1 // This is a data store backend for the Citadel server which uses Berkeley DB.
3 // Copyright (c) 1987-2023 by the citadel.org team
5 // This program is open source software. Use, duplication, or disclosure
6 // is subject to the terms of the GNU General Public License, version 3.
8 // Citadel will checkpoint the db at the end of every session, but only if
9 // the specified number of kilobytes has been written, or if the specified
10 // number of minutes has passed, since the last checkpoint.
11 #define MAX_CHECKPOINT_KBYTES 256
12 #define MAX_CHECKPOINT_MINUTES 15
14 #include "../../sysdep.h"
22 #include <libcitadel.h>
23 #include "../../ctdl_module.h"
24 #include "../../control.h"
25 #include "../../citserver.h"
26 #include "../../config.h"
27 #include "berkeley_db.h"
29 #if DB_VERSION_MAJOR < 18
30 #error Citadel requires Berkeley DB v18.0 or newer. Please upgrade.
34 static DB *dbp[MAXCDB]; // One DB handle for each Citadel database
35 static DB_ENV *dbenv; // The DB environment (global)
38 // Called by other functions in this module to GTFO quickly if we need to. Not part of the backend API.
39 void bdb_abort(void) {
40 syslog(LOG_DEBUG, "bdb: citserver is stopping in order to prevent data loss. uid=%d gid=%d euid=%d egid=%d",
41 getuid(), getgid(), geteuid(), getegid()
43 raise(SIGABRT); // This will exit in a way that can produce a core dump if needed.
44 exit(CTDLEXIT_DB); // Exit if the signal failed to end the program.
48 // Verbose logging callback for Berkeley DB. Not part of the backend API.
49 void bdb_verbose_log(const DB_ENV *dbenv, const char *msg, const char *foo) {
50 if (!IsEmptyStr(msg)) {
51 syslog(LOG_DEBUG, "bdb: %s %s", msg, foo);
56 // Verbose error logging callback for Berkeley DB. Not part of the backend API.
57 void bdb_verbose_err(const DB_ENV *dbenv, const char *errpfx, const char *msg) {
58 syslog(LOG_ERR, "bdb: %s", msg);
62 // Wrapper for txn_abort() that logs/aborts on error. Not part of the backend API.
63 static void bdb_txabort(DB_TXN *tid) {
66 ret = tid->abort(tid);
69 syslog(LOG_ERR, "bdb: txn_abort: %s", db_strerror(ret));
75 // Wrapper for txn_commit() that logs/aborts on error. Not part of the backend API.
76 static void bdb_txcommit(DB_TXN *tid) {
79 ret = tid->commit(tid, 0);
82 syslog(LOG_ERR, "bdb: txn_commit: %s", db_strerror(ret));
88 // Wrapper for txn_begin() that logs/aborts on error. Not part of the backend API.
89 static void bdb_txbegin(DB_TXN **tid) {
92 ret = dbenv->txn_begin(dbenv, NULL, tid, 0);
95 syslog(LOG_ERR, "bdb: txn_begin: %s", db_strerror(ret));
101 // Panic callback for Berkeley DB. Not part of the backend API.
102 static void bdb_dbpanic(DB_ENV *env, int errval) {
103 syslog(LOG_ERR, "bdb: PANIC: %s", db_strerror(errval));
108 // Close a cursor -- not part of the backend API.
109 static void bdb_cclose(DBC *cursor) {
112 if ((ret = cursor->c_close(cursor))) {
113 syslog(LOG_ERR, "bdb: c_close: %s", db_strerror(ret));
119 // Convenience function to abort if a cursor is still open when we didn't expect it to be.
120 // This is not part of the backend API.
121 static void bdb_bailIfCursor(DBC **cursors, const char *msg) {
124 for (i = 0; i < MAXCDB; i++)
125 if (cursors[i] != NULL) {
126 syslog(LOG_ERR, "bdb: cursor still in progress on cdb %02x: %s", i, msg);
132 void bdb_check_handles(void) {
133 bdb_bailIfCursor(TSD->cursors, "in check_handles");
135 if (TSD->tid != NULL) {
136 syslog(LOG_ERR, "bdb: transaction still in progress!");
142 // Request a checkpoint of the database. Called once per minute by the thread manager.
