_asprintf_errstring(ldb,
563 "Entry %s already exists",
564 ldb_dn_get_linearized(msg->dn));
569 ret = ltdb_index_add_new(module, ltdb, msg);
570 if (ret != LDB_SUCCESS) {
572 * If we failed to index, delete the message again.
574 * This is particularly important for the GUID index
575 * case, which will only fail for a duplicate DN
578 * Note that the caller may not cancel the transation
579 * and this means the above add might really show up!
581 ltdb_delete_noindex(module, msg);
585 ret = ltdb_modified(module, msg->dn);
591 add a record to the database
593 static int ltdb_add(struct ltdb_context *ctx)
595 struct ldb_module *module = ctx->module;
596 struct ldb_request *req = ctx->req;
597 void *data = ldb_module_get_private(module);
598 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
599 int ret = LDB_SUCCESS;
601 ret = ltdb_check_special_dn(module, req->op.add.message);
602 if (ret != LDB_SUCCESS) {
606 ldb_request_set_state(req, LDB_ASYNC_PENDING);
608 if (ltdb_cache_load(module) != 0) {
609 return LDB_ERR_OPERATIONS_ERROR;
612 ret = ltdb_add_internal(module, ltdb,
613 req->op.add.message, true);
619 delete a record from the database, not updating indexes (used for deleting
622 int ltdb_delete_noindex(struct ldb_module *module,
623 const struct ldb_message *msg)
625 void *data = ldb_module_get_private(module);
626 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
629 TALLOC_CTX *tdb_key_ctx = talloc_new(module);
631 if (tdb_key_ctx == NULL) {
632 return ldb_module_oom(module);
635 if (ltdb->read_only) {
636 return LDB_ERR_UNWILLING_TO_PERFORM;
639 tdb_key = ltdb_key_msg(module, tdb_key_ctx, msg);
641 TALLOC_FREE(tdb_key_ctx);
642 return LDB_ERR_OTHER;
645 ret = tdb_delete(ltdb->tdb, tdb_key);
646 TALLOC_FREE(tdb_key_ctx);
649 ret = ltdb_err_map(tdb_error(ltdb->tdb));
655 static int ltdb_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
657 struct ldb_message *msg;
658 int ret = LDB_SUCCESS;
660 msg = ldb_msg_new(module);
662 return LDB_ERR_OPERATIONS_ERROR;
665 /* in case any attribute of the message was indexed, we need
666 to fetch the old record */
667 ret = ltdb_search_dn1(module, dn, msg, LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
668 if (ret != LDB_SUCCESS) {
669 /* not finding the old record is an error */
673 ret = ltdb_delete_noindex(module, msg);
674 if (ret != LDB_SUCCESS) {
678 /* remove any indexed attributes */
679 ret = ltdb_index_delete(module, msg);
680 if (ret != LDB_SUCCESS) {
684 ret = ltdb_modified(module, dn);
685 if (ret != LDB_SUCCESS) {
695 delete a record from the database
697 static int ltdb_delete(struct ltdb_context *ctx)
699 struct ldb_module *module = ctx->module;
700 struct ldb_request *req = ctx->req;
701 int ret = LDB_SUCCESS;
703 ldb_request_set_state(req, LDB_ASYNC_PENDING);
705 if (ltdb_cache_load(module) != 0) {
706 return LDB_ERR_OPERATIONS_ERROR;
709 ret = ltdb_delete_internal(module, req->op.del.dn);
715 find an element by attribute name. At the moment this does a linear search,
716 it should be re-coded to use a binary search once all places that modify
717 records guarantee sorted order
719 return the index of the first matching element if found, otherwise -1
721 static int find_element(const struct ldb_message *msg, const char *name)
724 for (i=0;i<msg->num_elements;i++) {
725 if (ldb_attr_cmp(msg->elements[i].name, name) == 0) {
734 add an element to an existing record. Assumes a elements array that we
735 can call re-alloc on, and assumed that we can re-use the data pointers from
736 the passed in additional values. Use with care!
