4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Simo Sorce 2005-2008
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
28 * Component: ldb core API
30 * Description: core API routines interfacing to ldb backends
32 * Author: Andrew Tridgell
35 #define TEVENT_DEPRECATED 1
36 #include "ldb_private.h"
39 static int ldb_context_destructor(void *ptr)
41 struct ldb_context *ldb = talloc_get_type(ptr, struct ldb_context);
43 if (ldb->transaction_active) {
44 ldb_debug(ldb, LDB_DEBUG_FATAL,
45 "A transaction is still active in ldb context [%p] on %s",
46 ldb, (const char *)ldb_get_opaque(ldb, "ldb_url"));
53 this is used to catch debug messages from events
55 static void ldb_tevent_debug(void *context, enum tevent_debug_level level,
56 const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0);
58 static void ldb_tevent_debug(void *context, enum tevent_debug_level level,
59 const char *fmt, va_list ap)
61 struct ldb_context *ldb = talloc_get_type(context, struct ldb_context);
62 enum ldb_debug_level ldb_level = LDB_DEBUG_FATAL;
65 case TEVENT_DEBUG_FATAL:
66 ldb_level = LDB_DEBUG_FATAL;
68 case TEVENT_DEBUG_ERROR:
69 ldb_level = LDB_DEBUG_ERROR;
71 case TEVENT_DEBUG_WARNING:
72 ldb_level = LDB_DEBUG_WARNING;
74 case TEVENT_DEBUG_TRACE:
75 ldb_level = LDB_DEBUG_TRACE;
79 /* There isn't a tevent: prefix here because to add it means
80 * actually printing the string, and most of the time we don't
82 ldb_vdebug(ldb, ldb_level, fmt, ap);
86 initialise a ldb context
87 The mem_ctx is required
88 The event_ctx is required
90 struct ldb_context *ldb_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx)
92 struct ldb_context *ldb;
94 const char *modules_path = getenv("LDB_MODULES_PATH");
96 if (modules_path == NULL) {
97 modules_path = LDB_MODULESDIR;
100 ret = ldb_modules_load(modules_path, LDB_VERSION);
101 if (ret != LDB_SUCCESS) {
105 ldb = talloc_zero(mem_ctx, struct ldb_context);
110 /* A new event context so that callers who don't want ldb
111 * operating on thier global event context can work without
112 * having to provide their own private one explicitly */
113 if (ev_ctx == NULL) {
114 ev_ctx = tevent_context_init(ldb);
115 if (ev_ctx == NULL) {
119 tevent_set_debug(ev_ctx, ldb_tevent_debug, ldb);
120 tevent_loop_allow_nesting(ev_ctx);
123 ret = ldb_setup_wellknown_attributes(ldb);
124 if (ret != LDB_SUCCESS) {
129 ldb_set_utf8_default(ldb);
130 ldb_set_create_perms(ldb, 0666);
131 ldb_set_modules_dir(ldb, LDB_MODULESDIR);
132 ldb_set_event_context(ldb, ev_ctx);
133 ret = ldb_register_extended_match_rules(ldb);
134 if (ret != LDB_SUCCESS) {
139 /* TODO: get timeout from options if available there */
140 ldb->default_timeout = 300; /* set default to 5 minutes */
142 talloc_set_destructor((TALLOC_CTX *)ldb, ldb_context_destructor);
148 try to autodetect a basedn if none specified. This fixes one of my
149 pet hates about ldapsearch, which is that you have to get a long,
150 complex basedn right to make any use of it.
152 void ldb_set_default_dns(struct ldb_context *ldb)
156 struct ldb_result *res;
157 struct ldb_dn *tmp_dn=NULL;
158 static const char *attrs[] = {
159 "rootDomainNamingContext",
160 "configurationNamingContext",
161 "schemaNamingContext",
162 "defaultNamingContext",
166 tmp_ctx = talloc_new(ldb);
167 ret = ldb_search(ldb, tmp_ctx, &res, ldb_dn_new(tmp_ctx, ldb, NULL),
168 LDB_SCOPE_BASE, attrs, "(objectClass=*)");
169 if (ret != LDB_SUCCESS) {
170 talloc_free(tmp_ctx);
174 if (res->count != 1) {
175 talloc_free(tmp_ctx);
179 if (!ldb_get_opaque(ldb, "rootDomainNamingContext")) {
180 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
181 "rootDomainNamingContext");
182 ldb_set_opaque(ldb, "rootDomainNamingContext", tmp_dn);
185 if (!ldb_get_opaque(ldb, "configurationNamingContext")) {
186 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
187 "configurationNamingContext");
188 ldb_set_opaque(ldb, "configurationNamingContext", tmp_dn);
191 if (!ldb_get_opaque(ldb, "schemaNamingContext")) {
192 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
193 "schemaNamingContext");
194 ldb_set_opaque(ldb, "schemaNamingContext", tmp_dn);
197 if (!ldb_get_opaque(ldb, "defaultNamingContext")) {
198 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
199 "defaultNamingContext");
200 ldb_set_opaque(ldb, "defaultNamingContext", tmp_dn);
203 talloc_free(tmp_ctx);
206 struct ldb_dn *ldb_get_root_basedn(struct ldb_context *ldb)
208 void *opaque = ldb_get_opaque(ldb, "rootDomainNamingContext");
209 return talloc_get_type(opaque, struct ldb_dn);
212 struct ldb_dn *ldb_get_config_basedn(struct ldb_context *ldb)
214 void *opaque = ldb_get_opaque(ldb, "configurationNamingContext");
215 return talloc_get_type(opaque, struct ldb_dn);
218 struct ldb_dn *ldb_get_schema_basedn(struct ldb_context *ldb)
220 void *opaque = ldb_get_opaque(ldb, "schemaNamingContext");
221 return talloc_get_type(opaque, struct ldb_dn);
224 struct ldb_dn *ldb_get_default_basedn(struct ldb_context *ldb)
226 void *opaque = ldb_get_opaque(ldb, "defaultNamingContext");
227 return talloc_get_type(opaque, struct ldb_dn);
231 connect to a database. The URL can either be one of the following forms
235 flags is made up of LDB_FLG_*
237 the options are passed uninterpreted to the backend, and are
240 int ldb_connect(struct ldb_context *ldb, const char *url,
241 unsigned int flags, const char *options[])
245 /* We seem to need to do this here, or else some utilities don't
246 * get ldb backends */
250 url2 = talloc_strdup(ldb, url);
253 return LDB_ERR_OPERATIONS_ERROR;
255 ret = ldb_set_opaque(ldb, "ldb_url", url2);
256 if (ret != LDB_SUCCESS) {
260 ret = ldb_module_connect_backend(ldb, url, options, &ldb->modules);
261 if (ret != LDB_SUCCESS) {
265 ret = ldb_load_modules(ldb, options);
266 if (ret != LDB_SUCCESS) {
267 ldb_debug(ldb, LDB_DEBUG_FATAL,
268 "Unable to load modules for %s: %s",
269 url, ldb_errstring(ldb));
273 /* set the default base dn */
274 ldb_set_default_dns(ldb);
279 void ldb_set_errstring(struct ldb_context *ldb, const char *err_string)
281 ldb_asprintf_errstring(ldb, "%s", err_string);
284 void ldb_asprintf_errstring(struct ldb_context *ldb, const char *format, ...)
