4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Simo Sorce 2005-2008
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
28 * Component: ldb core API
30 * Description: core API routines interfacing to ldb backends
32 * Author: Andrew Tridgell
35 #define TEVENT_DEPRECATED 1
36 #include "ldb_private.h"
39 static int ldb_context_destructor(void *ptr)
41 struct ldb_context *ldb = talloc_get_type(ptr, struct ldb_context);
43 if (ldb->transaction_active) {
44 ldb_debug(ldb, LDB_DEBUG_FATAL,
45 "A transaction is still active in ldb context [%p] on %s",
46 ldb, (const char *)ldb_get_opaque(ldb, "ldb_url"));
53 this is used to catch debug messages from events
55 static void ldb_tevent_debug(void *context, enum tevent_debug_level level,
56 const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0);
58 static void ldb_tevent_debug(void *context, enum tevent_debug_level level,
59 const char *fmt, va_list ap)
61 struct ldb_context *ldb = talloc_get_type(context, struct ldb_context);
62 enum ldb_debug_level ldb_level = LDB_DEBUG_FATAL;
65 case TEVENT_DEBUG_FATAL:
66 ldb_level = LDB_DEBUG_FATAL;
68 case TEVENT_DEBUG_ERROR:
69 ldb_level = LDB_DEBUG_ERROR;
71 case TEVENT_DEBUG_WARNING:
72 ldb_level = LDB_DEBUG_WARNING;
74 case TEVENT_DEBUG_TRACE:
75 ldb_level = LDB_DEBUG_TRACE;
79 /* There isn't a tevent: prefix here because to add it means
80 * actually printing the string, and most of the time we don't
82 ldb_vdebug(ldb, ldb_level, fmt, ap);
86 initialise a ldb context
87 The mem_ctx is required
88 The event_ctx is required
90 struct ldb_context *ldb_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx)
92 struct ldb_context *ldb;
94 const char *modules_path = getenv("LDB_MODULES_PATH");
96 if (modules_path == NULL) {
97 modules_path = LDB_MODULESDIR;
100 ret = ldb_modules_load(modules_path, LDB_VERSION);
101 if (ret != LDB_SUCCESS) {
105 ldb = talloc_zero(mem_ctx, struct ldb_context);
110 /* A new event context so that callers who don't want ldb
111 * operating on thier global event context can work without
112 * having to provide their own private one explicitly */
113 if (ev_ctx == NULL) {
114 ev_ctx = tevent_context_init(ldb);
115 if (ev_ctx == NULL) {
119 tevent_set_debug(ev_ctx, ldb_tevent_debug, ldb);
120 tevent_loop_allow_nesting(ev_ctx);
123 ret = ldb_setup_wellknown_attributes(ldb);
124 if (ret != LDB_SUCCESS) {
129 ldb_set_utf8_default(ldb);
130 ldb_set_create_perms(ldb, 0666);
131 ldb_set_modules_dir(ldb, LDB_MODULESDIR);
132 ldb_set_event_context(ldb, ev_ctx);
133 ret = ldb_register_extended_match_rules(ldb);
134 if (ret != LDB_SUCCESS) {
139 /* TODO: get timeout from options if available there */
140 ldb->default_timeout = 300; /* set default to 5 minutes */
142 talloc_set_destructor((TALLOC_CTX *)ldb, ldb_context_destructor);
148 try to autodetect a basedn if none specified. This fixes one of my
149 pet hates about ldapsearch, which is that you have to get a long,
150 complex basedn right to make any use of it.
152 void ldb_set_default_dns(struct ldb_context *ldb)
156 struct ldb_result *res;
157 struct ldb_dn *tmp_dn=NULL;
158 static const char *attrs[] = {
159 "rootDomainNamingContext",
160 "configurationNamingContext",
161 "schemaNamingContext",
162 "defaultNamingContext",
166 tmp_ctx = talloc_new(ldb);
167 ret = ldb_search(ldb, tmp_ctx, &res, ldb_dn_new(tmp_ctx, ldb, NULL),
168 LDB_SCOPE_BASE, attrs, "(objectClass=*)");
169 if (ret != LDB_SUCCESS) {
170 talloc_free(tmp_ctx);
174 if (res->count != 1) {
175 talloc_free(tmp_ctx);
179 if (!ldb_get_opaque(ldb, "rootDomainNamingContext")) {
180 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
181 "rootDomainNamingContext");
182 ldb_set_opaque(ldb, "rootDomainNamingContext", tmp_dn);
185 if (!ldb_get_opaque(ldb, "configurationNamingContext")) {
186 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
187 "configurationNamingContext");
188 ldb_set_opaque(ldb, "configurationNamingContext", tmp_dn);
191 if (!ldb_get_opaque(ldb, "schemaNamingContext")) {
192 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
193 "schemaNamingContext");
194 ldb_set_opaque(ldb, "schemaNamingContext", tmp_dn);
197 if (!ldb_get_opaque(ldb, "defaultNamingContext")) {
198 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
199 "defaultNamingContext");
200 ldb_set_opaque(ldb, "defaultNamingContext", tmp_dn);
203 talloc_free(tmp_ctx);
206 struct ldb_dn *ldb_get_root_basedn(struct ldb_context *ldb)
208 void *opaque = ldb_get_opaque(ldb, "rootDomainNamingContext");
209 return talloc_get_type(opaque, struct ldb_dn);
212 struct ldb_dn *ldb_get_config_basedn(struct ldb_context *ldb)
214 void *opaque = ldb_get_opaque(ldb, "configurationNamingContext");
215 return talloc_get_type(opaque, struct ldb_dn);
218 struct ldb_dn *ldb_get_schema_basedn(struct ldb_context *ldb)
220 void *opaque = ldb_get_opaque(ldb, "schemaNamingContext");
221 return talloc_get_type(opaque, struct ldb_dn);
224 struct ldb_dn *ldb_get_default_basedn(struct ldb_context *ldb)
226 void *opaque = ldb_get_opaque(ldb, "defaultNamingContext");
227 return talloc_get_type(opaque, struct ldb_dn);
231 connect to a database. The URL can either be one of the following forms
235 flags is made up of LDB_FLG_*
237 the options are passed uninterpreted to the backend, and are
240 int ldb_connect(struct ldb_context *ldb, const char *url,
241 unsigned int flags, const char *options[])
245 /* We seem to need to do this here, or else some utilities don't
246 * get ldb backends */
250 url2 = talloc_strdup(ldb, url);
253 return LDB_ERR_OPERATIONS_ERROR;
255 ret = ldb_set_opaque(ldb, "ldb_url", url2);
256 if (ret != LDB_SUCCESS) {
260 ret = ldb_module_connect_backend(ldb, url, options, &ldb->modules);
261 if (ret != LDB_SUCCESS) {
265 ret = ldb_load_modules(ldb, options);
266 if (ret != LDB_SUCCESS) {
267 ldb_debug(ldb, LDB_DEBUG_FATAL,
268 "Unable to load modules for %s: %s",
269 url, ldb_errstring(ldb));
273 /* set the default base dn */
274 ldb_set_default_dns(ldb);
279 void ldb_set_errstring(struct ldb_context *ldb, const char *err_string)
281 ldb_asprintf_errstring(ldb, "%s", err_string);
284 void ldb_asprintf_errstring(struct ldb_context *ldb, const char *format, ...)