738 returns 0 on success, -1 on failure (and sets errno)
740 static int ltdb_msg_add_element(struct ldb_message *msg,
741 struct ldb_message_element *el)
743 struct ldb_message_element *e2;
746 if (el->num_values == 0) {
747 /* nothing to do here - we don't add empty elements */
751 e2 = talloc_realloc(msg, msg->elements, struct ldb_message_element,
752 msg->num_elements+1);
760 e2 = &msg->elements[msg->num_elements];
763 e2->flags = el->flags;
764 e2->values = talloc_array(msg->elements,
765 struct ldb_val, el->num_values);
770 for (i=0;i<el->num_values;i++) {
771 e2->values[i] = el->values[i];
773 e2->num_values = el->num_values;
781 delete all elements having a specified attribute name
783 static int msg_delete_attribute(struct ldb_module *module,
784 struct ltdb_private *ltdb,
785 struct ldb_message *msg, const char *name)
789 struct ldb_message_element *el;
790 bool is_special = ldb_dn_is_special(msg->dn);
793 && ltdb->cache->GUID_index_attribute != NULL
794 && ldb_attr_cmp(name, ltdb->cache->GUID_index_attribute) == 0) {
795 struct ldb_context *ldb = ldb_module_get_ctx(module);
796 ldb_asprintf_errstring(ldb, "Must not modify GUID "
797 "attribute %s (used as DB index)",
798 ltdb->cache->GUID_index_attribute);
799 return LDB_ERR_CONSTRAINT_VIOLATION;
802 el = ldb_msg_find_element(msg, name);
804 return LDB_ERR_NO_SUCH_ATTRIBUTE;
806 i = el - msg->elements;
808 ret = ltdb_index_del_element(module, ltdb, msg, el);
809 if (ret != LDB_SUCCESS) {
813 talloc_free(el->values);
814 if (msg->num_elements > (i+1)) {
815 memmove(el, el+1, sizeof(*el) * (msg->num_elements - (i+1)));
818 msg->elements = talloc_realloc(msg, msg->elements,
819 struct ldb_message_element,
825 delete all elements matching an attribute name/value
827 return LDB Error on failure
829 static int msg_delete_element(struct ldb_module *module,
830 struct ltdb_private *ltdb,
831 struct ldb_message *msg,
833 const struct ldb_val *val)
835 struct ldb_context *ldb = ldb_module_get_ctx(module);
838 struct ldb_message_element *el;
839 const struct ldb_schema_attribute *a;
841 found = find_element(msg, name);
843 return LDB_ERR_NO_SUCH_ATTRIBUTE;
846 i = (unsigned int) found;
847 el = &(msg->elements[i]);
849 a = ldb_schema_attribute_by_name(ldb, el->name);
851 for (i=0;i<el->num_values;i++) {
853 if (a->syntax->operator_fn) {
854 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
855 &el->values[i], val, &matched);
856 if (ret != LDB_SUCCESS) return ret;
858 matched = (a->syntax->comparison_fn(ldb, ldb,
859 &el->values[i], val) == 0);
862 if (el->num_values == 1) {
863 return msg_delete_attribute(module,
867 ret = ltdb_index_del_value(module, ltdb, msg, el, i);
868 if (ret != LDB_SUCCESS) {
872 if (i<el->num_values-1) {
873 memmove(&el->values[i], &el->values[i+1],
874 sizeof(el->values[i])*
875 (el->num_values-(i+1)));
879 /* per definition we find in a canonicalised message an
880 attribute value only once. So we are finished here */
886 return LDB_ERR_NO_SUCH_ATTRIBUTE;
891 modify a record - internal interface
893 yuck - this is O(n^2). Luckily n is usually small so we probably
894 get away with it, but if we ever have really large attribute lists
895 then we'll need to look at this again
897 'req' is optional, and is used to specify controls if supplied
899 int ltdb_modify_internal(struct ldb_module *module,
900 const struct ldb_message *msg,
901 struct ldb_request *req)
903 struct ldb_context *ldb = ldb_module_get_ctx(module);
904 void *data = ldb_module_get_private(module);
905 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
906 struct ldb_message *msg2;
908 int ret = LDB_SUCCESS, idx;
909 struct ldb_control *control_permissive = NULL;
910 TALLOC_CTX *mem_ctx = talloc_new(req);
912 if (mem_ctx == NULL) {
913 return ldb_module_oom(module);
917 control_permissive = ldb_request_get_control(req,
