/*
store a record into the db
*/
int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
TDB_DATA tdb_key, tdb_data;
struct ldb_val ldb_data;
int ret = LDB_SUCCESS;
tdb_key = ltdb_key(module, msg->dn);
if (tdb_key.dptr == NULL) {
return LDB_ERR_OTHER;
}
ret = ldb_pack_data(ldb_module_get_ctx(module),
msg, &ldb_data);
if (ret == -1) {
talloc_free(tdb_key.dptr);
return LDB_ERR_OTHER;
}
tdb_data.dptr = ldb_data.data;
tdb_data.dsize = ldb_data.length;
ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
if (ret != 0) {
ret = ltdb_err_map(tdb_error(ltdb->tdb));
goto done;
}
done:
talloc_free(tdb_key.dptr);
talloc_free(ldb_data.data);
return ret;
}
/*
load the cache records
*/
int ltdb_cache_load(struct ldb_module *module)
{
struct ldb_context *ldb;
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
struct ldb_dn *baseinfo_dn = NULL, *options_dn = NULL;
struct ldb_dn *indexlist_dn = NULL;
uint64_t seq;
struct ldb_message *baseinfo = NULL, *options = NULL;
int r;
ldb = ldb_module_get_ctx(module);
/* a very fast check to avoid extra database reads */
if (ltdb->cache != NULL &&
tdb_get_seqnum(ltdb->tdb) == ltdb->tdb_seqnum) {
return 0;
}
if (ltdb->cache == NULL) {
ltdb->cache = talloc_zero(ltdb, struct ltdb_cache);
if (ltdb->cache == NULL) goto failed;
ltdb->cache->indexlist = ldb_msg_new(ltdb->cache);
ltdb->cache->attributes = ldb_msg_new(ltdb->cache);
if (ltdb->cache->indexlist == NULL ||
ltdb->cache->attributes == NULL) {
goto failed;
}
}
/*
store a record into the db
*/
int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
TDB_DATA tdb_key, tdb_data;
int ret;
tdb_key = ltdb_key(module, msg->dn);
if (!tdb_key.dptr) {
return LDB_ERR_OTHER;
}
ret = ltdb_pack_data(module, msg, &tdb_data);
if (ret == -1) {
talloc_free(tdb_key.dptr);
return LDB_ERR_OTHER;
}
ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
if (ret == -1) {
ret = ltdb_err_map(tdb_error(ltdb->tdb));
goto done;
}
ret = ltdb_index_add(module, msg);
if (ret != LDB_SUCCESS) {
tdb_delete(ltdb->tdb, tdb_key);
}
done:
talloc_free(tdb_key.dptr);
talloc_free(tdb_data.dptr);
return ret;
}
/*
free any cache records
*/
static void ltdb_cache_free(struct ldb_module *module)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
ltdb->sequence_number = 0;
talloc_free(ltdb->cache);
ltdb->cache = NULL;
}
/*
unlock the database after a ltdb_lock_read()
*/
int ltdb_unlock_read(struct ldb_module *module)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
if (ltdb->in_transaction == 0) {
return tdb_unlockall_read(ltdb->tdb);
}
return 0;
}
/*
unlock the database after a ltdb_lock_read()
*/
int ltdb_unlock_read(struct ldb_module *module)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
if (ltdb->in_transaction == 0 && ltdb->read_lock_count == 1) {
tdb_unlockall_read(ltdb->tdb);
return 0;
}
ltdb->read_lock_count--;
return 0;
}
/*
initialise the baseinfo record
*/
static int ltdb_baseinfo_init(struct ldb_module *module)
{
struct ldb_context *ldb;
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
struct ldb_message *msg;
struct ldb_message_element el;
struct ldb_val val;
int ret;
/* the initial sequence number must be different from the one
set in ltdb_cache_free(). Thanks to Jon for pointing this
out. */
const char *initial_sequence_number = "1";
ldb = ldb_module_get_ctx(module);
ltdb->sequence_number = atof(initial_sequence_number);
msg = ldb_msg_new(ltdb);
if (msg == NULL) {
goto failed;
}
msg->num_elements = 1;
msg->elements = ⪙
msg->dn = ldb_dn_new(msg, ldb, LTDB_BASEINFO);
if (!msg->dn) {
goto failed;
}
el.name = talloc_strdup(msg, LTDB_SEQUENCE_NUMBER);
if (!el.name) {
goto failed;
}
el.values = &val;
el.num_values = 1;
el.flags = 0;
val.data = (uint8_t *)talloc_strdup(msg, initial_sequence_number);
if (!val.data) {
goto failed;
}
val.length = 1;
ret = ltdb_store(module, msg, TDB_INSERT);
talloc_free(msg);
return ret;
failed:
talloc_free(msg);
errno = ENOMEM;
return LDB_ERR_OPERATIONS_ERROR;
}
static int ltdb_start_trans(struct ldb_module *module)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
if (tdb_transaction_start(ltdb->tdb) != 0) {
return ltdb_err_map(tdb_error(ltdb->tdb));
}
ltdb->in_transaction++;
ltdb_index_transaction_start(module);
return LDB_SUCCESS;
}
/*
lock the database for read - use by ltdb_search and ltdb_sequence_number
*/
int ltdb_lock_read(struct ldb_module *module)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
int ret = 0;
if (ltdb->in_transaction == 0 &&
ltdb->read_lock_count == 0) {
ret = tdb_lockall_read(ltdb->tdb);
}
if (ret == 0) {
ltdb->read_lock_count++;
}
return ret;
}
static int ltdb_del_trans(struct ldb_module *module)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
ltdb->in_transaction--;
if (ltdb_index_transaction_cancel(module) != 0) {
tdb_transaction_cancel(ltdb->tdb);
return ltdb_err_map(tdb_error(ltdb->tdb));
}
tdb_transaction_cancel(ltdb->tdb);
return LDB_SUCCESS;
}
/*
delete a record from the database, not updating indexes (used for deleting
index records)
*/
int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
TDB_DATA tdb_key;
int ret;
tdb_key = ltdb_key(module, dn);
if (!tdb_key.dptr) {
return LDB_ERR_OTHER;
}
ret = tdb_delete(ltdb->tdb, tdb_key);
talloc_free(tdb_key.dptr);
if (ret != 0) {
ret = ltdb_err_map(tdb_error(ltdb->tdb));
}
return ret;
}
static int ltdb_end_trans(struct ldb_module *module)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
if (!ltdb->prepared_commit) {
int ret = ltdb_prepare_commit(module);
if (ret != LDB_SUCCESS) {
return ret;
}
}
ltdb->in_transaction--;
ltdb->prepared_commit = false;
if (tdb_transaction_commit(ltdb->tdb) != 0) {
return ltdb_err_map(tdb_error(ltdb->tdb));
}
return LDB_SUCCESS;
}
/*
de-register any special handlers for @ATTRIBUTES
*/
static void ltdb_attributes_unload(struct ldb_module *module)
{
struct ldb_context *ldb;
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
struct ldb_message *msg;
unsigned int i;
ldb = ldb_module_get_ctx(module);
if (ltdb->cache->attributes == NULL) {
/* no previously loaded attributes */
return;
}
msg = ltdb->cache->attributes;
for (i=0;i<msg->num_elements;i++) {
ldb_schema_attribute_remove(ldb, msg->elements[i].name);
}
talloc_free(ltdb->cache->attributes);
ltdb->cache->attributes = NULL;
}
static int ltdb_prepare_commit(struct ldb_module *module)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
if (ltdb->in_transaction != 1) {
return LDB_SUCCESS;
}
if (ltdb_index_transaction_commit(module) != 0) {
tdb_transaction_cancel(ltdb->tdb);
ltdb->in_transaction--;
return ltdb_err_map(tdb_error(ltdb->tdb));
}
if (tdb_transaction_prepare_commit(ltdb->tdb) != 0) {
ltdb->in_transaction--;
return ltdb_err_map(tdb_error(ltdb->tdb));
}
ltdb->prepared_commit = true;
return LDB_SUCCESS;
}
/*
modify a record - internal interface
yuck - this is O(n^2). Luckily n is usually small so we probably
get away with it, but if we ever have really large attribute lists
then we'll need to look at this again
'req' is optional, and is used to specify controls if supplied
*/
int ltdb_modify_internal(struct ldb_module *module,
const struct ldb_message *msg,
struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
TDB_DATA tdb_key, tdb_data;
struct ldb_message *msg2;
unsigned i, j;
int ret = LDB_SUCCESS, idx;
tdb_key = ltdb_key(module, msg->dn);
if (!tdb_key.dptr) {
return LDB_ERR_OTHER;
}
tdb_data = tdb_fetch(ltdb->tdb, tdb_key);
if (!tdb_data.dptr) {
talloc_free(tdb_key.dptr);
return ltdb_err_map(tdb_error(ltdb->tdb));
}
msg2 = talloc(tdb_key.dptr, struct ldb_message);
if (msg2 == NULL) {
free(tdb_data.dptr);
ret = LDB_ERR_OTHER;
goto done;
}
ret = ltdb_unpack_data(module, &tdb_data, msg2);
free(tdb_data.dptr);
if (ret == -1) {
ret = LDB_ERR_OTHER;
goto done;
}
if (!msg2->dn) {
