4 Copyright (C) Simo Sorce 2008
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb module header
29 * Description: defines ldb modules structures and helpers
33 #ifndef _LDB_MODULE_H_
34 #define _LDB_MODULE_H_
38 #if defined(_SAMBA_BUILD_) && defined(USING_SYSTEM_LDB)
41 * Versions before 1.2.0 doesn't define these values
42 * so we assime 1.1.29 (which was used in Samba 4.6)
44 * See https://bugzilla.samba.org/show_bug.cgi?id=12859
46 #ifndef EXPECTED_SYSTEM_LDB_VERSION_MAJOR
47 #define EXPECTED_SYSTEM_LDB_VERSION_MAJOR 1
49 #ifndef EXPECTED_SYSTEM_LDB_VERSION_MINOR
50 #define EXPECTED_SYSTEM_LDB_VERSION_MINOR 1
52 #ifndef EXPECTED_SYSTEM_LDB_VERSION_MINOR
53 #define EXPECTED_SYSTEM_LDB_VERSION_MINOR 29
57 * Only Samba versions which expect ldb >= 1.4.0
58 * reopen the ldb after each fork().
60 * See https://bugzilla.samba.org/show_bug.cgi?id=13519
62 #if EXPECTED_SYSTEM_LDB_VERSION_MAJOR > 1
63 #define __LDB_FORK_COMPATIBLE__ 1
64 #elif EXPECTED_SYSTEM_LDB_VERSION_MINOR > 3
65 #define __LDB_FORK_COMPATIBLE__ 1
67 #ifndef __LDB_FORK_COMPATIBLE__
68 #error "Samba < 4.9 is not compatible with this version of ldb due to assumptions around fork() behaviour"
71 #endif /* defined(_SAMBA_BUILD_) && defined(USING_SYSTEM_LDB) */
77 internal flag bits on message elements. Must be within LDB_FLAG_INTERNAL_MASK
79 #define LDB_FLAG_INTERNAL_DISABLE_VALIDATION 0x10
81 /* disable any single value checking on this attribute */
82 #define LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK 0x20
84 /* attribute has failed access check and must not be exposed */
85 #define LDB_FLAG_INTERNAL_INACCESSIBLE_ATTRIBUTE 0x40
87 /* force single value checking on this attribute */
88 #define LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK 0x80
91 * ensure that this value is unique on an index
92 * (despite the index not otherwise being configured as UNIQUE).
93 * For example, all words starting with 'a' must be unique, but duplicates of
94 * words starting with b are allowed. This is specifically for Samba's
95 * objectSid index which is unique in the primary domain only.
97 #define LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX 0x100
99 /* an extended match rule that always fails to match */
100 #define SAMBA_LDAP_MATCH_ALWAYS_FALSE "1.3.6.1.4.1.7165.4.5.1"
102 /* The const char * const * pointer to a list of secret (password)
103 * attributes, not to be printed in trace messages */
104 #define LDB_SECRET_ATTRIBUTE_LIST_OPAQUE "LDB_SECRET_ATTRIBUTE_LIST"
107 these function pointers define the operations that a ldb module can intercept
109 struct ldb_module_ops {
111 int (*init_context) (struct ldb_module *);
112 int (*search)(struct ldb_module *, struct ldb_request *); /* search */
113 int (*add)(struct ldb_module *, struct ldb_request *); /* add */
114 int (*modify)(struct ldb_module *, struct ldb_request *); /* modify */
115 int (*del)(struct ldb_module *, struct ldb_request *); /* delete */
116 int (*rename)(struct ldb_module *, struct ldb_request *); /* rename */
117 int (*request)(struct ldb_module *, struct ldb_request *); /* match any other operation */
118 int (*extended)(struct ldb_module *, struct ldb_request *); /* extended operations */
119 int (*start_transaction)(struct ldb_module *);
120 int (*prepare_commit)(struct ldb_module *);
121 int (*end_transaction)(struct ldb_module *);