918 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
921 msg2 = ldb_msg_new(mem_ctx);
927 ret = ltdb_search_dn1(module, msg->dn,
929 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
930 if (ret != LDB_SUCCESS) {
934 for (i=0; i<msg->num_elements; i++) {
935 struct ldb_message_element *el = &msg->elements[i], *el2;
936 struct ldb_val *vals;
937 const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
939 uint32_t options = 0;
940 if (control_permissive != NULL) {
941 options |= LDB_MSG_FIND_COMMON_REMOVE_DUPLICATES;
944 switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
945 case LDB_FLAG_MOD_ADD:
947 if (el->num_values == 0) {
948 ldb_asprintf_errstring(ldb,
949 "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
950 el->name, ldb_dn_get_linearized(msg2->dn));
951 ret = LDB_ERR_CONSTRAINT_VIOLATION;
955 /* make a copy of the array so that a permissive
956 * control can remove duplicates without changing the
957 * original values, but do not copy data as we do not
958 * need to keep it around once the operation is
960 if (control_permissive) {
961 el = talloc(msg2, struct ldb_message_element);
966 *el = msg->elements[i];
967 el->values = talloc_array(el, struct ldb_val, el->num_values);
968 if (el->values == NULL) {
972 for (j = 0; j < el->num_values; j++) {
973 el->values[j] = msg->elements[i].values[j];
977 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
978 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
979 el->name, ldb_dn_get_linearized(msg2->dn));
980 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
984 /* Checks if element already exists */
985 idx = find_element(msg2, el->name);
987 if (ltdb_msg_add_element(msg2, el) != 0) {
991 ret = ltdb_index_add_element(module, ltdb,
994 if (ret != LDB_SUCCESS) {
998 j = (unsigned int) idx;
999 el2 = &(msg2->elements[j]);
1001 /* We cannot add another value on a existing one
1002 if the attribute is single-valued */
1003 if (ldb_tdb_single_valued(a, el)) {
1004 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
1005 el->name, ldb_dn_get_linearized(msg2->dn));
1006 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
1010 /* Check that values don't exist yet on multi-
1011 valued attributes or aren't provided twice */
1013 LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
1014 struct ldb_val *duplicate = NULL;
1015 ret = ldb_msg_find_common_values(ldb,
1022 LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
1023 ldb_asprintf_errstring(ldb,
1024 "attribute '%s': value "
1025 "#%u on '%s' already "
1026 "exists", el->name, j,
1027 ldb_dn_get_linearized(msg2->dn));
1029 } else if (ret != LDB_SUCCESS) {
1033 ret = ldb_msg_find_duplicate_val(
1034 ldb, msg2, el, &duplicate, 0);
1035 if (ret != LDB_SUCCESS) {
1038 if (duplicate != NULL) {
1039 ldb_asprintf_errstring(
1041 "attribute '%s': value "
1043 "provided more than "
1046 (int)duplicate->length,
1048 ldb_dn_get_linearized(msg->dn));
1049 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
1054 /* Now combine existing and new values to a new
1056 vals = talloc_realloc(msg2->elements,
1057 el2->values, struct ldb_val,
1058 el2->num_values + el->num_values);
1061 ret = LDB_ERR_OTHER;
1065 for (j=0; j<el->num_values; j++) {
1066 vals[el2->num_values + j] =
1067 ldb_val_dup(vals, &el->values[j]);
1071 el2->num_values += el->num_values;
1073 ret = ltdb_index_add_element(module, ltdb,
1075 if (ret != LDB_SUCCESS) {
1082 case LDB_FLAG_MOD_REPLACE:
1084 if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
1085 ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
1086 el->name, ldb_dn_get_linearized(msg2->dn));
1087 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
1092 * We don't need to check this if we have been
1093 * pre-screened by the repl_meta_data module
1094 * in Samba, or someone else who can claim to
1095 * know what they are doing.
