Line data Source code
1 : /*
2 : ldb database library
3 :
4 : Copyright (C) Andrew Tridgell 2004
5 : Copyright (C) Stefan Metzmacher 2004
6 : Copyright (C) Simo Sorce 2006-2008
7 : Copyright (C) Matthias Dieter Wallnöfer 2009-2010
8 :
9 : ** NOTE! The following LGPL license applies to the ldb
10 : ** library. This does NOT imply that all of Samba is released
11 : ** under the LGPL
12 :
13 : This library is free software; you can redistribute it and/or
14 : modify it under the terms of the GNU Lesser General Public
15 : License as published by the Free Software Foundation; either
16 : version 3 of the License, or (at your option) any later version.
17 :
18 : This library is distributed in the hope that it will be useful,
19 : but WITHOUT ANY WARRANTY; without even the implied warranty of
20 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 : Lesser General Public License for more details.
22 :
23 : You should have received a copy of the GNU Lesser General Public
24 : License along with this library; if not, see <http://www.gnu.org/licenses/>.
25 : */
26 :
27 : /*
28 : * Name: ldb_kv
29 : *
30 : * Component: ldb key value backend
31 : *
32 : * Description: core functions for ldb key value backend
33 : *
34 : * Author: Andrew Tridgell
35 : * Author: Stefan Metzmacher
36 : *
37 : * Modifications:
38 : *
39 : * - description: make the module use asynchronous calls
40 : * date: Feb 2006
41 : * Author: Simo Sorce
42 : *
43 : * - description: make it possible to use event contexts
44 : * date: Jan 2008
45 : * Author: Simo Sorce
46 : *
47 : * - description: fix up memory leaks and small bugs
48 : * date: Oct 2009
49 : * Author: Matthias Dieter Wallnöfer
50 : */
51 :
52 : #include "ldb_kv.h"
53 : #include "ldb_private.h"
54 : #include "lib/util/attr.h"
55 :
56 : /*
57 : prevent memory errors on callbacks
58 : */
59 : struct ldb_kv_req_spy {
60 : struct ldb_kv_context *ctx;
61 : };
62 :
63 : /*
64 : * Determine if this key could hold a record. We allow the new GUID
65 : * index, the old DN index and a possible future ID=
66 : */
67 553780303 : bool ldb_kv_key_is_normal_record(struct ldb_val key)
68 : {
69 553780303 : if (key.length < 4) {
70 0 : return false;
71 : }
72 :
73 : /*
74 : * @ records are not normal records, we don't want to index
75 : * them nor search on them
76 : */
77 553780303 : if (key.length > 4 &&
78 553780303 : memcmp(key.data, "DN=@", 4) == 0) {
79 441509763 : return false;
80 : }
81 :
82 : /* All other DN= records are however */
83 110219795 : if (memcmp(key.data, "DN=", 3) == 0) {
84 374852 : return true;
85 : }
86 :
87 109783505 : if (memcmp(key.data, "ID=", 3) == 0) {
88 0 : return true;
89 : }
90 :
91 109783505 : if (key.length < sizeof(LDB_KV_GUID_KEY_PREFIX)) {
92 0 : return false;
93 : }
94 :
95 109783505 : if (memcmp(key.data, LDB_KV_GUID_KEY_PREFIX,
96 : sizeof(LDB_KV_GUID_KEY_PREFIX) - 1) == 0) {
97 109783505 : return true;
98 : }
99 :
100 0 : return false;
101 : }
102 :
103 : /*
104 : form a ldb_val for a record key
105 : caller frees
106 :
107 : note that the key for a record can depend on whether the
108 : dn refers to a case sensitive index record or not
109 : */
110 263430133 : struct ldb_val ldb_kv_key_dn(TALLOC_CTX *mem_ctx,
111 : struct ldb_dn *dn)
112 : {
113 10707454 : struct ldb_val key;
114 263430133 : char *key_str = NULL;
115 263430133 : const char *dn_folded = NULL;
116 :
117 : /*
118 : most DNs are case insensitive. The exception is index DNs for
119 : case sensitive attributes
120 :
121 : there are 3 cases dealt with in this code:
122 :
123 : 1) if the dn doesn't start with @ then uppercase the attribute
124 : names and the attributes values of case insensitive attributes
125 : 2) if the dn starts with @ then leave it alone -
126 : the indexing code handles the rest
127 : */
128 :
129 263430133 : dn_folded = ldb_dn_get_casefold(dn);
130 263430133 : if (!dn_folded) {
131 0 : goto failed;
132 : }
133 :
134 263430133 : key_str = talloc_strdup(mem_ctx, "DN=");
135 263430133 : if (!key_str) {
136 0 : goto failed;
137 : }
138 :
139 263430133 : key_str = talloc_strdup_append_buffer(key_str, dn_folded);
140 263430133 : if (!key_str) {
141 0 : goto failed;
142 : }
143 :
144 263430133 : key.data = (uint8_t *)key_str;
145 263430133 : key.length = strlen(key_str) + 1;
146 :
147 263430133 : return key;
148 :
149 0 : failed:
150 0 : errno = ENOMEM;
151 0 : key.data = NULL;
152 0 : key.length = 0;
153 0 : return key;
154 : }
155 :
156 : /* The caller is to provide a correctly sized key */
157 268201204 : int ldb_kv_guid_to_key(const struct ldb_val *GUID_val,
158 : struct ldb_val *key)
159 : {
160 268201204 : const char *GUID_prefix = LDB_KV_GUID_KEY_PREFIX;
161 268201204 : const int GUID_prefix_len = sizeof(LDB_KV_GUID_KEY_PREFIX) - 1;
162 :
163 268201204 : if (key->length != (GUID_val->length+GUID_prefix_len)) {
164 0 : return LDB_ERR_OPERATIONS_ERROR;
165 : }
166 :
167 268201204 : memcpy(key->data, GUID_prefix, GUID_prefix_len);
168 268201204 : memcpy(&key->data[GUID_prefix_len],
169 268201204 : GUID_val->data, GUID_val->length);
170 268201204 : return LDB_SUCCESS;
171 : }
172 :
173 : /*
174 : * The caller is to provide a correctly sized key, used only in
175 : * the GUID index mode
176 : */
177 141038830 : int ldb_kv_idx_to_key(struct ldb_module *module,
178 : struct ldb_kv_private *ldb_kv,
179 : TALLOC_CTX *mem_ctx,
180 : const struct ldb_val *idx_val,
181 : struct ldb_val *key)
182 : {
183 141038830 : struct ldb_context *ldb = ldb_module_get_ctx(module);
184 2632613 : struct ldb_dn *dn;
185 :
186 141038830 : if (ldb_kv->cache->GUID_index_attribute != NULL) {
187 140728431 : return ldb_kv_guid_to_key(idx_val, key);
188 : }
189 :
190 310399 : dn = ldb_dn_from_ldb_val(mem_ctx, ldb, idx_val);
191 310399 : if (dn == NULL) {
192 : /*
193 : * LDB_ERR_INVALID_DN_SYNTAX would just be confusing
194 : * to the caller, as this in an invalid index value
195 : */
196 0 : return LDB_ERR_OPERATIONS_ERROR;
197 : }
198 : /* form the key */
199 310399 : *key = ldb_kv_key_dn(mem_ctx, dn);
200 310399 : TALLOC_FREE(dn);
201 310399 : if (!key->data) {
202 0 : return ldb_module_oom(module);
203 : }
204 222345 : return LDB_SUCCESS;
205 : }
206 :
207 : /*
208 : form a TDB_DATA for a record key
209 : caller frees mem_ctx, which may or may not have the key
210 : as a child.
211 :
212 : note that the key for a record can depend on whether a
213 : GUID index is in use, or the DN is used as the key
214 : */
215 22026382 : struct ldb_val ldb_kv_key_msg(struct ldb_module *module,
216 : TALLOC_CTX *mem_ctx,
217 : const struct ldb_message *msg)
218 : {
219 22026382 : void *data = ldb_module_get_private(module);
220 1894009 : struct ldb_kv_private *ldb_kv =
221 22026382 : talloc_get_type(data, struct ldb_kv_private);
222 1894009 : struct ldb_val key;
223 1894009 : const struct ldb_val *guid_val;
224 1894009 : int ret;
225 :
226 22026382 : if (ldb_kv->cache->GUID_index_attribute == NULL) {
227 500639 : return ldb_kv_key_dn(mem_ctx, msg->dn);
228 : }
229 :
230 21525743 : if (ldb_dn_is_special(msg->dn)) {
231 17303654 : return ldb_kv_key_dn(mem_ctx, msg->dn);
232 : }
233 :
234 347091 : guid_val =
235 4222089 : ldb_msg_find_ldb_val(msg, ldb_kv->cache->GUID_index_attribute);
236 4222089 : if (guid_val == NULL) {
237 0 : ldb_asprintf_errstring(ldb_module_get_ctx(module),
238 : "Did not find GUID attribute %s "
239 : "in %s, required for TDB record "
240 : "key in " LDB_KV_IDXGUID " mode.",
241 0 : ldb_kv->cache->GUID_index_attribute,
242 0 : ldb_dn_get_linearized(msg->dn));
243 0 : errno = EINVAL;
244 0 : key.data = NULL;
245 0 : key.length = 0;
246 0 : return key;
247 : }
248 :
249 : /* In this case, allocate with talloc */
250 4222089 : key.data = talloc_size(mem_ctx, LDB_KV_GUID_KEY_SIZE);
251 4222089 : if (key.data == NULL) {
252 0 : errno = ENOMEM;
253 0 : key.data = NULL;
254 0 : key.length = 0;
255 0 : return key;
256 : }
257 4222089 : key.length = talloc_get_size(key.data);
258 :
259 4222089 : ret = ldb_kv_guid_to_key(guid_val, &key);
260 :
261 4222089 : if (ret != LDB_SUCCESS) {
262 0 : errno = EINVAL;
263 0 : key.data = NULL;
264 0 : key.length = 0;
265 0 : return key;
266 : }
267 4222089 : return key;
268 : }
269 :
270 : /*
271 : check special dn's have valid attributes
272 : currently only @ATTRIBUTES is checked
273 : */
274 2385525 : static int ldb_kv_check_special_dn(struct ldb_module *module,
275 : const struct ldb_message *msg)
276 : {
277 2385525 : struct ldb_context *ldb = ldb_module_get_ctx(module);
278 119852 : unsigned int i, j;
279 :
280 2388142 : if (! ldb_dn_is_special(msg->dn) ||
281 248979 : ! ldb_dn_check_special(msg->dn, LDB_KV_ATTRIBUTES)) {
282 2376385 : return LDB_SUCCESS;
283 : }
284 :
285 : /* we have @ATTRIBUTES, let's check attributes are fine */
286 : /* should we check that we deny multivalued attributes ? */
287 1854137 : for (i = 0; i < msg->num_elements; i++) {
288 1844999 : if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) continue;
289 :
290 3682015 : for (j = 0; j < msg->elements[i].num_values; j++) {
291 1839789 : if (ldb_kv_check_at_attributes_values(
292 1839789 : &msg->elements[i].values[j]) != 0) {
293 2 : ldb_set_errstring(ldb, "Invalid attribute value in an @ATTRIBUTES entry");
294 2 : return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
295 : }
296 : }
297 : }
298 :
299 8645 : return LDB_SUCCESS;
300 : }
301 :
302 : /*
303 : * Called after modifies and when starting a transaction. Checks target pack
304 : * format version and current pack format version, which are set by cache_load,
305 : * and repacks if necessary.