msg2->dn = msg->dn;
}
for (i=0; i<msg->num_elements; i++) {
struct ldb_message_element *el = &msg->elements[i], *el2;
struct ldb_val *vals;
const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
const char *dn;
if (ldb_attr_cmp(el->name, "distinguishedName") == 0) {
ldb_asprintf_errstring(ldb, "it is not permitted to perform a modify on 'distinguishedName' (use rename instead): %s",
ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_CONSTRAINT_VIOLATION;
goto done;
}
switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
case LDB_FLAG_MOD_ADD:
if (el->num_values == 0) {
ldb_asprintf_errstring(ldb, "attribute %s on %s specified, but with 0 values (illigal)",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_CONSTRAINT_VIOLATION;
goto done;
}
if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
if (el->num_values > 1) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
/* Checks if element already exists */
idx = find_element(msg2, el->name);
if (idx == -1) {
if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
ret = ltdb_index_add_element(module, msg2->dn, el);
if (ret != LDB_SUCCESS) {
goto done;
}
} else {
/* We cannot add another value on a existing one
if the attribute is single-valued */
if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
el2 = &(msg2->elements[idx]);
/* Check that values don't exist yet on multi-
valued attributes or aren't provided twice */
for (j=0; j<el->num_values; j++) {
if (ldb_msg_find_val(el2, &el->values[j]) != NULL) {
ldb_asprintf_errstring(ldb, "%s: value #%d already exists", el->name, j);
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
ldb_asprintf_errstring(ldb, "%s: value #%d provided more than once", el->name, j);
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
/* Now combine existing and new values to a new
attribute record */
vals = talloc_realloc(msg2->elements,
el2->values, struct ldb_val,
el2->num_values + el->num_values);
if (vals == NULL) {
ldb_oom(ldb);
ret = LDB_ERR_OTHER;
goto done;
}
for (j=0; j<el->num_values; j++) {
vals[el2->num_values + j] =
ldb_val_dup(vals, &el->values[j]);
}
el2->values = vals;
el2->num_values += el->num_values;
ret = ltdb_index_add_element(module, msg2->dn, el);
if (ret != LDB_SUCCESS) {
goto done;
}
}
break;
case LDB_FLAG_MOD_REPLACE:
if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
/* the RELAX control overrides this
check for replace. This is needed as
DRS replication can produce multiple
values here for a single valued
attribute when the values are deleted
links
*/
if (el->num_values > 1 &&
(!req || !ldb_request_get_control(req, LDB_CONTROL_RELAX_OID))) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
/* TODO: This is O(n^2) - replace with more efficient check */
for (j=0; j<el->num_values; j++) {
if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
ldb_asprintf_errstring(ldb, "%s: value #%d provided more than once", el->name, j);
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
idx = find_element(msg2, el->name);
if (idx != -1) {
el2 = &(msg2->elements[idx]);
if (ldb_msg_element_compare(el, el2) == 0) {
/* we are replacing with the same values */
continue;
}
/* Delete the attribute if it exists in the DB */
if (msg_delete_attribute(module, ldb, msg2, el->name) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
}
/* Recreate it with the new values */
if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
ret = ltdb_index_add_element(module, msg2->dn, el);
if (ret != LDB_SUCCESS) {
goto done;
}
break;
case LDB_FLAG_MOD_DELETE:
dn = ldb_dn_get_linearized(msg2->dn);
if (dn == NULL) {
ret = LDB_ERR_OTHER;
goto done;
}
if (msg->elements[i].num_values == 0) {
/* Delete the whole attribute */
if (msg_delete_attribute(module, ldb, msg2,
msg->elements[i].name) != 0) {
ldb_asprintf_errstring(ldb, "No such attribute: %s for delete on %s",
msg->elements[i].name, dn);