1097 if (!(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
1098 struct ldb_val *duplicate = NULL;
1100 ret = ldb_msg_find_duplicate_val(ldb, msg2, el,
1102 if (ret != LDB_SUCCESS) {
1105 if (duplicate != NULL) {
1106 ldb_asprintf_errstring(
1108 "attribute '%s': value '%.*s' "
1109 "on '%s' provided more than "
1112 (int)duplicate->length,
1114 ldb_dn_get_linearized(msg2->dn));
1115 ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
1120 /* Checks if element already exists */
1121 idx = find_element(msg2, el->name);
1123 j = (unsigned int) idx;
1124 el2 = &(msg2->elements[j]);
1126 /* we consider two elements to be
1127 * equal only if the order
1128 * matches. This allows dbcheck to
1129 * fix the ordering on attributes
1130 * where order matters, such as
1133 if (ldb_msg_element_equal_ordered(el, el2)) {
1137 /* Delete the attribute if it exists in the DB */
1138 if (msg_delete_attribute(module, ltdb,
1141 ret = LDB_ERR_OTHER;
1146 /* Recreate it with the new values */
1147 if (ltdb_msg_add_element(msg2, el) != 0) {
1148 ret = LDB_ERR_OTHER;
1152 ret = ltdb_index_add_element(module, ltdb,
1154 if (ret != LDB_SUCCESS) {
1160 case LDB_FLAG_MOD_DELETE:
1161 dn = ldb_dn_get_linearized(msg2->dn);
1163 ret = LDB_ERR_OTHER;
1167 if (msg->elements[i].num_values == 0) {
1168 /* Delete the whole attribute */
1169 ret = msg_delete_attribute(module,
1172 msg->elements[i].name);
1173 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
1174 control_permissive) {
1177 ldb_asprintf_errstring(ldb,
1178 "attribute '%s': no such attribute for delete on '%s'",
1179 msg->elements[i].name, dn);
1181 if (ret != LDB_SUCCESS) {
1185 /* Delete specified values from an attribute */
1186 for (j=0; j < msg->elements[i].num_values; j++) {
1187 ret = msg_delete_element(module,
1190 msg->elements[i].name,
1191 &msg->elements[i].values[j]);
1192 if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
1193 control_permissive) {
1195 } else if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
1196 ldb_asprintf_errstring(ldb,
1197 "attribute '%s': no matching attribute value while deleting attribute on '%s'",
1198 msg->elements[i].name, dn);
1200 if (ret != LDB_SUCCESS) {
1207 ldb_asprintf_errstring(ldb,
1208 "attribute '%s': invalid modify flags on '%s': 0x%x",
1209 msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
1210 msg->elements[i].flags & LDB_FLAG_MOD_MASK);
1211 ret = LDB_ERR_PROTOCOL_ERROR;
1216 ret = ltdb_store(module, msg2, TDB_MODIFY);
1217 if (ret != LDB_SUCCESS) {
1221 ret = ltdb_modified(module, msg2->dn);
1222 if (ret != LDB_SUCCESS) {
1227 TALLOC_FREE(mem_ctx);
1234 static int ltdb_modify(struct ltdb_context *ctx)
1236 struct ldb_module *module = ctx->module;
1237 struct ldb_request *req = ctx->req;
1238 int ret = LDB_SUCCESS;
1240 ret = ltdb_check_special_dn(module, req->op.mod.message);
1241 if (ret != LDB_SUCCESS) {
1245 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1247 if (ltdb_cache_load(module) != 0) {
1248 return LDB_ERR_OPERATIONS_ERROR;
1251 ret = ltdb_modify_internal(module, req->op.mod.message, req);
1259 static int ltdb_rename(struct ltdb_context *ctx)
1261 struct ldb_module *module = ctx->module;
1262 void *data = ldb_module_get_private(module);
1263 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1264 struct ldb_request *req = ctx->req;
1265 struct ldb_message *msg;
1266 int ret = LDB_SUCCESS;
1267 TDB_DATA tdb_key, tdb_key_old;
1268 struct ldb_dn *db_dn;
1270 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1272 if (ltdb_cache_load(ctx->module) != 0) {
