Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : LDB wrap functions
5 :
6 : Copyright (C) Andrew Tridgell 2004-2009
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : /*
23 : the stupidity of the unix fcntl locking design forces us to never
24 : allow a database file to be opened twice in the same process. These
25 : wrappers provide convenient access to a tdb or ldb, taking advantage
26 : of talloc destructors to ensure that only a single open is done
27 : */
28 :
29 : #include "includes.h"
30 : #include "lib/events/events.h"
31 : #include <ldb.h>
32 : #include <ldb_errors.h>
33 : #include "lib/ldb-samba/ldif_handlers.h"
34 : #include "ldb_wrap.h"
35 : #include "dsdb/samdb/samdb.h"
36 : #include "dsdb/common/util.h"
37 : #include "param/param.h"
38 : #include "../lib/util/dlinklist.h"
39 : #include "lib/util/util_paths.h"
40 : #include <tdb.h>
41 : #include <unistd.h>
42 :
43 : #undef DBGC_CLASS
44 : #define DBGC_CLASS DBGC_LDB
45 :
46 : /*
47 : this is used to catch debug messages from ldb
48 : */
49 : static void ldb_wrap_debug(void *context, enum ldb_debug_level level,
50 : const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0);
51 :
52 512637749 : static void ldb_wrap_debug(void *context, enum ldb_debug_level level,
53 : const char *fmt, va_list ap)
54 : {
55 512637749 : int samba_level = -1;
56 512637749 : switch (level) {
57 0 : case LDB_DEBUG_FATAL:
58 0 : samba_level = DBGLVL_ERR;
59 0 : break;
60 2056 : case LDB_DEBUG_ERROR:
61 2056 : samba_level = DBGLVL_WARNING;
62 2056 : break;
63 2239 : case LDB_DEBUG_WARNING:
64 2239 : samba_level = DBGLVL_NOTICE;
65 2239 : break;
66 504834932 : case LDB_DEBUG_TRACE:
67 504834932 : samba_level = DBGLVL_DEBUG + 1;
68 504834932 : break;
69 :
70 : };
71 512637749 : if (CHECK_DEBUGLVL(samba_level)) {
72 1645 : char *s = NULL;
73 7 : int ret;
74 :
75 1645 : ret = vasprintf(&s, fmt, ap);
76 1645 : if (ret == -1) {
77 0 : return;
78 : }
79 1645 : DEBUG(samba_level, ("ldb: %s\n", s));
80 1645 : free(s);
81 : }
82 : }
83 :
84 :
85 : /*
86 : connecting to a ldb can be a relatively expensive operation because
87 : of the schema and partition loads. We keep a list of open ldb
88 : contexts here, and try to re-use when possible.
89 :
90 : This means callers of ldb_wrap_connect() must use talloc_unlink() or
91 : the free of a parent to destroy the context
92 : */
93 : static struct ldb_wrap {
94 : struct ldb_wrap *next, *prev;
95 : struct ldb_wrap_context {
96 : /* the context is what we use to tell if two ldb
97 : * connections are exactly equivalent
98 : */
99 : pid_t pid; /* We want to re-open in a new PID due to
100 : * the LMDB backend */
101 : const char *url;
102 : struct tevent_context *ev;
103 : struct loadparm_context *lp_ctx;
104 : struct auth_session_info *session_info;
105 : struct cli_credentials *credentials;
106 : unsigned int flags;
107 : } context;
108 : struct ldb_context *ldb;
109 : } *ldb_wrap_list;
110 :
111 : /*
112 : free a ldb_wrap structure
113 : */
114 123469 : static int ldb_wrap_destructor(struct ldb_wrap *w)
115 : {
116 123469 : DLIST_REMOVE(ldb_wrap_list, w);
117 123469 : return 0;
118 : }
119 :
120 : /*
121 : * The casefolder for s4's LDB databases - Unicode-safe
122 : */
123 693257214 : char *wrap_casefold(void *context, void *mem_ctx, const char *s, size_t n)
124 : {
125 693257214 : return strupper_talloc_n(mem_ctx, s, n);
126 : }
127 :
128 :
129 302900 : struct ldb_context *samba_ldb_init(TALLOC_CTX *mem_ctx,
130 : struct tevent_context *ev,
131 : struct loadparm_context *lp_ctx,
132 : struct auth_session_info *session_info,
133 : struct cli_credentials *credentials)
134 : {
135 10629 : struct ldb_context *ldb;
136 10629 : int ret;
