/*
store a record into the db
*/
int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
TDB_DATA tdb_key, tdb_data;
struct ldb_val ldb_data;
int ret = LDB_SUCCESS;
tdb_key = ltdb_key(module, msg->dn);
if (tdb_key.dptr == NULL) {
return LDB_ERR_OTHER;
}
ret = ldb_pack_data(ldb_module_get_ctx(module),
msg, &ldb_data);
if (ret == -1) {
talloc_free(tdb_key.dptr);
return LDB_ERR_OTHER;
}
tdb_data.dptr = ldb_data.data;
tdb_data.dsize = ldb_data.length;
ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
if (ret != 0) {
ret = ltdb_err_map(tdb_error(ltdb->tdb));
goto done;
}
done:
talloc_free(tdb_key.dptr);
talloc_free(ldb_data.data);
return ret;
}
/*
store a record into the db
*/
int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
TDB_DATA tdb_key, tdb_data;
int ret;
tdb_key = ltdb_key(module, msg->dn);
if (!tdb_key.dptr) {
return LDB_ERR_OTHER;
}
ret = ltdb_pack_data(module, msg, &tdb_data);
if (ret == -1) {
talloc_free(tdb_key.dptr);
return LDB_ERR_OTHER;
}
ret = tdb_store(ltdb->tdb, tdb_key, tdb_data, flgs);
if (ret == -1) {
ret = ltdb_err_map(tdb_error(ltdb->tdb));
goto done;
}
ret = ltdb_index_add(module, msg);
if (ret != LDB_SUCCESS) {
tdb_delete(ltdb->tdb, tdb_key);
}
done:
talloc_free(tdb_key.dptr);
talloc_free(tdb_data.dptr);
return ret;
}
/*
delete a record from the database, not updating indexes (used for deleting
index records)
*/
int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn)
{
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
TDB_DATA tdb_key;
int ret;
tdb_key = ltdb_key(module, dn);
if (!tdb_key.dptr) {
return LDB_ERR_OTHER;
}
ret = tdb_delete(ltdb->tdb, tdb_key);
talloc_free(tdb_key.dptr);
if (ret != 0) {
ret = ltdb_err_map(tdb_error(ltdb->tdb));
}
return ret;
}
/*
modify a record - internal interface
yuck - this is O(n^2). Luckily n is usually small so we probably
get away with it, but if we ever have really large attribute lists
then we'll need to look at this again
'req' is optional, and is used to specify controls if supplied
*/
int ltdb_modify_internal(struct ldb_module *module,
const struct ldb_message *msg,
struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
TDB_DATA tdb_key, tdb_data;
struct ldb_val ldb_data;
struct ldb_message *msg2;
unsigned int i, j, k;
int ret = LDB_SUCCESS, idx;
struct ldb_control *control_permissive = NULL;
if (req) {
control_permissive = ldb_request_get_control(req,
LDB_CONTROL_PERMISSIVE_MODIFY_OID);
}
tdb_key = ltdb_key(module, msg->dn);
if (!tdb_key.dptr) {
return LDB_ERR_OTHER;
}
tdb_data = tdb_fetch(ltdb->tdb, tdb_key);
if (!tdb_data.dptr) {
talloc_free(tdb_key.dptr);
return ltdb_err_map(tdb_error(ltdb->tdb));
}
msg2 = ldb_msg_new(tdb_key.dptr);
if (msg2 == NULL) {
free(tdb_data.dptr);
ret = LDB_ERR_OTHER;
goto done;
}
ldb_data.data = tdb_data.dptr;
ldb_data.length = tdb_data.dsize;
ret = ldb_unpack_data(ldb_module_get_ctx(module), &ldb_data, msg2);
free(tdb_data.dptr);
if (ret == -1) {
ret = LDB_ERR_OTHER;
goto done;
}
if (!msg2->dn) {
msg2->dn = msg->dn;
}
for (i=0; i<msg->num_elements; i++) {
struct ldb_message_element *el = &msg->elements[i], *el2;
struct ldb_val *vals;
const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
const char *dn;
switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
case LDB_FLAG_MOD_ADD:
if (el->num_values == 0) {
ldb_asprintf_errstring(ldb,
"attribute '%s': attribute on '%s' specified, but with 0 values (illegal)",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_CONSTRAINT_VIOLATION;
goto done;
}
/* make a copy of the array so that a permissive
* control can remove duplicates without changing the
* original values, but do not copy data as we do not
* need to keep it around once the operation is
* finished */
if (control_permissive) {
el = talloc(msg2, struct ldb_message_element);
if (!el) {
ret = LDB_ERR_OTHER;
goto done;
}
*el = msg->elements[i];
el->values = talloc_array(el, struct ldb_val, el->num_values);
if (el->values == NULL) {
ret = LDB_ERR_OTHER;
goto done;
}
for (j = 0; j < el->num_values; j++) {
el->values[j] = msg->elements[i].values[j];
}
}
if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
/* Checks if element already exists */
idx = find_element(msg2, el->name);