143 void bdb_checkpoint(void) {
146 syslog(LOG_DEBUG, "bdb: -- checkpoint --");
147 ret = dbenv->txn_checkpoint(dbenv, MAX_CHECKPOINT_KBYTES, MAX_CHECKPOINT_MINUTES, 0);
150 syslog(LOG_ERR, "bdb: bdb_checkpoint() txn_checkpoint: %s", db_strerror(ret));
154 // After a successful checkpoint, we can cull the unused logs
155 if (CtdlGetConfigInt("c_auto_cull")) {
156 ret = dbenv->log_set_config(dbenv, DB_LOG_AUTO_REMOVE, 1);
159 ret = dbenv->log_set_config(dbenv, DB_LOG_AUTO_REMOVE, 0);
164 // Open the various databases we'll be using. Any database which
165 // does not exist should be created. Note that we don't need a
166 // critical section here, because there aren't any active threads
167 // manipulating the database yet.
168 void bdb_open_databases(void) {
173 int dbversion_major, dbversion_minor, dbversion_patch;
175 syslog(LOG_DEBUG, "bdb: bdb_open_databases() starting");
176 syslog(LOG_DEBUG, "bdb: Linked zlib: %s", zlibVersion());
177 syslog(LOG_DEBUG, "bdb: Compiled libdb: %s", DB_VERSION_STRING);
178 syslog(LOG_DEBUG, "bdb: Linked libdb: %s", db_version(&dbversion_major, &dbversion_minor, &dbversion_patch));
180 // Create synthetic integer version numbers and compare them.
181 // Never allow citserver to run with a libdb older then the one with which it was compiled.
182 int compiled_db_version = ( (DB_VERSION_MAJOR * 1000000) + (DB_VERSION_MINOR * 1000) + (DB_VERSION_PATCH) );
183 int linked_db_version = ( (dbversion_major * 1000000) + (dbversion_minor * 1000) + (dbversion_patch) );
184 if (compiled_db_version > linked_db_version) {
185 syslog(LOG_ERR, "bdb: citserver is running with a version of libdb older than the one with which it was compiled.");
186 syslog(LOG_ERR, "bdb: This is an invalid configuration. citserver will now exit to prevent data loss.");
190 // Silently try to create the database subdirectory. If it's already there, no problem.
191 if ((mkdir(ctdl_db_dir, 0700) != 0) && (errno != EEXIST)) {
192 syslog(LOG_ERR, "bdb: database directory [%s] does not exist and could not be created: %m", ctdl_db_dir);
195 if (chmod(ctdl_db_dir, 0700) != 0) {
196 syslog(LOG_ERR, "bdb: unable to set database directory permissions [%s]: %m", ctdl_db_dir);
199 if (chown(ctdl_db_dir, CTDLUID, (-1)) != 0) {
200 syslog(LOG_ERR, "bdb: unable to set the owner for [%s]: %m", ctdl_db_dir);
203 syslog(LOG_DEBUG, "bdb: Setting up DB environment");
204 ret = db_env_create(&dbenv, 0);
206 syslog(LOG_ERR, "bdb: db_env_create: %s", db_strerror(ret));
207 syslog(LOG_ERR, "bdb: exit code %d", ret);
210 dbenv->set_errpfx(dbenv, "citserver");
211 dbenv->set_paniccall(dbenv, bdb_dbpanic);
212 dbenv->set_errcall(dbenv, bdb_verbose_err);
213 dbenv->set_msgcall(dbenv, bdb_verbose_log);
214 dbenv->set_verbose(dbenv, DB_VERB_DEADLOCK, 1);
215 dbenv->set_verbose(dbenv, DB_VERB_RECOVERY, 1);
217 // We want to specify the shared memory buffer pool cachesize, but everything else is the default.
