4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Simo Sorce 2005-2008
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
28 * Component: ldb core API
30 * Description: core API routines interfacing to ldb backends
32 * Author: Andrew Tridgell
35 #define TEVENT_DEPRECATED 1
36 #include "ldb_private.h"
39 static int ldb_context_destructor(void *ptr)
41 struct ldb_context *ldb = talloc_get_type(ptr, struct ldb_context);
43 if (ldb->transaction_active) {
44 ldb_debug(ldb, LDB_DEBUG_FATAL,
45 "A transaction is still active in ldb context [%p] on %s",
46 ldb, (const char *)ldb_get_opaque(ldb, "ldb_url"));
53 this is used to catch debug messages from events
55 static void ldb_tevent_debug(void *context, enum tevent_debug_level level,
56 const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0);
58 static void ldb_tevent_debug(void *context, enum tevent_debug_level level,
59 const char *fmt, va_list ap)
61 struct ldb_context *ldb = talloc_get_type(context, struct ldb_context);
62 enum ldb_debug_level ldb_level = LDB_DEBUG_FATAL;
65 case TEVENT_DEBUG_FATAL:
66 ldb_level = LDB_DEBUG_FATAL;
68 case TEVENT_DEBUG_ERROR:
69 ldb_level = LDB_DEBUG_ERROR;
71 case TEVENT_DEBUG_WARNING:
72 ldb_level = LDB_DEBUG_WARNING;
74 case TEVENT_DEBUG_TRACE:
75 ldb_level = LDB_DEBUG_TRACE;
79 /* There isn't a tevent: prefix here because to add it means
80 * actually printing the string, and most of the time we don't
82 ldb_vdebug(ldb, ldb_level, fmt, ap);
86 initialise a ldb context
87 The mem_ctx is required
88 The event_ctx is required
90 struct ldb_context *ldb_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx)
92 struct ldb_context *ldb;
94 const char *modules_path = getenv("LDB_MODULES_PATH");
96 if (modules_path == NULL) {
97 modules_path = LDB_MODULESDIR;
100 ret = ldb_modules_load(modules_path, LDB_VERSION);
101 if (ret != LDB_SUCCESS) {
105 ldb = talloc_zero(mem_ctx, struct ldb_context);
110 /* A new event context so that callers who don't want ldb
111 * operating on their global event context can work without
112 * having to provide their own private one explicitly */
113 if (ev_ctx == NULL) {
114 ev_ctx = tevent_context_init(ldb);
115 if (ev_ctx == NULL) {
119 tevent_set_debug(ev_ctx, ldb_tevent_debug, ldb);
120 tevent_loop_allow_nesting(ev_ctx);
123 ret = ldb_setup_wellknown_attributes(ldb);
124 if (ret != LDB_SUCCESS) {
129 ldb_set_utf8_default(ldb);
130 ldb_set_create_perms(ldb, 0666);
131 ldb_set_modules_dir(ldb, LDB_MODULESDIR);
132 ldb_set_event_context(ldb, ev_ctx);
133 ret = ldb_register_extended_match_rules(ldb);
134 if (ret != LDB_SUCCESS) {
139 /* TODO: get timeout from options if available there */
140 ldb->default_timeout = 300; /* set default to 5 minutes */
142 talloc_set_destructor((TALLOC_CTX *)ldb, ldb_context_destructor);
148 try to autodetect a basedn if none specified. This fixes one of my
149 pet hates about ldapsearch, which is that you have to get a long,
150 complex basedn right to make any use of it.
152 void ldb_set_default_dns(struct ldb_context *ldb)
156 struct ldb_result *res;
157 struct ldb_dn *tmp_dn=NULL;
158 static const char *attrs[] = {
159 "rootDomainNamingContext",
160 "configurationNamingContext",
161 "schemaNamingContext",
162 "defaultNamingContext",
166 tmp_ctx = talloc_new(ldb);
167 ret = ldb_search(ldb, tmp_ctx, &res, ldb_dn_new(tmp_ctx, ldb, NULL),
168 LDB_SCOPE_BASE, attrs, "(objectClass=*)");
169 if (ret != LDB_SUCCESS) {
170 talloc_free(tmp_ctx);
174 if (res->count != 1) {
175 talloc_free(tmp_ctx);
179 if (!ldb_get_opaque(ldb, "rootDomainNamingContext")) {
180 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
181 "rootDomainNamingContext");
182 ldb_set_opaque(ldb, "rootDomainNamingContext", tmp_dn);
185 if (!ldb_get_opaque(ldb, "configurationNamingContext")) {
186 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
187 "configurationNamingContext");
188 ldb_set_opaque(ldb, "configurationNamingContext", tmp_dn);
191 if (!ldb_get_opaque(ldb, "schemaNamingContext")) {
192 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
193 "schemaNamingContext");
194 ldb_set_opaque(ldb, "schemaNamingContext", tmp_dn);
197 if (!ldb_get_opaque(ldb, "defaultNamingContext")) {
198 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
199 "defaultNamingContext");
200 ldb_set_opaque(ldb, "defaultNamingContext", tmp_dn);
203 talloc_free(tmp_ctx);
206 struct ldb_dn *ldb_get_root_basedn(struct ldb_context *ldb)
208 void *opaque = ldb_get_opaque(ldb, "rootDomainNamingContext");
209 return talloc_get_type(opaque, struct ldb_dn);
212 struct ldb_dn *ldb_get_config_basedn(struct ldb_context *ldb)
214 void *opaque = ldb_get_opaque(ldb, "configurationNamingContext");
215 return talloc_get_type(opaque, struct ldb_dn);
218 struct ldb_dn *ldb_get_schema_basedn(struct ldb_context *ldb)
220 void *opaque = ldb_get_opaque(ldb, "schemaNamingContext");
221 return talloc_get_type(opaque, struct ldb_dn);
224 struct ldb_dn *ldb_get_default_basedn(struct ldb_context *ldb)
226 void *opaque = ldb_get_opaque(ldb, "defaultNamingContext");
227 return talloc_get_type(opaque, struct ldb_dn);
231 connect to a database. The URL can either be one of the following forms
235 flags is made up of LDB_FLG_*
237 the options are passed uninterpreted to the backend, and are
240 int ldb_connect(struct ldb_context *ldb, const char *url,
241 unsigned int flags, const char *options[])
245 /* We seem to need to do this here, or else some utilities don't
246 * get ldb backends */
250 url2 = talloc_strdup(ldb, url);
253 return LDB_ERR_OPERATIONS_ERROR;
255 ret = ldb_set_opaque(ldb, "ldb_url", url2);
256 if (ret != LDB_SUCCESS) {
260 ret = ldb_module_connect_backend(ldb, url, options, &ldb->modules);
261 if (ret != LDB_SUCCESS) {
265 ret = ldb_load_modules(ldb, options);
266 if (ret != LDB_SUCCESS) {
267 ldb_debug(ldb, LDB_DEBUG_FATAL,
268 "Unable to load modules for %s: %s",
269 url, ldb_errstring(ldb));
273 /* set the default base dn */
274 ldb_set_default_dns(ldb);
279 void ldb_set_errstring(struct ldb_context *ldb, const char *err_string)
281 ldb_asprintf_errstring(ldb, "%s", err_string);
284 void ldb_asprintf_errstring(struct ldb_context *ldb, const char *format, ...)