if (idx == -1) {
if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
ret = ltdb_index_add_element(module, msg2->dn,
el);
if (ret != LDB_SUCCESS) {
goto done;
}
} else {
j = (unsigned int) idx;
el2 = &(msg2->elements[j]);
/* We cannot add another value on a existing one
if the attribute is single-valued */
if (ldb_tdb_single_valued(a, el)) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
/* Check that values don't exist yet on multi-
valued attributes or aren't provided twice */
/* TODO: This is O(n^2) - replace with more efficient check */
for (j = 0; j < el->num_values; j++) {
if (ldb_msg_find_val(el2, &el->values[j]) != NULL) {
if (control_permissive) {
/* remove this one as if it was never added */
el->num_values--;
for (k = j; k < el->num_values; k++) {
el->values[k] = el->values[k + 1];
}
j--; /* rewind */
continue;
}
ldb_asprintf_errstring(ldb,
"attribute '%s': value #%u on '%s' already exists",
el->name, j, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
ldb_asprintf_errstring(ldb,
"attribute '%s': value #%u on '%s' provided more than once",
el->name, j, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
/* Now combine existing and new values to a new
attribute record */
vals = talloc_realloc(msg2->elements,
el2->values, struct ldb_val,
el2->num_values + el->num_values);
if (vals == NULL) {
ldb_oom(ldb);
ret = LDB_ERR_OTHER;
goto done;
}
for (j=0; j<el->num_values; j++) {
vals[el2->num_values + j] =
ldb_val_dup(vals, &el->values[j]);
}
el2->values = vals;
el2->num_values += el->num_values;
ret = ltdb_index_add_element(module, msg2->dn, el);
if (ret != LDB_SUCCESS) {
goto done;
}
}
break;
case LDB_FLAG_MOD_REPLACE:
if (el->num_values > 1 && ldb_tdb_single_valued(a, el)) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
/* TODO: This is O(n^2) - replace with more efficient check */
for (j=0; j<el->num_values; j++) {
if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
ldb_asprintf_errstring(ldb,
"attribute '%s': value #%u on '%s' provided more than once",
el->name, j, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
/* Checks if element already exists */
idx = find_element(msg2, el->name);
if (idx != -1) {
j = (unsigned int) idx;
el2 = &(msg2->elements[j]);
/* we consider two elements to be
* equal only if the order
* matches. This allows dbcheck to
* fix the ordering on attributes
* where order matters, such as
* objectClass
*/
if (ldb_msg_element_equal_ordered(el, el2)) {
continue;
}
/* Delete the attribute if it exists in the DB */
if (msg_delete_attribute(module, ldb, msg2,
el->name) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
}
/* Recreate it with the new values */
if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
ret = ltdb_index_add_element(module, msg2->dn, el);
if (ret != LDB_SUCCESS) {
goto done;
}
break;
case LDB_FLAG_MOD_DELETE:
dn = ldb_dn_get_linearized(msg2->dn);
if (dn == NULL) {
ret = LDB_ERR_OTHER;
goto done;
}
if (msg->elements[i].num_values == 0) {
/* Delete the whole attribute */
ret = msg_delete_attribute(module, ldb, msg2,
msg->elements[i].name);
if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
control_permissive) {
ret = LDB_SUCCESS;
} else {
ldb_asprintf_errstring(ldb,
"attribute '%s': no such attribute for delete on '%s'",
msg->elements[i].name, dn);
}
if (ret != LDB_SUCCESS) {
goto done;
}
} else {
/* Delete specified values from an attribute */
for (j=0; j < msg->elements[i].num_values; j++) {
ret = msg_delete_element(module,
msg2,
msg->elements[i].name,
&msg->elements[i].values[j]);
if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE &&
control_permissive) {
ret = LDB_SUCCESS;
} else {
ldb_asprintf_errstring(ldb,
"attribute '%s': no matching attribute value while deleting attribute on '%s'",
msg->elements[i].name, dn);
}
if (ret != LDB_SUCCESS) {
goto done;
}
}
}
break;
default:
ldb_asprintf_errstring(ldb,
"attribute '%s': invalid modify flags on '%s': 0x%x",
msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
msg->elements[i].flags & LDB_FLAG_MOD_MASK);
ret = LDB_ERR_PROTOCOL_ERROR;
goto done;
}
}
ret = ltdb_store(module, msg2, TDB_MODIFY);
if (ret != LDB_SUCCESS) {
goto done;
}
ret = ltdb_modified(module, msg2->dn);
