1 /*
2 ldb database library
3
4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Simo Sorce 2005-2008
6
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
9 ** under the LGPL
10
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
15
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
20
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 */
24
25 /*
26 * Name: ldb
27 *
28 * Component: ldb core API
29 *
30 * Description: core API routines interfacing to ldb backends
31 *
32 * Author: Andrew Tridgell
33 */
34
35 #define TEVENT_DEPRECATED 1
36 #include "ldb_private.h"
37 #include "ldb.h"
38
ldb_context_destructor(void * ptr)39 static int ldb_context_destructor(void *ptr)
40 {
41 struct ldb_context *ldb = talloc_get_type(ptr, struct ldb_context);
42
43 if (ldb->transaction_active) {
44 ldb_debug(ldb, LDB_DEBUG_FATAL,
45 "A transaction is still active in ldb context [%p] on %s",
46 ldb, (const char *)ldb_get_opaque(ldb, "ldb_url"));
47 }
48
49 return 0;
50 }
51
52 /*
53 this is used to catch debug messages from events
54 */
55 static void ldb_tevent_debug(void *context, enum tevent_debug_level level,
56 const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0);
57
ldb_tevent_debug(void * context,enum tevent_debug_level level,const char * fmt,va_list ap)58 static void ldb_tevent_debug(void *context, enum tevent_debug_level level,
59 const char *fmt, va_list ap)
60 {
61 struct ldb_context *ldb = talloc_get_type(context, struct ldb_context);
62 enum ldb_debug_level ldb_level = LDB_DEBUG_FATAL;
63
64 switch (level) {
65 case TEVENT_DEBUG_FATAL:
66 ldb_level = LDB_DEBUG_FATAL;
67 break;
68 case TEVENT_DEBUG_ERROR:
69 ldb_level = LDB_DEBUG_ERROR;
70 break;
71 case TEVENT_DEBUG_WARNING:
72 ldb_level = LDB_DEBUG_WARNING;
73 break;
74 case TEVENT_DEBUG_TRACE:
75 ldb_level = LDB_DEBUG_TRACE;
76 break;
77 };
78
79 /* There isn't a tevent: prefix here because to add it means
80 * actually printing the string, and most of the time we don't
81 * want to show it */
82 ldb_vdebug(ldb, ldb_level, fmt, ap);
83 }
84
85 /*
86 initialise a ldb context
87 The mem_ctx is required
88 The event_ctx is required
89 */
ldb_init(TALLOC_CTX * mem_ctx,struct tevent_context * ev_ctx)90 struct ldb_context *ldb_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx)
91 {
92 struct ldb_context *ldb;
93 int ret;
94 const char *modules_path = getenv("LDB_MODULES_PATH");
95
96 if (modules_path == NULL) {
97 modules_path = LDB_MODULESDIR;
98 }
99
100 ret = ldb_modules_load(modules_path, LDB_VERSION);
101 if (ret != LDB_SUCCESS) {
102 return NULL;
103 }
104
105 ldb = talloc_zero(mem_ctx, struct ldb_context);
106 if (ldb == NULL) {
107 return NULL;
108 }
109
110 /* A new event context so that callers who don't want ldb
111 * operating on their global event context can work without
112 * having to provide their own private one explicitly */
113 if (ev_ctx == NULL) {
114 ev_ctx = tevent_context_init(ldb);
115 if (ev_ctx == NULL) {
116 talloc_free(ldb);
117 return NULL;
118 }
119 tevent_set_debug(ev_ctx, ldb_tevent_debug, ldb);
120 tevent_loop_allow_nesting(ev_ctx);
121 }
122
123 ret = ldb_setup_wellknown_attributes(ldb);
124 if (ret != LDB_SUCCESS) {
125 talloc_free(ldb);
126 return NULL;
127 }
128
129 ldb_set_utf8_default(ldb);
130 ldb_set_create_perms(ldb, 0666);
131 ldb_set_modules_dir(ldb, LDB_MODULESDIR);
132 ldb_set_event_context(ldb, ev_ctx);
133 ret = ldb_register_extended_match_rules(ldb);
134 if (ret != LDB_SUCCESS) {
135 talloc_free(ldb);
136 return NULL;
137 }
138
139 /* TODO: get timeout from options if available there */
140 ldb->default_timeout = 300; /* set default to 5 minutes */
141
142 talloc_set_destructor((TALLOC_CTX *)ldb, ldb_context_destructor);
143
144 return ldb;
145 }
146
147 /*
148 try to autodetect a basedn if none specified. This fixes one of my
149 pet hates about ldapsearch, which is that you have to get a long,
150 complex basedn right to make any use of it.