218 ret = dbenv->set_cachesize(dbenv, 0, 64 * 1024, 0);
220 syslog(LOG_ERR, "bdb: set_cachesize: %s", db_strerror(ret));
221 dbenv->close(dbenv, 0);
222 syslog(LOG_ERR, "bdb: exit code %d", ret);
226 if ((ret = dbenv->set_lk_detect(dbenv, DB_LOCK_DEFAULT))) {
227 syslog(LOG_ERR, "bdb: set_lk_detect: %s", db_strerror(ret));
228 dbenv->close(dbenv, 0);
229 syslog(LOG_ERR, "bdb: exit code %d", ret);
233 flags = DB_CREATE | DB_INIT_MPOOL | DB_PRIVATE | DB_INIT_TXN | DB_INIT_LOCK | DB_THREAD | DB_INIT_LOG;
234 syslog(LOG_DEBUG, "bdb: dbenv->open(dbenv, %s, %d, 0)", ctdl_db_dir, flags);
235 ret = dbenv->open(dbenv, ctdl_db_dir, flags, 0); // try opening the database cleanly
236 if (ret == DB_RUNRECOVERY) {
237 syslog(LOG_ERR, "bdb: dbenv->open: %s", db_strerror(ret));
238 syslog(LOG_ERR, "bdb: attempting recovery...");
240 ret = dbenv->open(dbenv, ctdl_db_dir, flags, 0); // try recovery
242 if (ret == DB_RUNRECOVERY) {
243 syslog(LOG_ERR, "bdb: dbenv->open: %s", db_strerror(ret));
244 syslog(LOG_ERR, "bdb: attempting catastrophic recovery...");
245 flags &= ~DB_RECOVER;
246 flags |= DB_RECOVER_FATAL;
247 ret = dbenv->open(dbenv, ctdl_db_dir, flags, 0); // try catastrophic recovery
250 syslog(LOG_ERR, "bdb: dbenv->open: %s", db_strerror(ret));
251 dbenv->close(dbenv, 0);
252 syslog(LOG_ERR, "bdb: exit code %d", ret);
256 syslog(LOG_INFO, "bdb: mounting databases");
257 for (i = 0; i < MAXCDB; ++i) {
258 ret = db_create(&dbp[i], dbenv, 0); // Create a database handle
260 syslog(LOG_ERR, "bdb: db_create: %s", db_strerror(ret));
261 syslog(LOG_ERR, "bdb: exit code %d", ret);
265 snprintf(dbfilename, sizeof dbfilename, "cdb.%02x", i); // table names by number
266 ret = dbp[i]->open(dbp[i], NULL, dbfilename, NULL, DB_BTREE, DB_CREATE | DB_AUTO_COMMIT | DB_THREAD, 0600);
268 syslog(LOG_ERR, "bdb: db_open[%02x]: %s", i, db_strerror(ret));
270 syslog(LOG_ERR, "bdb: You may need to tune your database; please check http://www.citadel.org for more information.");
272 syslog(LOG_ERR, "bdb: exit code %d", ret);
279 // Make sure we own all the files, because in a few milliseconds we're going to drop root privs.
280 void bdb_chmod_data(void) {
283 char filename[PATH_MAX];
285 dp = opendir(ctdl_db_dir);
287 while (d = readdir(dp), d != NULL) {
288 if (d->d_name[0] != '.') {
289 snprintf(filename, sizeof filename, "%s/%s", ctdl_db_dir, d->d_name);
290 syslog(LOG_DEBUG, "bdb: chmod(%s, 0600) returned %d", filename, chmod(filename, 0600));
291 syslog(LOG_DEBUG, "bdb: chown(%s, CTDLUID, -1) returned %d", filename, chown(filename, CTDLUID, (-1)));
299 // Close all of the db database files we've opened. This can be done in a loop, since it's just a bunch of closes.
300 void bdb_close_databases(void) {
304 static int closing = 0;
305 while (closing == 1) {
306 syslog(LOG_INFO, "bdb: already closing");
310 syslog(LOG_INFO, "bdb: performing final checkpoint");
311 if ((ret = dbenv->txn_checkpoint(dbenv, 0, 0, 0))) {
312 syslog(LOG_ERR, "bdb: txn_checkpoint: %s", db_strerror(ret));
315 syslog(LOG_INFO, "bdb: flushing the database logs");
316 if ((ret = dbenv->log_flush(dbenv, NULL))) {
317 syslog(LOG_ERR, "bdb: log_flush: %s", db_strerror(ret));
321 syslog(LOG_INFO, "bdb: closing databases");
322 for (i = 0; i < MAXCDB; ++i) {
323 syslog(LOG_INFO, "bdb: closing database %02x", i);
324 ret = dbp[i]->close(dbp[i], 0);
326 syslog(LOG_ERR, "bdb: db_close: %s", db_strerror(ret));
331 ret = dbenv->close(dbenv, DB_FORCESYNC);
333 syslog(LOG_ERR, "bdb: DBENV->close: %s", db_strerror(ret));
338 // Decompress a database item if it was compressed on disk
339 void bdb_decompress_if_necessary(struct cdbdata *cdb) {
340 static int magic = COMPRESS_MAGIC;
342 if ((cdb == NULL) || (cdb->ptr == NULL) || (cdb->len < sizeof(magic)) || (memcmp(cdb->ptr, &magic, sizeof(magic)))) {
346 // At this point we know we're looking at a compressed item.