287 char *old_err_string = NULL;
288 if (ldb->err_string) {
289 old_err_string = ldb->err_string;
292 va_start(ap, format);
293 ldb->err_string = talloc_vasprintf(ldb, format, ap);
296 TALLOC_FREE(old_err_string);
298 if (ldb->flags & LDB_FLG_ENABLE_TRACING) {
299 ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_asprintf/set_errstring: %s",
304 void ldb_reset_err_string(struct ldb_context *ldb)
306 if (ldb->err_string) {
307 talloc_free(ldb->err_string);
308 ldb->err_string = NULL;
315 set an ldb error based on file:line
317 int ldb_error_at(struct ldb_context *ldb, int ecode,
318 const char *reason, const char *file, int line)
320 if (reason == NULL) {
321 reason = ldb_strerror(ecode);
323 ldb_asprintf_errstring(ldb, "%s at %s:%d", reason, file, line);
328 #define FIRST_OP_NOERR(ldb, op) do { \
329 module = ldb->modules; \
330 while (module && module->ops->op == NULL) module = module->next; \
331 if ((ldb->flags & LDB_FLG_ENABLE_TRACING) && module) { \
332 ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: (%s)->" #op, \
333 module->ops->name); \
337 #define FIRST_OP(ldb, op) do { \
338 FIRST_OP_NOERR(ldb, op); \
339 if (module == NULL) { \
340 ldb_asprintf_errstring(ldb, "unable to find module or backend to handle operation: " #op); \
341 return LDB_ERR_OPERATIONS_ERROR; \
349 int ldb_transaction_start(struct ldb_context *ldb)
351 struct ldb_module *module;
354 ldb_debug(ldb, LDB_DEBUG_TRACE,
355 "start ldb transaction (nesting: %d)",
356 ldb->transaction_active);
358 /* explicit transaction active, count nested requests */
359 if (ldb->transaction_active) {
360 ldb->transaction_active++;
364 /* start a new transaction */
365 ldb->transaction_active++;
366 ldb->prepare_commit_done = false;
368 FIRST_OP(ldb, start_transaction);
370 ldb_reset_err_string(ldb);
372 status = module->ops->start_transaction(module);
373 if (status != LDB_SUCCESS) {
374 if (ldb->err_string == NULL) {
375 /* no error string was setup by the backend */
376 ldb_asprintf_errstring(ldb,
377 "ldb transaction start: %s (%d)",
378 ldb_strerror(status),
381 if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
382 ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s",
383 ldb_errstring(module->ldb));
386 if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
387 ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction success");
394 prepare for transaction commit (first phase of two phase commit)
396 int ldb_transaction_prepare_commit(struct ldb_context *ldb)
398 struct ldb_module *module;
401 if (ldb->prepare_commit_done) {
405 /* commit only when all nested transactions are complete */
406 if (ldb->transaction_active > 1) {
410 ldb->prepare_commit_done = true;
412 if (ldb->transaction_active < 0) {
413 ldb_debug(ldb, LDB_DEBUG_FATAL,
414 "prepare commit called but no ldb transactions are active!");
415 ldb->transaction_active = 0;
416 return LDB_ERR_OPERATIONS_ERROR;
419 /* call prepare transaction if available */
420 FIRST_OP_NOERR(ldb, prepare_commit);
421 if (module == NULL) {
425 status = module->ops->prepare_commit(module);
426 if (status != LDB_SUCCESS) {
427 ldb->transaction_active--;
428 /* if a module fails the prepare then we need
429 to call the end transaction for everyone */
430 FIRST_OP(ldb, del_transaction);
431 module->ops->del_transaction(module);
432 if (ldb->err_string == NULL) {
433 /* no error string was setup by the backend */
434 ldb_asprintf_errstring(ldb,
435 "ldb transaction prepare commit: %s (%d)",
436 ldb_strerror(status),
439 if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
440 ldb_debug(module->ldb, LDB_DEBUG_TRACE, "prepare commit transaction error: %s",
441 ldb_errstring(module->ldb));
452 int ldb_transaction_commit(struct ldb_context *ldb)
454 struct ldb_module *module;
457 status = ldb_transaction_prepare_commit(ldb);
458 if (status != LDB_SUCCESS) {
462 ldb->transaction_active--;
464 ldb_debug(ldb, LDB_DEBUG_TRACE,
465 "commit ldb transaction (nesting: %d)",
466 ldb->transaction_active);
468 /* commit only when all nested transactions are complete */
469 if (ldb->transaction_active > 0) {
473 if (ldb->transaction_active < 0) {
474 ldb_debug(ldb, LDB_DEBUG_FATAL,
475 "commit called but no ldb transactions are active!");
476 ldb->transaction_active = 0;
477 return LDB_ERR_OPERATIONS_ERROR;
480 ldb_reset_err_string(ldb);
482 FIRST_OP(ldb, end_transaction);
483 status = module->ops->end_transaction(module);
484 if (status != LDB_SUCCESS) {
485 if (ldb->err_string == NULL) {
486 /* no error string was setup by the backend */
487 ldb_asprintf_errstring(ldb,
488 "ldb transaction commit: %s (%d)",
489 ldb_strerror(status),