137 :
138 302900 : ldb = ldb_init(mem_ctx, ev);
139 302900 : if (ldb == NULL) {
140 0 : return NULL;
141 : }
142 :
143 302900 : ldb_set_modules_dir(ldb, modules_path(ldb, "ldb"));
144 :
145 302900 : ldb_set_debug(ldb, ldb_wrap_debug, NULL);
146 :
147 302900 : ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
148 :
149 302900 : if (session_info) {
150 184836 : if (ldb_set_opaque(ldb, DSDB_SESSION_INFO, session_info)) {
151 0 : talloc_free(ldb);
152 0 : return NULL;
153 : }
154 : }
155 :
156 302900 : if (credentials) {
157 821 : if (ldb_set_opaque(ldb, "credentials", credentials)) {
158 0 : talloc_free(ldb);
159 0 : return NULL;
160 : }
161 : }
162 :
163 302900 : if (ldb_set_opaque(ldb, "loadparm", lp_ctx)) {
164 0 : talloc_free(ldb);
165 0 : return NULL;
166 : }
167 :
168 : /* This must be done before we load the schema, as these
169 : * handlers for objectSid and objectGUID etc must take
170 : * precedence over the 'binary attribute' declaration in the
171 : * schema */
172 302900 : ret = ldb_register_samba_handlers(ldb);
173 302900 : if (ret != LDB_SUCCESS) {
174 0 : talloc_free(ldb);
175 0 : return NULL;
176 : }
177 :
178 : /* we usually want Samba databases to be private. If we later
179 : find we need one public, we will need to add a parameter to
180 : ldb_wrap_connect() */
181 302900 : ldb_set_create_perms(ldb, 0600);
182 :
183 302900 : return ldb;
184 : }
185 :
186 182693 : struct ldb_context *ldb_wrap_find(const char *url,
187 : struct tevent_context *ev,
188 : struct loadparm_context *lp_ctx,
189 : struct auth_session_info *session_info,
190 : struct cli_credentials *credentials,
191 : unsigned int flags)
192 : {
193 182693 : pid_t pid = getpid();
194 6767 : struct ldb_wrap *w;
195 : /* see if we can re-use an existing ldb */
196 352298 : for (w=ldb_wrap_list; w; w=w->next) {
197 250393 : if (w->context.pid == pid &&
198 141845 : w->context.ev == ev &&
199 81020 : w->context.lp_ctx == lp_ctx &&
200 81020 : w->context.session_info == session_info &&
201 80940 : w->context.credentials == credentials &&
202 80940 : w->context.flags == flags &&
203 80940 : (w->context.url == url || strcmp(w->context.url, url) == 0))
204 80788 : return w->ldb;
205 : }
206 :
207 97636 : return NULL;
208 : }
209 :
210 302888 : int samba_ldb_connect(struct ldb_context *ldb, struct loadparm_context *lp_ctx,
211 : const char *url, unsigned int flags)
212 : {
213 10617 : int ret;
214 302888 : char *real_url = NULL;
215 :
216 : /* allow admins to force non-sync ldb for all databases */
217 302888 : if (lpcfg_parm_bool(lp_ctx, NULL, "ldb", "nosync", false)) {
218 302744 : flags |= LDB_FLG_NOSYNC;
219 : }
220 :
221 302888 : if (DEBUGLVL(10)) {
222 0 : flags |= LDB_FLG_ENABLE_TRACING;
223 : }
224 :
225 302888 : real_url = lpcfg_private_path(ldb, lp_ctx, url);
226 302888 : if (real_url == NULL) {
227 0 : return LDB_ERR_OPERATIONS_ERROR;
228 : }
229 :
230 302888 : ret = ldb_connect(ldb, real_url, flags, NULL);
231 :
232 302888 : if (ret != LDB_SUCCESS) {
233 1013 : return ret;
234 : }
235 :
236 : /* setup for leak detection */
237 301873 : ldb_set_opaque(ldb, "wrap_url", real_url);
238 :
239 301873 : return LDB_SUCCESS;
240 : }
241 :
242 101885 : bool ldb_wrap_add(const char *url, struct tevent_context *ev,
243 : struct loadparm_context *lp_ctx,
244 : struct auth_session_info *session_info,
245 : struct cli_credentials *credentials,
246 : unsigned int flags,
247 : struct ldb_context *ldb)
248 : {
249 4269 : struct ldb_wrap *w;
250 4269 : struct ldb_wrap_context c;
251 :
252 : /* add to the list of open ldb contexts */
253 101885 : w = talloc(ldb, struct ldb_wrap);
254 101885 : if (w == NULL) {
255 0 : return false;
256 : }
257 :