287 char *old_err_string = NULL;
288 if (ldb->err_string) {
289 old_err_string = ldb->err_string;
292 va_start(ap, format);
293 ldb->err_string = talloc_vasprintf(ldb, format, ap);
296 TALLOC_FREE(old_err_string);
298 if (ldb->flags & LDB_FLG_ENABLE_TRACING) {
299 ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_asprintf/set_errstring: %s",
304 void ldb_reset_err_string(struct ldb_context *ldb)
306 if (ldb->err_string) {
307 talloc_free(ldb->err_string);
308 ldb->err_string = NULL;
315 set an ldb error based on file:line
317 int ldb_error_at(struct ldb_context *ldb, int ecode,
318 const char *reason, const char *file, int line)
320 if (reason == NULL) {
321 reason = ldb_strerror(ecode);
323 ldb_asprintf_errstring(ldb, "%s at %s:%d", reason, file, line);
328 #define FIRST_OP_NOERR(ldb, op) do { \
329 next_module = ldb->modules; \
330 while (next_module && next_module->ops->op == NULL) { \
331 next_module = next_module->next; \
333 if ((ldb->flags & LDB_FLG_ENABLE_TRACING) && next_module) { \
334 ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: (%s)->" #op, \
335 next_module->ops->name); \
339 #define FIRST_OP(ldb, op) do { \
340 FIRST_OP_NOERR(ldb, op); \
341 if (next_module == NULL) { \
342 ldb_asprintf_errstring(ldb, "unable to find module or backend to handle operation: " #op); \
343 return LDB_ERR_OPERATIONS_ERROR; \
351 int ldb_transaction_start(struct ldb_context *ldb)
353 struct ldb_module *next_module;
356 ldb_debug(ldb, LDB_DEBUG_TRACE,
357 "start ldb transaction (nesting: %d)",
358 ldb->transaction_active);
360 /* explicit transaction active, count nested requests */
361 if (ldb->transaction_active) {
362 ldb->transaction_active++;
366 /* start a new transaction */
367 ldb->transaction_active++;
368 ldb->prepare_commit_done = false;
370 FIRST_OP(ldb, start_transaction);
372 ldb_reset_err_string(ldb);
374 status = next_module->ops->start_transaction(next_module);
375 if (status != LDB_SUCCESS) {
376 if (ldb->err_string == NULL) {
377 /* no error string was setup by the backend */
378 ldb_asprintf_errstring(ldb,
379 "ldb transaction start: %s (%d)",
380 ldb_strerror(status),
382 ldb->transaction_active--;
384 if ((next_module && next_module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
385 ldb_debug(next_module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s",
386 ldb_errstring(next_module->ldb));
389 if ((next_module && next_module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
390 ldb_debug(next_module->ldb, LDB_DEBUG_TRACE, "start ldb transaction success");
397 prepare for transaction commit (first phase of two phase commit)
399 int ldb_transaction_prepare_commit(struct ldb_context *ldb)
401 struct ldb_module *next_module;
404 if (ldb->prepare_commit_done) {
408 /* commit only when all nested transactions are complete */
409 if (ldb->transaction_active > 1) {
413 ldb->prepare_commit_done = true;
415 if (ldb->transaction_active < 0) {
416 ldb_debug(ldb, LDB_DEBUG_FATAL,
417 "prepare commit called but no ldb transactions are active!");
418 ldb->transaction_active = 0;
419 return LDB_ERR_OPERATIONS_ERROR;
422 /* call prepare transaction if available */
423 FIRST_OP_NOERR(ldb, prepare_commit);
424 if (next_module == NULL) {
428 status = next_module->ops->prepare_commit(next_module);
429 if (status != LDB_SUCCESS) {
430 ldb->transaction_active--;
431 /* if a next_module fails the prepare then we need
432 to call the end transaction for everyone */
433 FIRST_OP(ldb, del_transaction);
434 next_module->ops->del_transaction(next_module);
435 if (ldb->err_string == NULL) {
436 /* no error string was setup by the backend */
437 ldb_asprintf_errstring(ldb,
438 "ldb transaction prepare commit: %s (%d)",
439 ldb_strerror(status),
442 if ((next_module && next_module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
443 ldb_debug(next_module->ldb, LDB_DEBUG_TRACE, "prepare commit transaction error: %s",
444 ldb_errstring(next_module->ldb));
455 int ldb_transaction_commit(struct ldb_context *ldb)
457 struct ldb_module *next_module;
460 status = ldb_transaction_prepare_commit(ldb);
461 if (status != LDB_SUCCESS) {
465 ldb->transaction_active--;
467 ldb_debug(ldb, LDB_DEBUG_TRACE,
468 "commit ldb transaction (nesting: %d)",
469 ldb->transaction_active);
471 /* commit only when all nested transactions are complete */
472 if (ldb->transaction_active > 0) {
476 if (ldb->transaction_active < 0) {
477 ldb_debug(ldb, LDB_DEBUG_FATAL,
478 "commit called but no ldb transactions are active!");
479 ldb->transaction_active = 0;
480 return LDB_ERR_OPERATIONS_ERROR;
483 ldb_reset_err_string(ldb);
485 FIRST_OP(ldb, end_transaction);
486 status = next_module->ops->end_transaction(next_module);
487 if (status != LDB_SUCCESS) {
488 if (ldb->err_string == NULL) {
489 /* no error string was setup by the backend */
490 ldb_asprintf_errstring(ldb,
491 "ldb transaction commit: %s (%d)",
492 ldb_strerror(status),
495 if ((next_module && next_module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
496 ldb_debug(next_module->ldb, LDB_DEBUG_TRACE, "commit ldb transaction error: %s",
497 ldb_errstring(next_module->ldb));
499 /* cancel the transaction */
500 FIRST_OP(ldb, del_transaction);
501 next_module->ops->del_transaction(next_module);
510 int ldb_transaction_cancel(struct ldb_context *ldb)
512 struct ldb_module *next_module;
515 ldb->transaction_active--;
517 ldb_debug(ldb, LDB_DEBUG_TRACE,
518 "cancel ldb transaction (nesting: %d)",
519 ldb->transaction_active);
521 /* really cancel only if all nested transactions are complete */
522 if (ldb->transaction_active > 0) {
526 if (ldb->transaction_active < 0) {
527 ldb_debug(ldb, LDB_DEBUG_FATAL,
528 "cancel called but no ldb transactions are active!");
529 ldb->transaction_active = 0;
530 return LDB_ERR_OPERATIONS_ERROR;
533 FIRST_OP(ldb, del_transaction);
535 status = next_module->ops->del_transaction(next_module);
536 if (status != LDB_SUCCESS) {
537 if (ldb->err_string == NULL) {
538 /* no error string was setup by the backend */
539 ldb_asprintf_errstring(ldb,