492 if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
493 ldb_debug(module->ldb, LDB_DEBUG_TRACE, "commit ldb transaction error: %s",
494 ldb_errstring(module->ldb));
496 /* cancel the transaction */
497 FIRST_OP(ldb, del_transaction);
498 module->ops->del_transaction(module);
507 int ldb_transaction_cancel(struct ldb_context *ldb)
509 struct ldb_module *module;
512 ldb->transaction_active--;
514 ldb_debug(ldb, LDB_DEBUG_TRACE,
515 "cancel ldb transaction (nesting: %d)",
516 ldb->transaction_active);
518 /* really cancel only if all nested transactions are complete */
519 if (ldb->transaction_active > 0) {
523 if (ldb->transaction_active < 0) {
524 ldb_debug(ldb, LDB_DEBUG_FATAL,
525 "cancel called but no ldb transactions are active!");
526 ldb->transaction_active = 0;
527 return LDB_ERR_OPERATIONS_ERROR;
530 FIRST_OP(ldb, del_transaction);
532 status = module->ops->del_transaction(module);
533 if (status != LDB_SUCCESS) {
534 if (ldb->err_string == NULL) {
535 /* no error string was setup by the backend */
536 ldb_asprintf_errstring(ldb,
537 "ldb transaction cancel: %s (%d)",
538 ldb_strerror(status),
541 if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
542 ldb_debug(module->ldb, LDB_DEBUG_TRACE, "cancel ldb transaction error: %s",
543 ldb_errstring(module->ldb));
550 cancel a transaction with no error if no transaction is pending
551 used when we fork() to clear any parent transactions
553 int ldb_transaction_cancel_noerr(struct ldb_context *ldb)
555 if (ldb->transaction_active > 0) {
556 return ldb_transaction_cancel(ldb);
562 /* autostarts a transaction if none active */
563 static int ldb_autotransaction_request(struct ldb_context *ldb,
564 struct ldb_request *req)
568 ret = ldb_transaction_start(ldb);
569 if (ret != LDB_SUCCESS) {
573 ret = ldb_request(ldb, req);
574 if (ret == LDB_SUCCESS) {
575 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
578 if (ret == LDB_SUCCESS) {
579 return ldb_transaction_commit(ldb);
581 ldb_transaction_cancel(ldb);
586 int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type type)
588 struct tevent_context *ev;
591 if (handle == NULL) {
592 return LDB_ERR_UNAVAILABLE;
595 if (handle->state == LDB_ASYNC_DONE) {
596 if ((handle->status != LDB_SUCCESS) &&
597 (handle->ldb->err_string == NULL)) {
598 /* if no error string was setup by the backend */
599 ldb_asprintf_errstring(handle->ldb,
600 "ldb_wait from %s with LDB_ASYNC_DONE: %s (%d)",
602 ldb_strerror(handle->status),
605 return handle->status;
608 ev = ldb_get_event_context(handle->ldb);
610 return ldb_oom(handle->ldb);
615 ret = tevent_loop_once(ev);
617 return ldb_operr(handle->ldb);
619 if (handle->status == LDB_SUCCESS) {
622 if (handle->ldb->err_string != NULL) {
623 return handle->status;
626 * if no error string was setup by the backend
628 ldb_asprintf_errstring(handle->ldb,
629 "ldb_wait from %s with LDB_WAIT_NONE: %s (%d)",
631 ldb_strerror(handle->status),
633 return handle->status;
636 while (handle->state != LDB_ASYNC_DONE) {
637 ret = tevent_loop_once(ev);
639 return ldb_operr(handle->ldb);
641 if (handle->status != LDB_SUCCESS) {
642 if (handle->ldb->err_string != NULL) {
643 return handle->status;
646 * if no error string was setup by the
649 ldb_asprintf_errstring(handle->ldb,
650 "ldb_wait from %s with "
651 "LDB_WAIT_ALL: %s (%d)",
653 ldb_strerror(handle->status),
655 return handle->status;
658 if (handle->status == LDB_SUCCESS) {
661 if (handle->ldb->err_string != NULL) {
662 return handle->status;
665 * if no error string was setup by the backend
667 ldb_asprintf_errstring(handle->ldb,
668 "ldb_wait from %s with LDB_WAIT_ALL,"
669 " LDB_ASYNC_DONE: %s (%d)",
671 ldb_strerror(handle->status),
673 return handle->status;
679 /* set the specified timeout or, if timeout is 0 set the default timeout */
680 int ldb_set_timeout(struct ldb_context *ldb,
681 struct ldb_request *req,
684 if (req == NULL) return LDB_ERR_OPERATIONS_ERROR;
687 req->timeout = timeout;
689 req->timeout = ldb->default_timeout;
691 req->starttime = time(NULL);
696 /* calculates the new timeout based on the previous starttime and timeout */
697 int ldb_set_timeout_from_prev_req(struct ldb_context *ldb,
698 struct ldb_request *oldreq,
699 struct ldb_request *newreq)
701 if (newreq == NULL) return LDB_ERR_OPERATIONS_ERROR;
703 if (oldreq == NULL) {
704 return ldb_set_timeout(ldb, newreq, 0);
707 newreq->starttime = oldreq->starttime;
708 newreq->timeout = oldreq->timeout;
715 set the permissions for new files to be passed to open() in
716 backends that use local files
718 void ldb_set_create_perms(struct ldb_context *ldb, unsigned int perms)