306 : */
307 1942860 : static int ldb_kv_maybe_repack(struct ldb_kv_private *ldb_kv) {
308 : /* Override option taken from ldb options */
309 1942860 : if (ldb_kv->pack_format_override != 0) {
310 6 : ldb_kv->target_pack_format_version =
311 0 : ldb_kv->pack_format_override;
312 : }
313 :
314 1942860 : if (ldb_kv->pack_format_version !=
315 1942860 : ldb_kv->target_pack_format_version) {
316 200 : int r;
317 3457 : struct ldb_context *ldb = ldb_module_get_ctx(ldb_kv->module);
318 3457 : r = ldb_kv_repack(ldb_kv->module);
319 3457 : if (r != LDB_SUCCESS) {
320 0 : ldb_debug(ldb, LDB_DEBUG_ERROR,
321 : "Database repack failed.");
322 : }
323 3457 : return r;
324 : }
325 :
326 1923746 : return LDB_SUCCESS;
327 : }
328 :
329 : /*
330 : we've made a modification to a dn - possibly reindex and
331 : update sequence number
332 : */
333 5094066 : static int ldb_kv_modified(struct ldb_module *module, struct ldb_dn *dn)
334 : {
335 5094066 : int ret = LDB_SUCCESS;
336 5094066 : struct ldb_kv_private *ldb_kv = talloc_get_type(
337 : ldb_module_get_private(module), struct ldb_kv_private);
338 :
339 : /* only allow modifies inside a transaction, otherwise the
340 : * ldb is unsafe */
341 5094066 : if (ldb_kv->kv_ops->transaction_active(ldb_kv) == false) {
342 0 : ldb_set_errstring(ldb_module_get_ctx(module), "ltdb modify without transaction");
343 0 : return LDB_ERR_OPERATIONS_ERROR;
344 : }
345 :
346 7886690 : if (ldb_dn_is_special(dn) &&
347 5578510 : (ldb_dn_check_special(dn, LDB_KV_INDEXLIST) ||
348 2785886 : ldb_dn_check_special(dn, LDB_KV_ATTRIBUTES)) )
349 : {
350 13804 : if (ldb_kv->warn_reindex) {
351 0 : ldb_debug(ldb_module_get_ctx(module),
352 : LDB_DEBUG_ERROR,
353 : "Reindexing %s due to modification on %s",
354 0 : ldb_kv->kv_ops->name(ldb_kv),
355 : ldb_dn_get_linearized(dn));
356 : }
357 13804 : ret = ldb_kv_reindex(module);
358 : }
359 :
360 : /* If the modify was to a normal record, or any special except @BASEINFO, update the seq number */
361 5094771 : if (ret == LDB_SUCCESS &&
362 7886662 : !(ldb_dn_is_special(dn) &&
363 2792610 : ldb_dn_check_special(dn, LDB_KV_BASEINFO)) ) {
364 2547026 : ret = ldb_kv_increase_sequence_number(module);
365 : }
366 :
367 : /* If the modify was to @OPTIONS, reload the cache */
368 10188118 : if (ret == LDB_SUCCESS &&
369 7886662 : ldb_dn_is_special(dn) &&
370 2792610 : (ldb_dn_check_special(dn, LDB_KV_OPTIONS)) ) {
371 2660 : ret = ldb_kv_cache_reload(module);
372 : }
373 :
374 5094066 : if (ret != LDB_SUCCESS) {
375 14 : ldb_kv->reindex_failed = true;
376 : }
377 :
378 4853978 : return ret;
379 : }
380 : /*
381 : store a record into the db
382 : */
383 19851707 : int ldb_kv_store(struct ldb_module *module,
384 : const struct ldb_message *msg,
385 : int flgs)
386 : {
387 19851707 : void *data = ldb_module_get_private(module);
388 1643682 : struct ldb_kv_private *ldb_kv =
389 19851707 : talloc_get_type(data, struct ldb_kv_private);
390 1643682 : struct ldb_val key;
391 1643682 : struct ldb_val ldb_data;
392 19851707 : int ret = LDB_SUCCESS;
393 19851707 : TALLOC_CTX *key_ctx = talloc_new(module);
394 :
395 19851707 : if (key_ctx == NULL) {
396 0 : return ldb_module_oom(module);
397 : }
398 :
399 19851707 : if (ldb_kv->read_only) {
400 0 : talloc_free(key_ctx);
401 0 : return LDB_ERR_UNWILLING_TO_PERFORM;
402 : }
403 :
404 19851707 : key = ldb_kv_key_msg(module, key_ctx, msg);
405 19851707 : if (key.data == NULL) {
406 0 : TALLOC_FREE(key_ctx);
407 0 : return LDB_ERR_OTHER;
408 : }
409 :
410 19851707 : ret = ldb_pack_data(ldb_module_get_ctx(module),
411 : msg, &ldb_data,
412 : ldb_kv->pack_format_version);
413 19851707 : if (ret == -1) {
414 0 : TALLOC_FREE(key_ctx);
415 0 : return LDB_ERR_OTHER;
416 : }
417 :
418 19851707 : ret = ldb_kv->kv_ops->store(ldb_kv, key, ldb_data, flgs);
419 19851707 : if (ret != 0) {
420 2666 : bool is_special = ldb_dn_is_special(msg->dn);
421 2666 : ret = ldb_kv->kv_ops->error(ldb_kv);
422 :
423 : /*
424 : * LDB_ERR_ENTRY_ALREADY_EXISTS means the DN, not
425 : * the GUID, so re-map
426 : */
427 2666 : if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS && !is_special &&
428 54 : ldb_kv->cache->GUID_index_attribute != NULL) {
429 24 : ret = LDB_ERR_CONSTRAINT_VIOLATION;
430 : }
431 2666 : goto done;
432 : }
433 :
434 19849041 : done:
435 19851707 : TALLOC_FREE(key_ctx);
436 19851707 : talloc_free(ldb_data.data);
437 :
438 19851707 : return ret;
439 : }
440 :
441 :
442 : /*
443 : check if a attribute is a single valued, for a given element
444 : */
445 1695599 : static bool ldb_kv_single_valued(const struct ldb_schema_attribute *a,
446 : struct ldb_message_element *el)
447 : {
448 1694707 : if (!a) return false;
449 1695599 : if (el != NULL) {
450 1695599 : if (el->flags & LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK) {
451 : /* override from a ldb module, for example
452 : used for the description field, which is
453 : marked multi-valued in the schema but which
454 : should not actually accept multiple
455 : values */
456 12 : return true;
457 : }
458 1695587 : if (el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK) {
459 : /* override from a ldb module, for example used for
460 : deleted linked attribute entries */
461 56742 : return false;
462 : }
463 : }
464 1638113 : if (a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
465 75 : return true;
466 : }
467 1489518 : return false;
468 : }
469 :
470 : /*
471 : * Starts a sub transaction if they are supported by the backend
472 : * and the ldb connection has not been opened in batch mode.
473 : */
474 2480033 : static int ldb_kv_sub_transaction_start(struct ldb_kv_private *ldb_kv)
475 : {
476 2480033 : int ret = LDB_SUCCESS;
477 :
478 2480033 : if (ldb_kv->batch_mode) {
479 394439 : return ret;
480 : }
481 :
482 2085594 : ret = ldb_kv->kv_ops->begin_nested_write(ldb_kv);
483 2085594 : if (ret == LDB_SUCCESS) {
484 2085594 : ret = ldb_kv_index_sub_transaction_start(ldb_kv);
485 : }
486 1964621 : return ret;
487 : }
488 :
489 : /*
490 : * Commits a sub transaction if they are supported by the backend
491 : * and the ldb connection has not been opened in batch mode.
492 : */
493 2465758 : static int ldb_kv_sub_transaction_commit(struct ldb_kv_private *ldb_kv)
494 : {
495 2465758 : int ret = LDB_SUCCESS;
496 :
497 2465758 : if (ldb_kv->batch_mode) {
498 394156 : return ret;
499 : }
500 :
501 2071602 : ret = ldb_kv_index_sub_transaction_commit(ldb_kv);
502 2071602 : if (ret != LDB_SUCCESS) {
503 0 : return ret;
504 : }
505 2071602 : ret = ldb_kv->kv_ops->finish_nested_write(ldb_kv);
506 2071602 : return ret;
507 : }
508 :
509 : /*
510 : * Cancels a sub transaction if they are supported by the backend
511 : * and the ldb connection has not been opened in batch mode.
512 : */
513 14275 : static int ldb_kv_sub_transaction_cancel(struct ldb_kv_private *ldb_kv)
514 : {
515 14275 : int ret = LDB_SUCCESS;
516 :
517 14275 : if (ldb_kv->batch_mode) {
518 283 : return ret;
519 : }
520 :
521 13992 : ret = ldb_kv_index_sub_transaction_cancel(ldb_kv);
522 13992 : if (ret != LDB_SUCCESS) {
523 0 : struct ldb_context *ldb = ldb_module_get_ctx(ldb_kv->module);
524 : /*
525 : * In the event of a failure we log the failure and continue
526 : * as we need to cancel the database transaction.
527 : */
528 0 : ldb_debug(ldb,
529 : LDB_DEBUG_ERROR,
530 : __location__": ldb_kv_index_sub_transaction_cancel "
531 : "failed: %s",
532 : ldb_errstring(ldb));
533 : }
534 13992 : ret = ldb_kv->kv_ops->abort_nested_write(ldb_kv);
535 13992 : return ret;
536 : }
537 :
538 1180029 : static int ldb_kv_add_internal(struct ldb_module *module,
539 : struct ldb_kv_private *ldb_kv,
540 : const struct ldb_message *msg,
541 : bool check_single_value)
542 : {
543 1180029 : struct ldb_context *ldb = ldb_module_get_ctx(module);
544 1180029 : int ret = LDB_SUCCESS;
545 88755 : unsigned int i;
546 1180029 : bool valid_dn = false;
547 :
548 : /* Check the new DN is reasonable */
549 1180029 : valid_dn = ldb_dn_validate(msg->dn);
550 1180029 : if (valid_dn == false) {
551 0 : ldb_asprintf_errstring(ldb_module_get_ctx(module),
552 : "Invalid DN in ADD: %s",
553 0 : ldb_dn_get_linearized(msg->dn));
554 0 : return LDB_ERR_INVALID_DN_SYNTAX;
555 : }
556 :
557 23302661 : for (i=0;i<msg->num_elements;i++) {
558 22122636 : struct ldb_message_element *el = &msg->elements[i];
559 22122636 : const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
560 :
561 22122636 : if (el->num_values == 0) {
562 2 : ldb_asprintf_errstring(ldb, "attribute '%s' on '%s' specified, but with 0 values (illegal)",
563 2 : el->name, ldb_dn_get_linearized(msg->dn));
564 2 : return LDB_ERR_CONSTRAINT_VIOLATION;
565 : }
566 23477976 : if (check_single_value && el->num_values > 1 &&
567 3263022 : ldb_kv_single_valued(a, el)) {
568 0 : ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
569 0 : el->name, ldb_dn_get_linearized(msg->dn));
570 0 : return LDB_ERR_CONSTRAINT_VIOLATION;
571 : }
572 :
573 : /* Do not check "@ATTRIBUTES" for duplicated values */
574 23451158 : if (ldb_dn_is_special(msg->dn) &&
575 1328524 : ldb_dn_check_special(msg->dn, LDB_KV_ATTRIBUTES)) {
576 1295492 : continue;
577 : }
578 :
579 20827142 : if (check_single_value &&
580 19248058 : !(el->flags &
581 : LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
582 19241033 : struct ldb_val *duplicate = NULL;
583 :
584 19241033 : ret = ldb_msg_find_duplicate_val(ldb, discard_const(msg),
585 : el, &duplicate, 0);
586 19241033 : if (ret != LDB_SUCCESS) {
587 2 : return ret;
588 : }
589 19241033 : if (duplicate != NULL) {
590 4 : ldb_asprintf_errstring(
591 : ldb,
592 : "attribute '%s': value '%.*s' on '%s' "
593 : "provided more than once in ADD object",
594 : el->name,
595 2 : (int)duplicate->length,
596 2 : duplicate->data,
597 2 : ldb_dn_get_linearized(msg->dn));
598 2 : return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
599 : }
600 : }
601 : }
602 :
603 1180025 : ret = ldb_kv_store(module, msg, TDB_INSERT);
604 1180025 : if (ret != LDB_SUCCESS) {
605 : /*
606 : * Try really hard to get the right error code for
607 : * a re-add situation, as this can matter!