348 struct CtdlCompressHeader zheader;
349 char *uncompressed_data;
350 char *compressed_data;
351 uLongf destLen, sourceLen;
354 memset(&zheader, 0, sizeof(struct CtdlCompressHeader));
355 cplen = sizeof(struct CtdlCompressHeader);
356 if (sizeof(struct CtdlCompressHeader) > cdb->len) {
359 memcpy(&zheader, cdb->ptr, cplen);
361 compressed_data = cdb->ptr;
362 compressed_data += sizeof(struct CtdlCompressHeader);
364 sourceLen = (uLongf) zheader.compressed_len;
365 destLen = (uLongf) zheader.uncompressed_len;
366 uncompressed_data = malloc(zheader.uncompressed_len);
368 if (uncompress((Bytef *) uncompressed_data,
369 (uLongf *) &destLen, (const Bytef *) compressed_data, (uLong) sourceLen) != Z_OK) {
370 syslog(LOG_ERR, "bdb: uncompress() error");
375 cdb->len = (size_t) destLen;
376 cdb->ptr = uncompressed_data;
380 // Store a piece of data. Returns 0 if the operation was successful. If a
381 // key already exists it should be overwritten.
382 int bdb_store(int cdb, const void *ckey, int ckeylen, void *cdata, int cdatalen) {
387 struct CtdlCompressHeader zheader;
388 char *compressed_data = NULL;
390 size_t buffer_len = 0;
393 memset(&dkey, 0, sizeof(DBT));
394 memset(&ddata, 0, sizeof(DBT));
396 dkey.data = (void *) ckey;
397 ddata.size = cdatalen;
400 // "visit" records are numerous and have big, mostly-empty string buffers in them.
401 // If we compress these we can get them down to 1% of their size most of the time.
402 if (cdb == CDB_VISIT) {
404 zheader.magic = COMPRESS_MAGIC;
405 zheader.uncompressed_len = cdatalen;
406 buffer_len = ((cdatalen * 101) / 100) + 100 + sizeof(struct CtdlCompressHeader);
407 destLen = (uLongf) buffer_len;
408 compressed_data = malloc(buffer_len);
409 if (compress2((Bytef *) (compressed_data + sizeof(struct CtdlCompressHeader)), &destLen, (Bytef *) cdata, (uLongf) cdatalen, 1) != Z_OK) {
410 syslog(LOG_ERR, "bdb: compress2() error");
413 zheader.compressed_len = (size_t) destLen;
414 memcpy(compressed_data, &zheader, sizeof(struct CtdlCompressHeader));
415 ddata.size = (size_t) (sizeof(struct CtdlCompressHeader) + zheader.compressed_len);
416 ddata.data = compressed_data;
419 if (TSD->tid != NULL) {
420 ret = dbp[cdb]->put(dbp[cdb], // db
421 TSD->tid, // transaction ID
427 syslog(LOG_ERR, "bdb: bdb_store(%d): %s", cdb, db_strerror(ret));
431 free(compressed_data);
436 bdb_bailIfCursor(TSD->cursors, "attempt to write during r/o cursor");
441 if ((ret = dbp[cdb]->put(dbp[cdb], // db
442 tid, // transaction ID
446 if (ret == DB_LOCK_DEADLOCK) {
451 syslog(LOG_ERR, "bdb: bdb_store(%d): %s", cdb, db_strerror(ret));
458 free(compressed_data);
467 // Delete a piece of data. Returns 0 if the operation was successful.