ret = LDB_ERR_NO_SUCH_ATTRIBUTE;
goto done;
}
} else {
/* Delete specified values from an attribute */
for (j=0; j < msg->elements[i].num_values; j++) {
if (msg_delete_element(module,
msg2,
msg->elements[i].name,
&msg->elements[i].values[j]) != 0) {
ldb_asprintf_errstring(ldb, "No matching attribute value when deleting attribute: %s on %s",
msg->elements[i].name, dn);
ret = LDB_ERR_NO_SUCH_ATTRIBUTE;
goto done;
}
}
}
break;
default:
ldb_asprintf_errstring(ldb,
"Invalid ldb_modify flags on %s: 0x%x",
msg->elements[i].name,
msg->elements[i].flags & LDB_FLAG_MOD_MASK);
ret = LDB_ERR_PROTOCOL_ERROR;
goto done;
}
}
ret = ltdb_store(module, msg2, TDB_MODIFY);
if (ret != LDB_SUCCESS) {
goto done;
}
ret = ltdb_modified(module, msg2->dn);
if (ret != LDB_SUCCESS) {
goto done;
}
done:
talloc_free(tdb_key.dptr);
return ret;
}
/*
modify a record - internal interface
yuck - this is O(n^2). Luckily n is usually small so we probably
get away with it, but if we ever have really large attribute lists
then we'll need to look at this again
'req' is optional, and is used to specify controls if supplied
*/
int ltdb_modify_internal(struct ldb_module *module,
const struct ldb_message *msg,
struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
TDB_DATA tdb_key, tdb_data;
struct ldb_val ldb_data;
struct ldb_message *msg2;
unsigned int i, j, k;
int ret = LDB_SUCCESS, idx;
struct ldb_control *control_permissive = NULL;
if (req) {
control_permissive = ldb_request_get_control(req,
LDB_CONTROL_PERMISSIVE_MODIFY_OID);
}
tdb_key = ltdb_key(module, msg->dn);
if (!tdb_key.dptr) {
return LDB_ERR_OTHER;
}
tdb_data = tdb_fetch(ltdb->tdb, tdb_key);
if (!tdb_data.dptr) {
talloc_free(tdb_key.dptr);
return ltdb_err_map(tdb_error(ltdb->tdb));
}
msg2 = ldb_msg_new(tdb_key.dptr);
if (msg2 == NULL) {
free(tdb_data.dptr);
ret = LDB_ERR_OTHER;
goto done;
}
ldb_data.data = tdb_data.dptr;
ldb_data.length = tdb_data.dsize;
ret = ldb_unpack_data(ldb_module_get_ctx(module), &ldb_data, msg2);
free(tdb_data.dptr);
if (ret == -1) {
ret = LDB_ERR_OTHER;
goto done;
}
if (!msg2->dn) {
msg2->dn = msg->dn;
}
for (i=0; i<msg->num_elements; i++) {
struct ldb_message_element *el = &msg->elements[i], *el2;
struct ldb_val *vals;
const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
const char *dn;
switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
case LDB_FLAG_MOD_ADD:
if (el->num_values == 0) {
ldb_asprintf_errstring(ldb,
"attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_CONSTRAINT_VIOLATION;
goto done;
}
/* make a copy of the array so that a permissive
* control can remove duplicates without changing the
* original values, but do not copy data as we do not
* need to keep it around once the operation is
* finished */
if (control_permissive) {
el = talloc(msg2, struct ldb_message_element);
if (!el) {
ret = LDB_ERR_OTHER;
goto done;
}
*el = msg->elements[i];
el->values = talloc_array(el, struct ldb_val, el->num_values);
if (el->values == NULL) {
ret = LDB_ERR_OTHER;
goto done;
}
for (j = 0; j < el->num_values; j++) {
el->values[j] = msg->elements[i].values[j];
}
}
if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
/* Checks if element already exists */
idx = find_element(msg2, el->name);
if (idx == -1) {
if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
ret = ltdb_index_add_element(module, msg2->dn,
el);
if (ret != LDB_SUCCESS) {
goto done;
}
} else {
j = (unsigned int) idx;
el2 = &(msg2->elements[j]);
/* We cannot add another value on a existing one
if the attribute is single-valued */
if (ldb_tdb_single_valued(a, el)) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
/* Check that values don't exist yet on multi-
valued attributes or aren't provided twice */
/* TODO: This is O(n^2) - replace with more efficient check */
for (j = 0; j < el->num_values; j++) {
if (ldb_msg_find_val(el2, &el->values[j]) != NULL) {