540 "ldb transaction cancel: %s (%d)",
541 ldb_strerror(status),
544 if ((next_module && next_module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
545 ldb_debug(next_module->ldb, LDB_DEBUG_TRACE, "cancel ldb transaction error: %s",
546 ldb_errstring(next_module->ldb));
553 cancel a transaction with no error if no transaction is pending
554 used when we fork() to clear any parent transactions
556 int ldb_transaction_cancel_noerr(struct ldb_context *ldb)
558 if (ldb->transaction_active > 0) {
559 return ldb_transaction_cancel(ldb);
565 /* autostarts a transaction if none active */
566 static int ldb_autotransaction_request(struct ldb_context *ldb,
567 struct ldb_request *req)
571 ret = ldb_transaction_start(ldb);
572 if (ret != LDB_SUCCESS) {
576 ret = ldb_request(ldb, req);
577 if (ret == LDB_SUCCESS) {
578 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
581 if (ret == LDB_SUCCESS) {
582 return ldb_transaction_commit(ldb);
584 ldb_transaction_cancel(ldb);
589 int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type type)
591 struct tevent_context *ev;
594 if (handle == NULL) {
595 return LDB_ERR_UNAVAILABLE;
598 if (handle->state == LDB_ASYNC_DONE) {
599 if ((handle->status != LDB_SUCCESS) &&
600 (handle->ldb->err_string == NULL)) {
601 /* if no error string was setup by the backend */
602 ldb_asprintf_errstring(handle->ldb,
603 "ldb_wait from %s with LDB_ASYNC_DONE: %s (%d)",
605 ldb_strerror(handle->status),
608 return handle->status;
611 ev = ldb_handle_get_event_context(handle);
613 return ldb_oom(handle->ldb);
618 ret = tevent_loop_once(ev);
620 return ldb_operr(handle->ldb);
622 if (handle->status == LDB_SUCCESS) {
625 if (handle->ldb->err_string != NULL) {
626 return handle->status;
629 * if no error string was setup by the backend
631 ldb_asprintf_errstring(handle->ldb,
632 "ldb_wait from %s with LDB_WAIT_NONE: %s (%d)",
634 ldb_strerror(handle->status),
636 return handle->status;
639 while (handle->state != LDB_ASYNC_DONE) {
640 ret = tevent_loop_once(ev);
642 return ldb_operr(handle->ldb);
644 if (handle->status != LDB_SUCCESS) {
645 if (handle->ldb->err_string != NULL) {
646 return handle->status;
649 * if no error string was setup by the
652 ldb_asprintf_errstring(handle->ldb,
653 "ldb_wait from %s with "
654 "LDB_WAIT_ALL: %s (%d)",
656 ldb_strerror(handle->status),
658 return handle->status;
661 if (handle->status == LDB_SUCCESS) {
664 if (handle->ldb->err_string != NULL) {
665 return handle->status;
668 * if no error string was setup by the backend
670 ldb_asprintf_errstring(handle->ldb,
671 "ldb_wait from %s with LDB_WAIT_ALL,"
672 " LDB_ASYNC_DONE: %s (%d)",
674 ldb_strerror(handle->status),
676 return handle->status;
682 /* set the specified timeout or, if timeout is 0 set the default timeout */
683 int ldb_set_timeout(struct ldb_context *ldb,
684 struct ldb_request *req,
687 if (req == NULL) return LDB_ERR_OPERATIONS_ERROR;
690 req->timeout = timeout;
692 req->timeout = ldb->default_timeout;
694 req->starttime = time(NULL);
699 /* calculates the new timeout based on the previous starttime and timeout */
700 int ldb_set_timeout_from_prev_req(struct ldb_context *ldb,
701 struct ldb_request *oldreq,
702 struct ldb_request *newreq)
704 if (newreq == NULL) return LDB_ERR_OPERATIONS_ERROR;
706 if (oldreq == NULL) {
707 return ldb_set_timeout(ldb, newreq, 0);
710 newreq->starttime = oldreq->starttime;
711 newreq->timeout = oldreq->timeout;
717 struct ldb_handle *ldb_handle_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb)
719 struct ldb_handle *h;
721 h = talloc_zero(mem_ctx, struct ldb_handle);
723 ldb_set_errstring(ldb, "Out of Memory");
727 h->status = LDB_SUCCESS;
728 h->state = LDB_ASYNC_INIT;
734 if (h->ldb->require_private_event_context == true) {
735 h->event_context = tevent_context_init(h);
736 if (h->event_context == NULL) {
737 ldb_set_errstring(ldb,
738 "Out of Memory allocating "
739 "event context for new handle");
742 tevent_set_debug(h->event_context, ldb_tevent_debug, ldb);
743 tevent_loop_allow_nesting(h->event_context);
749 static struct ldb_handle *ldb_handle_new_child(TALLOC_CTX *mem_ctx,
750 struct ldb_request *parent_req)
752 struct ldb_handle *h;
754 h = talloc_zero(mem_ctx, struct ldb_handle);
756 ldb_set_errstring(parent_req->handle->ldb,
761 h->status = LDB_SUCCESS;
762 h->state = LDB_ASYNC_INIT;
763 h->ldb = parent_req->handle->ldb;
764 h->parent = parent_req;
765 h->nesting = parent_req->handle->nesting + 1;
766 h->flags = parent_req->handle->flags;
767 h->custom_flags = parent_req->handle->custom_flags;
768 h->event_context = parent_req->handle->event_context;
774 set the permissions for new files to be passed to open() in
775 backends that use local files
777 void ldb_set_create_perms(struct ldb_context *ldb, unsigned int perms)
779 ldb->create_perms = perms;
782 unsigned int ldb_get_create_perms(struct ldb_context *ldb)
784 return ldb->create_perms;
787 void ldb_set_event_context(struct ldb_context *ldb, struct tevent_context *ev)
792 struct tevent_context * ldb_get_event_context(struct ldb_context *ldb)
797 void ldb_request_set_state(struct ldb_request *req, int state)
799 req->handle->state = state;
802 int ldb_request_get_status(struct ldb_request *req)
804 return req->handle->status;
808 * This function obtains the private event context for the handle,
809 * which may have been created to avoid nested event loops during
810 * ldb_tdb with the locks held
812 struct tevent_context *ldb_handle_get_event_context(struct ldb_handle *handle)
814 if (handle->event_context != NULL) {
815 return handle->event_context;
817 return ldb_get_event_context(handle->ldb);
821 * This function forces a specific ldb handle to use the global event
822 * context. This allows a nested event loop to operate, so any open
823 * transaction also needs to be aborted.
825 * Any events on this event context will be lost
827 * This is used in Samba when sending an IRPC to another part of the
828 * same process instead of making a local DB modification.