if (ret != LDB_SUCCESS) {
goto done;
}
done:
talloc_free(tdb_key.dptr);
return ret;
}
/*
rename a record
*/
static int ltdb_rename(struct ltdb_context *ctx)
{
struct ldb_module *module = ctx->module;
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
struct ldb_request *req = ctx->req;
struct ldb_message *msg;
int ret = LDB_SUCCESS;
TDB_DATA tdb_key, tdb_key_old;
ldb_request_set_state(req, LDB_ASYNC_PENDING);
if (ltdb_cache_load(ctx->module) != 0) {
return LDB_ERR_OPERATIONS_ERROR;
}
msg = ldb_msg_new(ctx);
if (msg == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
/* we need to fetch the old record to re-add under the new name */
ret = ltdb_search_dn1(module, req->op.rename.olddn, msg);
if (ret != LDB_SUCCESS) {
/* not finding the old record is an error */
return ret;
}
/* We need to, before changing the DB, check if the new DN
* exists, so we can return this error to the caller with an
* unmodified DB */
tdb_key = ltdb_key(module, req->op.rename.newdn);
if (!tdb_key.dptr) {
talloc_free(msg);
return LDB_ERR_OPERATIONS_ERROR;
}
tdb_key_old = ltdb_key(module, req->op.rename.olddn);
if (!tdb_key_old.dptr) {
talloc_free(msg);
talloc_free(tdb_key.dptr);
return LDB_ERR_OPERATIONS_ERROR;
}
/* Only declare a conflict if the new DN already exists, and it isn't a case change on the old DN */
if (tdb_key_old.dsize != tdb_key.dsize || memcmp(tdb_key.dptr, tdb_key_old.dptr, tdb_key.dsize) != 0) {
if (tdb_exists(ltdb->tdb, tdb_key)) {
talloc_free(tdb_key_old.dptr);
talloc_free(tdb_key.dptr);
ldb_asprintf_errstring(ldb_module_get_ctx(module),
"Entry %s already exists",
ldb_dn_get_linearized(msg->dn));
/* finding the new record already in the DB is an error */
talloc_free(msg);
return LDB_ERR_ENTRY_ALREADY_EXISTS;
}
}
talloc_free(tdb_key_old.dptr);
talloc_free(tdb_key.dptr);
/* Always delete first then add, to avoid conflicts with
* unique indexes. We rely on the transaction to make this
* atomic
*/
ret = ltdb_delete_internal(module, msg->dn);
if (ret != LDB_SUCCESS) {
talloc_free(msg);
return ret;
}
msg->dn = ldb_dn_copy(msg, req->op.rename.newdn);
if (msg->dn == NULL) {
talloc_free(msg);
return LDB_ERR_OPERATIONS_ERROR;
}
/* We don't check single value as we can have more than 1 with
* deleted attributes. We could go through all elements but that's
* maybe not the most efficient way
*/
ret = ltdb_add_internal(module, msg, false);
talloc_free(msg);
return ret;
}
/*
modify a record - internal interface
yuck - this is O(n^2). Luckily n is usually small so we probably
get away with it, but if we ever have really large attribute lists
then we'll need to look at this again
'req' is optional, and is used to specify controls if supplied
*/
int ltdb_modify_internal(struct ldb_module *module,
const struct ldb_message *msg,
struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
void *data = ldb_module_get_private(module);
struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private);
TDB_DATA tdb_key, tdb_data;
struct ldb_message *msg2;
unsigned i, j;
int ret = LDB_SUCCESS, idx;
tdb_key = ltdb_key(module, msg->dn);
if (!tdb_key.dptr) {
return LDB_ERR_OTHER;
}
tdb_data = tdb_fetch(ltdb->tdb, tdb_key);
if (!tdb_data.dptr) {
talloc_free(tdb_key.dptr);
return ltdb_err_map(tdb_error(ltdb->tdb));
}
msg2 = talloc(tdb_key.dptr, struct ldb_message);
if (msg2 == NULL) {
free(tdb_data.dptr);
ret = LDB_ERR_OTHER;
goto done;
}
ret = ltdb_unpack_data(module, &tdb_data, msg2);
free(tdb_data.dptr);
if (ret == -1) {
ret = LDB_ERR_OTHER;
goto done;
}
if (!msg2->dn) {
msg2->dn = msg->dn;
}
for (i=0; i<msg->num_elements; i++) {
struct ldb_message_element *el = &msg->elements[i], *el2;
struct ldb_val *vals;
const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
const char *dn;
if (ldb_attr_cmp(el->name, "distinguishedName") == 0) {
ldb_asprintf_errstring(ldb, "it is not permitted to perform a modify on 'distinguishedName' (use rename instead): %s",
ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_CONSTRAINT_VIOLATION;
goto done;
}
switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
case LDB_FLAG_MOD_ADD:
if (el->num_values == 0) {
ldb_asprintf_errstring(ldb, "attribute %s on %s specified, but with 0 values (illigal)",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_CONSTRAINT_VIOLATION;