468 int bdb_delete(int cdb, void *key, int keylen) {
473 memset(&dkey, 0, sizeof dkey);
477 if (TSD->tid != NULL) {
478 ret = dbp[cdb]->del(dbp[cdb], TSD->tid, &dkey, 0);
480 syslog(LOG_ERR, "bdb: bdb_delete(%d): %s", cdb, db_strerror(ret));
481 if (ret != DB_NOTFOUND) {
487 bdb_bailIfCursor(TSD->cursors, "attempt to delete during r/o cursor");
492 if ((ret = dbp[cdb]->del(dbp[cdb], tid, &dkey, 0)) && ret != DB_NOTFOUND) {
493 if (ret == DB_LOCK_DEADLOCK) {
498 syslog(LOG_ERR, "bdb: bdb_delete(%d): %s", cdb, db_strerror(ret));
510 static DBC *bdb_localcursor(int cdb) {
514 if (TSD->cursors[cdb] == NULL) {
515 ret = dbp[cdb]->cursor(dbp[cdb], TSD->tid, &curs, 0);
518 ret = TSD->cursors[cdb]->c_dup(TSD->cursors[cdb], &curs, DB_POSITION);
522 syslog(LOG_ERR, "bdb: bdb_localcursor: %s", db_strerror(ret));
530 // Fetch a piece of data. If not found, returns NULL. Otherwise, it returns
531 // a struct cdbdata which it is the caller's responsibility to free later on
532 // using the bdb_free() routine.
533 struct cdbdata *bdb_fetch(int cdb, const void *key, int keylen) {
535 if (keylen == 0) { // key length zero is impossible
539 struct cdbdata *tempcdb;
543 memset(&dkey, 0, sizeof(DBT));
545 dkey.data = (void *) key;
547 if (TSD->tid != NULL) {
548 memset(&dret, 0, sizeof(DBT));
549 dret.flags = DB_DBT_MALLOC;
550 ret = dbp[cdb]->get(dbp[cdb], TSD->tid, &dkey, &dret, 0);
556 memset(&dret, 0, sizeof(DBT));
557 dret.flags = DB_DBT_MALLOC;
558 curs = bdb_localcursor(cdb);
559 ret = curs->c_get(curs, &dkey, &dret, DB_SET);
561 } while (ret == DB_LOCK_DEADLOCK);
564 if ((ret != 0) && (ret != DB_NOTFOUND)) {
565 syslog(LOG_ERR, "bdb: bdb_fetch(%d): %s", cdb, db_strerror(ret));
573 tempcdb = (struct cdbdata *) malloc(sizeof(struct cdbdata));
574 if (tempcdb == NULL) {
575 syslog(LOG_ERR, "bdb: bdb_fetch() cannot allocate memory for tempcdb: %m");
579 tempcdb->len = dret.size;
580 tempcdb->ptr = dret.data;
581 bdb_decompress_if_necessary(tempcdb);
587 // Free a cdbdata item.
589 // Note that we only free the 'ptr' portion if it is not NULL. This allows
590 // other code to assume ownership of that memory simply by storing the
591 // pointer elsewhere and then setting 'ptr' to NULL. bdb_free() will then
593 void bdb_free(struct cdbdata *cdb) {
601 void bdb_close_cursor(int cdb) {
602 if (TSD->cursors[cdb] != NULL) {
603 bdb_cclose(TSD->cursors[cdb]);
606 TSD->cursors[cdb] = NULL;
610 // Prepare for a sequential search of an entire database.
611 // (There is guaranteed to be no more than one traversal in
612 // progress per thread at any given time.)
613 void bdb_rewind(int cdb) {
616 if (TSD->cursors[cdb] != NULL) {
617 syslog(LOG_ERR, "bdb: bdb_rewind: must close cursor on database %d before reopening", cdb);
619 // bdb_cclose(TSD->cursors[cdb]);
622 // Now initialize the cursor
623 ret = dbp[cdb]->cursor(dbp[cdb], TSD->tid, &TSD->cursors[cdb], 0);
625 syslog(LOG_ERR, "bdb: bdb_rewind: db_cursor: %s", db_strerror(ret));
631 // Fetch the next item in a sequential search. Returns a pointer to a
632 // cdbdata structure, or NULL if we've hit the end.