if (control_permissive) {
/* remove this one as if it was never added */
el->num_values--;
for (k = j; k < el->num_values; k++) {
el->values[k] = el->values[k + 1];
}
j--; /* rewind */
continue;
}
ldb_asprintf_errstring(ldb,
"attribute '%s': value #%u on '%s' already exists",
el->name, j, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
ldb_asprintf_errstring(ldb,
"attribute '%s': value #%u on '%s' provided more than once",
el->name, j, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
/* Now combine existing and new values to a new
attribute record */
vals = talloc_realloc(msg2->elements,
el2->values, struct ldb_val,
el2->num_values + el->num_values);
if (vals == NULL) {
ldb_oom(ldb);
ret = LDB_ERR_OTHER;
goto done;
}
for (j=0; j<el->num_values; j++) {
vals[el2->num_values + j] =
ldb_val_dup(vals, &el->values[j]);
}
el2->values = vals;
el2->num_values += el->num_values;
ret = ltdb_index_add_element(module, msg2->dn, el);
if (ret != LDB_SUCCESS) {
goto done;
}
}
break;
case LDB_FLAG_MOD_REPLACE:
if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
/* TODO: This is O(n^2) - replace with more efficient check */
for (j=0; j<el->num_values; j++) {
if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
ldb_asprintf_errstring(ldb,
"attribute '%s': value #%u on '%s' provided more than once",
el->name, j, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
/* Checks if element already exists */
idx = find_element(msg2, el->name);
if (idx != -1) {
j = (unsigned int) idx;
el2 = &(msg2->elements[j]);
/* we consider two elements to be
* equal only if the order
* matches. This allows dbcheck to
* fix the ordering on attributes
* where order matters, such as
* objectClass
*/
if (ldb_msg_element_equal_ordered(el, el2)) {
continue;
}
/* Delete the attribute if it exists in the DB */
if (msg_delete_attribute(module, ldb, msg2,
el->name) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
}
/* Recreate it with the new values */
if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
ret = ltdb_index_add_element(module, msg2->dn, el);
if (ret != LDB_SUCCESS) {
goto done;
}
break;
case LDB_FLAG_MOD_DELETE:
dn = ldb_dn_get_linearized(msg2->dn);
if (dn == NULL) {
ret = LDB_ERR_OTHER;
goto done;
}
if (msg->elements[i].num_values == 0) {
/* Delete the whole attribute */
ret = msg_delete_attribute(module, ldb, msg2,
msg->elements[i].name);
if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
control_permissive) {
ret = LDB_SUCCESS;
} else {
ldb_asprintf_errstring(ldb,
"attribute '%s': no such attribute for delete on '%s'",
msg->elements[i].name, dn);
}
if (ret != LDB_SUCCESS) {
goto done;
}
} else {
/* Delete specified values from an attribute */
for (j=0; j < msg->elements[i].num_values; j++) {
ret = msg_delete_element(module,
msg2,
msg->elements[i].name,
&msg->elements[i].values[j]);
if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
control_permissive) {
ret = LDB_SUCCESS;
} else {
ldb_asprintf_errstring(ldb,
"attribute '%s': no matching attribute value while deleting attribute on '%s'",
msg->elements[i].name, dn);
}
if (ret != LDB_SUCCESS) {
goto done;
}
}
}
break;
default:
ldb_asprintf_errstring(ldb,
"attribute '%s': invalid modify flags on '%s': 0x%x",
msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
msg->elements[i].flags & LDB_FLAG_MOD_MASK);
ret = LDB_ERR_PROTOCOL_ERROR;
goto done;
}
}
ret = ltdb_store(module, msg2, TDB_MODIFY);
if (ret != LDB_SUCCESS) {
goto done;
}
ret = ltdb_modified(module, msg2->dn);
if (ret != LDB_SUCCESS) {
goto done;
}
done:
talloc_free(tdb_key.dptr);
return ret;
}
/*
register any special handlers from @ATTRIBUTES
*/
static int ltdb_attributes_load(struct ldb_module *module)
{
struct ldb_context *ldb;
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
struct ldb_message *msg = ltdb->cache->attributes;
struct ldb_dn *dn;
unsigned int i;