720 ldb->create_perms = perms;
723 unsigned int ldb_get_create_perms(struct ldb_context *ldb)
725 return ldb->create_perms;
728 void ldb_set_event_context(struct ldb_context *ldb, struct tevent_context *ev)
733 struct tevent_context * ldb_get_event_context(struct ldb_context *ldb)
738 void ldb_request_set_state(struct ldb_request *req, int state)
740 req->handle->state = state;
743 int ldb_request_get_status(struct ldb_request *req)
745 return req->handle->status;
749 * This function obtains the private event context for the handle,
750 * which may have been created to avoid nested event loops during
751 * ldb_tdb with the locks held
753 struct tevent_context *ldb_handle_get_event_context(struct ldb_handle *handle)
755 if (handle->event_context != NULL) {
756 return handle->event_context;
758 return ldb_get_event_context(handle->ldb);
761 void ldb_set_require_private_event_context(struct ldb_context *ldb)
763 ldb->require_private_event_context = true;
769 static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req)
771 TALLOC_CTX *tmp_ctx = talloc_new(req);
773 struct ldb_ldif ldif;
775 switch (req->operation) {
777 ldb_debug_add(ldb, "ldb_trace_request: SEARCH\n");
778 ldb_debug_add(ldb, " dn: %s\n",
779 ldb_dn_is_null(req->op.search.base)?"<rootDSE>":
780 ldb_dn_get_linearized(req->op.search.base));
781 ldb_debug_add(ldb, " scope: %s\n",
782 req->op.search.scope==LDB_SCOPE_BASE?"base":
783 req->op.search.scope==LDB_SCOPE_ONELEVEL?"one":
784 req->op.search.scope==LDB_SCOPE_SUBTREE?"sub":"UNKNOWN");
785 ldb_debug_add(ldb, " expr: %s\n",
786 ldb_filter_from_tree(tmp_ctx, req->op.search.tree));
787 if (req->op.search.attrs == NULL) {
788 ldb_debug_add(ldb, " attr: <ALL>\n");
790 for (i=0; req->op.search.attrs[i]; i++) {
791 ldb_debug_add(ldb, " attr: %s\n", req->op.search.attrs[i]);
796 ldb_debug_add(ldb, "ldb_trace_request: DELETE\n");
797 ldb_debug_add(ldb, " dn: %s\n",
798 ldb_dn_get_linearized(req->op.del.dn));
801 ldb_debug_add(ldb, "ldb_trace_request: RENAME\n");
802 ldb_debug_add(ldb, " olddn: %s\n",
803 ldb_dn_get_linearized(req->op.rename.olddn));
804 ldb_debug_add(ldb, " newdn: %s\n",
805 ldb_dn_get_linearized(req->op.rename.newdn));
808 ldb_debug_add(ldb, "ldb_trace_request: EXTENDED\n");
809 ldb_debug_add(ldb, " oid: %s\n", req->op.extended.oid);
810 ldb_debug_add(ldb, " data: %s\n", req->op.extended.data?"yes":"no");
813 ldif.changetype = LDB_CHANGETYPE_ADD;
814 ldif.msg = discard_const_p(struct ldb_message, req->op.add.message);
816 ldb_debug_add(ldb, "ldb_trace_request: ADD\n");
820 * ldb_ldif_write_redacted_trace_string() is CRITICAL
821 * for security. It ensures that we do not output
822 * passwords into debug logs
825 ldb_debug_add(req->handle->ldb, "%s\n",
826 ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif));
829 ldif.changetype = LDB_CHANGETYPE_MODIFY;
830 ldif.msg = discard_const_p(struct ldb_message, req->op.mod.message);
832 ldb_debug_add(ldb, "ldb_trace_request: MODIFY\n");
836 * ldb_ldif_write_redacted_trace_string() is CRITICAL
837 * for security. It ensures that we do not output
838 * passwords into debug logs
841 ldb_debug_add(req->handle->ldb, "%s\n",
842 ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif));
844 case LDB_REQ_REGISTER_CONTROL:
845 ldb_debug_add(ldb, "ldb_trace_request: REGISTER_CONTROL\n");
846 ldb_debug_add(req->handle->ldb, "%s\n",
847 req->op.reg_control.oid);
849 case LDB_REQ_REGISTER_PARTITION:
850 ldb_debug_add(ldb, "ldb_trace_request: REGISTER_PARTITION\n");
851 ldb_debug_add(req->handle->ldb, "%s\n",
852 ldb_dn_get_linearized(req->op.reg_partition.dn));
855 ldb_debug_add(ldb, "ldb_trace_request: UNKNOWN(%u)\n",
860 if (req->controls == NULL) {
861 ldb_debug_add(ldb, " control: <NONE>\n");
863 for (i=0; req->controls && req->controls[i]; i++) {
864 if (req->controls[i]->oid) {
865 ldb_debug_add(ldb, " control: %s crit:%u data:%s\n",
866 req->controls[i]->oid,
867 req->controls[i]->critical,
868 req->controls[i]->data?"yes":"no");
873 ldb_debug_end(ldb, LDB_DEBUG_TRACE);
875 talloc_free(tmp_ctx);
879 check that the element flags don't have any internal bits set
881 static int ldb_msg_check_element_flags(struct ldb_context *ldb,
882 const struct ldb_message *message)
885 for (i=0; i<message->num_elements; i++) {
886 if (message->elements[i].flags & LDB_FLAG_INTERNAL_MASK) {
887 ldb_asprintf_errstring(ldb, "Invalid element flags 0x%08x on element %s in %s\n",
888 message->elements[i].flags, message->elements[i].name,
889 ldb_dn_get_linearized(message->dn));
890 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
899 NOTE: the request must be a talloc context.
900 returns LDB_ERR_* on errors.