608 : */
609 2665 : if (ret == LDB_ERR_CONSTRAINT_VIOLATION) {
610 0 : int ret2;
611 24 : struct ldb_dn *dn2 = NULL;
612 24 : TALLOC_CTX *mem_ctx = talloc_new(module);
613 24 : if (mem_ctx == NULL) {
614 0 : return ldb_module_operr(module);
615 : }
616 0 : ret2 =
617 24 : ldb_kv_search_base(module, mem_ctx, msg->dn, &dn2);
618 24 : TALLOC_FREE(mem_ctx);
619 24 : if (ret2 == LDB_SUCCESS) {
620 8 : ret = LDB_ERR_ENTRY_ALREADY_EXISTS;
621 : }
622 : }
623 2665 : if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
624 2649 : ldb_asprintf_errstring(ldb,
625 : "Entry %s already exists",
626 2649 : ldb_dn_get_linearized(msg->dn));
627 : }
628 2665 : return ret;
629 : }
630 :
631 1177360 : ret = ldb_kv_index_add_new(module, ldb_kv, msg);
632 1177360 : if (ret != LDB_SUCCESS) {
633 : /*
634 : * If we failed to index, delete the message again.
635 : *
636 : * This is particularly important for the GUID index
637 : * case, which will only fail for a duplicate DN
638 : * in the index add.
639 : *
640 : * Note that the caller may not cancel the transaction
641 : * and this means the above add might really show up!
642 : */
643 390 : ldb_kv_delete_noindex(module, msg);
644 390 : return ret;
645 : }
646 :
647 1176970 : ret = ldb_kv_modified(module, msg->dn);
648 :
649 : /*
650 : * To allow testing of the error recovery code in ldb_kv_add
651 : * cmocka tests can define CMOCKA_UNIT_TEST_ADD_INTERNAL_FAIL
652 : * to inject failures at this point.
653 : */
654 : #ifdef CMOCKA_UNIT_TEST_ADD_INTERNAL_FAIL
655 : CMOCKA_UNIT_TEST_ADD_INTERNAL_FAIL
656 : #endif
657 :
658 1176970 : return ret;
659 : }
660 :
661 : /*
662 : add a record to the database
663 : */
664 1098763 : static int ldb_kv_add(struct ldb_kv_context *ctx)
665 : {
666 1098763 : struct ldb_module *module = ctx->module;
667 1098763 : struct ldb_request *req = ctx->req;
668 1098763 : void *data = ldb_module_get_private(module);
669 88593 : struct ldb_kv_private *ldb_kv =
670 1098763 : talloc_get_type(data, struct ldb_kv_private);
671 1098763 : int ret = LDB_SUCCESS;
672 :
673 1098763 : if (ldb_kv->max_key_length != 0 &&
674 330497 : ldb_kv->cache->GUID_index_attribute == NULL &&
675 927 : !ldb_dn_is_special(req->op.add.message->dn)) {
676 0 : ldb_set_errstring(ldb_module_get_ctx(module),
677 : "Must operate ldb_mdb in GUID "
678 : "index mode, but " LDB_KV_IDXGUID " not set.");
679 0 : return LDB_ERR_UNWILLING_TO_PERFORM;
680 : }
681 :
682 1098763 : ret = ldb_kv_check_special_dn(module, req->op.add.message);
683 1098763 : if (ret != LDB_SUCCESS) {
684 1 : return ret;
685 : }
686 :
687 1098761 : ldb_request_set_state(req, LDB_ASYNC_PENDING);
688 :
689 1098761 : if (ldb_kv_cache_load(module) != 0) {
690 0 : return LDB_ERR_OPERATIONS_ERROR;
691 : }
692 :
693 1098761 : ret = ldb_kv_sub_transaction_start(ldb_kv);
694 1098761 : if (ret != LDB_SUCCESS) {
695 0 : return ret;
696 : }
697 1098761 : ret = ldb_kv_add_internal(module, ldb_kv, req->op.add.message, true);
698 1098761 : if (ret != LDB_SUCCESS) {
699 3073 : int r = ldb_kv_sub_transaction_cancel(ldb_kv);
700 3073 : if (r != LDB_SUCCESS) {
701 0 : ldb_debug(
702 : ldb_module_get_ctx(module),
703 : LDB_DEBUG_FATAL,
704 : __location__
705 : ": Unable to roll back sub transaction");
706 : }
707 3073 : ldb_kv->operation_failed = true;
708 3073 : return ret;
709 : }
710 1095688 : ret = ldb_kv_sub_transaction_commit(ldb_kv);
711 :
712 1095688 : return ret;
713 : }
714 :
715 : /*
716 : delete a record from the database, not updating indexes (used for deleting
717 : index records)
718 : */
719 928806 : int ldb_kv_delete_noindex(struct ldb_module *module,
720 : const struct ldb_message *msg)
721 : {
722 928806 : void *data = ldb_module_get_private(module);
723 117979 : struct ldb_kv_private *ldb_kv =
724 928806 : talloc_get_type(data, struct ldb_kv_private);
725 117979 : struct ldb_val key;
726 117979 : int ret;
727 928806 : TALLOC_CTX *tdb_key_ctx = talloc_new(module);
728 :
729 928806 : if (tdb_key_ctx == NULL) {
730 0 : return ldb_module_oom(module);
731 : }
732 :
733 928806 : if (ldb_kv->read_only) {
734 0 : talloc_free(tdb_key_ctx);
735 0 : return LDB_ERR_UNWILLING_TO_PERFORM;
736 : }
737 :
738 928806 : key = ldb_kv_key_msg(module, tdb_key_ctx, msg);
739 928806 : if (!key.data) {
740 0 : TALLOC_FREE(tdb_key_ctx);
741 0 : return LDB_ERR_OTHER;
742 : }
743 :
744 928806 : ret = ldb_kv->kv_ops->delete(ldb_kv, key);
745 928806 : TALLOC_FREE(tdb_key_ctx);
746 :
747 928806 : if (ret != 0) {
748 96643 : ret = ldb_kv->kv_ops->error(ldb_kv);
749 : }
750 :
751 810827 : return ret;
752 : }
753 :
754 94510 : static int ldb_kv_delete_internal(struct ldb_module *module, struct ldb_dn *dn)
755 : {
756 1122 : struct ldb_message *msg;
757 94510 : int ret = LDB_SUCCESS;
758 :
759 94510 : msg = ldb_msg_new(module);
760 94510 : if (msg == NULL) {
761 0 : return LDB_ERR_OPERATIONS_ERROR;
762 : }
763 :
764 : /* in case any attribute of the message was indexed, we need
765 : to fetch the old record */
766 94510 : ret = ldb_kv_search_dn1(module, dn, msg, 0);
767 94510 : if (ret != LDB_SUCCESS) {
768 : /* not finding the old record is an error */
769 5745 : goto done;
770 : }
771 :
772 88765 : ret = ldb_kv_delete_noindex(module, msg);
773 88765 : if (ret != LDB_SUCCESS) {
774 0 : goto done;
775 : }
776 :
777 : /* remove any indexed attributes */
778 88765 : ret = ldb_kv_index_delete(module, msg);
779 88765 : if (ret != LDB_SUCCESS) {
780 0 : goto done;
781 : }
782 :
783 88765 : ret = ldb_kv_modified(module, dn);
784 88765 : if (ret != LDB_SUCCESS) {
785 0 : goto done;
786 : }
787 :
788 88765 : done:
789 94510 : talloc_free(msg);
790 : /*
791 : * To allow testing of the error recovery code in ldb_kv_delete
792 : * cmocka tests can define CMOCKA_UNIT_TEST_DELETE_INTERNAL_FAIL
793 : * to inject failures at this point.
794 : */
795 : #ifdef CMOCKA_UNIT_TEST_DELETE_INTERNAL_FAIL
796 : CMOCKA_UNIT_TEST_DELETE_INTERNAL_FAIL
797 : #endif
798 94510 : return ret;
799 : }
800 :
801 : /*
802 : delete a record from the database
803 : */
804 13242 : static int ldb_kv_delete(struct ldb_kv_context *ctx)
805 : {
806 13242 : struct ldb_module *module = ctx->module;
807 13242 : struct ldb_request *req = ctx->req;
808 13242 : void *data = ldb_module_get_private(module);
809 959 : struct ldb_kv_private *ldb_kv =
810 13242 : talloc_get_type(data, struct ldb_kv_private);
811 13242 : int ret = LDB_SUCCESS;
812 :
813 13242 : ldb_request_set_state(req, LDB_ASYNC_PENDING);
814 :
815 13242 : if (ldb_kv_cache_load(module) != 0) {
816 0 : return LDB_ERR_OPERATIONS_ERROR;
817 : }
818 :
819 13242 : ret = ldb_kv_sub_transaction_start(ldb_kv);
820 13242 : if (ret != LDB_SUCCESS) {
821 0 : return ret;
822 : }
823 13242 : ret = ldb_kv_delete_internal(module, req->op.del.dn);
824 13242 : if (ret != LDB_SUCCESS) {
825 5745 : int r = ldb_kv_sub_transaction_cancel(ldb_kv);
826 5745 : if (r != LDB_SUCCESS) {
827 0 : ldb_debug(
828 : ldb_module_get_ctx(module),
829 : LDB_DEBUG_FATAL,
830 : __location__
831 : ": Unable to roll back sub transaction");
832 : }
833 5745 : if (ret != LDB_ERR_NO_SUCH_OBJECT) {
834 0 : ldb_kv->operation_failed = true;
835 : }
836 5745 : return ret;
837 : }
838 7497 : ret = ldb_kv_sub_transaction_commit(ldb_kv);
839 :
840 7497 : return ret;
841 : }
842 :
843 : /*
844 : find an element by attribute name. At the moment this does a linear search,
845 : it should be re-coded to use a binary search once all places that modify
846 : records guarantee sorted order
847 :
848 : return the index of the first matching element if found, otherwise -1
849 : */
850 9295064 : static int ldb_kv_find_element(const struct ldb_message *msg, const char *name)
851 : {
852 386540 : unsigned int i;
853 226327231 : for (i=0;i<msg->num_elements;i++) {
854 225692929 : if (ldb_attr_cmp(msg->elements[i].name, name) == 0) {
855 8660762 : return i;
856 : }
857 : }
858 625097 : return -1;
859 : }
860 :
861 :
862 : /*
863 : add an element to an existing record. Assumes a elements array that we
864 : can call re-alloc on, and assumes that we can reuse the data pointers from
865 : the passed in additional values. Use with care!