122 int (*del_transaction)(struct ldb_module *);
123 int (*sequence_number)(struct ldb_module *, struct ldb_request *);
124 int (*read_lock)(struct ldb_module *);
125 int (*read_unlock)(struct ldb_module *);
130 /* The following definitions come from lib/ldb/common/ldb_debug.c */
131 void ldb_debug(struct ldb_context *ldb, enum ldb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4);
132 void ldb_debug_set(struct ldb_context *ldb, enum ldb_debug_level level,
133 const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4);
134 void ldb_debug_add(struct ldb_context *ldb, const char *fmt, ...) PRINTF_ATTRIBUTE(2, 3);
135 void ldb_debug_end(struct ldb_context *ldb, enum ldb_debug_level level);
136 void ldb_vdebug(struct ldb_context *ldb, enum ldb_debug_level level, const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3, 0);
138 #define ldb_error(ldb, ecode, reason) ldb_error_at(ldb, ecode, reason, __FILE__, __LINE__)
139 #define ldb_module_error(module, ecode, reason) ldb_error_at(ldb_module_get_ctx(module), ecode, reason, __FILE__, __LINE__)
141 #define ldb_oom(ldb) ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, "ldb out of memory")
142 #define ldb_module_oom(module) ldb_oom(ldb_module_get_ctx(module))
143 #define ldb_operr(ldb) ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, "operations error")
144 #define ldb_module_operr(module) ldb_error(ldb_module_get_ctx(module), LDB_ERR_OPERATIONS_ERROR, "operations error")
146 /* The following definitions come from lib/ldb/common/ldb.c */
148 void ldb_request_set_state(struct ldb_request *req, int state);
149 int ldb_request_get_status(struct ldb_request *req);
151 unsigned int ldb_get_create_perms(struct ldb_context *ldb);
153 const struct ldb_schema_syntax *ldb_standard_syntax_by_name(struct ldb_context *ldb,
156 /* The following definitions come from lib/ldb/common/ldb_attributes.c */
158 int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb,
161 const struct ldb_schema_syntax *syntax);
162 int ldb_schema_attribute_add(struct ldb_context *ldb,
166 void ldb_schema_attribute_remove(struct ldb_context *ldb, const char *name);
168 /* we allow external code to override the name -> schema_attribute function */
169 typedef const struct ldb_schema_attribute *(*ldb_attribute_handler_override_fn_t)(struct ldb_context *, void *, const char *);
172 Allow the caller to define a callback for the attribute handler
174 \param ldb The ldb context
175 \param override The callback to be used for attribute lookups
176 \param private_data Private data for the callback
179 void ldb_schema_attribute_set_override_handler(struct ldb_context *ldb,
180 ldb_attribute_handler_override_fn_t override,
184 Allow the caller to define that the callback for the attribute handler
185 also overrides the index list
187 \param ldb The ldb context
188 \param one_level_indexes Indicates that the index for SCOPE_ONELEVEL
189 should also be maintained
192 void ldb_schema_set_override_indexlist(struct ldb_context *ldb,
193 bool one_level_indexes);
197 \param ldb The ldb context
198 \param GUID_index_attribute The globally attribute (eg objectGUID)
200 \param GUID_index_attribute The DN component matching the
201 globally attribute on each entry (eg GUID)
203 The caller must ensure the supplied strings do not go out of
204 scope (they are typically constant memory).