902 int ldb_request(struct ldb_context *ldb, struct ldb_request *req)
904 struct ldb_module *module;
907 if (req->callback == NULL) {
908 ldb_set_errstring(ldb, "Requests MUST define callbacks");
909 return LDB_ERR_UNWILLING_TO_PERFORM;
912 ldb_reset_err_string(ldb);
914 if (ldb->flags & LDB_FLG_ENABLE_TRACING) {
915 ldb_trace_request(ldb, req);
918 /* call the first module in the chain */
919 switch (req->operation) {
921 /* due to "ldb_build_search_req" base DN always != NULL */
922 if (!ldb_dn_validate(req->op.search.base)) {
923 ldb_asprintf_errstring(ldb, "ldb_search: invalid basedn '%s'",
924 ldb_dn_get_linearized(req->op.search.base));
925 return LDB_ERR_INVALID_DN_SYNTAX;
927 FIRST_OP(ldb, search);
928 ret = module->ops->search(module, req);
931 if (!ldb_dn_validate(req->op.add.message->dn)) {
932 ldb_asprintf_errstring(ldb, "ldb_add: invalid dn '%s'",
933 ldb_dn_get_linearized(req->op.add.message->dn));
934 return LDB_ERR_INVALID_DN_SYNTAX;
937 * we have to normalize here, as so many places
938 * in modules and backends assume we don't have two
939 * elements with the same name
941 ret = ldb_msg_normalize(ldb, req, req->op.add.message,
942 discard_const(&req->op.add.message));
943 if (ret != LDB_SUCCESS) {
948 ret = ldb_msg_check_element_flags(ldb, req->op.add.message);
949 if (ret != LDB_SUCCESS) {
951 * "ldb_msg_check_element_flags" generates an error
956 ret = module->ops->add(module, req);
959 if (!ldb_dn_validate(req->op.mod.message->dn)) {
960 ldb_asprintf_errstring(ldb, "ldb_modify: invalid dn '%s'",
961 ldb_dn_get_linearized(req->op.mod.message->dn));
962 return LDB_ERR_INVALID_DN_SYNTAX;
964 FIRST_OP(ldb, modify);
965 ret = ldb_msg_check_element_flags(ldb, req->op.mod.message);
966 if (ret != LDB_SUCCESS) {
968 * "ldb_msg_check_element_flags" generates an error
973 ret = module->ops->modify(module, req);
976 if (!ldb_dn_validate(req->op.del.dn)) {
977 ldb_asprintf_errstring(ldb, "ldb_delete: invalid dn '%s'",
978 ldb_dn_get_linearized(req->op.del.dn));
979 return LDB_ERR_INVALID_DN_SYNTAX;
982 ret = module->ops->del(module, req);
985 if (!ldb_dn_validate(req->op.rename.olddn)) {
986 ldb_asprintf_errstring(ldb, "ldb_rename: invalid olddn '%s'",
987 ldb_dn_get_linearized(req->op.rename.olddn));
988 return LDB_ERR_INVALID_DN_SYNTAX;
990 if (!ldb_dn_validate(req->op.rename.newdn)) {
991 ldb_asprintf_errstring(ldb, "ldb_rename: invalid newdn '%s'",
992 ldb_dn_get_linearized(req->op.rename.newdn));
993 return LDB_ERR_INVALID_DN_SYNTAX;
995 FIRST_OP(ldb, rename);
996 ret = module->ops->rename(module, req);
999 FIRST_OP(ldb, extended);
1000 ret = module->ops->extended(module, req);
1003 FIRST_OP(ldb, request);
1004 ret = module->ops->request(module, req);
1008 if ((ret != LDB_SUCCESS) && (ldb->err_string == NULL)) {
1009 /* if no error string was setup by the backend */
1010 ldb_asprintf_errstring(ldb, "ldb_request: %s (%d)",
1011 ldb_strerror(ret), ret);
1017 int ldb_request_done(struct ldb_request *req, int status)
1019 req->handle->state = LDB_ASYNC_DONE;
1020 req->handle->status = status;
1025 search the database given a LDAP-like search expression
1027 returns an LDB error code
1029 Use talloc_free to free the ldb_message returned in 'res', if successful
1032 int ldb_search_default_callback(struct ldb_request *req,
1033 struct ldb_reply *ares)
1035 struct ldb_result *res;
1038 res = talloc_get_type(req->context, struct ldb_result);
1041 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1043 if (ares->error != LDB_SUCCESS) {
1044 return ldb_request_done(req, ares->error);
1047 switch (ares->type) {
1048 case LDB_REPLY_ENTRY:
1049 res->msgs = talloc_realloc(res, res->msgs,
1050 struct ldb_message *, res->count + 2);
1052 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1055 res->msgs[res->count + 1] = NULL;
1057 res->msgs[res->count] = talloc_move(res->msgs, &ares->message);
1061 case LDB_REPLY_REFERRAL:
1063 for (n = 0; res->refs[n]; n++) /*noop*/ ;
1068 res->refs = talloc_realloc(res, res->refs, char *, n + 2);
1070 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1073 res->refs[n] = talloc_move(res->refs, &ares->referral);
1074 res->refs[n + 1] = NULL;
1077 case LDB_REPLY_DONE:
1078 /* TODO: we should really support controls on entries
1079 * and referrals too! */
1080 res->controls = talloc_move(res, &ares->controls);
1082 /* this is the last message, and means the request is done */
1083 /* we have to signal and eventual ldb_wait() waiting that the
1084 * async request operation was completed */
1086 return ldb_request_done(req, LDB_SUCCESS);
1094 int ldb_modify_default_callback(struct ldb_request *req, struct ldb_reply *ares)
1096 struct ldb_result *res;
1100 res = talloc_get_type(req->context, struct ldb_result);
1103 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1106 if (ares->error != LDB_SUCCESS) {
1109 return ldb_request_done(req, ret);
1112 switch (ares->type) {
1113 case LDB_REPLY_REFERRAL:
1115 for (n = 0; res->refs[n]; n++) /*noop*/ ;
1120 res->refs = talloc_realloc(res, res->refs, char *, n + 2);
1122 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1125 res->refs[n] = talloc_move(res->refs, &ares->referral);
1126 res->refs[n + 1] = NULL;
1129 case LDB_REPLY_DONE:
1131 return ldb_request_done(req, LDB_SUCCESS);
1134 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1135 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1139 return ldb_request_done(req, LDB_SUCCESS);
1142 int ldb_op_default_callback(struct ldb_request *req, struct ldb_reply *ares)
1147 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1150 if (ares->error != LDB_SUCCESS) {
1153 return ldb_request_done(req, ret);
1156 if (ares->type != LDB_REPLY_DONE) {
1158 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1159 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1163 return ldb_request_done(req, LDB_SUCCESS);
1166 static struct ldb_request *ldb_build_req_common(TALLOC_CTX *mem_ctx,
1167 struct ldb_context *ldb,
1168 struct ldb_control **controls,
1170 ldb_request_callback_t callback,
1171 struct ldb_request *parent)
1173 struct ldb_request *req = NULL;
1175 req = talloc_zero(mem_ctx, struct ldb_request);