633 struct cdbdata *bdb_next_item(int cdb) {
635 struct cdbdata *cdbret;
638 // Initialize the key/data pair so the flags aren't set.
639 memset(&key, 0, sizeof(key));
640 memset(&data, 0, sizeof(data));
641 data.flags = DB_DBT_MALLOC;
643 ret = TSD->cursors[cdb]->c_get(TSD->cursors[cdb], &key, &data, DB_NEXT);
646 if (ret != DB_NOTFOUND) {
647 syslog(LOG_ERR, "bdb: bdb_next_item(%d): %s", cdb, db_strerror(ret));
650 bdb_close_cursor(cdb);
651 return NULL; // presumably, end of file
654 cdbret = (struct cdbdata *) malloc(sizeof(struct cdbdata));
655 cdbret->len = data.size;
656 cdbret->ptr = data.data;
657 bdb_decompress_if_necessary(cdbret);
663 // Transaction-based stuff. I'm writing this as I bake cookies...
664 void bdb_begin_transaction(void) {
665 bdb_bailIfCursor(TSD->cursors, "can't begin transaction during r/o cursor");
667 if (TSD->tid != NULL) {
668 syslog(LOG_ERR, "bdb: bdb_begin_transaction: ERROR: nested transaction");
672 bdb_txbegin(&TSD->tid);
676 void bdb_end_transaction(void) {
679 for (i = 0; i < MAXCDB; i++) {
680 if (TSD->cursors[i] != NULL) {
681 syslog(LOG_WARNING, "bdb: bdb_end_transaction: WARNING: cursor %d still open at transaction end", i);
682 bdb_cclose(TSD->cursors[i]);
683 TSD->cursors[i] = NULL;
687 if (TSD->tid == NULL) {
688 syslog(LOG_ERR, "bdb: bdb_end_transaction: ERROR: bdb_txcommit(NULL) !!");
692 bdb_txcommit(TSD->tid);
699 // Truncate (delete every record)
700 void bdb_trunc(int cdb) {
704 if (TSD->tid != NULL) {
705 syslog(LOG_ERR, "bdb: bdb_trunc must not be called in a transaction.");
709 bdb_bailIfCursor(TSD->cursors, "attempt to write during r/o cursor");
713 if ((ret = dbp[cdb]->truncate(dbp[cdb], // db
714 NULL, // transaction ID
715 &count, // #rows deleted
717 if (ret == DB_LOCK_DEADLOCK) {
721 syslog(LOG_ERR, "bdb: bdb_truncate(%d): %s", cdb, db_strerror(ret));
723 syslog(LOG_ERR, "bdb: You may need to tune your database; please read http://www.citadel.org for more information.");
732 // compact (defragment) the database, possibly returning space back to the underlying filesystem
733 void bdb_compact(void) {
737 syslog(LOG_DEBUG, "bdb: bdb_compact() started");
738 for (i = 0; i < MAXCDB; i++) {
739 syslog(LOG_DEBUG, "bdb: compacting database %d", i);
740 ret = dbp[i]->compact(dbp[i], NULL, NULL, NULL, NULL, DB_FREE_SPACE, NULL);
742 syslog(LOG_ERR, "bdb: compact: %s", db_strerror(ret));
745 syslog(LOG_DEBUG, "bdb: bdb_compact() finished");
749 // Calling this function activates the Berkeley DB back end.
750 void bdb_init_backend(void) {
751 cdb_compact = bdb_compact;
752 cdb_checkpoint = bdb_checkpoint;
753 cdb_rewind = bdb_rewind;
754 cdb_fetch = bdb_fetch;
755 cdb_open_databases = bdb_open_databases;
756 cdb_close_databases = bdb_close_databases;
757 cdb_store = bdb_store;
758 cdb_delete = bdb_delete;
760 cdb_next_item = bdb_next_item;
761 cdb_close_cursor = bdb_close_cursor;
762 cdb_begin_transaction = bdb_begin_transaction;
763 cdb_end_transaction = bdb_end_transaction;
764 cdb_check_handles = bdb_check_handles;
765 cdb_trunc = bdb_trunc;
766 cdb_chmod_data = bdb_chmod_data;
768 syslog(LOG_INFO, "db: initialized Berkeley DB backend");