830 void ldb_handle_use_global_event_context(struct ldb_handle *handle)
832 TALLOC_FREE(handle->event_context);
835 void ldb_set_require_private_event_context(struct ldb_context *ldb)
837 ldb->require_private_event_context = true;
843 static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req)
845 TALLOC_CTX *tmp_ctx = talloc_new(req);
847 struct ldb_ldif ldif;
849 switch (req->operation) {
851 ldb_debug_add(ldb, "ldb_trace_request: SEARCH\n");
852 ldb_debug_add(ldb, " dn: %s\n",
853 ldb_dn_is_null(req->op.search.base)?"<rootDSE>":
854 ldb_dn_get_linearized(req->op.search.base));
855 ldb_debug_add(ldb, " scope: %s\n",
856 req->op.search.scope==LDB_SCOPE_BASE?"base":
857 req->op.search.scope==LDB_SCOPE_ONELEVEL?"one":
858 req->op.search.scope==LDB_SCOPE_SUBTREE?"sub":"UNKNOWN");
859 ldb_debug_add(ldb, " expr: %s\n",
860 ldb_filter_from_tree(tmp_ctx, req->op.search.tree));
861 if (req->op.search.attrs == NULL) {
862 ldb_debug_add(ldb, " attr: <ALL>\n");
864 for (i=0; req->op.search.attrs[i]; i++) {
865 ldb_debug_add(ldb, " attr: %s\n", req->op.search.attrs[i]);
870 ldb_debug_add(ldb, "ldb_trace_request: DELETE\n");
871 ldb_debug_add(ldb, " dn: %s\n",
872 ldb_dn_get_linearized(req->op.del.dn));
875 ldb_debug_add(ldb, "ldb_trace_request: RENAME\n");
876 ldb_debug_add(ldb, " olddn: %s\n",
877 ldb_dn_get_linearized(req->op.rename.olddn));
878 ldb_debug_add(ldb, " newdn: %s\n",
879 ldb_dn_get_linearized(req->op.rename.newdn));
882 ldb_debug_add(ldb, "ldb_trace_request: EXTENDED\n");
883 ldb_debug_add(ldb, " oid: %s\n", req->op.extended.oid);
884 ldb_debug_add(ldb, " data: %s\n", req->op.extended.data?"yes":"no");
887 ldif.changetype = LDB_CHANGETYPE_ADD;
888 ldif.msg = discard_const_p(struct ldb_message, req->op.add.message);
890 ldb_debug_add(ldb, "ldb_trace_request: ADD\n");
894 * ldb_ldif_write_redacted_trace_string() is CRITICAL
895 * for security. It ensures that we do not output
896 * passwords into debug logs
899 ldb_debug_add(req->handle->ldb, "%s\n",
900 ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif));
903 ldif.changetype = LDB_CHANGETYPE_MODIFY;
904 ldif.msg = discard_const_p(struct ldb_message, req->op.mod.message);
906 ldb_debug_add(ldb, "ldb_trace_request: MODIFY\n");
910 * ldb_ldif_write_redacted_trace_string() is CRITICAL
911 * for security. It ensures that we do not output
912 * passwords into debug logs
915 ldb_debug_add(req->handle->ldb, "%s\n",
916 ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif));
918 case LDB_REQ_REGISTER_CONTROL:
919 ldb_debug_add(ldb, "ldb_trace_request: REGISTER_CONTROL\n");
920 ldb_debug_add(req->handle->ldb, "%s\n",
921 req->op.reg_control.oid);
923 case LDB_REQ_REGISTER_PARTITION:
924 ldb_debug_add(ldb, "ldb_trace_request: REGISTER_PARTITION\n");
925 ldb_debug_add(req->handle->ldb, "%s\n",
926 ldb_dn_get_linearized(req->op.reg_partition.dn));
929 ldb_debug_add(ldb, "ldb_trace_request: UNKNOWN(%u)\n",
934 if (req->controls == NULL) {
935 ldb_debug_add(ldb, " control: <NONE>\n");
937 for (i=0; req->controls && req->controls[i]; i++) {
938 if (req->controls[i]->oid) {
939 ldb_debug_add(ldb, " control: %s crit:%u data:%s\n",
940 req->controls[i]->oid,
941 req->controls[i]->critical,
942 req->controls[i]->data?"yes":"no");
947 ldb_debug_end(ldb, LDB_DEBUG_TRACE);
949 talloc_free(tmp_ctx);
953 check that the element flags don't have any internal bits set
955 static int ldb_msg_check_element_flags(struct ldb_context *ldb,
956 const struct ldb_message *message)
959 for (i=0; i<message->num_elements; i++) {
960 if (message->elements[i].flags & LDB_FLAG_INTERNAL_MASK) {
961 ldb_asprintf_errstring(ldb, "Invalid element flags 0x%08x on element %s in %s\n",
962 message->elements[i].flags, message->elements[i].name,
963 ldb_dn_get_linearized(message->dn));
964 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
971 * This context allows us to make the unlock be a talloc destructor
973 * This ensures that a request started, but not waited on, will still
976 struct ldb_db_lock_context {
977 struct ldb_request *req;
978 struct ldb_context *ldb;
982 * We have to have a the unlock on a destructor so that we unlock the
983 * DB if a caller calls talloc_free(req). We trust that the ldb
984 * context has not already gone away.
986 static int ldb_db_lock_destructor(struct ldb_db_lock_context *lock_context)
989 struct ldb_module *next_module;
990 FIRST_OP_NOERR(lock_context->ldb, read_unlock);
991 if (next_module != NULL) {
992 ret = next_module->ops->read_unlock(next_module);
997 if (ret != LDB_SUCCESS) {
998 ldb_debug(lock_context->ldb,
1000 "Failed to unlock db: %s / %s",
1001 ldb_errstring(lock_context->ldb),
1007 static int ldb_lock_backend_callback(struct ldb_request *req,
1008 struct ldb_reply *ares)
1010 struct ldb_db_lock_context *lock_context;
1013 lock_context = talloc_get_type(req->context,
1014 struct ldb_db_lock_context);
1017 return ldb_module_done(lock_context->req, NULL, NULL,
1018 LDB_ERR_OPERATIONS_ERROR);
1020 if (ares->error != LDB_SUCCESS || ares->type == LDB_REPLY_DONE) {
1021 ret = ldb_module_done(lock_context->req, ares->controls,
1022 ares->response, ares->error);
1024 * If this is a LDB_REPLY_DONE or an error, unlock the
1025 * DB by calling the destructor on this context
1027 talloc_free(lock_context);
1031 /* Otherwise pass on the callback */
1032 switch (ares->type) {
1033 case LDB_REPLY_ENTRY:
1034 return ldb_module_send_entry(lock_context->req, ares->message,
1037 case LDB_REPLY_REFERRAL:
1038 return ldb_module_send_referral(lock_context->req,
1042 return LDB_ERR_OPERATIONS_ERROR;
1047 * Do an ldb_search() with a lock held, but release it if the request
1048 * is freed with talloc_free()
1050 static int lock_search(struct ldb_module *lock_module, struct ldb_request *req)
1052 /* Used in FIRST_OP_NOERR to find where to send the lock request */
1053 struct ldb_module *next_module = NULL;
1054 struct ldb_request *down_req = NULL;
1055 struct ldb_db_lock_context *lock_context;
1056 struct ldb_context *ldb = ldb_module_get_ctx(lock_module);
1059 lock_context = talloc(req, struct ldb_db_lock_context);
1060 if (lock_context == NULL) {
1061 return ldb_oom(ldb);
1064 lock_context->ldb = ldb;
1065 lock_context->req = req;
1067 ret = ldb_build_search_req_ex(&down_req, ldb, req,
1068 req->op.search.base,
1069 req->op.search.scope,
1070 req->op.search.tree,
1071 req->op.search.attrs,
1074 ldb_lock_backend_callback,
1076 LDB_REQ_SET_LOCATION(down_req);
1077 if (ret != LDB_SUCCESS) {
1082 FIRST_OP_NOERR(ldb, read_lock);
1083 if (next_module != NULL) {
1084 ret = next_module->ops->read_lock(next_module);
1086 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1089 if (ret == LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION) {
1090 /* We might be talking LDAP */
1091 ldb_reset_err_string(ldb);
1093 TALLOC_FREE(lock_context);
1095 return ldb_next_request(lock_module, req);
1096 } else if ((ret != LDB_SUCCESS) && (ldb->err_string == NULL)) {
1097 /* if no error string was setup by the backend */
1098 ldb_asprintf_errstring(ldb, "Failed to get DB lock: %s (%d)",
1099 ldb_strerror(ret), ret);
1101 talloc_set_destructor(lock_context, ldb_db_lock_destructor);
1104 if (ret != LDB_SUCCESS) {
1108 return ldb_next_request(lock_module, down_req);