151 */
ldb_set_default_dns(struct ldb_context * ldb)152 void ldb_set_default_dns(struct ldb_context *ldb)
153 {
154 TALLOC_CTX *tmp_ctx;
155 int ret;
156 struct ldb_result *res;
157 struct ldb_dn *tmp_dn=NULL;
158 static const char *attrs[] = {
159 "rootDomainNamingContext",
160 "configurationNamingContext",
161 "schemaNamingContext",
162 "defaultNamingContext",
163 NULL
164 };
165
166 tmp_ctx = talloc_new(ldb);
167 ret = ldb_search(ldb, tmp_ctx, &res, ldb_dn_new(tmp_ctx, ldb, NULL),
168 LDB_SCOPE_BASE, attrs, "(objectClass=*)");
169 if (ret != LDB_SUCCESS) {
170 talloc_free(tmp_ctx);
171 return;
172 }
173
174 if (res->count != 1) {
175 talloc_free(tmp_ctx);
176 return;
177 }
178
179 if (!ldb_get_opaque(ldb, "rootDomainNamingContext")) {
180 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
181 "rootDomainNamingContext");
182 ldb_set_opaque(ldb, "rootDomainNamingContext", tmp_dn);
183 }
184
185 if (!ldb_get_opaque(ldb, "configurationNamingContext")) {
186 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
187 "configurationNamingContext");
188 ldb_set_opaque(ldb, "configurationNamingContext", tmp_dn);
189 }
190
191 if (!ldb_get_opaque(ldb, "schemaNamingContext")) {
192 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
193 "schemaNamingContext");
194 ldb_set_opaque(ldb, "schemaNamingContext", tmp_dn);
195 }
196
197 if (!ldb_get_opaque(ldb, "defaultNamingContext")) {
198 tmp_dn = ldb_msg_find_attr_as_dn(ldb, ldb, res->msgs[0],
199 "defaultNamingContext");
200 ldb_set_opaque(ldb, "defaultNamingContext", tmp_dn);
201 }
202
203 talloc_free(tmp_ctx);
204 }
205
ldb_get_root_basedn(struct ldb_context * ldb)206 struct ldb_dn *ldb_get_root_basedn(struct ldb_context *ldb)
207 {
208 void *opaque = ldb_get_opaque(ldb, "rootDomainNamingContext");
209 return talloc_get_type(opaque, struct ldb_dn);
210 }
211
ldb_get_config_basedn(struct ldb_context * ldb)212 struct ldb_dn *ldb_get_config_basedn(struct ldb_context *ldb)
213 {
214 void *opaque = ldb_get_opaque(ldb, "configurationNamingContext");
215 return talloc_get_type(opaque, struct ldb_dn);
216 }
217
ldb_get_schema_basedn(struct ldb_context * ldb)218 struct ldb_dn *ldb_get_schema_basedn(struct ldb_context *ldb)
219 {
220 void *opaque = ldb_get_opaque(ldb, "schemaNamingContext");
221 return talloc_get_type(opaque, struct ldb_dn);
222 }
223
ldb_get_default_basedn(struct ldb_context * ldb)224 struct ldb_dn *ldb_get_default_basedn(struct ldb_context *ldb)
225 {
226 void *opaque = ldb_get_opaque(ldb, "defaultNamingContext");
227 return talloc_get_type(opaque, struct ldb_dn);
228 }
229
230 /*
231 connect to a database. The URL can either be one of the following forms
232 ldb://path
233 ldapi://path
234
235 flags is made up of LDB_FLG_*
236
237 the options are passed uninterpreted to the backend, and are
238 backend specific
239 */
ldb_connect(struct ldb_context * ldb,const char * url,unsigned int flags,const char * options[])240 int ldb_connect(struct ldb_context *ldb, const char *url,
241 unsigned int flags, const char *options[])
242 {
243 int ret;
244 char *url2;
245 /* We seem to need to do this here, or else some utilities don't
246 * get ldb backends */
247
248 ldb->flags = flags;
249
250 url2 = talloc_strdup(ldb, url);
251 if (!url2) {
252 ldb_oom(ldb);
253 return LDB_ERR_OPERATIONS_ERROR;
254 }
255 ret = ldb_set_opaque(ldb, "ldb_url", url2);
256 if (ret != LDB_SUCCESS) {
257 return ret;
258 }
259
260 /*
261 * Take a copy of the options.