1179 req->controls = controls;
1180 req->context = context;
1181 req->callback = callback;
1183 ldb_set_timeout_from_prev_req(ldb, parent, req);
1185 req->handle = ldb_handle_new(req, ldb);
1186 if (req->handle == NULL) {
1191 if (parent != NULL) {
1192 req->handle->nesting++;
1193 req->handle->parent = parent;
1194 req->handle->flags = parent->handle->flags;
1195 req->handle->custom_flags = parent->handle->custom_flags;
1201 int ldb_build_search_req_ex(struct ldb_request **ret_req,
1202 struct ldb_context *ldb,
1203 TALLOC_CTX *mem_ctx,
1204 struct ldb_dn *base,
1205 enum ldb_scope scope,
1206 struct ldb_parse_tree *tree,
1207 const char * const *attrs,
1208 struct ldb_control **controls,
1210 ldb_request_callback_t callback,
1211 struct ldb_request *parent)
1213 struct ldb_request *req;
1217 req = ldb_build_req_common(mem_ctx, ldb, controls,
1218 context, callback, parent);
1221 return LDB_ERR_OPERATIONS_ERROR;
1224 req->operation = LDB_SEARCH;
1226 req->op.search.base = ldb_dn_new(req, ldb, NULL);
1228 req->op.search.base = base;
1230 req->op.search.scope = scope;
1232 req->op.search.tree = tree;
1233 if (req->op.search.tree == NULL) {
1234 ldb_set_errstring(ldb, "'tree' can't be NULL");
1236 return LDB_ERR_OPERATIONS_ERROR;
1239 req->op.search.attrs = attrs;
1244 int ldb_build_search_req(struct ldb_request **ret_req,
1245 struct ldb_context *ldb,
1246 TALLOC_CTX *mem_ctx,
1247 struct ldb_dn *base,
1248 enum ldb_scope scope,
1249 const char *expression,
1250 const char * const *attrs,
1251 struct ldb_control **controls,
1253 ldb_request_callback_t callback,
1254 struct ldb_request *parent)
1256 struct ldb_parse_tree *tree;
1259 tree = ldb_parse_tree(mem_ctx, expression);
1261 ldb_set_errstring(ldb, "Unable to parse search expression");
1262 return LDB_ERR_OPERATIONS_ERROR;
1265 ret = ldb_build_search_req_ex(ret_req, ldb, mem_ctx, base,
1266 scope, tree, attrs, controls,
1267 context, callback, parent);
1268 if (ret == LDB_SUCCESS) {
1269 talloc_steal(*ret_req, tree);
1274 int ldb_build_add_req(struct ldb_request **ret_req,
1275 struct ldb_context *ldb,
1276 TALLOC_CTX *mem_ctx,
1277 const struct ldb_message *message,
1278 struct ldb_control **controls,
1280 ldb_request_callback_t callback,
1281 struct ldb_request *parent)
1283 struct ldb_request *req;
1287 req = ldb_build_req_common(mem_ctx, ldb, controls,
1288 context, callback, parent);
1290 ldb_set_errstring(ldb, "Out of Memory");
1291 return LDB_ERR_OPERATIONS_ERROR;
1294 req->operation = LDB_ADD;
1295 req->op.add.message = message;
1300 int ldb_build_mod_req(struct ldb_request **ret_req,
1301 struct ldb_context *ldb,
1302 TALLOC_CTX *mem_ctx,
1303 const struct ldb_message *message,
1304 struct ldb_control **controls,
1306 ldb_request_callback_t callback,
1307 struct ldb_request *parent)
1309 struct ldb_request *req;
1313 req = ldb_build_req_common(mem_ctx, ldb, controls,
1314 context, callback, parent);
1316 ldb_set_errstring(ldb, "Out of Memory");
1317 return LDB_ERR_OPERATIONS_ERROR;
1320 req->operation = LDB_MODIFY;
1321 req->op.mod.message = message;
1327 int ldb_build_del_req(struct ldb_request **ret_req,
1328 struct ldb_context *ldb,
1329 TALLOC_CTX *mem_ctx,
1331 struct ldb_control **controls,
1333 ldb_request_callback_t callback,
1334 struct ldb_request *parent)
1336 struct ldb_request *req;
1340 req = ldb_build_req_common(mem_ctx, ldb, controls,
1341 context, callback, parent);
1343 ldb_set_errstring(ldb, "Out of Memory");
1344 return LDB_ERR_OPERATIONS_ERROR;
1347 req->operation = LDB_DELETE;
1348 req->op.del.dn = dn;
1353 int ldb_build_rename_req(struct ldb_request **ret_req,
1354 struct ldb_context *ldb,
1355 TALLOC_CTX *mem_ctx,
1356 struct ldb_dn *olddn,
1357 struct ldb_dn *newdn,
1358 struct ldb_control **controls,
1360 ldb_request_callback_t callback,
1361 struct ldb_request *parent)
1363 struct ldb_request *req;
1367 req = ldb_build_req_common(mem_ctx, ldb, controls,
1368 context, callback, parent);
1370 ldb_set_errstring(ldb, "Out of Memory");
1371 return LDB_ERR_OPERATIONS_ERROR;
1374 req->operation = LDB_RENAME;
1375 req->op.rename.olddn = olddn;
1376 req->op.rename.newdn = newdn;
1381 int ldb_extended_default_callback(struct ldb_request *req,
1382 struct ldb_reply *ares)
1384 struct ldb_result *res;
1386 res = talloc_get_type(req->context, struct ldb_result);
1389 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1391 if (ares->error != LDB_SUCCESS) {
1392 return ldb_request_done(req, ares->error);
1395 if (ares->type == LDB_REPLY_DONE) {
1397 /* TODO: we should really support controls on entries and referrals too! */
1398 res->extended = talloc_move(res, &ares->response);
1399 res->controls = talloc_move(res, &ares->controls);
1402 return ldb_request_done(req, LDB_SUCCESS);
1406 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1407 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1410 int ldb_build_extended_req(struct ldb_request **ret_req,
1411 struct ldb_context *ldb,
1412 TALLOC_CTX *mem_ctx,
1415 struct ldb_control **controls,
1417 ldb_request_callback_t callback,
1418 struct ldb_request *parent)
1420 struct ldb_request *req;
1424 req = ldb_build_req_common(mem_ctx, ldb, controls,
1425 context, callback, parent);
1427 ldb_set_errstring(ldb, "Out of Memory");
1428 return LDB_ERR_OPERATIONS_ERROR;
1431 req->operation = LDB_EXTENDED;
1432 req->op.extended.oid = oid;
1433 req->op.extended.data = data;
1438 int ldb_extended(struct ldb_context *ldb,
1441 struct ldb_result **_res)
1443 struct ldb_request *req;
1445 struct ldb_result *res;
1450 res = talloc_zero(ldb, struct ldb_result);
1452 return LDB_ERR_OPERATIONS_ERROR;
1455 ret = ldb_build_extended_req(&req, ldb, ldb,
1457 res, ldb_extended_default_callback,
1459 ldb_req_set_location(req, "ldb_extended");
1461 if (ret != LDB_SUCCESS) goto done;
1463 ldb_set_timeout(ldb, req, 0); /* use default timeout */
1465 ret = ldb_request(ldb, req);
1467 if (ret == LDB_SUCCESS) {
1468 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
1472 if (ret != LDB_SUCCESS) {
1484 note that ldb_search() will automatically replace a NULL 'base' value
1485 with the defaultNamingContext from the rootDSE if available.