1273 return LDB_ERR_OPERATIONS_ERROR;
1276 msg = ldb_msg_new(ctx);
1278 return LDB_ERR_OPERATIONS_ERROR;
1281 /* we need to fetch the old record to re-add under the new name */
1282 ret = ltdb_search_dn1(module, req->op.rename.olddn, msg,
1283 LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC);
1284 if (ret != LDB_SUCCESS) {
1285 /* not finding the old record is an error */
1289 /* We need to, before changing the DB, check if the new DN
1290 * exists, so we can return this error to the caller with an
1293 * Even in GUID index mode we use ltdb_key_dn() as we are
1294 * trying to figure out if this is just a case rename
1296 tdb_key = ltdb_key_dn(module, msg, req->op.rename.newdn);
1297 if (!tdb_key.dptr) {
1299 return LDB_ERR_OPERATIONS_ERROR;
1302 tdb_key_old = ltdb_key_dn(module, msg, req->op.rename.olddn);
1303 if (!tdb_key_old.dptr) {
1305 talloc_free(tdb_key.dptr);
1306 return LDB_ERR_OPERATIONS_ERROR;
1310 * Only declare a conflict if the new DN already exists,
1311 * and it isn't a case change on the old DN
1313 if (tdb_key_old.dsize != tdb_key.dsize
1314 || memcmp(tdb_key.dptr, tdb_key_old.dptr, tdb_key.dsize) != 0) {
1315 ret = ltdb_search_base(module, msg,
1316 req->op.rename.newdn,
1318 if (ret == LDB_SUCCESS) {
1319 ret = LDB_ERR_ENTRY_ALREADY_EXISTS;
1320 } else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
1325 /* finding the new record already in the DB is an error */
1327 if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
1328 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1329 "Entry %s already exists",
1330 ldb_dn_get_linearized(req->op.rename.newdn));
1332 if (ret != LDB_SUCCESS) {
1333 talloc_free(tdb_key_old.dptr);
1334 talloc_free(tdb_key.dptr);
1339 talloc_free(tdb_key_old.dptr);
1340 talloc_free(tdb_key.dptr);
1342 /* Always delete first then add, to avoid conflicts with
1343 * unique indexes. We rely on the transaction to make this
1346 ret = ltdb_delete_internal(module, msg->dn);
1347 if (ret != LDB_SUCCESS) {
1352 msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
1353 if (msg->dn == NULL) {
1355 return LDB_ERR_OPERATIONS_ERROR;
1358 /* We don't check single value as we can have more than 1 with
1359 * deleted attributes. We could go through all elements but that's
1360 * maybe not the most efficient way
1362 ret = ltdb_add_internal(module, ltdb, msg, false);
1369 static int ltdb_start_trans(struct ldb_module *module)
1371 void *data = ldb_module_get_private(module);
1372 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1374 /* Do not take out the transaction lock on a read-only DB */
1375 if (ltdb->read_only) {
1376 return LDB_ERR_UNWILLING_TO_PERFORM;
1379 if (tdb_transaction_start(ltdb->tdb) != 0) {
1380 return ltdb_err_map(tdb_error(ltdb->tdb));
1383 ltdb->in_transaction++;
1385 ltdb_index_transaction_start(module);
1390 static int ltdb_prepare_commit(struct ldb_module *module)
1393 void *data = ldb_module_get_private(module);
1394 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1396 if (ltdb->in_transaction != 1) {
1400 ret = ltdb_index_transaction_commit(module);
1401 if (ret != LDB_SUCCESS) {
1402 tdb_transaction_cancel(ltdb->tdb);
1403 ltdb->in_transaction--;
1407 if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
1408 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1409 ltdb->in_transaction--;
1410 ldb_debug_set(ldb_module_get_ctx(module),
1413 "tdb_transaction_prepare_commit(): %s -> %s",
1414 tdb_errorstr(ltdb->tdb),
1419 ltdb->prepared_commit = true;