262 */
263 ldb->options = ldb_options_copy(ldb, options);
264 if (ldb->options == NULL && options != NULL) {
265 ldb_oom(ldb);
266 return LDB_ERR_OPERATIONS_ERROR;
267 }
268
269 ret = ldb_module_connect_backend(ldb, url, options, &ldb->modules);
270 if (ret != LDB_SUCCESS) {
271 return ret;
272 }
273
274 ret = ldb_load_modules(ldb, options);
275 if (ret != LDB_SUCCESS) {
276 ldb_debug(ldb, LDB_DEBUG_FATAL,
277 "Unable to load modules for %s: %s",
278 url, ldb_errstring(ldb));
279 return ret;
280 }
281
282 /* set the default base dn */
283 ldb_set_default_dns(ldb);
284
285 return LDB_SUCCESS;
286 }
287
ldb_set_errstring(struct ldb_context * ldb,const char * err_string)288 void ldb_set_errstring(struct ldb_context *ldb, const char *err_string)
289 {
290 ldb_asprintf_errstring(ldb, "%s", err_string);
291 }
292
ldb_asprintf_errstring(struct ldb_context * ldb,const char * format,...)293 void ldb_asprintf_errstring(struct ldb_context *ldb, const char *format, ...)
294 {
295 va_list ap;
296 char *old_err_string = NULL;
297 if (ldb->err_string) {
298 old_err_string = ldb->err_string;
299 }
300
301 va_start(ap, format);
302 ldb->err_string = talloc_vasprintf(ldb, format, ap);
303 va_end(ap);
304
305 TALLOC_FREE(old_err_string);
306
307 if (ldb->flags & LDB_FLG_ENABLE_TRACING) {
308 ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_asprintf/set_errstring: %s",
309 ldb->err_string);
310 }
311 }
312
ldb_reset_err_string(struct ldb_context * ldb)313 void ldb_reset_err_string(struct ldb_context *ldb)
314 {
315 if (ldb->err_string) {
316 talloc_free(ldb->err_string);
317 ldb->err_string = NULL;
318 }
319 }
320
321
322
323 /*
324 set an ldb error based on file:line
325 */
ldb_error_at(struct ldb_context * ldb,int ecode,const char * reason,const char * file,int line)326 int ldb_error_at(struct ldb_context *ldb, int ecode,
327 const char *reason, const char *file, int line)
328 {
329 if (reason == NULL) {
330 reason = ldb_strerror(ecode);
331 }
332 ldb_asprintf_errstring(ldb, "%s at %s:%d", reason, file, line);
333 return ecode;
334 }
335
336
337 #define FIRST_OP_NOERR(ldb, op) do { \
338 next_module = ldb->modules; \
339 while (next_module && next_module->ops->op == NULL) { \
340 next_module = next_module->next; \
341 }; \
342 if ((ldb->flags & LDB_FLG_ENABLE_TRACING) && next_module) { \
343 ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_trace_request: (%s)->" #op, \
344 next_module->ops->name); \
345 } \
346 } while (0)
347
348 #define FIRST_OP(ldb, op) do { \
349 FIRST_OP_NOERR(ldb, op); \
350 if (next_module == NULL) { \
351 ldb_asprintf_errstring(ldb, "unable to find module or backend to handle operation: " #op); \
352 return LDB_ERR_OPERATIONS_ERROR; \
353 } \
354 } while (0)
355
356
357 /*
358 start a transaction
359 */
ldb_transaction_start(struct ldb_context * ldb)360 int ldb_transaction_start(struct ldb_context *ldb)
361 {
362 struct ldb_module *next_module;
363 int status;
364
365 ldb_debug(ldb, LDB_DEBUG_TRACE,
366 "start ldb transaction (nesting: %d)",
367 ldb->transaction_active);
368
369 /* explicit transaction active, count nested requests */