207 void ldb_schema_set_override_GUID_index(struct ldb_context *ldb,
208 const char *GUID_index_attribute,
209 const char *GUID_index_dn_component);
211 /* A useful function to build comparison functions with */
212 int ldb_any_comparison(struct ldb_context *ldb, void *mem_ctx,
213 ldb_attr_handler_t canonicalise_fn,
214 const struct ldb_val *v1,
215 const struct ldb_val *v2);
217 /* The following definitions come from lib/ldb/common/ldb_controls.c */
218 int ldb_save_controls(struct ldb_control *exclude, struct ldb_request *req, struct ldb_control ***saver);
219 /* Returns a list of controls, except the one specified. Included
220 * controls become a child of returned list if they were children of
222 struct ldb_control **ldb_controls_except_specified(struct ldb_control **controls_in,
224 struct ldb_control *exclude);
225 int ldb_check_critical_controls(struct ldb_control **controls);
227 /* The following definitions come from lib/ldb/common/ldb_ldif.c */
228 int ldb_should_b64_encode(struct ldb_context *ldb, const struct ldb_val *val);
230 /* The following definitions come from lib/ldb/common/ldb_match.c */
231 int ldb_match_msg(struct ldb_context *ldb,
232 const struct ldb_message *msg,
233 const struct ldb_parse_tree *tree,
235 enum ldb_scope scope);
237 int ldb_match_msg_error(struct ldb_context *ldb,
238 const struct ldb_message *msg,
239 const struct ldb_parse_tree *tree,
241 enum ldb_scope scope,
244 int ldb_match_msg_objectclass(const struct ldb_message *msg,
245 const char *objectclass);
247 int ldb_register_extended_match_rules(struct ldb_context *ldb);
249 /* The following definitions come from lib/ldb/common/ldb_modules.c */
251 struct ldb_module *ldb_module_new(TALLOC_CTX *memctx,
252 struct ldb_context *ldb,
253 const char *module_name,
254 const struct ldb_module_ops *ops);
256 const char * ldb_module_get_name(struct ldb_module *module);
257 struct ldb_context *ldb_module_get_ctx(struct ldb_module *module);
258 void *ldb_module_get_private(struct ldb_module *module);
259 void ldb_module_set_private(struct ldb_module *module, void *private_data);
260 const struct ldb_module_ops *ldb_module_get_ops(struct ldb_module *module);
262 int ldb_next_request(struct ldb_module *module, struct ldb_request *request);
263 int ldb_next_start_trans(struct ldb_module *module);
264 int ldb_next_end_trans(struct ldb_module *module);
265 int ldb_next_del_trans(struct ldb_module *module);
266 int ldb_next_prepare_commit(struct ldb_module *module);
267 int ldb_next_init(struct ldb_module *module);
268 int ldb_next_read_lock(struct ldb_module *module);
269 int ldb_next_read_unlock(struct ldb_module *module);
271 void ldb_set_errstring(struct ldb_context *ldb, const char *err_string);
272 void ldb_asprintf_errstring(struct ldb_context *ldb, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
273 void ldb_reset_err_string(struct ldb_context *ldb);
274 int ldb_error_at(struct ldb_context *ldb, int ecode, const char *reason, const char *file, int line);
276 const char *ldb_default_modules_dir(void);
278 int ldb_register_module(const struct ldb_module_ops *);
280 typedef int (*ldb_connect_fn)(struct ldb_context *ldb, const char *url,
281 unsigned int flags, const char *options[],
282 struct ldb_module **module);
285 Require that LDB use a private event context for each request
287 A private event context may need to be created to avoid nested event
288 loops during ldb_tdb with the locks held. This indicates that a
289 backend is in use that requires this to hold locks safely.
291 \param handle The ldb handle to set the flag on
293 void ldb_set_require_private_event_context(struct ldb_context *ldb);
295 struct ldb_backend_ops {
297 ldb_connect_fn connect_fn;
300 const char *ldb_default_modules_dir(void);
302 int ldb_register_backend(const char *url_prefix, ldb_connect_fn, bool);
304 struct ldb_handle *ldb_handle_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb);
307 Obtains the private event context for the handle,
309 A private event context may have been created to avoid nested event
310 loops during ldb_tdb with the locks held. Otherwise return the
313 \param handle The ldb handle to obtain the event context for
314 \return the tevent event context for this handle (private or global)
316 struct tevent_context *ldb_handle_get_event_context(struct ldb_handle *handle);
318 int ldb_module_send_entry(struct ldb_request *req,
319 struct ldb_message *msg,
320 struct ldb_control **ctrls);
322 int ldb_module_send_referral(struct ldb_request *req,
325 int ldb_module_done(struct ldb_request *req,
326 struct ldb_control **ctrls,
327 struct ldb_extended *response,
330 int ldb_mod_register_control(struct ldb_module *module, const char *oid);
332 void ldb_set_default_dns(struct ldb_context *ldb);
334 Add a ldb_control to a ldb_reply
336 \param ares the reply struct where to add the control
337 \param oid the object identifier of the control as string
338 \param critical whether the control should be critical or not
339 \param data a talloc pointer to the control specific data
341 \return result code (LDB_SUCCESS on success, or a failure code)
343 int ldb_reply_add_control(struct ldb_reply *ares, const char *oid, bool critical, void *data);
346 mark a request as untrusted.