1424 static int ltdb_end_trans(struct ldb_module *module)
1427 void *data = ldb_module_get_private(module);
1428 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1430 if (!ltdb->prepared_commit) {
1431 ret = ltdb_prepare_commit(module);
1432 if (ret != LDB_SUCCESS) {
1437 ltdb->in_transaction--;
1438 ltdb->prepared_commit = false;
1440 if (tdb_transaction_commit(ltdb->tdb) != 0) {
1441 ret = ltdb_err_map(tdb_error(ltdb->tdb));
1442 ldb_asprintf_errstring(ldb_module_get_ctx(module),
1443 "Failure during tdb_transaction_commit(): %s -> %s",
1444 tdb_errorstr(ltdb->tdb),
1452 static int ltdb_del_trans(struct ldb_module *module)
1454 void *data = ldb_module_get_private(module);
1455 struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
1457 ltdb->in_transaction--;
1459 if (ltdb_index_transaction_cancel(module) != 0) {
1460 tdb_transaction_cancel(ltdb->tdb);
1461 return ltdb_err_map(tdb_error(ltdb->tdb));
1464 tdb_transaction_cancel(ltdb->tdb);
1469 return sequenceNumber from @BASEINFO
1471 static int ltdb_sequence_number(struct ltdb_context *ctx,
1472 struct ldb_extended **ext)
1474 struct ldb_context *ldb;
1475 struct ldb_module *module = ctx->module;
1476 struct ldb_request *req = ctx->req;
1477 TALLOC_CTX *tmp_ctx = NULL;
1478 struct ldb_seqnum_request *seq;
1479 struct ldb_seqnum_result *res;
1480 struct ldb_message *msg = NULL;
1483 int ret = LDB_SUCCESS;
1485 ldb = ldb_module_get_ctx(module);
1487 seq = talloc_get_type(req->op.extended.data,
1488 struct ldb_seqnum_request);
1490 return LDB_ERR_OPERATIONS_ERROR;
1493 ldb_request_set_state(req, LDB_ASYNC_PENDING);
1495 if (ltdb_lock_read(module) != 0) {
1496 return LDB_ERR_OPERATIONS_ERROR;
1499 res = talloc_zero(req, struct ldb_seqnum_result);
1501 ret = LDB_ERR_OPERATIONS_ERROR;
1505 tmp_ctx = talloc_new(req);
1506 if (tmp_ctx == NULL) {
1507 ret = LDB_ERR_OPERATIONS_ERROR;
1511 dn = ldb_dn_new(tmp_ctx, ldb, LTDB_BASEINFO);
1513 ret = LDB_ERR_OPERATIONS_ERROR;
1517 msg = ldb_msg_new(tmp_ctx);
1519 ret = LDB_ERR_OPERATIONS_ERROR;
1523 ret = ltdb_search_dn1(module, dn, msg, 0);
1524 if (ret != LDB_SUCCESS) {
1528 switch (seq->type) {
1529 case LDB_SEQ_HIGHEST_SEQ:
1530 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1533 res->seq_num = ldb_msg_find_attr_as_uint64(msg, LTDB_SEQUENCE_NUMBER, 0);
1536 case LDB_SEQ_HIGHEST_TIMESTAMP:
1537 date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL);
1539 res->seq_num = ldb_string_to_time(date);
1542 /* zero is as good as anything when we don't know */
1547 *ext = talloc_zero(req, struct ldb_extended);
1549 ret = LDB_ERR_OPERATIONS_ERROR;
1552 (*ext)->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
1553 (*ext)->data = talloc_steal(*ext, res);
1556 talloc_free(tmp_ctx);
1557 ltdb_unlock_read(module);
1561 static void ltdb_request_done(struct ltdb_context *ctx, int error)
1563 struct ldb_context *ldb;
1564 struct ldb_request *req;
1565 struct ldb_reply *ares;
1567 ldb = ldb_module_get_ctx(ctx->module);
1570 /* if we already returned an error just return */
1571 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1575 ares = talloc_zero(req, struct ldb_reply);
1578 req->callback(req, NULL);
1581 ares->type = LDB_REPLY_DONE;
1582 ares->error = error;
1584 req->callback(req, ares);
1587 static void ltdb_timeout(struct tevent_context *ev,
1588 struct tevent_timer *te,
1592 struct ltdb_context *ctx;
1593 ctx = talloc_get_type(private_data, struct ltdb_context);
1595 if (!ctx->request_terminated) {
1596 /* request is done now */
1597 ltdb_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED);