370 if (ldb->transaction_active) {
371 ldb->transaction_active++;
372 return LDB_SUCCESS;
373 }
374
375 /* start a new transaction */
376 ldb->transaction_active++;
377 ldb->prepare_commit_done = false;
378
379 FIRST_OP(ldb, start_transaction);
380
381 ldb_reset_err_string(ldb);
382
383 status = next_module->ops->start_transaction(next_module);
384 if (status != LDB_SUCCESS) {
385 if (ldb->err_string == NULL) {
386 /* no error string was setup by the backend */
387 ldb_asprintf_errstring(ldb,
388 "ldb transaction start: %s (%d)",
389 ldb_strerror(status),
390 status);
391 ldb->transaction_active--;
392 }
393 if ((next_module && next_module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
394 ldb_debug(next_module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s",
395 ldb_errstring(next_module->ldb));
396 }
397 } else {
398 if ((next_module && next_module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
399 ldb_debug(next_module->ldb, LDB_DEBUG_TRACE, "start ldb transaction success");
400 }
401 }
402 return status;
403 }
404
405 /*
406 prepare for transaction commit (first phase of two phase commit)
407 */
ldb_transaction_prepare_commit(struct ldb_context * ldb)408 int ldb_transaction_prepare_commit(struct ldb_context *ldb)
409 {
410 struct ldb_module *next_module;
411 int status;
412
413 if (ldb->prepare_commit_done) {
414 return LDB_SUCCESS;
415 }
416
417 /* commit only when all nested transactions are complete */
418 if (ldb->transaction_active > 1) {
419 return LDB_SUCCESS;
420 }
421
422 ldb->prepare_commit_done = true;
423
424 if (ldb->transaction_active < 0) {
425 ldb_debug(ldb, LDB_DEBUG_FATAL,
426 "prepare commit called but no ldb transactions are active!");
427 ldb->transaction_active = 0;
428 return LDB_ERR_OPERATIONS_ERROR;
429 }
430
431 /* call prepare transaction if available */
432 FIRST_OP_NOERR(ldb, prepare_commit);
433 if (next_module == NULL) {
434 return LDB_SUCCESS;
435 }
436
437 ldb_reset_err_string(ldb);
438
439 status = next_module->ops->prepare_commit(next_module);
440 if (status != LDB_SUCCESS) {
441 ldb->transaction_active--;
442 /* if a next_module fails the prepare then we need
443 to call the end transaction for everyone */
444 FIRST_OP(ldb, del_transaction);
445 next_module->ops->del_transaction(next_module);
446 if (ldb->err_string == NULL) {
447 /* no error string was setup by the backend */
448 ldb_asprintf_errstring(ldb,
449 "ldb transaction prepare commit: %s (%d)",
450 ldb_strerror(status),
451 status);
452 }
453 if ((next_module && next_module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
454 ldb_debug(next_module->ldb, LDB_DEBUG_TRACE, "prepare commit transaction error: %s",
455 ldb_errstring(next_module->ldb));
456 }
457 }
458
459 return status;
460 }
461
462
463 /*
464 commit a transaction
465 */
ldb_transaction_commit(struct ldb_context * ldb)466 int ldb_transaction_commit(struct ldb_context *ldb)
467 {
468 struct ldb_module *next_module;
469 int status;
470
471 status = ldb_transaction_prepare_commit(ldb);
472 if (status != LDB_SUCCESS) {
473 return status;
474 }
475
476 ldb->transaction_active--;