866 :
867 : returns 0 on success, -1 on failure (and sets errno)
868 : */
869 4923071 : static int ldb_kv_msg_add_element(struct ldb_message *msg,
870 : struct ldb_message_element *el)
871 : {
872 189398 : struct ldb_message_element *e2;
873 189398 : unsigned int i;
874 :
875 4923071 : if (el->num_values == 0) {
876 : /* nothing to do here - we don't add empty elements */
877 133342 : return 0;
878 : }
879 :
880 4789211 : e2 = talloc_realloc(msg, msg->elements, struct ldb_message_element,
881 : msg->num_elements+1);
882 4789211 : if (!e2) {
883 0 : errno = ENOMEM;
884 0 : return -1;
885 : }
886 :
887 4789211 : msg->elements = e2;
888 :
889 4789211 : e2 = &msg->elements[msg->num_elements];
890 :
891 4789211 : e2->name = el->name;
892 4789211 : e2->flags = el->flags;
893 4789211 : e2->values = talloc_array(msg->elements,
894 : struct ldb_val, el->num_values);
895 4789211 : if (!e2->values) {
896 0 : errno = ENOMEM;
897 0 : return -1;
898 : }
899 12644296 : for (i=0;i<el->num_values;i++) {
900 7855085 : e2->values[i] = el->values[i];
901 : }
902 4789211 : e2->num_values = el->num_values;
903 :
904 4789211 : ++msg->num_elements;
905 :
906 4789211 : return 0;
907 : }
908 :
909 : /*
910 : delete all elements having a specified attribute name
911 : */
912 4990300 : static int ldb_kv_msg_delete_attribute(struct ldb_module *module,
913 : struct ldb_kv_private *ldb_kv,
914 : struct ldb_message *msg,
915 : const char *name)
916 : {
917 185092 : int ret;
918 185092 : struct ldb_message_element *el;
919 4990300 : bool is_special = ldb_dn_is_special(msg->dn);
920 :
921 4990300 : if (!is_special && ldb_kv->cache->GUID_index_attribute != NULL &&
922 2133767 : ldb_attr_cmp(name, ldb_kv->cache->GUID_index_attribute) == 0) {
923 0 : struct ldb_context *ldb = ldb_module_get_ctx(module);
924 0 : ldb_asprintf_errstring(ldb,
925 : "Must not modify GUID "
926 : "attribute %s (used as DB index)",
927 0 : ldb_kv->cache->GUID_index_attribute);
928 0 : return LDB_ERR_CONSTRAINT_VIOLATION;
929 : }
930 :
931 4990300 : el = ldb_msg_find_element(msg, name);
932 4990300 : if (el == NULL) {
933 251 : return LDB_ERR_NO_SUCH_ATTRIBUTE;
934 : }
935 :
936 4990048 : ret = ldb_kv_index_del_element(module, ldb_kv, msg, el);
937 4990048 : if (ret != LDB_SUCCESS) {
938 0 : return ret;
939 : }
940 :
941 4990048 : talloc_free(el->values);
942 4990048 : ldb_msg_remove_element(msg, el);
943 4990048 : msg->elements = talloc_realloc(msg, msg->elements,
944 : struct ldb_message_element,
945 : msg->num_elements);
946 4990048 : return LDB_SUCCESS;
947 : }
948 :
949 : /*
950 : delete all elements matching an attribute name/value
951 :
952 : return LDB Error on failure
953 : */
954 188741 : static int ldb_kv_msg_delete_element(struct ldb_module *module,
955 : struct ldb_kv_private *ldb_kv,
956 : struct ldb_message *msg,
957 : const char *name,
958 : const struct ldb_val *val)
959 : {
960 188741 : struct ldb_context *ldb = ldb_module_get_ctx(module);
961 2959 : unsigned int i;
962 2959 : int found, ret;
963 2959 : struct ldb_message_element *el;
964 2959 : const struct ldb_schema_attribute *a;
965 :
966 188741 : found = ldb_kv_find_element(msg, name);
967 188741 : if (found == -1) {
968 884 : return LDB_ERR_NO_SUCH_ATTRIBUTE;
969 : }
970 :
971 187830 : i = (unsigned int) found;
972 187830 : el = &(msg->elements[i]);
973 :
974 187830 : a = ldb_schema_attribute_by_name(ldb, el->name);
975 :
976 202396 : for (i=0;i<el->num_values;i++) {
977 3019 : bool matched;
978 199317 : if (a->syntax->operator_fn) {
979 200883 : ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
980 197937 : &el->values[i], val, &matched);
981 385620 : if (ret != LDB_SUCCESS) return ret;
982 : } else {
983 2760 : matched = (a->syntax->comparison_fn(ldb, ldb,
984 1380 : &el->values[i], val) == 0);
985 : }
986 199317 : if (matched) {
987 187683 : if (el->num_values == 1) {
988 166018 : return ldb_kv_msg_delete_attribute(
989 : module, ldb_kv, msg, name);
990 : }
991 :
992 251 : ret =
993 21665 : ldb_kv_index_del_value(module, ldb_kv, msg, el, i);
994 21665 : if (ret != LDB_SUCCESS) {
995 0 : return ret;
996 : }
997 :
998 21665 : ARRAY_DEL_ELEMENT(el->values, i, el->num_values);
999 21665 : el->num_values--;
1000 :
1001 : /* per definition we find in a canonicalised message an
1002 : attribute value only once. So we are finished here */
1003 21665 : return LDB_SUCCESS;
1004 : }
1005 : }
1006 :
1007 : /* Not found */
1008 147 : return LDB_ERR_NO_SUCH_ATTRIBUTE;
1009 : }
1010 :
1011 : /*
1012 : modify a record - internal interface
1013 :
1014 : yuck - this is O(n^2). Luckily n is usually small so we probably
1015 : get away with it, but if we ever have really large attribute lists
1016 : then we'll need to look at this again
1017 :
1018 : 'req' is optional, and is used to specify controls if supplied
1019 : */
1020 3833788 : int ldb_kv_modify_internal(struct ldb_module *module,
1021 : const struct ldb_message *msg,
1022 : struct ldb_request *req)
1023 : {
1024 3833788 : struct ldb_context *ldb = ldb_module_get_ctx(module);
1025 3833788 : void *data = ldb_module_get_private(module);
1026 151303 : struct ldb_kv_private *ldb_kv =
1027 3833788 : talloc_get_type(data, struct ldb_kv_private);
1028 151303 : struct ldb_message *msg2;
1029 151303 : unsigned int i, j;
1030 3833788 : int ret = LDB_SUCCESS, idx;
1031 3833788 : struct ldb_control *control_permissive = NULL;
1032 3833788 : TALLOC_CTX *mem_ctx = talloc_new(req);
1033 :
1034 3833788 : if (mem_ctx == NULL) {
1035 0 : return ldb_module_oom(module);
1036 : }
1037 :
1038 3833788 : if (req) {
1039 1286762 : control_permissive = ldb_request_get_control(req,
1040 : LDB_CONTROL_PERMISSIVE_MODIFY_OID);
1041 : }
1042 :
1043 3833788 : msg2 = ldb_msg_new(mem_ctx);
1044 3833788 : if (msg2 == NULL) {
1045 0 : ret = LDB_ERR_OTHER;
1046 0 : goto done;
1047 : }
1048 :
1049 3833788 : ret = ldb_kv_search_dn1(module, msg->dn, msg2, 0);
1050 3833788 : if (ret != LDB_SUCCESS) {
1051 4016 : goto done;
1052 : }
1053 :
1054 13658041 : for (i=0; i<msg->num_elements; i++) {
1055 9829710 : struct ldb_message_element *el = &msg->elements[i], *el2;
1056 388726 : struct ldb_val *vals;
1057 9829710 : const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
1058 388726 : const char *dn;
1059 9829710 : uint32_t options = 0;
1060 9829710 : if (control_permissive != NULL) {
1061 2630 : options |= LDB_MSG_FIND_COMMON_REMOVE_DUPLICATES;
1062 : }
1063 :
1064 9829710 : switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
1065 210890 : case LDB_FLAG_MOD_ADD:
1066 :
1067 210890 : if (el->num_values == 0) {
1068 26 : ldb_asprintf_errstring(ldb,
1069 : "attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
1070 : el->name, ldb_dn_get_linearized(msg2->dn));
1071 26 : ret = LDB_ERR_CONSTRAINT_VIOLATION;
1072 26 : goto done;
1073 : }
1074 :
1075 : /* make a copy of the array so that a permissive
1076 : * control can remove duplicates without changing the
1077 : * original values, but do not copy data as we do not
1078 : * need to keep it around once the operation is
1079 : * finished */
1080 210864 : if (control_permissive) {
1081 10 : el = talloc(msg2, struct ldb_message_element);
1082 10 : if (!el) {
1083 0 : ret = LDB_ERR_OTHER;
1084 0 : goto done;
1085 : }
1086 10 : *el = msg->elements[i];
1087 10 : el->values = talloc_array(el, struct ldb_val, el->num_values);
1088 10 : if (el->values == NULL) {
1089 0 : ret = LDB_ERR_OTHER;
1090 0 : goto done;
1091 : }
1092 41 : for (j = 0; j < el->num_values; j++) {
1093 31 : el->values[j] = msg->elements[i].values[j];
1094 : }
1095 : }
1096 :
1097 210864 : if (el->num_values > 1 && ldb_kv_single_valued(a, el)) {
1098 9 : ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
1099 : el->name, ldb_dn_get_linearized(msg2->dn));
1100 9 : ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
1101 9 : goto done;
1102 : }
1103 :
1104 : /* Checks if element already exists */
1105 210855 : idx = ldb_kv_find_element(msg2, el->name);
1106 210855 : if (idx == -1) {
1107 183436 : if (ldb_kv_msg_add_element(msg2, el) != 0) {
1108 0 : ret = LDB_ERR_OTHER;
1109 0 : goto done;
1110 : }
1111 183436 : ret = ldb_kv_index_add_element(
1112 : module, ldb_kv, msg2, el);
1113 183436 : if (ret != LDB_SUCCESS) {
1114 0 : goto done;
1115 : }
1116 : } else {
1117 27419 : j = (unsigned int) idx;
1118 27419 : el2 = &(msg2->elements[j]);
1119 :
1120 : /* We cannot add another value on a existing one
1121 : if the attribute is single-valued */
1122 27419 : if (ldb_kv_single_valued(a, el)) {
1123 42 : ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
1124 : el->name, ldb_dn_get_linearized(msg2->dn));
1125 42 : ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
1126 42 : goto done;
1127 : }
1128 :
1129 : /* Check that values don't exist yet on multi-
1130 : valued attributes or aren't provided twice */
1131 27377 : if (!(el->flags &
1132 : LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
1133 5133 : struct ldb_val *duplicate = NULL;
1134 5133 : ret = ldb_msg_find_common_values(ldb,
1135 : msg2,
1136 : el,
1137 : el2,
1138 : options);
1139 :
1140 5133 : if (ret ==
1141 : LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
1142 17 : ldb_asprintf_errstring(ldb,
1143 : "attribute '%s': value "
1144 : "#%u on '%s' already "
1145 : "exists", el->name, j,
1146 : ldb_dn_get_linearized(msg2->dn));
1147 17 : goto done;
1148 5116 : } else if (ret != LDB_SUCCESS) {
1149 0 : goto done;
1150 : }
1151 :
1152 5116 : ret = ldb_msg_find_duplicate_val(
1153 : ldb, msg2, el, &duplicate, 0);
1154 5116 : if (ret != LDB_SUCCESS) {
1155 0 : goto done;
1156 : }
1157 5116 : if (duplicate != NULL) {
1158 0 : ldb_asprintf_errstring(
1159 : ldb,
1160 : "attribute '%s': value "
1161 : "'%.*s' on '%s' "
1162 : "provided more than "
1163 : "once in ADD",
1164 : el->name,
1165 0 : (int)duplicate->length,
1166 0 : duplicate->data,
1167 0 : ldb_dn_get_linearized(msg->dn));
1168 0 : ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
1169 0 : goto done;
1170 : }
1171 : }
1172 :
1173 : /* Now combine existing and new values to a new
1174 : attribute record */
1175 27360 : vals = talloc_realloc(msg2->elements,
1176 : el2->values, struct ldb_val,
1177 : el2->num_values + el->num_values);
1178 27360 : if (vals == NULL) {
1179 0 : ldb_oom(ldb);
1180 0 : ret = LDB_ERR_OTHER;
1181 0 : goto done;
1182 : }
1183 :
1184 55765 : for (j=0; j<el->num_values; j++) {
1185 28405 : vals[el2->num_values + j] =
1186 28405 : ldb_val_dup(vals, &el->values[j]);
1187 : }
1188 :
1189 27360 : el2->values = vals;
1190 27360 : el2->num_values += el->num_values;
1191 :
1192 27360 : ret = ldb_kv_index_add_element(
1193 : module, ldb_kv, msg2, el);
1194 27360 : if (ret != LDB_SUCCESS) {
1195 0 : goto done;
1196 : }
1197 : }
1198 :
1199 205705 : break;
1200 :
1201 8895505 : case LDB_FLAG_MOD_REPLACE:
1202 :
1203 8895505 : if (el->num_values > 1 && ldb_kv_single_valued(a, el)) {
1204 36 : ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
1205 : el->name, ldb_dn_get_linearized(msg2->dn));
1206 36 : ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
1207 36 : goto done;
1208 : }
1209 :
1210 : /*
1211 : * We don't need to check this if we have been
1212 : * pre-screened by the repl_meta_data module
1213 : * in Samba, or someone else who can claim to
1214 : * know what they are doing.
