summaryrefslogtreecommitdiffstats
path: root/lib/ldb-samba/ldb_wrap.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
commit4f5791ebd03eaec1c7da0865a383175b05102712 (patch)
tree8ce7b00f7a76baa386372422adebbe64510812d4 /lib/ldb-samba/ldb_wrap.c
parentInitial commit. (diff)
downloadsamba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz
samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/ldb-samba/ldb_wrap.c')
-rw-r--r--lib/ldb-samba/ldb_wrap.c377
1 files changed, 377 insertions, 0 deletions
diff --git a/lib/ldb-samba/ldb_wrap.c b/lib/ldb-samba/ldb_wrap.c
new file mode 100644
index 0000000..cfc8732
--- /dev/null
+++ b/lib/ldb-samba/ldb_wrap.c
@@ -0,0 +1,377 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ LDB wrap functions
+
+ Copyright (C) Andrew Tridgell 2004-2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ the stupidity of the unix fcntl locking design forces us to never
+ allow a database file to be opened twice in the same process. These
+ wrappers provide convenient access to a tdb or ldb, taking advantage
+ of talloc destructors to ensure that only a single open is done
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "lib/ldb-samba/ldif_handlers.h"
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "param/param.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/util/util_paths.h"
+#include <tdb.h>
+#include <unistd.h>
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LDB
+
+/*
+ this is used to catch debug messages from ldb
+*/
+static void ldb_wrap_debug(void *context, enum ldb_debug_level level,
+ const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0);
+
+static void ldb_wrap_debug(void *context, enum ldb_debug_level level,
+ const char *fmt, va_list ap)
+{
+ int samba_level = -1;
+ switch (level) {
+ case LDB_DEBUG_FATAL:
+ samba_level = DBGLVL_ERR;
+ break;
+ case LDB_DEBUG_ERROR:
+ samba_level = DBGLVL_WARNING;
+ break;
+ case LDB_DEBUG_WARNING:
+ samba_level = DBGLVL_NOTICE;
+ break;
+ case LDB_DEBUG_TRACE:
+ samba_level = DBGLVL_DEBUG + 1;
+ break;
+
+ };
+ if (CHECK_DEBUGLVL(samba_level)) {
+ char *s = NULL;
+ int ret;
+
+ ret = vasprintf(&s, fmt, ap);
+ if (ret == -1) {
+ return;
+ }
+ DEBUG(samba_level, ("ldb: %s\n", s));
+ free(s);
+ }
+}
+
+
+/*
+ connecting to a ldb can be a relatively expensive operation because
+ of the schema and partition loads. We keep a list of open ldb
+ contexts here, and try to re-use when possible.
+
+ This means callers of ldb_wrap_connect() must use talloc_unlink() or
+ the free of a parent to destroy the context
+ */
+static struct ldb_wrap {
+ struct ldb_wrap *next, *prev;
+ struct ldb_wrap_context {
+ /* the context is what we use to tell if two ldb
+ * connections are exactly equivalent
+ */
+ pid_t pid; /* We want to re-open in a new PID due to
+ * the LMDB backend */
+ const char *url;
+ struct tevent_context *ev;
+ struct loadparm_context *lp_ctx;
+ struct auth_session_info *session_info;
+ struct cli_credentials *credentials;
+ unsigned int flags;
+ } context;
+ struct ldb_context *ldb;
+} *ldb_wrap_list;
+
+/*
+ free a ldb_wrap structure
+ */
+static int ldb_wrap_destructor(struct ldb_wrap *w)
+{
+ DLIST_REMOVE(ldb_wrap_list, w);
+ return 0;
+}
+
+/*
+ * The casefolder for s4's LDB databases - Unicode-safe
+ */
+char *wrap_casefold(void *context, void *mem_ctx, const char *s, size_t n)
+{
+ return strupper_talloc_n(mem_ctx, s, n);
+}
+
+
+ struct ldb_context *samba_ldb_init(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct loadparm_context *lp_ctx,
+ struct auth_session_info *session_info,
+ struct cli_credentials *credentials)
+{
+ struct ldb_context *ldb;
+ int ret;
+
+ ldb = ldb_init(mem_ctx, ev);
+ if (ldb == NULL) {
+ return NULL;
+ }
+
+ ldb_set_modules_dir(ldb, modules_path(ldb, "ldb"));
+
+ ldb_set_debug(ldb, ldb_wrap_debug, NULL);
+
+ ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
+
+ if (session_info) {
+ if (ldb_set_opaque(ldb, DSDB_SESSION_INFO, session_info)) {
+ talloc_free(ldb);
+ return NULL;
+ }
+ }
+
+ if (credentials) {
+ if (ldb_set_opaque(ldb, "credentials", credentials)) {
+ talloc_free(ldb);
+ return NULL;
+ }
+ }
+
+ if (ldb_set_opaque(ldb, "loadparm", lp_ctx)) {
+ talloc_free(ldb);
+ return NULL;
+ }
+
+ /* This must be done before we load the schema, as these
+ * handlers for objectSid and objectGUID etc must take
+ * precedence over the 'binary attribute' declaration in the
+ * schema */
+ ret = ldb_register_samba_handlers(ldb);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(ldb);
+ return NULL;
+ }
+
+ /* we usually want Samba databases to be private. If we later
+ find we need one public, we will need to add a parameter to
+ ldb_wrap_connect() */