1601 /* neutralize the spy */
1602 ctx->spy->ctx = NULL;
1608 static void ltdb_request_extended_done(struct ltdb_context *ctx,
1609 struct ldb_extended *ext,
1612 struct ldb_context *ldb;
1613 struct ldb_request *req;
1614 struct ldb_reply *ares;
1616 ldb = ldb_module_get_ctx(ctx->module);
1619 /* if we already returned an error just return */
1620 if (ldb_request_get_status(req) != LDB_SUCCESS) {
1624 ares = talloc_zero(req, struct ldb_reply);
1627 req->callback(req, NULL);
1630 ares->type = LDB_REPLY_DONE;
1631 ares->response = ext;
1632 ares->error = error;
1634 req->callback(req, ares);
1637 static void ltdb_handle_extended(struct ltdb_context *ctx)
1639 struct ldb_extended *ext = NULL;
1642 if (strcmp(ctx->req->op.extended.oid,
1643 LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
1644 /* get sequence number */
1645 ret = ltdb_sequence_number(ctx, &ext);
1647 /* not recognized */
1648 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1651 ltdb_request_extended_done(ctx, ext, ret);
1654 static void ltdb_callback(struct tevent_context *ev,
1655 struct tevent_timer *te,
1659 struct ltdb_context *ctx;
1662 ctx = talloc_get_type(private_data, struct ltdb_context);
1664 if (ctx->request_terminated) {
1668 switch (ctx->req->operation) {
1670 ret = ltdb_search(ctx);
1673 ret = ltdb_add(ctx);
1676 ret = ltdb_modify(ctx);
1679 ret = ltdb_delete(ctx);
1682 ret = ltdb_rename(ctx);
1685 ltdb_handle_extended(ctx);
1688 /* no other op supported */
1689 ret = LDB_ERR_PROTOCOL_ERROR;
1692 if (!ctx->request_terminated) {
1693 /* request is done now */
1694 ltdb_request_done(ctx, ret);
1699 /* neutralize the spy */
1700 ctx->spy->ctx = NULL;
1706 static int ltdb_request_destructor(void *ptr)
1708 struct ltdb_req_spy *spy = talloc_get_type(ptr, struct ltdb_req_spy);
1710 if (spy->ctx != NULL) {
1711 spy->ctx->spy = NULL;
1712 spy->ctx->request_terminated = true;
1719 static int ltdb_handle_request(struct ldb_module *module,
1720 struct ldb_request *req)
1722 struct ldb_control *control_permissive;
1723 struct ldb_context *ldb;
1724 struct tevent_context *ev;
1725 struct ltdb_context *ac;
1726 struct tevent_timer *te;
1730 ldb = ldb_module_get_ctx(module);
1732 control_permissive = ldb_request_get_control(req,
1733 LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1735 for (i = 0; req->controls && req->controls[i]; i++) {
1736 if (req->controls[i]->critical &&
1737 req->controls[i] != control_permissive) {
1738 ldb_asprintf_errstring(ldb, "Unsupported critical extension %s",
1739 req->controls[i]->oid);
1740 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1744 if (req->starttime == 0 || req->timeout == 0) {
1745 ldb_set_errstring(ldb, "Invalid timeout settings");
1746 return LDB_ERR_TIME_LIMIT_EXCEEDED;
1749 ev = ldb_handle_get_event_context(req->handle);
1751 ac = talloc_zero(ldb, struct ltdb_context);
1754 return LDB_ERR_OPERATIONS_ERROR;
1757 ac->module = module;
1762 te = tevent_add_timer(ev, ac, tv, ltdb_callback, ac);
1765 return LDB_ERR_OPERATIONS_ERROR;
1768 if (req->timeout > 0) {
1769 tv.tv_sec = req->starttime + req->timeout;
1771 ac->timeout_event = tevent_add_timer(ev, ac, tv,
1773 if (NULL == ac->timeout_event) {
1775 return LDB_ERR_OPERATIONS_ERROR;
1779 /* set a spy so that we do not try to use the request context
1780 * if it is freed before ltdb_callback fires */
1781 ac->spy = talloc(req, struct ltdb_req_spy);
1782 if (NULL == ac->spy) {
1784 return LDB_ERR_OPERATIONS_ERROR;
1788 talloc_set_destructor((TALLOC_CTX *)ac->spy, ltdb_request_destructor);