int r;
ldb = ldb_module_get_ctx(module);
if (ldb->schema.attribute_handler_override) {
/* we skip loading the @ATTRIBUTES record when a module is supplying
its own attribute handling */
return 0;
}
dn = ldb_dn_new(module, ldb, LTDB_ATTRIBUTES);
if (dn == NULL) goto failed;
r = ltdb_search_dn1(module, dn, msg);
talloc_free(dn);
if (r != LDB_SUCCESS && r != LDB_ERR_NO_SUCH_OBJECT) {
goto failed;
}
if (r == LDB_ERR_NO_SUCH_OBJECT) {
return 0;
}
/* mapping these flags onto ldap 'syntaxes' isn't strictly correct,
but its close enough for now */
for (i=0;i<msg->num_elements;i++) {
unsigned flags;
const char *syntax;
const struct ldb_schema_syntax *s;
if (ltdb_attributes_flags(&msg->elements[i], &flags) != 0) {
ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid @ATTRIBUTES element for '%s'", msg->elements[i].name);
goto failed;
}
switch (flags & ~LTDB_FLAG_HIDDEN) {
case 0:
syntax = LDB_SYNTAX_OCTET_STRING;
break;
case LTDB_FLAG_CASE_INSENSITIVE:
syntax = LDB_SYNTAX_DIRECTORY_STRING;
break;
case LTDB_FLAG_INTEGER:
syntax = LDB_SYNTAX_INTEGER;
break;
default:
ldb_debug(ldb, LDB_DEBUG_ERROR,
"Invalid flag combination 0x%x for '%s' in @ATTRIBUTES",
flags, msg->elements[i].name);
goto failed;
}
s = ldb_standard_syntax_by_name(ldb, syntax);
if (s == NULL) {
ldb_debug(ldb, LDB_DEBUG_ERROR,
"Invalid attribute syntax '%s' for '%s' in @ATTRIBUTES",
syntax, msg->elements[i].name);
goto failed;
}
flags |= LDB_ATTR_FLAG_ALLOCATED;
if (ldb_schema_attribute_add_with_syntax(ldb, msg->elements[i].name, flags, s) != 0) {
goto failed;
}
}
return 0;
failed:
return -1;
}
/*
rename a record
*/
static int ltdb_rename(struct ltdb_context *ctx)
{
struct ldb_module *module = ctx->module;
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
struct ldb_request *req = ctx->req;
struct ldb_message *msg;
int ret = LDB_SUCCESS;
TDB_DATA tdb_key, tdb_key_old;
ldb_request_set_state(req, LDB_ASYNC_PENDING);
if (ltdb_cache_load(ctx->module) != 0) {
return LDB_ERR_OPERATIONS_ERROR;
}
msg = ldb_msg_new(ctx);
if (msg == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
/* we need to fetch the old record to re-add under the new name */
ret = ltdb_search_dn1(module, req->op.rename.olddn, msg);
if (ret != LDB_SUCCESS) {
/* not finding the old record is an error */
return ret;
}
/* We need to, before changing the DB, check if the new DN
* exists, so we can return this error to the caller with an
* unmodified DB */
tdb_key = ltdb_key(module, req->op.rename.newdn);
if (!tdb_key.dptr) {
talloc_free(msg);
return LDB_ERR_OPERATIONS_ERROR;
}
tdb_key_old = ltdb_key(module, req->op.rename.olddn);
if (!tdb_key_old.dptr) {
talloc_free(msg);
talloc_free(tdb_key.dptr);
return LDB_ERR_OPERATIONS_ERROR;
}
/* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
if (tdb_key_old.dsize != tdb_key.dsize || memcmp(tdb_key.dptr, tdb_key_old.dptr, tdb_key.dsize) != 0) {
if (tdb_exists(ltdb->tdb, tdb_key)) {
talloc_free(tdb_key_old.dptr);
talloc_free(tdb_key.dptr);
ldb_asprintf_errstring(ldb_module_get_ctx(module),
"Entry %s already exists",
ldb_dn_get_linearized(msg->dn));
/* finding the new record already in the DB is an error */
talloc_free(msg);
return LDB_ERR_ENTRY_ALREADY_EXISTS;
}
}
talloc_free(tdb_key_old.dptr);
talloc_free(tdb_key.dptr);
/* Always delete first then add, to avoid conflicts with
* unique indexes. We rely on the transaction to make this
* atomic
*/
ret = ltdb_delete_internal(module, msg->dn);
if (ret != LDB_SUCCESS) {
talloc_free(msg);
return ret;
}
msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
if (msg->dn == NULL) {
talloc_free(msg);
return LDB_ERR_OPERATIONS_ERROR;
}
/* We don't check single value as we can have more than 1 with
* deleted attributes. We could go through all elements but that's
* maybe not the most efficient way
*/
ret = ltdb_add_internal(module, msg, false);
talloc_free(msg);
return ret;
}