1112 start an ldb request
1113 NOTE: the request must be a talloc context.
1114 returns LDB_ERR_* on errors.
1116 int ldb_request(struct ldb_context *ldb, struct ldb_request *req)
1118 struct ldb_module *next_module;
1121 if (req->callback == NULL) {
1122 ldb_set_errstring(ldb, "Requests MUST define callbacks");
1123 return LDB_ERR_UNWILLING_TO_PERFORM;
1126 ldb_reset_err_string(ldb);
1128 if (ldb->flags & LDB_FLG_ENABLE_TRACING) {
1129 ldb_trace_request(ldb, req);
1132 /* call the first module in the chain */
1133 switch (req->operation) {
1137 * A fake module to allow ldb_next_request() to be
1138 * re-used and to keep the locking out of this function.
1140 static const struct ldb_module_ops lock_module_ops = {
1141 .name = "lock_searches",
1142 .search = lock_search
1144 struct ldb_module lock_module = {
1146 .next = ldb->modules,
1147 .ops = &lock_module_ops
1149 next_module = &lock_module;
1151 /* due to "ldb_build_search_req" base DN always != NULL */
1152 if (!ldb_dn_validate(req->op.search.base)) {
1153 ldb_asprintf_errstring(ldb, "ldb_search: invalid basedn '%s'",
1154 ldb_dn_get_linearized(req->op.search.base));
1155 return LDB_ERR_INVALID_DN_SYNTAX;
1158 ret = next_module->ops->search(next_module, req);
1162 if (!ldb_dn_validate(req->op.add.message->dn)) {
1163 ldb_asprintf_errstring(ldb, "ldb_add: invalid dn '%s'",
1164 ldb_dn_get_linearized(req->op.add.message->dn));
1165 return LDB_ERR_INVALID_DN_SYNTAX;
1168 * we have to normalize here, as so many places
1169 * in modules and backends assume we don't have two
1170 * elements with the same name
1172 ret = ldb_msg_normalize(ldb, req, req->op.add.message,
1173 discard_const(&req->op.add.message));
1174 if (ret != LDB_SUCCESS) {
1179 ret = ldb_msg_check_element_flags(ldb, req->op.add.message);
1180 if (ret != LDB_SUCCESS) {
1182 * "ldb_msg_check_element_flags" generates an error
1187 ret = next_module->ops->add(next_module, req);
1190 if (!ldb_dn_validate(req->op.mod.message->dn)) {
1191 ldb_asprintf_errstring(ldb, "ldb_modify: invalid dn '%s'",
1192 ldb_dn_get_linearized(req->op.mod.message->dn));
1193 return LDB_ERR_INVALID_DN_SYNTAX;
1195 FIRST_OP(ldb, modify);
1196 ret = ldb_msg_check_element_flags(ldb, req->op.mod.message);
1197 if (ret != LDB_SUCCESS) {
1199 * "ldb_msg_check_element_flags" generates an error
1204 ret = next_module->ops->modify(next_module, req);
1207 if (!ldb_dn_validate(req->op.del.dn)) {
1208 ldb_asprintf_errstring(ldb, "ldb_delete: invalid dn '%s'",
1209 ldb_dn_get_linearized(req->op.del.dn));
1210 return LDB_ERR_INVALID_DN_SYNTAX;
1213 ret = next_module->ops->del(next_module, req);
1216 if (!ldb_dn_validate(req->op.rename.olddn)) {
1217 ldb_asprintf_errstring(ldb, "ldb_rename: invalid olddn '%s'",
1218 ldb_dn_get_linearized(req->op.rename.olddn));
1219 return LDB_ERR_INVALID_DN_SYNTAX;
1221 if (!ldb_dn_validate(req->op.rename.newdn)) {
1222 ldb_asprintf_errstring(ldb, "ldb_rename: invalid newdn '%s'",
1223 ldb_dn_get_linearized(req->op.rename.newdn));
1224 return LDB_ERR_INVALID_DN_SYNTAX;
1226 FIRST_OP(ldb, rename);
1227 ret = next_module->ops->rename(next_module, req);
1230 FIRST_OP(ldb, extended);
1231 ret = next_module->ops->extended(next_module, req);
1234 FIRST_OP(ldb, request);
1235 ret = next_module->ops->request(next_module, req);
1239 if ((ret != LDB_SUCCESS) && (ldb->err_string == NULL)) {
1240 /* if no error string was setup by the backend */
1241 ldb_asprintf_errstring(ldb, "ldb_request: %s (%d)",
1242 ldb_strerror(ret), ret);
1248 int ldb_request_done(struct ldb_request *req, int status)
1250 req->handle->state = LDB_ASYNC_DONE;
1251 req->handle->status = status;
1256 search the database given a LDAP-like search expression
1258 returns an LDB error code
1260 Use talloc_free to free the ldb_message returned in 'res', if successful
1263 int ldb_search_default_callback(struct ldb_request *req,
1264 struct ldb_reply *ares)
1266 struct ldb_result *res;
1269 res = talloc_get_type(req->context, struct ldb_result);
1272 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1274 if (ares->error != LDB_SUCCESS) {
1275 return ldb_request_done(req, ares->error);
1278 switch (ares->type) {
1279 case LDB_REPLY_ENTRY:
1280 res->msgs = talloc_realloc(res, res->msgs,
1281 struct ldb_message *, res->count + 2);
1283 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1286 res->msgs[res->count + 1] = NULL;
1288 res->msgs[res->count] = talloc_move(res->msgs, &ares->message);
1292 case LDB_REPLY_REFERRAL:
1294 for (n = 0; res->refs[n]; n++) /*noop*/ ;
1299 res->refs = talloc_realloc(res, res->refs, char *, n + 2);
1301 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1304 res->refs[n] = talloc_move(res->refs, &ares->referral);
1305 res->refs[n + 1] = NULL;
1308 case LDB_REPLY_DONE:
1309 /* TODO: we should really support controls on entries
1310 * and referrals too! */
1311 res->controls = talloc_move(res, &ares->controls);
1313 /* this is the last message, and means the request is done */
1314 /* we have to signal and eventual ldb_wait() waiting that the
1315 * async request operation was completed */
1317 return ldb_request_done(req, LDB_SUCCESS);
1325 int ldb_modify_default_callback(struct ldb_request *req, struct ldb_reply *ares)
1327 struct ldb_result *res;
1331 res = talloc_get_type(req->context, struct ldb_result);
1334 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1337 if (ares->error != LDB_SUCCESS) {
1340 return ldb_request_done(req, ret);
1343 switch (ares->type) {
1344 case LDB_REPLY_REFERRAL:
1346 for (n = 0; res->refs[n]; n++) /*noop*/ ;