1487 int ldb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
1488 struct ldb_result **result, struct ldb_dn *base,
1489 enum ldb_scope scope, const char * const *attrs,
1490 const char *exp_fmt, ...)
1492 struct ldb_request *req;
1493 struct ldb_result *res;
1502 res = talloc_zero(mem_ctx, struct ldb_result);
1504 return LDB_ERR_OPERATIONS_ERROR;
1508 va_start(ap, exp_fmt);
1509 expression = talloc_vasprintf(mem_ctx, exp_fmt, ap);
1514 return LDB_ERR_OPERATIONS_ERROR;
1518 ret = ldb_build_search_req(&req, ldb, mem_ctx,
1519 base?base:ldb_get_default_basedn(ldb),
1525 ldb_search_default_callback,
1527 ldb_req_set_location(req, "ldb_search");
1529 if (ret != LDB_SUCCESS) goto done;
1531 ret = ldb_request(ldb, req);
1533 if (ret == LDB_SUCCESS) {
1534 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
1538 if (ret != LDB_SUCCESS) {
1543 talloc_free(expression);
1551 add a record to the database. Will fail if a record with the given class
1552 and key already exists
1554 int ldb_add(struct ldb_context *ldb,
1555 const struct ldb_message *message)
1557 struct ldb_request *req;
1560 ret = ldb_msg_sanity_check(ldb, message);
1561 if (ret != LDB_SUCCESS) {
1565 ret = ldb_build_add_req(&req, ldb, ldb,
1569 ldb_op_default_callback,
1571 ldb_req_set_location(req, "ldb_add");
1573 if (ret != LDB_SUCCESS) return ret;
1575 /* do request and autostart a transaction */
1576 ret = ldb_autotransaction_request(ldb, req);
1583 modify the specified attributes of a record
1585 int ldb_modify(struct ldb_context *ldb,
1586 const struct ldb_message *message)
1588 struct ldb_request *req;
1591 ret = ldb_msg_sanity_check(ldb, message);
1592 if (ret != LDB_SUCCESS) {
1596 ret = ldb_build_mod_req(&req, ldb, ldb,
1600 ldb_op_default_callback,
1602 ldb_req_set_location(req, "ldb_modify");
1604 if (ret != LDB_SUCCESS) return ret;
1606 /* do request and autostart a transaction */
1607 ret = ldb_autotransaction_request(ldb, req);
1615 delete a record from the database
1617 int ldb_delete(struct ldb_context *ldb, struct ldb_dn *dn)
1619 struct ldb_request *req;
1622 ret = ldb_build_del_req(&req, ldb, ldb,
1626 ldb_op_default_callback,
1628 ldb_req_set_location(req, "ldb_delete");
1630 if (ret != LDB_SUCCESS) return ret;
1632 /* do request and autostart a transaction */
1633 ret = ldb_autotransaction_request(ldb, req);
1640 rename a record in the database
1642 int ldb_rename(struct ldb_context *ldb,
1643 struct ldb_dn *olddn, struct ldb_dn *newdn)
1645 struct ldb_request *req;
1648 ret = ldb_build_rename_req(&req, ldb, ldb,
1653 ldb_op_default_callback,
1655 ldb_req_set_location(req, "ldb_rename");
1657 if (ret != LDB_SUCCESS) return ret;
1659 /* do request and autostart a transaction */
1660 ret = ldb_autotransaction_request(ldb, req);
1668 return the global sequence number
1670 int ldb_sequence_number(struct ldb_context *ldb,
1671 enum ldb_sequence_type type, uint64_t *seq_num)
1673 struct ldb_seqnum_request *seq;
1674 struct ldb_seqnum_result *seqr;
1675 struct ldb_result *res;
1676 TALLOC_CTX *tmp_ctx;
1681 tmp_ctx = talloc_zero(ldb, struct ldb_request);
1682 if (tmp_ctx == NULL) {
1683 ldb_set_errstring(ldb, "Out of Memory");
1684 return LDB_ERR_OPERATIONS_ERROR;
1686 seq = talloc_zero(tmp_ctx, struct ldb_seqnum_request);
1688 ldb_set_errstring(ldb, "Out of Memory");
1689 ret = LDB_ERR_OPERATIONS_ERROR;
1694 ret = ldb_extended(ldb, LDB_EXTENDED_SEQUENCE_NUMBER, seq, &res);
1695 if (ret != LDB_SUCCESS) {
1698 talloc_steal(tmp_ctx, res);
1700 if (strcmp(LDB_EXTENDED_SEQUENCE_NUMBER, res->extended->oid) != 0) {
1701 ldb_set_errstring(ldb, "Invalid OID in reply");
1702 ret = LDB_ERR_OPERATIONS_ERROR;
1705 seqr = talloc_get_type(res->extended->data,
1706 struct ldb_seqnum_result);
1707 *seq_num = seqr->seq_num;
1710 talloc_free(tmp_ctx);
1715 return extended error information
1717 const char *ldb_errstring(struct ldb_context *ldb)
1719 if (ldb->err_string) {
1720 return ldb->err_string;
1727 return a string explaining what a ldb error constant meancs
1729 const char *ldb_strerror(int ldb_err)
1734 case LDB_ERR_OPERATIONS_ERROR:
1735 return "Operations error";
1736 case LDB_ERR_PROTOCOL_ERROR:
1737 return "Protocol error";
1738 case LDB_ERR_TIME_LIMIT_EXCEEDED:
1739 return "Time limit exceeded";
1740 case LDB_ERR_SIZE_LIMIT_EXCEEDED:
1741 return "Size limit exceeded";
1742 case LDB_ERR_COMPARE_FALSE:
1743 return "Compare false";
1744 case LDB_ERR_COMPARE_TRUE:
1745 return "Compare true";
1746 case LDB_ERR_AUTH_METHOD_NOT_SUPPORTED:
1747 return "Auth method not supported";
1748 case LDB_ERR_STRONG_AUTH_REQUIRED:
1749 return "Strong auth required";
1751 case LDB_ERR_REFERRAL:
1752 return "Referral error";
1753 case LDB_ERR_ADMIN_LIMIT_EXCEEDED:
1754 return "Admin limit exceeded";