1215 : */
1216 8895469 : if (!(el->flags & LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK)) {
1217 8842310 : struct ldb_val *duplicate = NULL;
1218 :
1219 8842310 : ret = ldb_msg_find_duplicate_val(ldb, msg2, el,
1220 : &duplicate, 0);
1221 8842310 : if (ret != LDB_SUCCESS) {
1222 1 : goto done;
1223 : }
1224 8842310 : if (duplicate != NULL) {
1225 1 : ldb_asprintf_errstring(
1226 : ldb,
1227 : "attribute '%s': value '%.*s' "
1228 : "on '%s' provided more than "
1229 : "once in REPLACE",
1230 : el->name,
1231 1 : (int)duplicate->length,
1232 1 : duplicate->data,
1233 : ldb_dn_get_linearized(msg2->dn));
1234 1 : ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
1235 1 : goto done;
1236 : }
1237 : }
1238 :
1239 : /* Checks if element already exists */
1240 8895468 : idx = ldb_kv_find_element(msg2, el->name);
1241 8895468 : if (idx != -1) {
1242 8445513 : j = (unsigned int) idx;
1243 8445513 : el2 = &(msg2->elements[j]);
1244 :
1245 : /* we consider two elements to be
1246 : * equal only if the order
1247 : * matches. This allows dbcheck to
1248 : * fix the ordering on attributes
1249 : * where order matters, such as
1250 : * objectClass
1251 : */
1252 8445513 : if (ldb_msg_element_equal_ordered(el, el2)) {
1253 4155833 : continue;
1254 : }
1255 :
1256 : /* Delete the attribute if it exists in the DB */
1257 4289680 : if (ldb_kv_msg_delete_attribute(
1258 : module, ldb_kv, msg2, el->name) != 0) {
1259 0 : ret = LDB_ERR_OTHER;
1260 0 : goto done;
1261 : }
1262 : }
1263 :
1264 : /* Recreate it with the new values */
1265 4739635 : if (ldb_kv_msg_add_element(msg2, el) != 0) {
1266 0 : ret = LDB_ERR_OTHER;
1267 0 : goto done;
1268 : }
1269 :
1270 185199 : ret =
1271 4739635 : ldb_kv_index_add_element(module, ldb_kv, msg2, el);
1272 4739635 : if (ret != LDB_SUCCESS) {
1273 0 : goto done;
1274 : }
1275 :
1276 4554436 : break;
1277 :
1278 723315 : case LDB_FLAG_MOD_DELETE:
1279 723315 : dn = ldb_dn_get_linearized(msg2->dn);
1280 723315 : if (dn == NULL) {
1281 0 : ret = LDB_ERR_OTHER;
1282 0 : goto done;
1283 : }
1284 :
1285 723315 : if (msg->elements[i].num_values == 0) {
1286 : /* Delete the whole attribute */
1287 534602 : ret = ldb_kv_msg_delete_attribute(
1288 : module,
1289 : ldb_kv,
1290 : msg2,
1291 532411 : msg->elements[i].name);
1292 534602 : if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
1293 252 : if (control_permissive) {
1294 0 : ret = LDB_SUCCESS;
1295 : } else {
1296 252 : ldb_asprintf_errstring(ldb,
1297 : "attribute '%s': no such attribute for delete on '%s'",
1298 252 : msg->elements[i].name, dn);
1299 : }
1300 : }
1301 534602 : if (ret != LDB_SUCCESS) {
1302 252 : goto done;
1303 : }
1304 : } else {
1305 : /* Delete specified values from an attribute */
1306 376396 : for (j=0; j < msg->elements[i].num_values; j++) {
1307 191700 : ret = ldb_kv_msg_delete_element(
1308 : module,
1309 : ldb_kv,
1310 : msg2,
1311 185782 : msg->elements[i].name,
1312 188741 : &msg->elements[i].values[j]);
1313 188741 : if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
1314 : control_permissive) {
1315 0 : ret = LDB_SUCCESS;
1316 188741 : } else if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
1317 1058 : ldb_asprintf_errstring(ldb,
1318 : "attribute '%s': no matching attribute value while deleting attribute on '%s'",
1319 1058 : msg->elements[i].name, dn);
1320 : }
1321 188741 : if (ret != LDB_SUCCESS) {
1322 1058 : goto done;
1323 : }
1324 : }
1325 : }
1326 716888 : break;
1327 0 : default:
1328 0 : ldb_asprintf_errstring(ldb,
1329 : "attribute '%s': invalid modify flags on '%s': 0x%x",
1330 0 : msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
1331 0 : msg->elements[i].flags & LDB_FLAG_MOD_MASK);
1332 0 : ret = LDB_ERR_PROTOCOL_ERROR;
1333 0 : goto done;
1334 : }
1335 : }
1336 :
1337 3828331 : ret = ldb_kv_store(module, msg2, TDB_MODIFY);
1338 3828331 : if (ret != LDB_SUCCESS) {
1339 0 : goto done;
1340 : }
1341 :
1342 3828331 : ret = ldb_kv_modified(module, msg2->dn);
1343 3828331 : if (ret != LDB_SUCCESS) {
1344 0 : goto done;
1345 : }
1346 :
1347 3828331 : done:
1348 3833788 : TALLOC_FREE(mem_ctx);
1349 : /*
1350 : * To allow testing of the error recovery code in ldb_kv_modify
1351 : * cmocka tests can define CMOCKA_UNIT_TEST_MODIFY_INTERNAL_FAIL
1352 : * to inject failures at this point.
1353 : */
1354 : #ifdef CMOCKA_UNIT_TEST_MODIFY_INTERNAL_FAIL
1355 : CMOCKA_UNIT_TEST_MODIFY_INTERNAL_FAIL
1356 : #endif
1357 3833788 : return ret;
1358 : }
1359 :
1360 : /*
1361 : modify a record
1362 : */
1363 1286762 : static int ldb_kv_modify(struct ldb_kv_context *ctx)
1364 : {
1365 1286762 : struct ldb_module *module = ctx->module;
1366 1286762 : struct ldb_request *req = ctx->req;
1367 1286762 : void *data = ldb_module_get_private(module);
1368 31259 : struct ldb_kv_private *ldb_kv =
1369 1286762 : talloc_get_type(data, struct ldb_kv_private);
1370 1286762 : int ret = LDB_SUCCESS;
1371 :
1372 1286762 : ret = ldb_kv_check_special_dn(module, req->op.mod.message);
1373 1286762 : if (ret != LDB_SUCCESS) {
1374 0 : return ret;
1375 : }
1376 :
1377 1286762 : ldb_request_set_state(req, LDB_ASYNC_PENDING);
1378 :
1379 1286762 : if (ldb_kv_cache_load(module) != 0) {
1380 0 : return LDB_ERR_OPERATIONS_ERROR;
1381 : }
1382 :
1383 1286762 : ret = ldb_kv_sub_transaction_start(ldb_kv);
1384 1286762 : if (ret != LDB_SUCCESS) {
1385 0 : return ret;
1386 : }
1387 1286762 : ret = ldb_kv_modify_internal(module, req->op.mod.message, req);
1388 1286762 : if (ret != LDB_SUCCESS) {
1389 5457 : int r = ldb_kv_sub_transaction_cancel(ldb_kv);
1390 5457 : if (r != LDB_SUCCESS) {
1391 0 : ldb_debug(
1392 : ldb_module_get_ctx(module),
1393 : LDB_DEBUG_FATAL,
1394 : __location__
1395 : ": Unable to roll back sub transaction");
1396 : }
1397 5457 : if (ret != LDB_ERR_NO_SUCH_OBJECT) {
1398 1441 : ldb_kv->operation_failed = true;
1399 : }
1400 5457 : return ret;
1401 : }
1402 1281305 : ret = ldb_kv_sub_transaction_commit(ldb_kv);
1403 :
1404 :
1405 1281305 : return ret;
1406 : }
1407 :
1408 81268 : static int ldb_kv_rename_internal(struct ldb_module *module,
1409 : struct ldb_request *req,
1410 : struct ldb_message *msg)
1411 : {
1412 81268 : void *data = ldb_module_get_private(module);
1413 163 : struct ldb_kv_private *ldb_kv =
1414 81268 : talloc_get_type(data, struct ldb_kv_private);
1415 81268 : int ret = LDB_SUCCESS;
1416 :
1417 : /* Always delete first then add, to avoid conflicts with
1418 : * unique indexes. We rely on the transaction to make this
1419 : * atomic
1420 : */
1421 81268 : ret = ldb_kv_delete_internal(module, msg->dn);
1422 81268 : if (ret != LDB_SUCCESS) {
1423 0 : return ret;
1424 : }
1425 :
1426 81268 : msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
1427 81268 : if (msg->dn == NULL) {
1428 0 : return LDB_ERR_OPERATIONS_ERROR;
1429 : }
1430 :
1431 : /* We don't check single value as we can have more than 1 with
1432 : * deleted attributes. We could go through all elements but that's
1433 : * maybe not the most efficient way
1434 : */
1435 81268 : ret = ldb_kv_add_internal(module, ldb_kv, msg, false);
1436 :
1437 : /*
1438 : * To allow testing of the error recovery code in ldb_kv_rename
1439 : * cmocka tests can define CMOCKA_UNIT_TEST_RENAME_INTERNAL_FAIL
1440 : * to inject failures at this point.