1351 res->refs = talloc_realloc(res, res->refs, char *, n + 2);
1353 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1356 res->refs[n] = talloc_move(res->refs, &ares->referral);
1357 res->refs[n + 1] = NULL;
1360 case LDB_REPLY_DONE:
1362 return ldb_request_done(req, LDB_SUCCESS);
1365 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1366 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1370 return ldb_request_done(req, LDB_SUCCESS);
1373 int ldb_op_default_callback(struct ldb_request *req, struct ldb_reply *ares)
1378 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1381 if (ares->error != LDB_SUCCESS) {
1384 return ldb_request_done(req, ret);
1387 if (ares->type != LDB_REPLY_DONE) {
1389 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1390 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1394 return ldb_request_done(req, LDB_SUCCESS);
1397 static struct ldb_request *ldb_build_req_common(TALLOC_CTX *mem_ctx,
1398 struct ldb_context *ldb,
1399 struct ldb_control **controls,
1401 ldb_request_callback_t callback,
1402 struct ldb_request *parent)
1404 struct ldb_request *req = NULL;
1406 req = talloc_zero(mem_ctx, struct ldb_request);
1410 req->controls = controls;
1411 req->context = context;
1412 req->callback = callback;
1414 ldb_set_timeout_from_prev_req(ldb, parent, req);
1416 if (parent != NULL) {
1417 req->handle = ldb_handle_new_child(req, parent);
1418 if (req->handle == NULL) {
1423 req->handle = ldb_handle_new(req, ldb);
1424 if (req->handle == NULL) {
1433 int ldb_build_search_req_ex(struct ldb_request **ret_req,
1434 struct ldb_context *ldb,
1435 TALLOC_CTX *mem_ctx,
1436 struct ldb_dn *base,
1437 enum ldb_scope scope,
1438 struct ldb_parse_tree *tree,
1439 const char * const *attrs,
1440 struct ldb_control **controls,
1442 ldb_request_callback_t callback,
1443 struct ldb_request *parent)
1445 struct ldb_request *req;
1449 req = ldb_build_req_common(mem_ctx, ldb, controls,
1450 context, callback, parent);
1453 return LDB_ERR_OPERATIONS_ERROR;
1456 req->operation = LDB_SEARCH;
1458 req->op.search.base = ldb_dn_new(req, ldb, NULL);
1460 req->op.search.base = base;
1462 req->op.search.scope = scope;
1464 req->op.search.tree = tree;
1465 if (req->op.search.tree == NULL) {
1466 ldb_set_errstring(ldb, "'tree' can't be NULL");
1468 return LDB_ERR_OPERATIONS_ERROR;
1471 req->op.search.attrs = attrs;
1476 int ldb_build_search_req(struct ldb_request **ret_req,
1477 struct ldb_context *ldb,
1478 TALLOC_CTX *mem_ctx,
1479 struct ldb_dn *base,
1480 enum ldb_scope scope,
1481 const char *expression,
1482 const char * const *attrs,
1483 struct ldb_control **controls,
1485 ldb_request_callback_t callback,
1486 struct ldb_request *parent)
1488 struct ldb_parse_tree *tree;
1491 tree = ldb_parse_tree(mem_ctx, expression);
1493 ldb_set_errstring(ldb, "Unable to parse search expression");
1494 return LDB_ERR_OPERATIONS_ERROR;
1497 ret = ldb_build_search_req_ex(ret_req, ldb, mem_ctx, base,
1498 scope, tree, attrs, controls,
1499 context, callback, parent);
1500 if (ret == LDB_SUCCESS) {
1501 talloc_steal(*ret_req, tree);
1506 int ldb_build_add_req(struct ldb_request **ret_req,
1507 struct ldb_context *ldb,
1508 TALLOC_CTX *mem_ctx,
1509 const struct ldb_message *message,
1510 struct ldb_control **controls,
1512 ldb_request_callback_t callback,
1513 struct ldb_request *parent)
1515 struct ldb_request *req;
1519 req = ldb_build_req_common(mem_ctx, ldb, controls,
1520 context, callback, parent);
1522 ldb_set_errstring(ldb, "Out of Memory");
1523 return LDB_ERR_OPERATIONS_ERROR;
1526 req->operation = LDB_ADD;
1527 req->op.add.message = message;
1532 int ldb_build_mod_req(struct ldb_request **ret_req,
1533 struct ldb_context *ldb,
1534 TALLOC_CTX *mem_ctx,
1535 const struct ldb_message *message,
1536 struct ldb_control **controls,
1538 ldb_request_callback_t callback,
1539 struct ldb_request *parent)
1541 struct ldb_request *req;
1545 req = ldb_build_req_common(mem_ctx, ldb, controls,
1546 context, callback, parent);
1548 ldb_set_errstring(ldb, "Out of Memory");
1549 return LDB_ERR_OPERATIONS_ERROR;
1552 req->operation = LDB_MODIFY;
1553 req->op.mod.message = message;
1559 int ldb_build_del_req(struct ldb_request **ret_req,
1560 struct ldb_context *ldb,
1561 TALLOC_CTX *mem_ctx,
1563 struct ldb_control **controls,
1565 ldb_request_callback_t callback,
1566 struct ldb_request *parent)
1568 struct ldb_request *req;
1572 req = ldb_build_req_common(mem_ctx, ldb, controls,
1573 context, callback, parent);
1575 ldb_set_errstring(ldb, "Out of Memory");
1576 return LDB_ERR_OPERATIONS_ERROR;
1579 req->operation = LDB_DELETE;
1580 req->op.del.dn = dn;
1585 int ldb_build_rename_req(struct ldb_request **ret_req,
1586 struct ldb_context *ldb,
1587 TALLOC_CTX *mem_ctx,
1588 struct ldb_dn *olddn,
1589 struct ldb_dn *newdn,
1590 struct ldb_control **controls,
1592 ldb_request_callback_t callback,
1593 struct ldb_request *parent)
1595 struct ldb_request *req;
1599 req = ldb_build_req_common(mem_ctx, ldb, controls,
1600 context, callback, parent);
1602 ldb_set_errstring(ldb, "Out of Memory");
1603 return LDB_ERR_OPERATIONS_ERROR;
1606 req->operation = LDB_RENAME;
1607 req->op.rename.olddn = olddn;
1608 req->op.rename.newdn = newdn;
1613 int ldb_extended_default_callback(struct ldb_request *req,
1614 struct ldb_reply *ares)
1616 struct ldb_result *res;
1618 res = talloc_get_type(req->context, struct ldb_result);
1621 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1623 if (ares->error != LDB_SUCCESS) {
1624 return ldb_request_done(req, ares->error);