+ ldb_set_create_perms(ldb, 0600);
+
+ return ldb;
+}
+
+ struct ldb_context *ldb_wrap_find(const char *url,
+ struct tevent_context *ev,
+ struct loadparm_context *lp_ctx,
+ struct auth_session_info *session_info,
+ struct cli_credentials *credentials,
+ unsigned int flags)
+{
+ pid_t pid = getpid();
+ struct ldb_wrap *w;
+ /* see if we can re-use an existing ldb */
+ for (w=ldb_wrap_list; w; w=w->next) {
+ if (w->context.pid == pid &&
+ w->context.ev == ev &&
+ w->context.lp_ctx == lp_ctx &&
+ w->context.session_info == session_info &&
+ w->context.credentials == credentials &&
+ w->context.flags == flags &&
+ (w->context.url == url || strcmp(w->context.url, url) == 0))
+ return w->ldb;
+ }
+
+ return NULL;
+}
+
+int samba_ldb_connect(struct ldb_context *ldb, struct loadparm_context *lp_ctx,
+ const char *url, unsigned int flags)
+{
+ int ret;
+ char *real_url = NULL;
+
+ /* allow admins to force non-sync ldb for all databases */
+ if (lpcfg_parm_bool(lp_ctx, NULL, "ldb", "nosync", false)) {
+ flags |= LDB_FLG_NOSYNC;
+ }
+
+ if (DEBUGLVL(10)) {
+ flags |= LDB_FLG_ENABLE_TRACING;
+ }
+
+ real_url = lpcfg_private_path(ldb, lp_ctx, url);
+ if (real_url == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = ldb_connect(ldb, real_url, flags, NULL);
+
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ /* setup for leak detection */
+ ldb_set_opaque(ldb, "wrap_url", real_url);
+
+ return LDB_SUCCESS;
+}
+
+ bool ldb_wrap_add(const char *url, struct tevent_context *ev,
+ struct loadparm_context *lp_ctx,
+ struct auth_session_info *session_info,
+ struct cli_credentials *credentials,
+ unsigned int flags,
+ struct ldb_context *ldb)
+{
+ struct ldb_wrap *w;
+ struct ldb_wrap_context c;
+
+ /* add to the list of open ldb contexts */
+ w = talloc(ldb, struct ldb_wrap);
+ if (w == NULL) {
+ return false;
+ }
+
+ c.pid = getpid();
+ c.url = url;
+ c.ev = ev;
+ c.lp_ctx = lp_ctx;
+ c.session_info = session_info;
+ c.credentials = credentials;
+ c.flags = flags;
+
+ w->context = c;
+ w->context.url = talloc_strdup(w, url);
+ if (w->context.url == NULL) {
+ return false;
+ }
+
+ if (session_info) {
+ /* take a reference to the session_info, as it is
+ * possible for the ldb to live longer than the
+ * session_info. This happens when a DRS DsBind call
+ * reuses a handle, but the original connection is
+ * shutdown. The token for the new connection is still
+ * valid, so we need the session_info to remain valid for
+ * ldb modules to use
+ */
+ if (talloc_reference(w, session_info) == NULL) {
+ return false;
+ }
+ }
+
+ w->ldb = ldb;
+
+ DLIST_ADD(ldb_wrap_list, w);
+
+ talloc_set_destructor(w, ldb_wrap_destructor);
+
+ return true;
+}
+
+
+/*
+ wrapped connection to a ldb database
+ to close just talloc_free() the returned ldb_context
+
+ TODO: We need an error_string parameter
+ */
+ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct loadparm_context *lp_ctx,
+ const char *url,
+ struct auth_session_info *session_info,
+ struct cli_credentials *credentials,
+ unsigned int flags)
+{
+ struct ldb_context *ldb;
+ int ret;
+
+ /*
+ * Unlike samdb_connect_url() do not try and cache the LDB
+ * handle, get a new one each time. Only sam.ldb is
+ * punitively expensive to open and helpful caches like this
+ * cause challenges (such as if the value for 'private dir'
+ * changes).
+ */
+
+ ldb = samba_ldb_init(mem_ctx, ev, lp_ctx, session_info, credentials);
+
+ if (ldb == NULL)
+ return NULL;
+
+ ret = samba_ldb_connect(ldb, lp_ctx, url, flags);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(ldb);
+ return NULL;
+ }
+
+ DEBUG(3,("ldb_wrap open of %s\n", url));
+
+ return ldb;
+}
+
+/*
+ call tdb_reopen_all() in case there is a TDB open so we are
+ not blocked from re-opening it inside ldb_tdb.
+*/
+ void ldb_wrap_fork_hook(void)
+{
+ if (tdb_reopen_all(1) != 0) {
+ smb_panic("tdb_reopen_all failed\n");
+ }
+}
+
+ char *ldb_relative_path(struct ldb_context *ldb,
+ TALLOC_CTX *mem_ctx,
+ const char *name)
+{
+ const char *base_url =
+ (const char *)ldb_get_opaque(ldb, "ldb_url");
+ char *path, *p, *full_name;
+ if (name == NULL) {
+ return NULL;
+ }
+ if (strncmp("tdb://", base_url, 6) == 0) {
+ base_url = base_url+6;
+ } else if (strncmp("mdb://", base_url, 6) == 0) {
+ base_url = base_url+6;
+ } else if (strncmp("ldb://", base_url, 6) == 0) {
+ base_url = base_url+6;
+ }
+ path = talloc_strdup(mem_ctx, base_url);
+ if (path == NULL) {
+ return NULL;
+ }
+ if ( (p = strrchr(path, '/')) != NULL) {
+ p[0] = '\0';
+ full_name = talloc_asprintf(mem_ctx, "%s/%s", path, name);
+ } else {
+ full_name = talloc_asprintf(mem_ctx, "./%s", name);
+ }
+ talloc_free(path);
+ return full_name;
+}