1441 : */
1442 : #ifdef CMOCKA_UNIT_TEST_RENAME_INTERNAL_FAIL
1443 : CMOCKA_UNIT_TEST_RENAME_INTERNAL_FAIL
1444 : #endif
1445 81268 : return ret;
1446 : }
1447 :
1448 : /*
1449 : rename a record
1450 : */
1451 81377 : static int ldb_kv_rename(struct ldb_kv_context *ctx)
1452 : {
1453 81377 : struct ldb_module *module = ctx->module;
1454 81377 : void *data = ldb_module_get_private(module);
1455 163 : struct ldb_kv_private *ldb_kv =
1456 81377 : talloc_get_type(data, struct ldb_kv_private);
1457 81377 : struct ldb_request *req = ctx->req;
1458 163 : struct ldb_message *msg;
1459 81377 : int ret = LDB_SUCCESS;
1460 163 : struct ldb_val key, key_old;
1461 163 : struct ldb_dn *db_dn;
1462 81377 : bool valid_dn = false;
1463 :
1464 81377 : ldb_request_set_state(req, LDB_ASYNC_PENDING);
1465 :
1466 81377 : if (ldb_kv_cache_load(ctx->module) != 0) {
1467 0 : return LDB_ERR_OPERATIONS_ERROR;
1468 : }
1469 :
1470 81377 : msg = ldb_msg_new(ctx);
1471 81377 : if (msg == NULL) {
1472 0 : return LDB_ERR_OPERATIONS_ERROR;
1473 : }
1474 :
1475 : /* Check the new DN is reasonable */
1476 81377 : valid_dn = ldb_dn_validate(req->op.rename.newdn);
1477 81377 : if (valid_dn == false) {
1478 0 : ldb_asprintf_errstring(ldb_module_get_ctx(module),
1479 : "Invalid New DN: %s",
1480 : ldb_dn_get_linearized(req->op.rename.newdn));
1481 0 : return LDB_ERR_INVALID_DN_SYNTAX;
1482 : }
1483 :
1484 : /* we need to fetch the old record to re-add under the new name */
1485 81377 : ret = ldb_kv_search_dn1(module, req->op.rename.olddn, msg, 0);
1486 81377 : if (ret == LDB_ERR_INVALID_DN_SYNTAX) {
1487 0 : ldb_asprintf_errstring(ldb_module_get_ctx(module),
1488 : "Invalid Old DN: %s",
1489 : ldb_dn_get_linearized(req->op.rename.newdn));
1490 0 : return ret;
1491 81377 : } else if (ret != LDB_SUCCESS) {
1492 : /* not finding the old record is an error */
1493 46 : return ret;
1494 : }
1495 :
1496 : /* We need to, before changing the DB, check if the new DN
1497 : * exists, so we can return this error to the caller with an
1498 : * unmodified DB
1499 : *
1500 : * Even in GUID index mode we use ltdb_key_dn() as we are
1501 : * trying to figure out if this is just a case rename
1502 : */
1503 81331 : key = ldb_kv_key_dn(msg, req->op.rename.newdn);
1504 81331 : if (!key.data) {
1505 0 : talloc_free(msg);
1506 0 : return LDB_ERR_OPERATIONS_ERROR;
1507 : }
1508 :
1509 81331 : key_old = ldb_kv_key_dn(msg, req->op.rename.olddn);
1510 81331 : if (!key_old.data) {
1511 0 : talloc_free(msg);
1512 0 : talloc_free(key.data);
1513 0 : return LDB_ERR_OPERATIONS_ERROR;
1514 : }
1515 :
1516 : /*
1517 : * Only declare a conflict if the new DN already exists,
1518 : * and it isn't a case change on the old DN
1519 : */
1520 81331 : if (key_old.length != key.length
1521 331 : || memcmp(key.data, key_old.data, key.length) != 0) {
1522 81278 : ret = ldb_kv_search_base(
1523 : module, msg, req->op.rename.newdn, &db_dn);
1524 81278 : if (ret == LDB_SUCCESS) {
1525 63 : ret = LDB_ERR_ENTRY_ALREADY_EXISTS;
1526 81215 : } else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
1527 81054 : ret = LDB_SUCCESS;
1528 : }
1529 : }
1530 :
1531 : /* finding the new record already in the DB is an error */
1532 :
1533 81170 : if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
1534 63 : ldb_asprintf_errstring(ldb_module_get_ctx(module),
1535 : "Entry %s already exists",
1536 : ldb_dn_get_linearized(req->op.rename.newdn));
1537 : }
1538 81331 : if (ret != LDB_SUCCESS) {
1539 63 : talloc_free(key_old.data);
1540 63 : talloc_free(key.data);
1541 63 : talloc_free(msg);
1542 63 : return ret;
1543 : }
1544 :
1545 81268 : talloc_free(key_old.data);
1546 81268 : talloc_free(key.data);
1547 :
1548 :
1549 81268 : ret = ldb_kv_sub_transaction_start(ldb_kv);
1550 81268 : if (ret != LDB_SUCCESS) {
1551 0 : talloc_free(msg);
1552 0 : return ret;
1553 : }
1554 81268 : ret = ldb_kv_rename_internal(module, req, msg);
1555 81268 : if (ret != LDB_SUCCESS) {
1556 0 : int r = ldb_kv_sub_transaction_cancel(ldb_kv);
1557 0 : if (r != LDB_SUCCESS) {
1558 0 : ldb_debug(
1559 : ldb_module_get_ctx(module),
1560 : LDB_DEBUG_FATAL,
1561 : __location__
1562 : ": Unable to roll back sub transaction");
1563 : }
1564 0 : talloc_free(msg);
1565 0 : ldb_kv->operation_failed = true;
1566 0 : return ret;
1567 : }
1568 81268 : ret = ldb_kv_sub_transaction_commit(ldb_kv);
1569 81268 : talloc_free(msg);
1570 :
1571 81268 : return ret;
1572 : }
1573 :
1574 2210507 : static int ldb_kv_start_trans(struct ldb_module *module)
1575 : {
1576 2210507 : void *data = ldb_module_get_private(module);
1577 16699 : struct ldb_kv_private *ldb_kv =
1578 2210507 : talloc_get_type(data, struct ldb_kv_private);
1579 :
1580 2210507 : pid_t pid = getpid();
1581 :
1582 2210507 : if (ldb_kv->pid != pid) {
1583 2 : ldb_asprintf_errstring(ldb_module_get_ctx(ldb_kv->module),
1584 : __location__
1585 : ": Reusing ldb opened by pid %d in "
1586 : "process %d\n",
1587 : ldb_kv->pid,
1588 : pid);
1589 2 : return LDB_ERR_PROTOCOL_ERROR;
1590 : }
1591 :
1592 : /* Do not take out the transaction lock on a read-only DB */
1593 2210505 : if (ldb_kv->read_only) {
1594 20 : return LDB_ERR_UNWILLING_TO_PERFORM;
1595 : }
1596 :
1597 2210485 : if (ldb_kv->kv_ops->begin_write(ldb_kv) != 0) {
1598 0 : return ldb_kv->kv_ops->error(ldb_kv);
1599 : }
1600 :
1601 2210485 : ldb_kv_index_transaction_start(
1602 : module,
1603 : ldb_kv->index_transaction_cache_size);
1604 :
1605 2210485 : ldb_kv->reindex_failed = false;
1606 2210485 : ldb_kv->operation_failed = false;
1607 :
1608 2210485 : return LDB_SUCCESS;
1609 : }
1610 :
1611 : /*
1612 : * Forward declaration to allow prepare_commit to in fact abort the
1613 : * transaction
1614 : */
1615 : static int ldb_kv_del_trans(struct ldb_module *module);
1616 :
1617 1942869 : static int ldb_kv_prepare_commit(struct ldb_module *module)
1618 : {
1619 15857 : int ret;
1620 1942869 : void *data = ldb_module_get_private(module);
1621 15857 : struct ldb_kv_private *ldb_kv =
1622 1942869 : talloc_get_type(data, struct ldb_kv_private);
1623 1942869 : pid_t pid = getpid();
1624 :
1625 1942869 : if (ldb_kv->pid != pid) {
1626 2 : ldb_asprintf_errstring(ldb_module_get_ctx(module),
1627 : __location__
1628 : ": Reusing ldb opened by pid %d in "
1629 : "process %d\n",
1630 : ldb_kv->pid,
1631 : pid);
1632 2 : return LDB_ERR_PROTOCOL_ERROR;
1633 : }
1634 :
1635 1942867 : if (!ldb_kv->kv_ops->transaction_active(ldb_kv)) {
1636 0 : ldb_set_errstring(ldb_module_get_ctx(module),
1637 : "ltdb_prepare_commit() called "
1638 : "without transaction active");
1639 0 : return LDB_ERR_OPERATIONS_ERROR;
1640 : }
1641 :
1642 : /*
1643 : * Check if the last re-index failed.
1644 : *
1645 : * This can happen if for example a duplicate value was marked
1646 : * unique. We must not write a partial re-index into the DB.
1647 : */
1648 1942867 : if (ldb_kv->reindex_failed) {
1649 : /*
1650 : * We must instead abort the transaction so we get the
1651 : * old values and old index back
1652 : */
1653 7 : ldb_kv_del_trans(module);
1654 7 : ldb_set_errstring(ldb_module_get_ctx(module),
1655 : "Failure during re-index, so "
1656 : "transaction must be aborted.");
1657 7 : return LDB_ERR_OPERATIONS_ERROR;
1658 : }
1659 :
1660 1942860 : ret = ldb_kv_index_transaction_commit(module);
1661 1942860 : if (ret != LDB_SUCCESS) {
1662 0 : ldb_kv->kv_ops->abort_write(ldb_kv);
1663 0 : return ret;
1664 : }
1665 :
1666 : /*
1667 : * If GUID indexing was toggled in this transaction, we repack at
1668 : * format version 2 if GUID indexing was enabled, or version 1 if
1669 : * it was disabled.