288 if (ldb->err_string) {
289 talloc_free(ldb->err_string);
292 va_start(ap, format);
293 ldb->err_string = talloc_vasprintf(ldb, format, ap);
296 if (ldb->flags & LDB_FLG_ENABLE_TRACING) {
297 ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_asprintf/set_errstring: %s",
302 void ldb_reset_err_string(struct ldb_context *ldb)
304 if (ldb->err_string) {
305 talloc_free(ldb->err_string);
306 ldb->err_string = NULL;
313 set an ldb error based on file:line
315 int ldb_error_at(struct ldb_context *ldb, int ecode,
316 const char *reason, const char *file, int line)
318 if (reason == NULL) {
319 reason = ldb_strerror(ecode);
321 ldb_asprintf_errstring(ldb, "%s at %s:%d", reason, file, line);
326 #define FIRST_OP_NOERR(ldb, op) do { \
327 module = ldb->modules; \
328 while (module && module->ops->op == NULL) module = module->next; \
329 if ((ldb->flags & LDB_FLG_ENABLE_TRACING) && module) { \
330 ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: (%s)->" #op, \
331 module->ops->name); \
335 #define FIRST_OP(ldb, op) do { \
336 FIRST_OP_NOERR(ldb, op); \
337 if (module == NULL) { \
338 ldb_asprintf_errstring(ldb, "unable to find module or backend to handle operation: " #op); \
339 return LDB_ERR_OPERATIONS_ERROR; \
347 int ldb_transaction_start(struct ldb_context *ldb)
349 struct ldb_module *module;
352 ldb_debug(ldb, LDB_DEBUG_TRACE,
353 "start ldb transaction (nesting: %d)",
354 ldb->transaction_active);
356 /* explicit transaction active, count nested requests */
357 if (ldb->transaction_active) {
358 ldb->transaction_active++;
362 /* start a new transaction */
363 ldb->transaction_active++;
364 ldb->prepare_commit_done = false;
366 FIRST_OP(ldb, start_transaction);
368 ldb_reset_err_string(ldb);
370 status = module->ops->start_transaction(module);
371 if (status != LDB_SUCCESS) {
372 if (ldb->err_string == NULL) {
373 /* no error string was setup by the backend */
374 ldb_asprintf_errstring(ldb,
375 "ldb transaction start: %s (%d)",
376 ldb_strerror(status),
379 if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
380 ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s",
381 ldb_errstring(module->ldb));
384 if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
385 ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction success");
392 prepare for transaction commit (first phase of two phase commit)
394 int ldb_transaction_prepare_commit(struct ldb_context *ldb)
396 struct ldb_module *module;
399 if (ldb->prepare_commit_done) {
403 /* commit only when all nested transactions are complete */
404 if (ldb->transaction_active > 1) {
408 ldb->prepare_commit_done = true;
410 if (ldb->transaction_active < 0) {
411 ldb_debug(ldb, LDB_DEBUG_FATAL,
412 "prepare commit called but no ldb transactions are active!");
413 ldb->transaction_active = 0;
414 return LDB_ERR_OPERATIONS_ERROR;
417 /* call prepare transaction if available */
418 FIRST_OP_NOERR(ldb, prepare_commit);
419 if (module == NULL) {
423 status = module->ops->prepare_commit(module);
424 if (status != LDB_SUCCESS) {
425 ldb->transaction_active--;
426 /* if a module fails the prepare then we need
427 to call the end transaction for everyone */
428 FIRST_OP(ldb, del_transaction);
429 module->ops->del_transaction(module);
430 if (ldb->err_string == NULL) {
431 /* no error string was setup by the backend */
432 ldb_asprintf_errstring(ldb,
433 "ldb transaction prepare commit: %s (%d)",
434 ldb_strerror(status),
437 if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
438 ldb_debug(module->ldb, LDB_DEBUG_TRACE, "prepare commit transaction error: %s",
439 ldb_errstring(module->ldb));
450 int ldb_transaction_commit(struct ldb_context *ldb)
452 struct ldb_module *module;
455 status = ldb_transaction_prepare_commit(ldb);
456 if (status != LDB_SUCCESS) {
460 ldb->transaction_active--;
462 ldb_debug(ldb, LDB_DEBUG_TRACE,
463 "commit ldb transaction (nesting: %d)",
464 ldb->transaction_active);
466 /* commit only when all nested transactions are complete */
467 if (ldb->transaction_active > 0) {
471 if (ldb->transaction_active < 0) {
472 ldb_debug(ldb, LDB_DEBUG_FATAL,
473 "commit called but no ldb transactions are active!");
474 ldb->transaction_active = 0;
475 return LDB_ERR_OPERATIONS_ERROR;
478 ldb_reset_err_string(ldb);
480 FIRST_OP(ldb, end_transaction);
481 status = module->ops->end_transaction(module);
482 if (status != LDB_SUCCESS) {
483 if (ldb->err_string == NULL) {
484 /* no error string was setup by the backend */
485 ldb_asprintf_errstring(ldb,
486 "ldb transaction commit: %s (%d)",
487 ldb_strerror(status),
490 if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
491 ldb_debug(module->ldb, LDB_DEBUG_TRACE, "commit ldb transaction error: %s",
492 ldb_errstring(module->ldb));
494 /* cancel the transaction */
495 FIRST_OP(ldb, del_transaction);
496 module->ops->del_transaction(module);
505 int ldb_transaction_cancel(struct ldb_context *ldb)
507 struct ldb_module *module;
510 ldb->transaction_active--;
512 ldb_debug(ldb, LDB_DEBUG_TRACE,
513 "cancel ldb transaction (nesting: %d)",
514 ldb->transaction_active);
516 /* really cancel only if all nested transactions are complete */
517 if (ldb->transaction_active > 0) {
521 if (ldb->transaction_active < 0) {
522 ldb_debug(ldb, LDB_DEBUG_FATAL,
523 "cancel called but no ldb transactions are active!");
524 ldb->transaction_active = 0;
525 return LDB_ERR_OPERATIONS_ERROR;