goto done;
}
if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
if (el->num_values > 1) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
/* Checks if element already exists */
idx = find_element(msg2, el->name);
if (idx == -1) {
if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
ret = ltdb_index_add_element(module, msg2->dn, el);
if (ret != LDB_SUCCESS) {
goto done;
}
} else {
/* We cannot add another value on a existing one
if the attribute is single-valued */
if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
el2 = &(msg2->elements[idx]);
/* Check that values don't exist yet on multi-
valued attributes or aren't provided twice */
for (j=0; j<el->num_values; j++) {
if (ldb_msg_find_val(el2, &el->values[j]) != NULL) {
ldb_asprintf_errstring(ldb, "%s: value #%d already exists", el->name, j);
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
ldb_asprintf_errstring(ldb, "%s: value #%d provided more than once", el->name, j);
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
/* Now combine existing and new values to a new
attribute record */
vals = talloc_realloc(msg2->elements,
el2->values, struct ldb_val,
el2->num_values + el->num_values);
if (vals == NULL) {
ldb_oom(ldb);
ret = LDB_ERR_OTHER;
goto done;
}
for (j=0; j<el->num_values; j++) {
vals[el2->num_values + j] =
ldb_val_dup(vals, &el->values[j]);
}
el2->values = vals;
el2->num_values += el->num_values;
ret = ltdb_index_add_element(module, msg2->dn, el);
if (ret != LDB_SUCCESS) {
goto done;
}
}
break;
case LDB_FLAG_MOD_REPLACE:
if (a && a->flags & LDB_ATTR_FLAG_SINGLE_VALUE) {
/* the RELAX control overrides this
check for replace. This is needed as
DRS replication can produce multiple
values here for a single valued
attribute when the values are deleted
links
*/
if (el->num_values > 1 &&
(!req || !ldb_request_get_control(req, LDB_CONTROL_RELAX_OID))) {
ldb_asprintf_errstring(ldb, "SINGLE-VALUE attribute %s on %s specified more than once",
el->name, ldb_dn_get_linearized(msg2->dn));
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
/* TODO: This is O(n^2) - replace with more efficient check */
for (j=0; j<el->num_values; j++) {
if (ldb_msg_find_val(el, &el->values[j]) != &el->values[j]) {
ldb_asprintf_errstring(ldb, "%s: value #%d provided more than once", el->name, j);
ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
goto done;
}
}
idx = find_element(msg2, el->name);
if (idx != -1) {
el2 = &(msg2->elements[idx]);
if (ldb_msg_element_compare(el, el2) == 0) {
/* we are replacing with the same values */
continue;
}
/* Delete the attribute if it exists in the DB */
if (msg_delete_attribute(module, ldb, msg2, el->name) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
}
/* Recreate it with the new values */
if (ltdb_msg_add_element(ldb, msg2, el) != 0) {
ret = LDB_ERR_OTHER;
goto done;
}
ret = ltdb_index_add_element(module, msg2->dn, el);
if (ret != LDB_SUCCESS) {
goto done;
}
break;
case LDB_FLAG_MOD_DELETE:
dn = ldb_dn_get_linearized(msg2->dn);
if (dn == NULL) {
ret = LDB_ERR_OTHER;
goto done;
}
if (msg->elements[i].num_values == 0) {
/* Delete the whole attribute */
if (msg_delete_attribute(module, ldb, msg2,
msg->elements[i].name) != 0) {
ldb_asprintf_errstring(ldb, "No such attribute: %s for delete on %s",
msg->elements[i].name, dn);
ret = LDB_ERR_NO_SUCH_ATTRIBUTE;
goto done;
}
} else {
/* Delete specified values from an attribute */
for (j=0; j < msg->elements[i].num_values; j++) {
if (msg_delete_element(module,
msg2,
msg->elements[i].name,
&msg->elements[i].values[j]) != 0) {
ldb_asprintf_errstring(ldb, "No matching attribute value when deleting attribute: %s on %s",
msg->elements[i].name, dn);
ret = LDB_ERR_NO_SUCH_ATTRIBUTE;
goto done;
}
}
}
break;
default:
ldb_asprintf_errstring(ldb,
"Invalid ldb_modify flags on %s: 0x%x",
msg->elements[i].name,
msg->elements[i].flags & LDB_FLAG_MOD_MASK);
ret = LDB_ERR_PROTOCOL_ERROR;
goto done;
}
}
ret = ltdb_store(module, msg2, TDB_MODIFY);
if (ret != LDB_SUCCESS) {
goto done;
}
ret = ltdb_modified(module, msg2->dn);
if (ret != LDB_SUCCESS) {
goto done;
}
done:
talloc_free(tdb_key.dptr);
return ret;
}