1670 : */
1671 1942860 : ret = ldb_kv_maybe_repack(ldb_kv);
1672 1942860 : if (ret != LDB_SUCCESS) {
1673 0 : ldb_kv_del_trans(module);
1674 0 : ldb_set_errstring(ldb_module_get_ctx(module),
1675 : "Failure during re-pack, so "
1676 : "transaction must be aborted.");
1677 0 : return ret;
1678 : }
1679 :
1680 1942860 : if (ldb_kv->kv_ops->prepare_write(ldb_kv) != 0) {
1681 0 : ret = ldb_kv->kv_ops->error(ldb_kv);
1682 0 : ldb_debug_set(ldb_module_get_ctx(module),
1683 : LDB_DEBUG_FATAL,
1684 : "Failure during "
1685 : "prepare_write): %s -> %s",
1686 0 : ldb_kv->kv_ops->errorstr(ldb_kv),
1687 : ldb_strerror(ret));
1688 0 : return ret;
1689 : }
1690 :
1691 1942860 : ldb_kv->prepared_commit = true;
1692 :
1693 1942860 : return LDB_SUCCESS;
1694 : }
1695 :
1696 1942846 : static int ldb_kv_end_trans(struct ldb_module *module)
1697 : {
1698 15857 : int ret;
1699 1942846 : void *data = ldb_module_get_private(module);
1700 15857 : struct ldb_kv_private *ldb_kv =
1701 1942846 : talloc_get_type(data, struct ldb_kv_private);
1702 :
1703 : /*
1704 : * If in batch mode and there has been an operation failure
1705 : * rollback the transaction rather than committing it to avoid
1706 : * any possible corruption
1707 : */
1708 1942846 : if (ldb_kv->batch_mode && ldb_kv->operation_failed) {
1709 3 : ret = ldb_kv_del_trans( module);
1710 3 : if (ret != LDB_SUCCESS) {
1711 0 : ldb_debug_set(ldb_module_get_ctx(module),
1712 : LDB_DEBUG_FATAL,
1713 : "An operation failed during a batch mode "
1714 : "transaction. The transaction could not"
1715 : "be rolled back, ldb_kv_del_trans "
1716 : "returned (%s, %s)",
1717 0 : ldb_kv->kv_ops->errorstr(ldb_kv),
1718 : ldb_strerror(ret));
1719 : } else {
1720 3 : ldb_debug_set(ldb_module_get_ctx(module),
1721 : LDB_DEBUG_FATAL,
1722 : "An operation failed during a batch mode "
1723 : "transaction, the transaction was "
1724 : "rolled back");
1725 : }
1726 3 : return LDB_ERR_OPERATIONS_ERROR;
1727 : }
1728 :
1729 1942843 : if (!ldb_kv->prepared_commit) {
1730 2611 : ret = ldb_kv_prepare_commit(module);
1731 2611 : if (ret != LDB_SUCCESS) {
1732 0 : return ret;
1733 : }
1734 : }
1735 :
1736 1942843 : ldb_kv->prepared_commit = false;
1737 :
1738 1942843 : if (ldb_kv->kv_ops->finish_write(ldb_kv) != 0) {
1739 0 : ret = ldb_kv->kv_ops->error(ldb_kv);
1740 0 : ldb_asprintf_errstring(
1741 : ldb_module_get_ctx(module),
1742 : "Failure during tdb_transaction_commit(): %s -> %s",
1743 0 : ldb_kv->kv_ops->errorstr(ldb_kv),
1744 : ldb_strerror(ret));
1745 0 : return ret;
1746 : }
1747 :
1748 1926986 : return LDB_SUCCESS;
1749 : }
1750 :
1751 267620 : static int ldb_kv_del_trans(struct ldb_module *module)
1752 : {
1753 267620 : void *data = ldb_module_get_private(module);
1754 835 : struct ldb_kv_private *ldb_kv =
1755 267620 : talloc_get_type(data, struct ldb_kv_private);
1756 :
1757 267620 : if (ldb_kv_index_transaction_cancel(module) != 0) {
1758 0 : ldb_kv->kv_ops->abort_write(ldb_kv);
1759 0 : return ldb_kv->kv_ops->error(ldb_kv);
1760 : }
1761 :
1762 267620 : ldb_kv->kv_ops->abort_write(ldb_kv);
1763 267620 : return LDB_SUCCESS;
1764 : }
1765 :
1766 : /*
1767 : return sequenceNumber from @BASEINFO
1768 : */
1769 19143194 : static int ldb_kv_sequence_number(struct ldb_kv_context *ctx,
1770 : struct ldb_extended **ext)
1771 : {
1772 1126195 : struct ldb_context *ldb;
1773 19143194 : struct ldb_module *module = ctx->module;
1774 19143194 : struct ldb_request *req = ctx->req;
1775 19143194 : void *data = ldb_module_get_private(module);
1776 1126195 : struct ldb_kv_private *ldb_kv =
1777 19143194 : talloc_get_type(data, struct ldb_kv_private);
1778 19143194 : TALLOC_CTX *tmp_ctx = NULL;
1779 1126195 : struct ldb_seqnum_request *seq;
1780 1126195 : struct ldb_seqnum_result *res;
1781 19143194 : struct ldb_message *msg = NULL;
1782 1126195 : struct ldb_dn *dn;
1783 1126195 : const char *date;
1784 19143194 : int ret = LDB_SUCCESS;
1785 :
1786 19143194 : ldb = ldb_module_get_ctx(module);
1787 :
1788 19143194 : seq = talloc_get_type(req->op.extended.data,
1789 : struct ldb_seqnum_request);
1790 19143194 : if (seq == NULL) {
1791 0 : return LDB_ERR_OPERATIONS_ERROR;
1792 : }
1793 :
1794 19143194 : ldb_request_set_state(req, LDB_ASYNC_PENDING);
1795 :
1796 19143194 : if (ldb_kv->kv_ops->lock_read(module) != 0) {
1797 0 : return LDB_ERR_OPERATIONS_ERROR;
1798 : }
1799 :
1800 19143194 : res = talloc_zero(req, struct ldb_seqnum_result);
1801 19143194 : if (res == NULL) {
1802 0 : ret = LDB_ERR_OPERATIONS_ERROR;
1803 0 : goto done;
1804 : }
1805 :
1806 19143194 : tmp_ctx = talloc_new(req);
1807 19143194 : if (tmp_ctx == NULL) {
1808 0 : ret = LDB_ERR_OPERATIONS_ERROR;
1809 0 : goto done;
1810 : }
1811 :
1812 19143194 : dn = ldb_dn_new(tmp_ctx, ldb, LDB_KV_BASEINFO);
1813 19143194 : if (dn == NULL) {
1814 0 : ret = LDB_ERR_OPERATIONS_ERROR;
1815 0 : goto done;
1816 : }
1817 :
1818 19143194 : msg = ldb_msg_new(tmp_ctx);
1819 19143194 : if (msg == NULL) {
1820 0 : ret = LDB_ERR_OPERATIONS_ERROR;
1821 0 : goto done;
1822 : }
1823 :
1824 19143194 : ret = ldb_kv_search_dn1(module, dn, msg, 0);
1825 19143194 : if (ret != LDB_SUCCESS) {
1826 0 : goto done;
1827 : }
1828 :
1829 19143194 : switch (seq->type) {
1830 19139675 : case LDB_SEQ_HIGHEST_SEQ:
1831 19139675 : res->seq_num = ldb_msg_find_attr_as_uint64(msg, LDB_KV_SEQUENCE_NUMBER, 0);
1832 19139675 : break;
1833 3519 : case LDB_SEQ_NEXT:
1834 3519 : res->seq_num = ldb_msg_find_attr_as_uint64(msg, LDB_KV_SEQUENCE_NUMBER, 0);
1835 3519 : res->seq_num++;
1836 3519 : break;
1837 0 : case LDB_SEQ_HIGHEST_TIMESTAMP:
1838 0 : date = ldb_msg_find_attr_as_string(msg, LDB_KV_MOD_TIMESTAMP, NULL);
1839 0 : if (date) {
1840 0 : res->seq_num = ldb_string_to_time(date);
1841 : } else {
1842 0 : res->seq_num = 0;
1843 : /* zero is as good as anything when we don't know */
1844 : }
1845 0 : break;
1846 : }
1847 :
1848 19143194 : *ext = talloc_zero(req, struct ldb_extended);
1849 19143194 : if (*ext == NULL) {
1850 0 : ret = LDB_ERR_OPERATIONS_ERROR;
1851 0 : goto done;
1852 : }
1853 19143194 : (*ext)->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
1854 19143194 : (*ext)->data = talloc_steal(*ext, res);
1855 :
1856 19143194 : done:
1857 19143194 : talloc_free(tmp_ctx);
1858 :
1859 19143194 : ldb_kv->kv_ops->unlock_read(module);
1860 19143194 : return ret;
1861 : }
1862 :
1863 130585167 : static void ldb_kv_request_done(struct ldb_kv_context *ctx, int error)
1864 : {
1865 4403379 : struct ldb_context *ldb;
1866 4403379 : struct ldb_request *req;
1867 4403379 : struct ldb_reply *ares;
1868 :
1869 130585167 : ldb = ldb_module_get_ctx(ctx->module);
1870 130585167 : req = ctx->req;
1871 :
1872 : /* if we already returned an error just return */
1873 130585167 : if (ldb_request_get_status(req) != LDB_SUCCESS) {
1874 0 : return;
1875 : }
1876 :
1877 130585167 : ares = talloc_zero(req, struct ldb_reply);
1878 130585167 : if (!ares) {
1879 0 : ldb_oom(ldb);
1880 0 : req->callback(req, NULL);
1881 0 : return;
1882 : }
1883 130585167 : ares->type = LDB_REPLY_DONE;
1884 130585167 : ares->error = error;
1885 :
1886 130585167 : req->callback(req, ares);
1887 : }
1888 :
1889 0 : static void ldb_kv_timeout(_UNUSED_ struct tevent_context *ev,
1890 : _UNUSED_ struct tevent_timer *te,
1891 : _UNUSED_ struct timeval t,
1892 : void *private_data)
1893 : {
1894 0 : struct ldb_kv_context *ctx;
1895 0 : ctx = talloc_get_type(private_data, struct ldb_kv_context);
1896 :
1897 0 : if (!ctx->request_terminated) {
1898 : /* request is done now */
1899 0 : ldb_kv_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED);
1900 : }
1901 :
1902 0 : if (ctx->spy) {
1903 : /* neutralize the spy */
1904 0 : ctx->spy->ctx = NULL;
1905 0 : ctx->spy = NULL;
1906 : }
1907 0 : talloc_free(ctx);
1908 0 : }
1909 :
1910 19143194 : static void ldb_kv_request_extended_done(struct ldb_kv_context *ctx,
1911 : struct ldb_extended *ext,
1912 : int error)
1913 : {
1914 1126195 : struct ldb_context *ldb;
1915 1126195 : struct ldb_request *req;
1916 1126195 : struct ldb_reply *ares;
1917 :
1918 19143194 : ldb = ldb_module_get_ctx(ctx->module);
1919 19143194 : req = ctx->req;
1920 :
1921 : /* if we already returned an error just return */
1922 19143194 : if (ldb_request_get_status(req) != LDB_SUCCESS) {
1923 0 : return;
1924 : }
1925 :
1926 19143194 : ares = talloc_zero(req, struct ldb_reply);
1927 19143194 : if (!ares) {
1928 0 : ldb_oom(ldb);
1929 0 : req->callback(req, NULL);
1930 0 : return;
1931 : }
1932 19143194 : ares->type = LDB_REPLY_DONE;
1933 19143194 : ares->response = ext;
1934 19143194 : ares->error = error;
1935 :
1936 19143194 : req->callback(req, ares);
1937 : }
1938 :
1939 19143194 : static void ldb_kv_handle_extended(struct ldb_kv_context *ctx)
1940 : {
1941 19143194 : struct ldb_extended *ext = NULL;
1942 1126195 : int ret;
1943 :
1944 19143194 : if (strcmp(ctx->req->op.extended.oid,
1945 : LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
1946 : /* get sequence number */
1947 19143194 : ret = ldb_kv_sequence_number(ctx, &ext);
1948 : } else {
1949 : /* not recognized */
1950 0 : ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1951 : }
1952 :
1953 19143194 : ldb_kv_request_extended_done(ctx, ext, ret);
1954 19143194 : }
1955 :
1956 149782638 : static void ldb_kv_callback(struct tevent_context *ev,
1957 : struct tevent_timer *te,
1958 : struct timeval t,
1959 : void *private_data)
1960 : {
1961 5531005 : struct ldb_kv_context *ctx;
1962 5531005 : int ret;
1963 :
1964 149782638 : ctx = talloc_get_type(private_data, struct ldb_kv_context);
1965 :
1966 149782638 : if (ctx->request_terminated) {
1967 0 : goto done;
1968 : }
1969 :
1970 149782638 : switch (ctx->req->operation) {
1971 128159300 : case LDB_SEARCH:
1972 128159300 : ret = ldb_kv_search(ctx);
1973 128159290 : break;
1974 1098763 : case LDB_ADD:
1975 1098763 : ret = ldb_kv_add(ctx);
1976 1098763 : break;
1977 1286762 : case LDB_MODIFY:
1978 1286762 : ret = ldb_kv_modify(ctx);
1979 1286762 : break;
1980 13242 : case LDB_DELETE:
1981 13242 : ret = ldb_kv_delete(ctx);
1982 13242 : break;
1983 81377 : case LDB_RENAME:
1984 81377 : ret = ldb_kv_rename(ctx);
1985 81377 : break;
1986 19143194 : case LDB_EXTENDED:
1987 19143194 : ldb_kv_handle_extended(ctx);
1988 19143194 : goto done;
1989 0 : default:
1990 : /* no other op supported */
1991 0 : ret = LDB_ERR_PROTOCOL_ERROR;
1992 : }
1993 :
1994 130639434 : if (!ctx->request_terminated) {
1995 : /* request is done now */
1996 130585167 : ldb_kv_request_done(ctx, ret);
1997 : }
1998 :
1999 54267 : done:
2000 149782626 : if (ctx->spy) {
2001 : /* neutralize the spy */
2002 149751102 : ctx->spy->ctx = NULL;
2003 149751102 : ctx->spy = NULL;
2004 : }
2005 149782626 : talloc_free(ctx);
2006 149782626 : }
2007 :
2008 149782658 : static int ldb_kv_request_destructor(void *ptr)
2009 : {
2010 5531005 : struct ldb_kv_req_spy *spy =
2011 149782658 : talloc_get_type(ptr, struct ldb_kv_req_spy);
2012 :
2013 149782658 : if (spy->ctx != NULL) {
2014 31556 : spy->ctx->spy = NULL;
2015 31556 : spy->ctx->request_terminated = true;
2016 31556 : spy->ctx = NULL;
2017 : }
2018 :
2019 149782658 : return 0;
2020 : }
2021 :
2022 149782758 : static int ldb_kv_handle_request(struct ldb_module *module,
2023 : struct ldb_request *req)
2024 : {
2025 5531028 : struct ldb_control *control_permissive;
2026 5531028 : struct ldb_context *ldb;
2027 5531028 : struct tevent_context *ev;
2028 5531028 : struct ldb_kv_context *ac;
2029 5531028 : struct tevent_timer *te;
2030 5531028 : struct timeval tv;
2031 5531028 : unsigned int i;
2032 :
2033 149782758 : ldb = ldb_module_get_ctx(module);
2034 :
2035 149782758 : control_permissive = ldb_request_get_control(req,
2036 : LDB_CONTROL_PERMISSIVE_MODIFY_OID);
2037 :
2038 534255385 : for (i = 0; req->controls && req->controls[i]; i++) {
2039 378941685 : if (req->controls[i]->critical &&
2040 63 : req->controls[i] != control_permissive) {
2041 86 : ldb_asprintf_errstring(ldb, "Unsupported critical extension %s",
2042 63 : req->controls[i]->oid);
2043 86 : return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
2044 : }
2045 : }
2046 :
2047 149782672 : if (req->starttime == 0 || req->timeout == 0) {
2048 0 : ldb_set_errstring(ldb, "Invalid timeout settings");
2049 0 : return LDB_ERR_TIME_LIMIT_EXCEEDED;
2050 : }
2051 :
2052 149782672 : ev = ldb_handle_get_event_context(req->handle);
2053 :
2054 149782672 : ac = talloc_zero(ldb, struct ldb_kv_context);
2055 149782672 : if (ac == NULL) {
2056 0 : ldb_oom(ldb);
2057 0 : return LDB_ERR_OPERATIONS_ERROR;
2058 : }
2059 :
2060 149782672 : ac->module = module;
2061 149782672 : ac->req = req;
2062 :
2063 149782672 : tv.tv_sec = 0;
2064 149782672 : tv.tv_usec = 0;
2065 149782672 : te = tevent_add_timer(ev, ac, tv, ldb_kv_callback, ac);
2066 149782672 : if (NULL == te) {
2067 0 : talloc_free(ac);
2068 0 : return LDB_ERR_OPERATIONS_ERROR;
2069 : }
2070 :
2071 149782672 : if (req->timeout > 0) {
2072 149782672 : tv.tv_sec = req->starttime + req->timeout;
2073 149782672 : tv.tv_usec = 0;
2074 155313677 : ac->timeout_event =
2075 149782672 : tevent_add_timer(ev, ac, tv, ldb_kv_timeout, ac);
2076 149782672 : if (NULL == ac->timeout_event) {
2077 0 : talloc_free(ac);
2078 0 : return LDB_ERR_OPERATIONS_ERROR;
2079 : }
2080 : }
2081 :
2082 149782672 : ac->timeout_timeval = tv;
2083 :
2084 : /* set a spy so that we do not try to use the request context
2085 : * if it is freed before ltdb_callback fires */
2086 149782672 : ac->spy = talloc(req, struct ldb_kv_req_spy);
2087 149782672 : if (NULL == ac->spy) {
2088 0 : talloc_free(ac);
2089 0 : return LDB_ERR_OPERATIONS_ERROR;
2090 : }
2091 149782672 : ac->spy->ctx = ac;
2092 :
2093 149782672 : talloc_set_destructor((TALLOC_CTX *)ac->spy, ldb_kv_request_destructor);
2094 :
2095 149782672 : return LDB_SUCCESS;
2096 : }
2097 :
2098 1184978 : static int ldb_kv_init_rootdse(struct ldb_module *module)
2099 : {
2100 : /* ignore errors on this - we expect it for non-sam databases */
2101 1184978 : ldb_mod_register_control(module, LDB_CONTROL_PERMISSIVE_MODIFY_OID);
2102 :
2103 : /* there can be no module beyond the backend, just return */
2104 1184978 : return LDB_SUCCESS;
2105 : }
2106 :
2107 105762553 : static int ldb_kv_lock_read(struct ldb_module *module)
2108 : {
2109 105762553 : void *data = ldb_module_get_private(module);
2110 6091299 : struct ldb_kv_private *ldb_kv =
2111 105762553 : talloc_get_type(data, struct ldb_kv_private);
2112 105762553 : return ldb_kv->kv_ops->lock_read(module);
2113 : }
2114 :
2115 105762539 : static int ldb_kv_unlock_read(struct ldb_module *module)
2116 : {
2117 105762539 : void *data = ldb_module_get_private(module);
2118 6091299 : struct ldb_kv_private *ldb_kv =
2119 105762539 : talloc_get_type(data, struct ldb_kv_private);
2120 105762539 : return ldb_kv->kv_ops->unlock_read(module);
2121 : }
2122 :
2123 : static const struct ldb_module_ops ldb_kv_ops = {
2124 : .name = "tdb",
2125 : .init_context = ldb_kv_init_rootdse,
2126 : .search = ldb_kv_handle_request,
2127 : .add = ldb_kv_handle_request,
2128 : .modify = ldb_kv_handle_request,
2129 : .del = ldb_kv_handle_request,
2130 : .rename = ldb_kv_handle_request,
2131 : .extended = ldb_kv_handle_request,
2132 : .start_transaction = ldb_kv_start_trans,
2133 : .end_transaction = ldb_kv_end_trans,
2134 : .prepare_commit = ldb_kv_prepare_commit,
2135 : .del_transaction = ldb_kv_del_trans,
2136 : .read_lock = ldb_kv_lock_read,
2137 : .read_unlock = ldb_kv_unlock_read,
2138 : };
2139 :
2140 1185126 : int ldb_kv_init_store(struct ldb_kv_private *ldb_kv,
2141 : const char *name,
2142 : struct ldb_context *ldb,
2143 : const char *options[],
2144 : struct ldb_module **_module)
2145 : {
2146 1185126 : if (getenv("LDB_WARN_UNINDEXED")) {
2147 0 : ldb_kv->warn_unindexed = true;
2148 : }
2149 :
2150 1185126 : if (getenv("LDB_WARN_REINDEX")) {
2151 0 : ldb_kv->warn_reindex = true;
2152 : }
2153 :
2154 1185126 : ldb_kv->sequence_number = 0;
2155 :
2156 1185126 : ldb_kv->pid = getpid();
2157 :
2158 1185126 : ldb_kv->pack_format_override = 0;
2159 :
2160 1185126 : ldb_kv->module = ldb_module_new(ldb, ldb, name, &ldb_kv_ops);
2161 1185126 : if (!ldb_kv->module) {
2162 0 : ldb_oom(ldb);
2163 0 : talloc_free(ldb_kv);
2164 0 : return LDB_ERR_OPERATIONS_ERROR;
2165 : }
2166 1185126 : ldb_module_set_private(ldb_kv->module, ldb_kv);
2167 1185126 : talloc_steal(ldb_kv->module, ldb_kv);
2168 :
2169 1185126 : if (ldb_kv_cache_load(ldb_kv->module) != 0) {
2170 0 : ldb_asprintf_errstring(ldb, "Unable to load ltdb cache "
2171 : "records for backend '%s'", name);
2172 0 : talloc_free(ldb_kv->module);
2173 0 : return LDB_ERR_OPERATIONS_ERROR;
2174 : }
2175 :
2176 1185126 : *_module = ldb_kv->module;
2177 : /*
2178 : * Set or override the maximum key length
2179 : *
2180 : * The ldb_mdb code will have set this to 511, but our tests
2181 : * set this even smaller (to make the tests more practical).
2182 : *
2183 : * This must only be used for the selftest as the length
2184 : * becomes encoded in the index keys.
2185 : */
2186 : {
2187 41000 : const char *len_str =
2188 1185126 : ldb_options_find(ldb, options,
2189 : "max_key_len_for_self_test");
2190 1185126 : if (len_str != NULL) {
2191 32 : unsigned len = strtoul(len_str, NULL, 0);
2192 32 : ldb_kv->max_key_length = len;
2193 : }
2194 : }
2195 :
2196 : /*
2197 : * Usually the presence of GUID indexing determines the pack format
2198 : * we use but in certain circumstances such as downgrading an
2199 : * MDB-backed database, we want to override the target pack format.
2200 : *
2201 : * We set/get opaques here because in the Samba partitions module,
2202 : * 'options' are not passed correctly so sub-databases can't see
2203 : * the options they need.
2204 : */
2205 : {
2206 41000 : const char *pack_format_override =
2207 1185126 : ldb_options_find(ldb, options, "pack_format_override");
2208 1185126 : if (pack_format_override != NULL) {
2209 6 : int ret;
2210 12 : ldb_kv->pack_format_override =
2211 6 : strtoul(pack_format_override, NULL, 0);
2212 12 : ret = ldb_set_opaque(ldb,
2213 : "pack_format_override",
2214 6 : (void *)(intptr_t)ldb_kv->pack_format_override);
2215 6 : if (ret != LDB_SUCCESS) {
2216 0 : talloc_free(ldb_kv->module);
2217 0 : return ldb_module_operr(ldb_kv->module);
2218 : }
2219 : } else {
2220 : /*
2221 : * NULL -> 0 is fine, otherwise we get back
2222 : * the number we needed
2223 : */
2224 40994 : ldb_kv->pack_format_override
2225 1185120 : = (intptr_t)ldb_get_opaque(ldb,
2226 : "pack_format_override");
2227 : }
2228 : }
2229 :
2230 : /*
2231 : * Override full DB scans
2232 : *
2233 : * A full DB scan is expensive on a large database. This
2234 : * option is for testing to show that the full DB scan is not
2235 : * triggered.
2236 : */
2237 : {
2238 41000 : const char *len_str =
2239 1185126 : ldb_options_find(ldb, options,
2240 : "disable_full_db_scan_for_self_test");
2241 1185126 : if (len_str != NULL) {
2242 602 : ldb_kv->disable_full_db_scan = true;
2243 : }
2244 : }
2245 :
2246 : /*
2247 : * Set the size of the transaction index cache.
2248 : * If the ldb option "transaction_index_cache_size" is set use that
2249 : * otherwise use DEFAULT_INDEX_CACHE_SIZE
2250 : */
2251 1185126 : ldb_kv->index_transaction_cache_size = DEFAULT_INDEX_CACHE_SIZE;
2252 : {
2253 1185126 : const char *size = ldb_options_find(
2254 : ldb,
2255 : options,
2256 : "transaction_index_cache_size");
2257 1185126 : if (size != NULL) {
2258 341 : size_t cache_size = 0;
2259 341 : errno = 0;
2260 :
2261 341 : cache_size = strtoul( size, NULL, 0);
2262 341 : if (cache_size == 0 || errno == ERANGE) {
2263 2 : ldb_debug(
2264 : ldb,
2265 : LDB_DEBUG_WARNING,
2266 : "Invalid transaction_index_cache_size "
2267 : "value [%s], using default(%d)\n",
2268 : size,
2269 : DEFAULT_INDEX_CACHE_SIZE);
2270 : } else {
2271 339 : ldb_kv->index_transaction_cache_size =
2272 : cache_size;
2273 : }
2274 : }
2275 : }
2276 : /*
2277 : * Set batch mode operation.
2278 : * This disables the nested sub transactions, and increases the
2279 : * chance of index corruption. If using this mode the transaction
2280 : * commit will be aborted if any operation fails.
2281 : */
2282 : {
2283 1185126 : const char *batch_mode = ldb_options_find(
2284 : ldb, options, "batch_mode");
2285 1185126 : if (batch_mode != NULL) {
2286 341 : ldb_kv->batch_mode = true;
2287 : }
2288 : }
2289 :
2290 1144126 : return LDB_SUCCESS;
2291 : }
|