528 FIRST_OP(ldb, del_transaction);
530 status = module->ops->del_transaction(module);
531 if (status != LDB_SUCCESS) {
532 if (ldb->err_string == NULL) {
533 /* no error string was setup by the backend */
534 ldb_asprintf_errstring(ldb,
535 "ldb transaction cancel: %s (%d)",
536 ldb_strerror(status),
539 if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
540 ldb_debug(module->ldb, LDB_DEBUG_TRACE, "cancel ldb transaction error: %s",
541 ldb_errstring(module->ldb));
548 cancel a transaction with no error if no transaction is pending
549 used when we fork() to clear any parent transactions
551 int ldb_transaction_cancel_noerr(struct ldb_context *ldb)
553 if (ldb->transaction_active > 0) {
554 return ldb_transaction_cancel(ldb);
560 /* autostarts a transaction if none active */
561 static int ldb_autotransaction_request(struct ldb_context *ldb,
562 struct ldb_request *req)
566 ret = ldb_transaction_start(ldb);
567 if (ret != LDB_SUCCESS) {
571 ret = ldb_request(ldb, req);
572 if (ret == LDB_SUCCESS) {
573 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
576 if (ret == LDB_SUCCESS) {
577 return ldb_transaction_commit(ldb);
579 ldb_transaction_cancel(ldb);
584 int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type type)
586 struct tevent_context *ev;
589 if (handle == NULL) {
590 return LDB_ERR_UNAVAILABLE;
593 if (handle->state == LDB_ASYNC_DONE) {
594 if ((handle->status != LDB_SUCCESS) &&
595 (handle->ldb->err_string == NULL)) {
596 /* if no error string was setup by the backend */
597 ldb_asprintf_errstring(handle->ldb, "ldb_wait: %s (%d)",
598 ldb_strerror(handle->status),
601 return handle->status;
604 ev = ldb_get_event_context(handle->ldb);
606 return ldb_oom(handle->ldb);
611 ret = tevent_loop_once(ev);
613 return ldb_operr(handle->ldb);
615 if (handle->status != LDB_SUCCESS) {
616 if (handle->ldb->err_string == NULL) {
618 * if no error string was setup by the backend
620 ldb_asprintf_errstring(handle->ldb,
622 ldb_strerror(handle->status),
625 return handle->status;
630 while (handle->state != LDB_ASYNC_DONE) {
631 ret = tevent_loop_once(ev);
633 return ldb_operr(handle->ldb);
635 if (handle->status != LDB_SUCCESS) {
636 if (handle->ldb->err_string == NULL) {
638 * if no error string was setup by the
641 ldb_asprintf_errstring(handle->ldb,
643 ldb_strerror(handle->status),
646 return handle->status;
649 if (handle->status != LDB_SUCCESS) {
650 if (handle->ldb->err_string == NULL) {
652 * if no error string was setup by the backend
654 ldb_asprintf_errstring(handle->ldb,
656 ldb_strerror(handle->status),
659 return handle->status;
667 /* set the specified timeout or, if timeout is 0 set the default timeout */
668 int ldb_set_timeout(struct ldb_context *ldb,
669 struct ldb_request *req,
672 if (req == NULL) return LDB_ERR_OPERATIONS_ERROR;
675 req->timeout = timeout;
677 req->timeout = ldb->default_timeout;
679 req->starttime = time(NULL);
684 /* calculates the new timeout based on the previous starttime and timeout */
685 int ldb_set_timeout_from_prev_req(struct ldb_context *ldb,
686 struct ldb_request *oldreq,
687 struct ldb_request *newreq)
689 if (newreq == NULL) return LDB_ERR_OPERATIONS_ERROR;
691 if (oldreq == NULL) {
692 return ldb_set_timeout(ldb, newreq, 0);
695 newreq->starttime = oldreq->starttime;
696 newreq->timeout = oldreq->timeout;
703 set the permissions for new files to be passed to open() in
704 backends that use local files
706 void ldb_set_create_perms(struct ldb_context *ldb, unsigned int perms)
708 ldb->create_perms = perms;
711 unsigned int ldb_get_create_perms(struct ldb_context *ldb)
713 return ldb->create_perms;
716 void ldb_set_event_context(struct ldb_context *ldb, struct tevent_context *ev)
721 struct tevent_context * ldb_get_event_context(struct ldb_context *ldb)
726 void ldb_request_set_state(struct ldb_request *req, int state)
728 req->handle->state = state;
731 int ldb_request_get_status(struct ldb_request *req)
733 return req->handle->status;
740 static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req)
742 TALLOC_CTX *tmp_ctx = talloc_new(req);
744 struct ldb_ldif ldif;
746 switch (req->operation) {
748 ldb_debug_add(ldb, "ldb_trace_request: SEARCH\n");
749 ldb_debug_add(ldb, " dn: %s\n",
750 ldb_dn_is_null(req->op.search.base)?"<rootDSE>":
751 ldb_dn_get_linearized(req->op.search.base));
752 ldb_debug_add(ldb, " scope: %s\n",
753 req->op.search.scope==LDB_SCOPE_BASE?"base":
754 req->op.search.scope==LDB_SCOPE_ONELEVEL?"one":
755 req->op.search.scope==LDB_SCOPE_SUBTREE?"sub":"UNKNOWN");
756 ldb_debug_add(ldb, " expr: %s\n",
757 ldb_filter_from_tree(tmp_ctx, req->op.search.tree));
758 if (req->op.search.attrs == NULL) {
759 ldb_debug_add(ldb, " attr: <ALL>\n");
761 for (i=0; req->op.search.attrs[i]; i++) {
762 ldb_debug_add(ldb, " attr: %s\n", req->op.search.attrs[i]);
767 ldb_debug_add(ldb, "ldb_trace_request: DELETE\n");
768 ldb_debug_add(ldb, " dn: %s\n",
769 ldb_dn_get_linearized(req->op.del.dn));
772 ldb_debug_add(ldb, "ldb_trace_request: RENAME\n");
773 ldb_debug_add(ldb, " olddn: %s\n",
774 ldb_dn_get_linearized(req->op.rename.olddn));
775 ldb_debug_add(ldb, " newdn: %s\n",
776 ldb_dn_get_linearized(req->op.rename.newdn));
779 ldb_debug_add(ldb, "ldb_trace_request: EXTENDED\n");
780 ldb_debug_add(ldb, " oid: %s\n", req->op.extended.oid);
781 ldb_debug_add(ldb, " data: %s\n", req->op.extended.data?"yes":"no");
784 ldif.changetype = LDB_CHANGETYPE_ADD;