1793 static int ltdb_init_rootdse(struct ldb_module *module)
1795 /* ignore errors on this - we expect it for non-sam databases */
1796 ldb_mod_register_control(module, LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1798 /* there can be no module beyond the backend, just return */
1802 static const struct ldb_module_ops ltdb_ops = {
1804 .init_context = ltdb_init_rootdse,
1805 .search = ltdb_handle_request,
1806 .add = ltdb_handle_request,
1807 .modify = ltdb_handle_request,
1808 .del = ltdb_handle_request,
1809 .rename = ltdb_handle_request,
1810 .extended = ltdb_handle_request,
1811 .start_transaction = ltdb_start_trans,
1812 .end_transaction = ltdb_end_trans,
1813 .prepare_commit = ltdb_prepare_commit,
1814 .del_transaction = ltdb_del_trans,
1815 .read_lock = ltdb_lock_read,
1816 .read_unlock = ltdb_unlock_read,
1820 connect to the database
1822 static int ltdb_connect(struct ldb_context *ldb, const char *url,
1823 unsigned int flags, const char *options[],
1824 struct ldb_module **_module)
1826 struct ldb_module *module;
1828 int tdb_flags, open_flags;
1829 struct ltdb_private *ltdb;
1832 * We hold locks, so we must use a private event context
1833 * on each returned handle
1836 ldb_set_require_private_event_context(ldb);
1839 if (strchr(url, ':')) {
1840 if (strncmp(url, "tdb://", 6) != 0) {
1841 ldb_debug(ldb, LDB_DEBUG_ERROR,
1842 "Invalid tdb URL '%s'", url);
1843 return LDB_ERR_OPERATIONS_ERROR;
1850 tdb_flags = TDB_DEFAULT | TDB_SEQNUM;
1852 /* check for the 'nosync' option */
1853 if (flags & LDB_FLG_NOSYNC) {
1854 tdb_flags |= TDB_NOSYNC;
1857 /* and nommap option */
1858 if (flags & LDB_FLG_NOMMAP) {
1859 tdb_flags |= TDB_NOMMAP;
1862 ltdb = talloc_zero(ldb, struct ltdb_private);
1865 return LDB_ERR_OPERATIONS_ERROR;
1868 if (flags & LDB_FLG_RDONLY) {
1870 * This is weird, but because we can only have one tdb
1871 * in this process, and the other one could be
1872 * read-write, we can't use the tdb readonly. Plus a
1873 * read only tdb prohibits the all-record lock.
1875 open_flags = O_RDWR;
1877 ltdb->read_only = true;
1879 } else if (flags & LDB_FLG_DONT_CREATE_DB) {
1881 * This is used by ldbsearch to prevent creation of the database
1882 * if the name is wrong
1884 open_flags = O_RDWR;
1887 * This is the normal case
1889 open_flags = O_CREAT | O_RDWR;
1892 /* note that we use quite a large default hash size */
1893 ltdb->tdb = ltdb_wrap_open(ltdb, path, 10000,
1894 tdb_flags, open_flags,
1895 ldb_get_create_perms(ldb), ldb);
1897 ldb_asprintf_errstring(ldb,
1898 "Unable to open tdb '%s': %s", path, strerror(errno));
1899 ldb_debug(ldb, LDB_DEBUG_ERROR,
1900 "Unable to open tdb '%s': %s", path, strerror(errno));
1902 if (errno == EACCES || errno == EPERM) {
1903 return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
1905 return LDB_ERR_OPERATIONS_ERROR;
1908 if (getenv("LDB_WARN_UNINDEXED")) {
1909 ltdb->warn_unindexed = true;
1912 if (getenv("LDB_WARN_REINDEX")) {
1913 ltdb->warn_reindex = true;
1916 ltdb->sequence_number = 0;
1918 module = ldb_module_new(ldb, ldb, "ldb_tdb backend", <db_ops);
1922 return LDB_ERR_OPERATIONS_ERROR;
1924 ldb_module_set_private(module, ltdb);
1925 talloc_steal(module, ltdb);
1927 if (ltdb_cache_load(module) != 0) {
1928 ldb_asprintf_errstring(ldb,
1929 "Unable to load ltdb cache records of tdb '%s'", path);
1930 talloc_free(module);
1931 return LDB_ERR_OPERATIONS_ERROR;
1938 int ldb_tdb_init(const char *version)
1940 LDB_MODULE_CHECK_VERSION(version);
1941 return ldb_register_backend("tdb", ltdb_connect, false);