348 This tells the rootdse module to remove unregistered controls
350 \param req the request to mark as untrusted
352 void ldb_req_mark_untrusted(struct ldb_request *req);
355 mark a request as trusted.
357 This tells the rootdse module to allow unregistered controls
359 \param req the request to mark as trusted
361 void ldb_req_mark_trusted(struct ldb_request *req);
364 return true is a request is untrusted
366 This indicates the request came across a trust boundary
367 for example over LDAP
369 \param req the request check
370 \return is req trusted
372 bool ldb_req_is_untrusted(struct ldb_request *req);
375 set custom flags. Those flags are set by applications using ldb,
376 they are application dependent and the same bit can have different
377 meaning in different application.
379 void ldb_req_set_custom_flags(struct ldb_request *req, uint32_t flags);
382 get custom flags. Those flags are set by applications using ldb,
383 they are application dependent and the same bit can have different
384 meaning in different application.
386 uint32_t ldb_req_get_custom_flags(struct ldb_request *req);
388 /* load all modules from the given directory */
389 int ldb_modules_load(const char *modules_path, const char *version);
391 /* init functions prototype */
392 typedef int (*ldb_module_init_fn)(const char *);
395 general ldb hook function
397 enum ldb_module_hook_type { LDB_MODULE_HOOK_CMDLINE_OPTIONS = 1,
398 LDB_MODULE_HOOK_CMDLINE_PRECONNECT = 2,
399 LDB_MODULE_HOOK_CMDLINE_POSTCONNECT = 3 };
401 typedef int (*ldb_hook_fn)(struct ldb_context *, enum ldb_module_hook_type );
404 register a ldb hook function
406 int ldb_register_hook(ldb_hook_fn hook_fn);
409 call ldb hooks of a given type
411 int ldb_modules_hook(struct ldb_context *ldb, enum ldb_module_hook_type t);
413 #define LDB_MODULE_CHECK_VERSION(version) do { \
414 if (strcmp(version, LDB_VERSION) != 0) { \
415 fprintf(stderr, "ldb: module version mismatch in %s : ldb_version=%s module_version=%s\n", \
416 __FILE__, version, LDB_VERSION); \
417 return LDB_ERR_UNAVAILABLE; \
422 return a string representation of the calling chain for the given
425 char *ldb_module_call_chain(struct ldb_request *req, TALLOC_CTX *mem_ctx);
428 return the next module in the chain
430 struct ldb_module *ldb_module_next(struct ldb_module *module);
433 set the next module in the module chain
435 void ldb_module_set_next(struct ldb_module *module, struct ldb_module *next);
438 load a list of modules
440 int ldb_module_load_list(struct ldb_context *ldb, const char **module_list,
441 struct ldb_module *backend, struct ldb_module **out);
444 get the popt_options pointer in the ldb structure. This allows a ldb
445 module to change the command line parsing
447 struct poptOption **ldb_module_popt_options(struct ldb_context *ldb);
449 /* modules are called in inverse order on the stack.