785 ldif.msg = discard_const_p(struct ldb_message, req->op.add.message);
787 ldb_debug_add(ldb, "ldb_trace_request: ADD\n");
791 * ldb_ldif_write_redacted_trace_string() is CRITICAL
792 * for security. It ensures that we do not output
793 * passwords into debug logs
796 ldb_debug_add(req->handle->ldb, "%s\n",
797 ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif));
800 ldif.changetype = LDB_CHANGETYPE_MODIFY;
801 ldif.msg = discard_const_p(struct ldb_message, req->op.mod.message);
803 ldb_debug_add(ldb, "ldb_trace_request: MODIFY\n");
807 * ldb_ldif_write_redacted_trace_string() is CRITICAL
808 * for security. It ensures that we do not output
809 * passwords into debug logs
812 ldb_debug_add(req->handle->ldb, "%s\n",
813 ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif));
815 case LDB_REQ_REGISTER_CONTROL:
816 ldb_debug_add(ldb, "ldb_trace_request: REGISTER_CONTROL\n");
817 ldb_debug_add(req->handle->ldb, "%s\n",
818 req->op.reg_control.oid);
820 case LDB_REQ_REGISTER_PARTITION:
821 ldb_debug_add(ldb, "ldb_trace_request: REGISTER_PARTITION\n");
822 ldb_debug_add(req->handle->ldb, "%s\n",
823 ldb_dn_get_linearized(req->op.reg_partition.dn));
826 ldb_debug_add(ldb, "ldb_trace_request: UNKNOWN(%u)\n",
831 if (req->controls == NULL) {
832 ldb_debug_add(ldb, " control: <NONE>\n");
834 for (i=0; req->controls && req->controls[i]; i++) {
835 if (req->controls[i]->oid) {
836 ldb_debug_add(ldb, " control: %s crit:%u data:%s\n",
837 req->controls[i]->oid,
838 req->controls[i]->critical,
839 req->controls[i]->data?"yes":"no");
844 ldb_debug_end(ldb, LDB_DEBUG_TRACE);
846 talloc_free(tmp_ctx);
850 check that the element flags don't have any internal bits set
852 static int ldb_msg_check_element_flags(struct ldb_context *ldb,
853 const struct ldb_message *message)
856 for (i=0; i<message->num_elements; i++) {
857 if (message->elements[i].flags & LDB_FLAG_INTERNAL_MASK) {
858 ldb_asprintf_errstring(ldb, "Invalid element flags 0x%08x on element %s in %s\n",
859 message->elements[i].flags, message->elements[i].name,
860 ldb_dn_get_linearized(message->dn));
861 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
870 NOTE: the request must be a talloc context.
871 returns LDB_ERR_* on errors.
873 int ldb_request(struct ldb_context *ldb, struct ldb_request *req)
875 struct ldb_module *module;
878 if (req->callback == NULL) {
879 ldb_set_errstring(ldb, "Requests MUST define callbacks");
880 return LDB_ERR_UNWILLING_TO_PERFORM;
883 ldb_reset_err_string(ldb);
885 if (ldb->flags & LDB_FLG_ENABLE_TRACING) {
886 ldb_trace_request(ldb, req);
889 /* call the first module in the chain */
890 switch (req->operation) {
892 /* due to "ldb_build_search_req" base DN always != NULL */
893 if (!ldb_dn_validate(req->op.search.base)) {
894 ldb_asprintf_errstring(ldb, "ldb_search: invalid basedn '%s'",
895 ldb_dn_get_linearized(req->op.search.base));
896 return LDB_ERR_INVALID_DN_SYNTAX;
898 FIRST_OP(ldb, search);
899 ret = module->ops->search(module, req);
902 if (!ldb_dn_validate(req->op.add.message->dn)) {
903 ldb_asprintf_errstring(ldb, "ldb_add: invalid dn '%s'",
904 ldb_dn_get_linearized(req->op.add.message->dn));
905 return LDB_ERR_INVALID_DN_SYNTAX;
908 * we have to normalize here, as so many places
909 * in modules and backends assume we don't have two
910 * elements with the same name
912 ret = ldb_msg_normalize(ldb, req, req->op.add.message,
913 discard_const(&req->op.add.message));
914 if (ret != LDB_SUCCESS) {
919 ret = ldb_msg_check_element_flags(ldb, req->op.add.message);
920 if (ret != LDB_SUCCESS) {
922 * "ldb_msg_check_element_flags" generates an error
927 ret = module->ops->add(module, req);
930 if (!ldb_dn_validate(req->op.mod.message->dn)) {
931 ldb_asprintf_errstring(ldb, "ldb_modify: invalid dn '%s'",
932 ldb_dn_get_linearized(req->op.mod.message->dn));
933 return LDB_ERR_INVALID_DN_SYNTAX;
935 FIRST_OP(ldb, modify);
936 ret = ldb_msg_check_element_flags(ldb, req->op.mod.message);
937 if (ret != LDB_SUCCESS) {
939 * "ldb_msg_check_element_flags" generates an error
944 ret = module->ops->modify(module, req);
947 if (!ldb_dn_validate(req->op.del.dn)) {
948 ldb_asprintf_errstring(ldb, "ldb_delete: invalid dn '%s'",
949 ldb_dn_get_linearized(req->op.del.dn));
950 return LDB_ERR_INVALID_DN_SYNTAX;
953 ret = module->ops->del(module, req);
956 if (!ldb_dn_validate(req->op.rename.olddn)) {
957 ldb_asprintf_errstring(ldb, "ldb_rename: invalid olddn '%s'",
958 ldb_dn_get_linearized(req->op.rename.olddn));
959 return LDB_ERR_INVALID_DN_SYNTAX;
961 if (!ldb_dn_validate(req->op.rename.newdn)) {
962 ldb_asprintf_errstring(ldb, "ldb_rename: invalid newdn '%s'",
963 ldb_dn_get_linearized(req->op.rename.newdn));
964 return LDB_ERR_INVALID_DN_SYNTAX;
966 FIRST_OP(ldb, rename);
967 ret = module->ops->rename(module, req);
970 FIRST_OP(ldb, extended);
971 ret = module->ops->extended(module, req);
974 FIRST_OP(ldb, request);
975 ret = module->ops->request(module, req);
979 if ((ret != LDB_SUCCESS) && (ldb->err_string == NULL)) {
980 /* if no error string was setup by the backend */
981 ldb_asprintf_errstring(ldb, "ldb_request: %s (%d)",
982 ldb_strerror(ret), ret);
988 int ldb_request_done(struct ldb_request *req, int status)
990 req->handle->state = LDB_ASYNC_DONE;
991 req->handle->status = status;
996 search the database given a LDAP-like search expression
998 returns an LDB error code