1755 case LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION:
1756 return "Unsupported critical extension";
1757 case LDB_ERR_CONFIDENTIALITY_REQUIRED:
1758 return "Confidentiality required";
1759 case LDB_ERR_SASL_BIND_IN_PROGRESS:
1760 return "SASL bind in progress";
1761 case LDB_ERR_NO_SUCH_ATTRIBUTE:
1762 return "No such attribute";
1763 case LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE:
1764 return "Undefined attribute type";
1765 case LDB_ERR_INAPPROPRIATE_MATCHING:
1766 return "Inappropriate matching";
1767 case LDB_ERR_CONSTRAINT_VIOLATION:
1768 return "Constraint violation";
1769 case LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS:
1770 return "Attribute or value exists";
1771 case LDB_ERR_INVALID_ATTRIBUTE_SYNTAX:
1772 return "Invalid attribute syntax";
1774 case LDB_ERR_NO_SUCH_OBJECT:
1775 return "No such object";
1776 case LDB_ERR_ALIAS_PROBLEM:
1777 return "Alias problem";
1778 case LDB_ERR_INVALID_DN_SYNTAX:
1779 return "Invalid DN syntax";
1781 case LDB_ERR_ALIAS_DEREFERENCING_PROBLEM:
1782 return "Alias dereferencing problem";
1784 case LDB_ERR_INAPPROPRIATE_AUTHENTICATION:
1785 return "Inappropriate authentication";
1786 case LDB_ERR_INVALID_CREDENTIALS:
1787 return "Invalid credentials";
1788 case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
1789 return "insufficient access rights";
1792 case LDB_ERR_UNAVAILABLE:
1793 return "Unavailable";
1794 case LDB_ERR_UNWILLING_TO_PERFORM:
1795 return "Unwilling to perform";
1796 case LDB_ERR_LOOP_DETECT:
1797 return "Loop detect";
1799 case LDB_ERR_NAMING_VIOLATION:
1800 return "Naming violation";
1801 case LDB_ERR_OBJECT_CLASS_VIOLATION:
1802 return "Object class violation";
1803 case LDB_ERR_NOT_ALLOWED_ON_NON_LEAF:
1804 return "Not allowed on non-leaf";
1805 case LDB_ERR_NOT_ALLOWED_ON_RDN:
1806 return "Not allowed on RDN";
1807 case LDB_ERR_ENTRY_ALREADY_EXISTS:
1808 return "Entry already exists";
1809 case LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED:
1810 return "Object class mods prohibited";
1811 /* 70 RESERVED FOR CLDAP */
1812 case LDB_ERR_AFFECTS_MULTIPLE_DSAS:
1813 return "Affects multiple DSAs";
1819 return "Unknown error";
1823 set backend specific opaque parameters
1825 int ldb_set_opaque(struct ldb_context *ldb, const char *name, void *value)
1827 struct ldb_opaque *o;
1829 /* allow updating an existing value */
1830 for (o=ldb->opaque;o;o=o->next) {
1831 if (strcmp(o->name, name) == 0) {
1837 o = talloc(ldb, struct ldb_opaque);
1840 return LDB_ERR_OTHER;
1842 o->next = ldb->opaque;
1850 get a previously set opaque value
1852 void *ldb_get_opaque(struct ldb_context *ldb, const char *name)
1854 struct ldb_opaque *o;
1855 for (o=ldb->opaque;o;o=o->next) {
1856 if (strcmp(o->name, name) == 0) {
1863 int ldb_global_init(void)
1865 /* Provided for compatibility with some older versions of ldb */
1869 /* return the ldb flags */
1870 unsigned int ldb_get_flags(struct ldb_context *ldb)
1875 /* set the ldb flags */
1876 void ldb_set_flags(struct ldb_context *ldb, unsigned flags)
1883 set the location in a ldb request. Used for debugging
1885 void ldb_req_set_location(struct ldb_request *req, const char *location)
1887 if (req && req->handle) {
1888 req->handle->location = location;
1893 return the location set with dsdb_req_set_location
1895 const char *ldb_req_location(struct ldb_request *req)
1897 return req->handle->location;
1901 mark a request as untrusted. This tells the rootdse module to remove
1902 unregistered controls
1904 void ldb_req_mark_untrusted(struct ldb_request *req)
1906 req->handle->flags |= LDB_HANDLE_FLAG_UNTRUSTED;
1910 mark a request as trusted.
1912 void ldb_req_mark_trusted(struct ldb_request *req)
1914 req->handle->flags &= ~LDB_HANDLE_FLAG_UNTRUSTED;
1918 set custom flags. Those flags are set by applications using ldb,
1919 they are application dependent and the same bit can have different
1920 meaning in different application.
1922 void ldb_req_set_custom_flags(struct ldb_request *req, uint32_t flags)
1924 if (req != NULL && req->handle != NULL) {
1925 req->handle->custom_flags = flags;
1931 get custom flags. Those flags are set by applications using ldb,
1932 they are application dependent and the same bit can have different
1933 meaning in different application.
1935 uint32_t ldb_req_get_custom_flags(struct ldb_request *req)
1937 if (req != NULL && req->handle != NULL) {
1938 return req->handle->custom_flags;
1942 * 0 is not something any better or worse than
1943 * anything else as req or the handle is NULL
1950 * return true if a request is untrusted
1952 bool ldb_req_is_untrusted(struct ldb_request *req)
1954 return (req->handle->flags & LDB_HANDLE_FLAG_UNTRUSTED) != 0;