1627 if (ares->type == LDB_REPLY_DONE) {
1629 /* TODO: we should really support controls on entries and referrals too! */
1630 res->extended = talloc_move(res, &ares->response);
1631 res->controls = talloc_move(res, &ares->controls);
1634 return ldb_request_done(req, LDB_SUCCESS);
1638 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1639 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1642 int ldb_build_extended_req(struct ldb_request **ret_req,
1643 struct ldb_context *ldb,
1644 TALLOC_CTX *mem_ctx,
1647 struct ldb_control **controls,
1649 ldb_request_callback_t callback,
1650 struct ldb_request *parent)
1652 struct ldb_request *req;
1656 req = ldb_build_req_common(mem_ctx, ldb, controls,
1657 context, callback, parent);
1659 ldb_set_errstring(ldb, "Out of Memory");
1660 return LDB_ERR_OPERATIONS_ERROR;
1663 req->operation = LDB_EXTENDED;
1664 req->op.extended.oid = oid;
1665 req->op.extended.data = data;
1670 int ldb_extended(struct ldb_context *ldb,
1673 struct ldb_result **_res)
1675 struct ldb_request *req;
1677 struct ldb_result *res;
1682 res = talloc_zero(ldb, struct ldb_result);
1684 return LDB_ERR_OPERATIONS_ERROR;
1687 ret = ldb_build_extended_req(&req, ldb, ldb,
1689 res, ldb_extended_default_callback,
1691 ldb_req_set_location(req, "ldb_extended");
1693 if (ret != LDB_SUCCESS) goto done;
1695 ldb_set_timeout(ldb, req, 0); /* use default timeout */
1697 ret = ldb_request(ldb, req);
1699 if (ret == LDB_SUCCESS) {
1700 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
1704 if (ret != LDB_SUCCESS) {
1716 note that ldb_search() will automatically replace a NULL 'base' value
1717 with the defaultNamingContext from the rootDSE if available.
1719 int ldb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
1720 struct ldb_result **result, struct ldb_dn *base,
1721 enum ldb_scope scope, const char * const *attrs,
1722 const char *exp_fmt, ...)
1724 struct ldb_request *req;
1725 struct ldb_result *res;
1734 res = talloc_zero(mem_ctx, struct ldb_result);
1736 return LDB_ERR_OPERATIONS_ERROR;
1740 va_start(ap, exp_fmt);
1741 expression = talloc_vasprintf(mem_ctx, exp_fmt, ap);
1746 return LDB_ERR_OPERATIONS_ERROR;
1750 ret = ldb_build_search_req(&req, ldb, mem_ctx,
1751 base?base:ldb_get_default_basedn(ldb),
1757 ldb_search_default_callback,
1759 ldb_req_set_location(req, "ldb_search");
1761 if (ret != LDB_SUCCESS) goto done;
1763 ret = ldb_request(ldb, req);
1765 if (ret == LDB_SUCCESS) {
1766 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
1770 if (ret != LDB_SUCCESS) {
1775 talloc_free(expression);
1783 add a record to the database. Will fail if a record with the given class
1784 and key already exists
1786 int ldb_add(struct ldb_context *ldb,
1787 const struct ldb_message *message)
1789 struct ldb_request *req;
1792 ret = ldb_msg_sanity_check(ldb, message);
1793 if (ret != LDB_SUCCESS) {
1797 ret = ldb_build_add_req(&req, ldb, ldb,
1801 ldb_op_default_callback,
1803 ldb_req_set_location(req, "ldb_add");
1805 if (ret != LDB_SUCCESS) return ret;
1807 /* do request and autostart a transaction */
1808 ret = ldb_autotransaction_request(ldb, req);
1815 modify the specified attributes of a record
1817 int ldb_modify(struct ldb_context *ldb,
1818 const struct ldb_message *message)
1820 struct ldb_request *req;
1823 ret = ldb_msg_sanity_check(ldb, message);
1824 if (ret != LDB_SUCCESS) {
1828 ret = ldb_build_mod_req(&req, ldb, ldb,
1832 ldb_op_default_callback,
1834 ldb_req_set_location(req, "ldb_modify");
1836 if (ret != LDB_SUCCESS) return ret;
1838 /* do request and autostart a transaction */
1839 ret = ldb_autotransaction_request(ldb, req);
1847 delete a record from the database
1849 int ldb_delete(struct ldb_context *ldb, struct ldb_dn *dn)
1851 struct ldb_request *req;
1854 ret = ldb_build_del_req(&req, ldb, ldb,
1858 ldb_op_default_callback,
1860 ldb_req_set_location(req, "ldb_delete");
1862 if (ret != LDB_SUCCESS) return ret;
1864 /* do request and autostart a transaction */
1865 ret = ldb_autotransaction_request(ldb, req);
1872 rename a record in the database
1874 int ldb_rename(struct ldb_context *ldb,
1875 struct ldb_dn *olddn, struct ldb_dn *newdn)
1877 struct ldb_request *req;
1880 ret = ldb_build_rename_req(&req, ldb, ldb,
1885 ldb_op_default_callback,
1887 ldb_req_set_location(req, "ldb_rename");
1889 if (ret != LDB_SUCCESS) return ret;
1891 /* do request and autostart a transaction */
1892 ret = ldb_autotransaction_request(ldb, req);
1900 return the global sequence number
1902 int ldb_sequence_number(struct ldb_context *ldb,
1903 enum ldb_sequence_type type, uint64_t *seq_num)
1905 struct ldb_seqnum_request *seq;
1906 struct ldb_seqnum_result *seqr;
1907 struct ldb_result *res;
1908 TALLOC_CTX *tmp_ctx;
1913 tmp_ctx = talloc_zero(ldb, struct ldb_request);
1914 if (tmp_ctx == NULL) {
1915 ldb_set_errstring(ldb, "Out of Memory");
1916 return LDB_ERR_OPERATIONS_ERROR;
1918 seq = talloc_zero(tmp_ctx, struct ldb_seqnum_request);
1920 ldb_set_errstring(ldb, "Out of Memory");
1921 ret = LDB_ERR_OPERATIONS_ERROR;
1926 ret = ldb_extended(ldb, LDB_EXTENDED_SEQUENCE_NUMBER, seq, &res);
1927 if (ret != LDB_SUCCESS) {
1930 talloc_steal(tmp_ctx, res);
1932 if (strcmp(LDB_EXTENDED_SEQUENCE_NUMBER, res->extended->oid) != 0) {
1933 ldb_set_errstring(ldb, "Invalid OID in reply");
1934 ret = LDB_ERR_OPERATIONS_ERROR;
1937 seqr = talloc_get_type(res->extended->data,
1938 struct ldb_seqnum_result);
1939 *seq_num = seqr->seq_num;
1942 talloc_free(tmp_ctx);
1947 return extended error information
1949 const char *ldb_errstring(struct ldb_context *ldb)