1000 Use talloc_free to free the ldb_message returned in 'res', if successful
1003 int ldb_search_default_callback(struct ldb_request *req,
1004 struct ldb_reply *ares)
1006 struct ldb_result *res;
1009 res = talloc_get_type(req->context, struct ldb_result);
1012 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1014 if (ares->error != LDB_SUCCESS) {
1015 return ldb_request_done(req, ares->error);
1018 switch (ares->type) {
1019 case LDB_REPLY_ENTRY:
1020 res->msgs = talloc_realloc(res, res->msgs,
1021 struct ldb_message *, res->count + 2);
1023 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1026 res->msgs[res->count + 1] = NULL;
1028 res->msgs[res->count] = talloc_move(res->msgs, &ares->message);
1032 case LDB_REPLY_REFERRAL:
1034 for (n = 0; res->refs[n]; n++) /*noop*/ ;
1039 res->refs = talloc_realloc(res, res->refs, char *, n + 2);
1041 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1044 res->refs[n] = talloc_move(res->refs, &ares->referral);
1045 res->refs[n + 1] = NULL;
1048 case LDB_REPLY_DONE:
1049 /* TODO: we should really support controls on entries
1050 * and referrals too! */
1051 res->controls = talloc_move(res, &ares->controls);
1053 /* this is the last message, and means the request is done */
1054 /* we have to signal and eventual ldb_wait() waiting that the
1055 * async request operation was completed */
1057 return ldb_request_done(req, LDB_SUCCESS);
1065 int ldb_modify_default_callback(struct ldb_request *req, struct ldb_reply *ares)
1067 struct ldb_result *res;
1071 res = talloc_get_type(req->context, struct ldb_result);
1074 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1077 if (ares->error != LDB_SUCCESS) {
1080 return ldb_request_done(req, ret);
1083 switch (ares->type) {
1084 case LDB_REPLY_REFERRAL:
1086 for (n = 0; res->refs[n]; n++) /*noop*/ ;
1091 res->refs = talloc_realloc(res, res->refs, char *, n + 2);
1093 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1096 res->refs[n] = talloc_move(res->refs, &ares->referral);
1097 res->refs[n + 1] = NULL;
1100 case LDB_REPLY_DONE:
1102 return ldb_request_done(req, LDB_SUCCESS);
1105 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1106 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1110 return ldb_request_done(req, LDB_SUCCESS);
1113 int ldb_op_default_callback(struct ldb_request *req, struct ldb_reply *ares)
1118 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1121 if (ares->error != LDB_SUCCESS) {
1124 return ldb_request_done(req, ret);
1127 if (ares->type != LDB_REPLY_DONE) {
1129 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1130 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1134 return ldb_request_done(req, LDB_SUCCESS);
1137 int ldb_build_search_req_ex(struct ldb_request **ret_req,
1138 struct ldb_context *ldb,
1139 TALLOC_CTX *mem_ctx,
1140 struct ldb_dn *base,
1141 enum ldb_scope scope,
1142 struct ldb_parse_tree *tree,
1143 const char * const *attrs,
1144 struct ldb_control **controls,
1146 ldb_request_callback_t callback,
1147 struct ldb_request *parent)
1149 struct ldb_request *req;
1153 req = talloc(mem_ctx, struct ldb_request);
1156 return LDB_ERR_OPERATIONS_ERROR;
1159 req->operation = LDB_SEARCH;
1161 req->op.search.base = ldb_dn_new(req, ldb, NULL);
1163 req->op.search.base = base;
1165 req->op.search.scope = scope;
1167 req->op.search.tree = tree;
1168 if (req->op.search.tree == NULL) {
1169 ldb_set_errstring(ldb, "'tree' can't be NULL");
1171 return LDB_ERR_OPERATIONS_ERROR;
1174 req->op.search.attrs = attrs;
1175 req->controls = controls;
1176 req->context = context;
1177 req->callback = callback;
1179 ldb_set_timeout_from_prev_req(ldb, parent, req);
1181 req->handle = ldb_handle_new(req, ldb);
1182 if (req->handle == NULL) {
1184 return LDB_ERR_OPERATIONS_ERROR;
1188 req->handle->nesting++;
1189 req->handle->parent = parent;
1190 req->handle->flags = parent->handle->flags;
1191 req->handle->custom_flags = parent->handle->custom_flags;
1198 int ldb_build_search_req(struct ldb_request **ret_req,
1199 struct ldb_context *ldb,
1200 TALLOC_CTX *mem_ctx,
1201 struct ldb_dn *base,
1202 enum ldb_scope scope,
1203 const char *expression,
1204 const char * const *attrs,
1205 struct ldb_control **controls,
1207 ldb_request_callback_t callback,
1208 struct ldb_request *parent)
1210 struct ldb_parse_tree *tree;
1213 tree = ldb_parse_tree(mem_ctx, expression);
1215 ldb_set_errstring(ldb, "Unable to parse search expression");
1216 return LDB_ERR_OPERATIONS_ERROR;
1219 ret = ldb_build_search_req_ex(ret_req, ldb, mem_ctx, base,
1220 scope, tree, attrs, controls,
1221 context, callback, parent);
1222 if (ret == LDB_SUCCESS) {
1223 talloc_steal(*ret_req, tree);
1228 int ldb_build_add_req(struct ldb_request **ret_req,
1229 struct ldb_context *ldb,
1230 TALLOC_CTX *mem_ctx,
1231 const struct ldb_message *message,
1232 struct ldb_control **controls,
1234 ldb_request_callback_t callback,
1235 struct ldb_request *parent)
1237 struct ldb_request *req;
1241 req = talloc(mem_ctx, struct ldb_request);
1243 ldb_set_errstring(ldb, "Out of Memory");
1244 return LDB_ERR_OPERATIONS_ERROR;
1247 req->operation = LDB_ADD;
1248 req->op.add.message = message;
1249 req->controls = controls;
1250 req->context = context;
1251 req->callback = callback;
1253 ldb_set_timeout_from_prev_req(ldb, parent, req);
1255 req->handle = ldb_handle_new(req, ldb);
1256 if (req->handle == NULL) {