258 101885 : c.pid = getpid();
259 101885 : c.url = url;
260 101885 : c.ev = ev;
261 101885 : c.lp_ctx = lp_ctx;
262 101885 : c.session_info = session_info;
263 101885 : c.credentials = credentials;
264 101885 : c.flags = flags;
265 :
266 101885 : w->context = c;
267 101885 : w->context.url = talloc_strdup(w, url);
268 101885 : if (w->context.url == NULL) {
269 0 : return false;
270 : }
271 :
272 101885 : if (session_info) {
273 : /* take a reference to the session_info, as it is
274 : * possible for the ldb to live longer than the
275 : * session_info. This happens when a DRS DsBind call
276 : * reuses a handle, but the original connection is
277 : * shutdown. The token for the new connection is still
278 : * valid, so we need the session_info to remain valid for
279 : * ldb modules to use
280 : */
281 101885 : if (talloc_reference(w, session_info) == NULL) {
282 0 : return false;
283 : }
284 : }
285 :
286 101885 : w->ldb = ldb;
287 :
288 101885 : DLIST_ADD(ldb_wrap_list, w);
289 :
290 101885 : talloc_set_destructor(w, ldb_wrap_destructor);
291 :
292 101885 : return true;
293 : }
294 :
295 :
296 : /*
297 : wrapped connection to a ldb database
298 : to close just talloc_free() the returned ldb_context
299 :
300 : TODO: We need an error_string parameter
301 : */
302 129519 : struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
303 : struct tevent_context *ev,
304 : struct loadparm_context *lp_ctx,
305 : const char *url,
306 : struct auth_session_info *session_info,
307 : struct cli_credentials *credentials,
308 : unsigned int flags)
309 : {
310 4830 : struct ldb_context *ldb;
311 4830 : int ret;
312 :
313 : /*
314 : * Unlike samdb_connect_url() do not try and cache the LDB
315 : * handle, get a new one each time. Only sam.ldb is
316 : * punitively expensive to open and helpful caches like this
317 : * cause challenges (such as if the value for 'private dir'
318 : * changes).
319 : */
320 :
321 129519 : ldb = samba_ldb_init(mem_ctx, ev, lp_ctx, session_info, credentials);
322 :
323 129519 : if (ldb == NULL)
324 0 : return NULL;
325 :
326 129519 : ret = samba_ldb_connect(ldb, lp_ctx, url, flags);
327 129519 : if (ret != LDB_SUCCESS) {
328 995 : talloc_free(ldb);
329 995 : return NULL;
330 : }
331 :
332 128524 : DEBUG(3,("ldb_wrap open of %s\n", url));
333 :
334 123696 : return ldb;
335 : }
336 :
337 : /*
338 : call tdb_reopen_all() in case there is a TDB open so we are
339 : not blocked from re-opening it inside ldb_tdb.
340 : */
341 16563 : void ldb_wrap_fork_hook(void)
342 : {
343 16563 : if (tdb_reopen_all(1) != 0) {
344 0 : smb_panic("tdb_reopen_all failed\n");
345 : }
346 16563 : }
347 :
348 1298953 : char *ldb_relative_path(struct ldb_context *ldb,
349 : TALLOC_CTX *mem_ctx,
350 : const char *name)
351 : {
352 44617 : const char *base_url =
353 1298953 : (const char *)ldb_get_opaque(ldb, "ldb_url");
354 44617 : char *path, *p, *full_name;
355 1298953 : if (name == NULL) {
356 0 : return NULL;
357 : }
358 1298953 : if (strncmp("tdb://", base_url, 6) == 0) {
359 48203 : base_url = base_url+6;
360 1250750 : } else if (strncmp("mdb://", base_url, 6) == 0) {
361 0 : base_url = base_url+6;
362 1250750 : } else if (strncmp("ldb://", base_url, 6) == 0) {
363 364 : base_url = base_url+6;
364 : }
365 1298953 : path = talloc_strdup(mem_ctx, base_url);
366 1298953 : if (path == NULL) {
367 0 : return NULL;
368 : }
369 1298953 : if ( (p = strrchr(path, '/')) != NULL) {
370 1298953 : p[0] = '\0';
371 1298953 : full_name = talloc_asprintf(mem_ctx, "%s/%s", path, name);
372 : } else {
373 0 : full_name = talloc_asprintf(mem_ctx, "./%s", name);
374 : }
375 1298953 : talloc_free(path);
376 1298953 : return full_name;
377 : }
|