1951 if (ldb->err_string) {
1952 return ldb->err_string;
1959 return a string explaining what a ldb error constant meancs
1961 const char *ldb_strerror(int ldb_err)
1966 case LDB_ERR_OPERATIONS_ERROR:
1967 return "Operations error";
1968 case LDB_ERR_PROTOCOL_ERROR:
1969 return "Protocol error";
1970 case LDB_ERR_TIME_LIMIT_EXCEEDED:
1971 return "Time limit exceeded";
1972 case LDB_ERR_SIZE_LIMIT_EXCEEDED:
1973 return "Size limit exceeded";
1974 case LDB_ERR_COMPARE_FALSE:
1975 return "Compare false";
1976 case LDB_ERR_COMPARE_TRUE:
1977 return "Compare true";
1978 case LDB_ERR_AUTH_METHOD_NOT_SUPPORTED:
1979 return "Auth method not supported";
1980 case LDB_ERR_STRONG_AUTH_REQUIRED:
1981 return "Strong auth required";
1983 case LDB_ERR_REFERRAL:
1984 return "Referral error";
1985 case LDB_ERR_ADMIN_LIMIT_EXCEEDED:
1986 return "Admin limit exceeded";
1987 case LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION:
1988 return "Unsupported critical extension";
1989 case LDB_ERR_CONFIDENTIALITY_REQUIRED:
1990 return "Confidentiality required";
1991 case LDB_ERR_SASL_BIND_IN_PROGRESS:
1992 return "SASL bind in progress";
1993 case LDB_ERR_NO_SUCH_ATTRIBUTE:
1994 return "No such attribute";
1995 case LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE:
1996 return "Undefined attribute type";
1997 case LDB_ERR_INAPPROPRIATE_MATCHING:
1998 return "Inappropriate matching";
1999 case LDB_ERR_CONSTRAINT_VIOLATION:
2000 return "Constraint violation";
2001 case LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS:
2002 return "Attribute or value exists";
2003 case LDB_ERR_INVALID_ATTRIBUTE_SYNTAX:
2004 return "Invalid attribute syntax";
2006 case LDB_ERR_NO_SUCH_OBJECT:
2007 return "No such object";
2008 case LDB_ERR_ALIAS_PROBLEM:
2009 return "Alias problem";
2010 case LDB_ERR_INVALID_DN_SYNTAX:
2011 return "Invalid DN syntax";
2013 case LDB_ERR_ALIAS_DEREFERENCING_PROBLEM:
2014 return "Alias dereferencing problem";
2016 case LDB_ERR_INAPPROPRIATE_AUTHENTICATION:
2017 return "Inappropriate authentication";
2018 case LDB_ERR_INVALID_CREDENTIALS:
2019 return "Invalid credentials";
2020 case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
2021 return "insufficient access rights";
2024 case LDB_ERR_UNAVAILABLE:
2025 return "Unavailable";
2026 case LDB_ERR_UNWILLING_TO_PERFORM:
2027 return "Unwilling to perform";
2028 case LDB_ERR_LOOP_DETECT:
2029 return "Loop detect";
2031 case LDB_ERR_NAMING_VIOLATION:
2032 return "Naming violation";
2033 case LDB_ERR_OBJECT_CLASS_VIOLATION:
2034 return "Object class violation";
2035 case LDB_ERR_NOT_ALLOWED_ON_NON_LEAF:
2036 return "Not allowed on non-leaf";
2037 case LDB_ERR_NOT_ALLOWED_ON_RDN:
2038 return "Not allowed on RDN";
2039 case LDB_ERR_ENTRY_ALREADY_EXISTS:
2040 return "Entry already exists";
2041 case LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED:
2042 return "Object class mods prohibited";
2043 /* 70 RESERVED FOR CLDAP */
2044 case LDB_ERR_AFFECTS_MULTIPLE_DSAS:
2045 return "Affects multiple DSAs";
2051 return "Unknown error";
2055 set backend specific opaque parameters
2057 int ldb_set_opaque(struct ldb_context *ldb, const char *name, void *value)
2059 struct ldb_opaque *o;
2061 /* allow updating an existing value */
2062 for (o=ldb->opaque;o;o=o->next) {
2063 if (strcmp(o->name, name) == 0) {
2069 o = talloc(ldb, struct ldb_opaque);
2072 return LDB_ERR_OTHER;
2074 o->next = ldb->opaque;
2082 get a previously set opaque value
2084 void *ldb_get_opaque(struct ldb_context *ldb, const char *name)
2086 struct ldb_opaque *o;
2087 for (o=ldb->opaque;o;o=o->next) {
2088 if (strcmp(o->name, name) == 0) {
2095 int ldb_global_init(void)
2097 /* Provided for compatibility with some older versions of ldb */
2101 /* return the ldb flags */
2102 unsigned int ldb_get_flags(struct ldb_context *ldb)
2107 /* set the ldb flags */
2108 void ldb_set_flags(struct ldb_context *ldb, unsigned flags)
2115 set the location in a ldb request. Used for debugging
2117 void ldb_req_set_location(struct ldb_request *req, const char *location)
2119 if (req && req->handle) {
2120 req->handle->location = location;
2125 return the location set with dsdb_req_set_location
2127 const char *ldb_req_location(struct ldb_request *req)
2129 return req->handle->location;
2133 mark a request as untrusted. This tells the rootdse module to remove
2134 unregistered controls
2136 void ldb_req_mark_untrusted(struct ldb_request *req)
2138 req->handle->flags |= LDB_HANDLE_FLAG_UNTRUSTED;
2142 mark a request as trusted.
2144 void ldb_req_mark_trusted(struct ldb_request *req)
2146 req->handle->flags &= ~LDB_HANDLE_FLAG_UNTRUSTED;
2150 set custom flags. Those flags are set by applications using ldb,
2151 they are application dependent and the same bit can have different
2152 meaning in different application.
2154 void ldb_req_set_custom_flags(struct ldb_request *req, uint32_t flags)
2156 if (req != NULL && req->handle != NULL) {
2157 req->handle->custom_flags = flags;
2163 get custom flags. Those flags are set by applications using ldb,
2164 they are application dependent and the same bit can have different
2165 meaning in different application.
2167 uint32_t ldb_req_get_custom_flags(struct ldb_request *req)
2169 if (req != NULL && req->handle != NULL) {
2170 return req->handle->custom_flags;
2174 * 0 is not something any better or worse than
2175 * anything else as req or the handle is NULL
2182 * return true if a request is untrusted
2184 bool ldb_req_is_untrusted(struct ldb_request *req)
2186 return (req->handle->flags & LDB_HANDLE_FLAG_UNTRUSTED) != 0;