1258 return LDB_ERR_OPERATIONS_ERROR;
1262 req->handle->nesting++;
1263 req->handle->parent = parent;
1264 req->handle->flags = parent->handle->flags;
1265 req->handle->custom_flags = parent->handle->custom_flags;
1273 int ldb_build_mod_req(struct ldb_request **ret_req,
1274 struct ldb_context *ldb,
1275 TALLOC_CTX *mem_ctx,
1276 const struct ldb_message *message,
1277 struct ldb_control **controls,
1279 ldb_request_callback_t callback,
1280 struct ldb_request *parent)
1282 struct ldb_request *req;
1286 req = talloc(mem_ctx, struct ldb_request);
1288 ldb_set_errstring(ldb, "Out of Memory");
1289 return LDB_ERR_OPERATIONS_ERROR;
1292 req->operation = LDB_MODIFY;
1293 req->op.mod.message = message;
1294 req->controls = controls;
1295 req->context = context;
1296 req->callback = callback;
1298 ldb_set_timeout_from_prev_req(ldb, parent, req);
1300 req->handle = ldb_handle_new(req, ldb);
1301 if (req->handle == NULL) {
1303 return LDB_ERR_OPERATIONS_ERROR;
1307 req->handle->nesting++;
1308 req->handle->parent = parent;
1309 req->handle->flags = parent->handle->flags;
1310 req->handle->custom_flags = parent->handle->custom_flags;
1318 int ldb_build_del_req(struct ldb_request **ret_req,
1319 struct ldb_context *ldb,
1320 TALLOC_CTX *mem_ctx,
1322 struct ldb_control **controls,
1324 ldb_request_callback_t callback,
1325 struct ldb_request *parent)
1327 struct ldb_request *req;
1331 req = talloc(mem_ctx, struct ldb_request);
1333 ldb_set_errstring(ldb, "Out of Memory");
1334 return LDB_ERR_OPERATIONS_ERROR;
1337 req->operation = LDB_DELETE;
1338 req->op.del.dn = dn;
1339 req->controls = controls;
1340 req->context = context;
1341 req->callback = callback;
1343 ldb_set_timeout_from_prev_req(ldb, parent, req);
1345 req->handle = ldb_handle_new(req, ldb);
1346 if (req->handle == NULL) {
1348 return LDB_ERR_OPERATIONS_ERROR;
1352 req->handle->nesting++;
1353 req->handle->parent = parent;
1354 req->handle->flags = parent->handle->flags;
1355 req->handle->custom_flags = parent->handle->custom_flags;
1363 int ldb_build_rename_req(struct ldb_request **ret_req,
1364 struct ldb_context *ldb,
1365 TALLOC_CTX *mem_ctx,
1366 struct ldb_dn *olddn,
1367 struct ldb_dn *newdn,
1368 struct ldb_control **controls,
1370 ldb_request_callback_t callback,
1371 struct ldb_request *parent)
1373 struct ldb_request *req;
1377 req = talloc(mem_ctx, struct ldb_request);
1379 ldb_set_errstring(ldb, "Out of Memory");
1380 return LDB_ERR_OPERATIONS_ERROR;
1383 req->operation = LDB_RENAME;
1384 req->op.rename.olddn = olddn;
1385 req->op.rename.newdn = newdn;
1386 req->controls = controls;
1387 req->context = context;
1388 req->callback = callback;
1390 ldb_set_timeout_from_prev_req(ldb, parent, req);
1392 req->handle = ldb_handle_new(req, ldb);
1393 if (req->handle == NULL) {
1395 return LDB_ERR_OPERATIONS_ERROR;
1399 req->handle->nesting++;
1400 req->handle->parent = parent;
1401 req->handle->flags = parent->handle->flags;
1402 req->handle->custom_flags = parent->handle->custom_flags;
1410 int ldb_extended_default_callback(struct ldb_request *req,
1411 struct ldb_reply *ares)
1413 struct ldb_result *res;
1415 res = talloc_get_type(req->context, struct ldb_result);
1418 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1420 if (ares->error != LDB_SUCCESS) {
1421 return ldb_request_done(req, ares->error);
1424 if (ares->type == LDB_REPLY_DONE) {
1426 /* TODO: we should really support controls on entries and referrals too! */
1427 res->extended = talloc_move(res, &ares->response);
1428 res->controls = talloc_move(res, &ares->controls);
1431 return ldb_request_done(req, LDB_SUCCESS);
1435 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1436 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1439 int ldb_build_extended_req(struct ldb_request **ret_req,
1440 struct ldb_context *ldb,
1441 TALLOC_CTX *mem_ctx,
1444 struct ldb_control **controls,
1446 ldb_request_callback_t callback,
1447 struct ldb_request *parent)
1449 struct ldb_request *req;
1453 req = talloc(mem_ctx, struct ldb_request);
1455 ldb_set_errstring(ldb, "Out of Memory");
1456 return LDB_ERR_OPERATIONS_ERROR;
1459 req->operation = LDB_EXTENDED;
1460 req->op.extended.oid = oid;
1461 req->op.extended.data = data;
1462 req->controls = controls;
1463 req->context = context;
1464 req->callback = callback;
1466 ldb_set_timeout_from_prev_req(ldb, parent, req);
1468 req->handle = ldb_handle_new(req, ldb);
1469 if (req->handle == NULL) {
1471 return LDB_ERR_OPERATIONS_ERROR;
1475 req->handle->nesting++;
1476 req->handle->parent = parent;
1477 req->handle->flags = parent->handle->flags;
1478 req->handle->custom_flags = parent->handle->custom_flags;
1486 int ldb_extended(struct ldb_context *ldb,
1489 struct ldb_result **_res)
1491 struct ldb_request *req;
1493 struct ldb_result *res;
1498 res = talloc_zero(ldb, struct ldb_result);
1500 return LDB_ERR_OPERATIONS_ERROR;
1503 ret = ldb_build_extended_req(&req, ldb, ldb,
1505 res, ldb_extended_default_callback,
1507 ldb_req_set_location(req, "ldb_extended");
1509 if (ret != LDB_SUCCESS) goto done;
1511 ldb_set_timeout(ldb, req, 0); /* use default timeout */
1513 ret = ldb_request(ldb, req);
1515 if (ret == LDB_SUCCESS) {
1516 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
1520 if (ret != LDB_SUCCESS) {
1532 note that ldb_search() will automatically replace a NULL 'base' value
1533 with the defaultNamingContext from the rootDSE if available.