450 Lets place them as an admin would think the right order is.
451 Modules order is important */
452 const char **ldb_modules_list_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *string);
455 return the current ldb flags LDB_FLG_*
457 uint32_t ldb_module_flags(struct ldb_context *ldb);
459 int ldb_module_connect_backend(struct ldb_context *ldb,
461 const char *options[],
462 struct ldb_module **backend_module);
465 initialise a chain of modules
467 int ldb_module_init_chain(struct ldb_context *ldb, struct ldb_module *module);
470 * prototype for the init function defined by dynamically loaded modules
472 int ldb_init_module(const char *version);
474 /* replace the components of a DN with those from another DN, without
475 * touching the extended components
477 * return true if successful and false if not
478 * if false is returned the dn may be marked invalid
480 bool ldb_dn_replace_components(struct ldb_dn *dn, struct ldb_dn *new_dn);
483 walk a parse tree, calling the provided callback on each node
485 int ldb_parse_tree_walk(struct ldb_parse_tree *tree,
486 int (*callback)(struct ldb_parse_tree *tree, void *),
487 void *private_context);
489 /* compare two message elements with ordering - used by modify */
490 bool ldb_msg_element_equal_ordered(const struct ldb_message_element *el1,
491 const struct ldb_message_element *el2);
494 struct ldb_extended_match_rule
497 int (*callback)(struct ldb_context *, const char *oid,
498 const struct ldb_message *, const char *,
499 const struct ldb_val *, bool *);
502 int ldb_register_extended_match_rule(struct ldb_context *ldb,
503 const struct ldb_extended_match_rule *rule);
506 * these pack/unpack functions are exposed in the library for use by
507 * ldb tools like ldbdump and for use in tests,
508 * but are not part of the public API
510 int ldb_pack_data(struct ldb_context *ldb,
511 const struct ldb_message *message,
512 struct ldb_val *data);
514 * Unpack a ldb message from a linear buffer in ldb_val
516 * Providing a list of attributes to this function allows selective unpacking.
517 * Giving a NULL list (or a list_size of 0) unpacks all the attributes.
519 int ldb_unpack_data_only_attr_list(struct ldb_context *ldb,
520 const struct ldb_val *data,
521 struct ldb_message *message,
522 const char* const * list,
523 unsigned int list_size,
524 unsigned int *nb_attributes_indb);
525 int ldb_unpack_data(struct ldb_context *ldb,
526 const struct ldb_val *data,
527 struct ldb_message *message);
529 * Unpack a ldb message from a linear buffer in ldb_val
531 * Providing a list of attributes to this function allows selective unpacking.
532 * Giving a NULL list (or a list_size of 0) unpacks all the attributes.
534 * Flags allow control of allocation, so that if
535 * LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC is specified, then data in values are
536 * not allocated, instead they point into the supplier constant buffer.
538 * If LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC is specified, then values
539 * array are not allocated individually (for single-valued
540 * attributes), instead they point into a single buffer per message.
542 * LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC is only valid when
543 * LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC is also specified.
545 * Likewise if LDB_UNPACK_DATA_FLAG_NO_DN is specified, the DN is omitted.
547 * If LDB_UNPACK_DATA_FLAG_NO_ATTRS is specified, then no attributes
548 * are unpacked or returned.
551 int ldb_unpack_data_only_attr_list_flags(struct ldb_context *ldb,
552 const struct ldb_val *data,
553 struct ldb_message *message,
554 const char * const *list,
555 unsigned int list_size,
557 unsigned int *nb_elements_in_db);
559 #define LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC 0x0001
560 #define LDB_UNPACK_DATA_FLAG_NO_DN 0x0002
561 #define LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC 0x0004
562 #define LDB_UNPACK_DATA_FLAG_NO_ATTRS 0x0008
563 #define LDB_UNPACK_DATA_FLAG_READ_LOCKED 0x0010
566 Forces a specific ldb handle to use the global event context.
568 This allows a nested event loop to operate, so any open
569 transaction also needs to be aborted.
571 Any events on this event context will be lost.
573 This is used in Samba when sending an IRPC to another part of the
574 same process instead of making a local DB modification.
576 \param handle The ldb handle to force to use the global context
579 void ldb_handle_use_global_event_context(struct ldb_handle *handle);