1535 int ldb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
1536 struct ldb_result **result, struct ldb_dn *base,
1537 enum ldb_scope scope, const char * const *attrs,
1538 const char *exp_fmt, ...)
1540 struct ldb_request *req;
1541 struct ldb_result *res;
1550 res = talloc_zero(mem_ctx, struct ldb_result);
1552 return LDB_ERR_OPERATIONS_ERROR;
1556 va_start(ap, exp_fmt);
1557 expression = talloc_vasprintf(mem_ctx, exp_fmt, ap);
1562 return LDB_ERR_OPERATIONS_ERROR;
1566 ret = ldb_build_search_req(&req, ldb, mem_ctx,
1567 base?base:ldb_get_default_basedn(ldb),
1573 ldb_search_default_callback,
1575 ldb_req_set_location(req, "ldb_search");
1577 if (ret != LDB_SUCCESS) goto done;
1579 ret = ldb_request(ldb, req);
1581 if (ret == LDB_SUCCESS) {
1582 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
1586 if (ret != LDB_SUCCESS) {
1591 talloc_free(expression);
1599 add a record to the database. Will fail if a record with the given class
1600 and key already exists
1602 int ldb_add(struct ldb_context *ldb,
1603 const struct ldb_message *message)
1605 struct ldb_request *req;
1608 ret = ldb_msg_sanity_check(ldb, message);
1609 if (ret != LDB_SUCCESS) {
1613 ret = ldb_build_add_req(&req, ldb, ldb,
1617 ldb_op_default_callback,
1619 ldb_req_set_location(req, "ldb_add");
1621 if (ret != LDB_SUCCESS) return ret;
1623 /* do request and autostart a transaction */
1624 ret = ldb_autotransaction_request(ldb, req);
1631 modify the specified attributes of a record
1633 int ldb_modify(struct ldb_context *ldb,
1634 const struct ldb_message *message)
1636 struct ldb_request *req;
1639 ret = ldb_msg_sanity_check(ldb, message);
1640 if (ret != LDB_SUCCESS) {
1644 ret = ldb_build_mod_req(&req, ldb, ldb,
1648 ldb_op_default_callback,
1650 ldb_req_set_location(req, "ldb_modify");
1652 if (ret != LDB_SUCCESS) return ret;
1654 /* do request and autostart a transaction */
1655 ret = ldb_autotransaction_request(ldb, req);
1663 delete a record from the database
1665 int ldb_delete(struct ldb_context *ldb, struct ldb_dn *dn)
1667 struct ldb_request *req;
1670 ret = ldb_build_del_req(&req, ldb, ldb,
1674 ldb_op_default_callback,
1676 ldb_req_set_location(req, "ldb_delete");
1678 if (ret != LDB_SUCCESS) return ret;
1680 /* do request and autostart a transaction */
1681 ret = ldb_autotransaction_request(ldb, req);
1688 rename a record in the database
1690 int ldb_rename(struct ldb_context *ldb,
1691 struct ldb_dn *olddn, struct ldb_dn *newdn)
1693 struct ldb_request *req;
1696 ret = ldb_build_rename_req(&req, ldb, ldb,
1701 ldb_op_default_callback,
1703 ldb_req_set_location(req, "ldb_rename");
1705 if (ret != LDB_SUCCESS) return ret;
1707 /* do request and autostart a transaction */
1708 ret = ldb_autotransaction_request(ldb, req);
1716 return the global sequence number
1718 int ldb_sequence_number(struct ldb_context *ldb,
1719 enum ldb_sequence_type type, uint64_t *seq_num)
1721 struct ldb_seqnum_request *seq;
1722 struct ldb_seqnum_result *seqr;
1723 struct ldb_result *res;
1724 TALLOC_CTX *tmp_ctx;
1729 tmp_ctx = talloc_zero(ldb, struct ldb_request);
1730 if (tmp_ctx == NULL) {
1731 ldb_set_errstring(ldb, "Out of Memory");
1732 return LDB_ERR_OPERATIONS_ERROR;
1734 seq = talloc_zero(tmp_ctx, struct ldb_seqnum_request);
1736 ldb_set_errstring(ldb, "Out of Memory");
1737 ret = LDB_ERR_OPERATIONS_ERROR;
1742 ret = ldb_extended(ldb, LDB_EXTENDED_SEQUENCE_NUMBER, seq, &res);
1743 if (ret != LDB_SUCCESS) {
1746 talloc_steal(tmp_ctx, res);
1748 if (strcmp(LDB_EXTENDED_SEQUENCE_NUMBER, res->extended->oid) != 0) {
1749 ldb_set_errstring(ldb, "Invalid OID in reply");
1750 ret = LDB_ERR_OPERATIONS_ERROR;
1753 seqr = talloc_get_type(res->extended->data,
1754 struct ldb_seqnum_result);
1755 *seq_num = seqr->seq_num;
1758 talloc_free(tmp_ctx);
1763 return extended error information
1765 const char *ldb_errstring(struct ldb_context *ldb)
1767 if (ldb->err_string) {
1768 return ldb->err_string;
1775 return a string explaining what a ldb error constant meancs
1777 const char *ldb_strerror(int ldb_err)
1782 case LDB_ERR_OPERATIONS_ERROR:
1783 return "Operations error";
1784 case LDB_ERR_PROTOCOL_ERROR:
1785 return "Protocol error";
1786 case LDB_ERR_TIME_LIMIT_EXCEEDED:
1787 return "Time limit exceeded";
1788 case LDB_ERR_SIZE_LIMIT_EXCEEDED:
1789 return "Size limit exceeded";
1790 case LDB_ERR_COMPARE_FALSE:
1791 return "Compare false";
1792 case LDB_ERR_COMPARE_TRUE:
1793 return "Compare true";
1794 case LDB_ERR_AUTH_METHOD_NOT_SUPPORTED:
1795 return "Auth method not supported";
1796 case LDB_ERR_STRONG_AUTH_REQUIRED:
1797 return "Strong auth required";
1799 case LDB_ERR_REFERRAL:
1800 return "Referral error";
1801 case LDB_ERR_ADMIN_LIMIT_EXCEEDED:
1802 return "Admin limit exceeded";
1803 case LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION:
1804 return "Unsupported critical extension";
1805 case LDB_ERR_CONFIDENTIALITY_REQUIRED:
1806 return "Confidentiality required";
1807 case LDB_ERR_SASL_BIND_IN_PROGRESS:
1808 return "SASL bind in progress";
1809 case LDB_ERR_NO_SUCH_ATTRIBUTE:
1810 return "No such attribute";
1811 case LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE:
1812 return "Undefined attribute type";
1813 case LDB_ERR_INAPPROPRIATE_MATCHING:
1814 return "Inappropriate matching";
1815 case LDB_ERR_CONSTRAINT_VIOLATION:
1816 return "Constraint violation";
1817 case LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS:
1818 return "Attribute or value exists";
1819 case LDB_ERR_INVALID_ATTRIBUTE_SYNTAX:
1820 return "Invalid attribute syntax";
1822 case LDB_ERR_NO_SUCH_OBJECT:
1823 return "No such object";
1824 case LDB_ERR_ALIAS_PROBLEM:
1825 return "Alias problem";
1826 case LDB_ERR_INVALID_DN_SYNTAX:
1827 return "Invalid DN syntax";
1829 case LDB_ERR_ALIAS_DEREFERENCING_PROBLEM:
1830 return "Alias dereferencing problem";
1832 case LDB_ERR_INAPPROPRIATE_AUTHENTICATION:
1833 return "Inappropriate authentication";
1834 case LDB_ERR_INVALID_CREDENTIALS:
1835 return "Invalid credentials";
1836 case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
1837 return "insufficient access rights";
1840 case LDB_ERR_UNAVAILABLE:
1841 return "Unavailable";
1842 case LDB_ERR_UNWILLING_TO_PERFORM:
1843 return "Unwilling to perform";
1844 case LDB_ERR_LOOP_DETECT:
1845 return "Loop detect";
1847 case LDB_ERR_NAMING_VIOLATION:
1848 return "Naming violation";
1849 case LDB_ERR_OBJECT_CLASS_VIOLATION:
1850 return "Object class violation";
1851 case LDB_ERR_NOT_ALLOWED_ON_NON_LEAF:
1852 return "Not allowed on non-leaf";
1853 case LDB_ERR_NOT_ALLOWED_ON_RDN:
1854 return "Not allowed on RDN";
1855 case LDB_ERR_ENTRY_ALREADY_EXISTS:
1856 return "Entry already exists";
1857 case LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED:
1858 return "Object class mods prohibited";
1859 /* 70 RESERVED FOR CLDAP */
1860 case LDB_ERR_AFFECTS_MULTIPLE_DSAS:
1861 return "Affects multiple DSAs";
1867 return "Unknown error";
1871 set backend specific opaque parameters
1873 int ldb_set_opaque(struct ldb_context *ldb, const char *name, void *value)
1875 struct ldb_opaque *o;
1877 /* allow updating an existing value */
1878 for (o=ldb->opaque;o;o=o->next) {
1879 if (strcmp(o->name, name) == 0) {
1885 o = talloc(ldb, struct ldb_opaque);
1888 return LDB_ERR_OTHER;
1890 o->next = ldb->opaque;
1898 get a previously set opaque value
1900 void *ldb_get_opaque(struct ldb_context *ldb, const char *name)
1902 struct ldb_opaque *o;
1903 for (o=ldb->opaque;o;o=o->next) {
1904 if (strcmp(o->name, name) == 0) {
1911 int ldb_global_init(void)
1913 /* Provided for compatibility with some older versions of ldb */
1917 /* return the ldb flags */
1918 unsigned int ldb_get_flags(struct ldb_context *ldb)
1923 /* set the ldb flags */
1924 void ldb_set_flags(struct ldb_context *ldb, unsigned flags)
1931 set the location in a ldb request. Used for debugging
1933 void ldb_req_set_location(struct ldb_request *req, const char *location)
1935 if (req && req->handle) {
1936 req->handle->location = location;
1941 return the location set with dsdb_req_set_location
1943 const char *ldb_req_location(struct ldb_request *req)
1945 return req->handle->location;
1949 mark a request as untrusted. This tells the rootdse module to remove
1950 unregistered controls
1952 void ldb_req_mark_untrusted(struct ldb_request *req)
1954 req->handle->flags |= LDB_HANDLE_FLAG_UNTRUSTED;
1958 mark a request as trusted.
1960 void ldb_req_mark_trusted(struct ldb_request *req)
1962 req->handle->flags &= ~LDB_HANDLE_FLAG_UNTRUSTED;
1966 set custom flags. Those flags are set by applications using ldb,
1967 they are application dependent and the same bit can have different
1968 meaning in different application.
1970 void ldb_req_set_custom_flags(struct ldb_request *req, uint32_t flags)
1972 if (req != NULL && req->handle != NULL) {
1973 req->handle->custom_flags = flags;
1979 get custom flags. Those flags are set by applications using ldb,
1980 they are application dependent and the same bit can have different
1981 meaning in different application.
1983 uint32_t ldb_req_get_custom_flags(struct ldb_request *req)
1985 if (req != NULL && req->handle != NULL) {
1986 return req->handle->custom_flags;
1990 * 0 is not something any better or worse than
1991 * anything else as req or the handle is NULL
1998 * return true if a request is untrusted
2000 bool ldb_req_is_untrusted(struct ldb_request *req)
2002 return (req->handle->flags & LDB_HANDLE_FLAG_UNTRUSTED) != 0;