477
478 ldb_debug(ldb, LDB_DEBUG_TRACE,
479 "commit ldb transaction (nesting: %d)",
480 ldb->transaction_active);
481
482 /* commit only when all nested transactions are complete */
483 if (ldb->transaction_active > 0) {
484 return LDB_SUCCESS;
485 }
486
487 if (ldb->transaction_active < 0) {
488 ldb_debug(ldb, LDB_DEBUG_FATAL,
489 "commit called but no ldb transactions are active!");
490 ldb->transaction_active = 0;
491 return LDB_ERR_OPERATIONS_ERROR;
492 }
493
494 ldb_reset_err_string(ldb);
495
496 FIRST_OP(ldb, end_transaction);
497 status = next_module->ops->end_transaction(next_module);
498 if (status != LDB_SUCCESS) {
499 if (ldb->err_string == NULL) {
500 /* no error string was setup by the backend */
501 ldb_asprintf_errstring(ldb,
502 "ldb transaction commit: %s (%d)",
503 ldb_strerror(status),
504 status);
505 }
506 if ((next_module && next_module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
507 ldb_debug(next_module->ldb, LDB_DEBUG_TRACE, "commit ldb transaction error: %s",
508 ldb_errstring(next_module->ldb));
509 }
510 }
511 return status;
512 }
513
514
515 /*
516 cancel a transaction
517 */
ldb_transaction_cancel(struct ldb_context * ldb)518 int ldb_transaction_cancel(struct ldb_context *ldb)
519 {
520 struct ldb_module *next_module;
521 int status;
522
523 ldb->transaction_active--;
524
525 ldb_debug(ldb, LDB_DEBUG_TRACE,
526 "cancel ldb transaction (nesting: %d)",
527 ldb->transaction_active);
528
529 /* really cancel only if all nested transactions are complete */
530 if (ldb->transaction_active > 0) {
531 return LDB_SUCCESS;
532 }
533
534 if (ldb->transaction_active < 0) {
535 ldb_debug(ldb, LDB_DEBUG_FATAL,
536 "cancel called but no ldb transactions are active!");
537 ldb->transaction_active = 0;
538 return LDB_ERR_OPERATIONS_ERROR;
539 }
540
541 FIRST_OP(ldb, del_transaction);
542
543 status = next_module->ops->del_transaction(next_module);
544 if (status != LDB_SUCCESS) {
545 if (ldb->err_string == NULL) {
546 /* no error string was setup by the backend */
547 ldb_asprintf_errstring(ldb,
548 "ldb transaction cancel: %s (%d)",
549 ldb_strerror(status),
550 status);
551 }
552 if ((next_module && next_module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
553 ldb_debug(next_module->ldb, LDB_DEBUG_TRACE, "cancel ldb transaction error: %s",
554 ldb_errstring(next_module->ldb));
555 }
556 }
557 return status;
558 }
559
560 /*
561 cancel a transaction with no error if no transaction is pending
562 used when we fork() to clear any parent transactions
563 */
ldb_transaction_cancel_noerr(struct ldb_context * ldb)564 int ldb_transaction_cancel_noerr(struct ldb_context *ldb)
565 {
566 if (ldb->transaction_active > 0) {
567 return ldb_transaction_cancel(ldb);
568 }
569 return LDB_SUCCESS;
570 }
571
572
573 /* autostarts a transaction if none active */
ldb_autotransaction_request(struct ldb_context * ldb,struct ldb_request * req)574 static int ldb_autotransaction_request(struct ldb_context *ldb,
575 struct ldb_request *req)
576 {
577 int ret;
578
579 ret = ldb_transaction_start(ldb);
580 if (ret != LDB_SUCCESS) {
581 return ret;
582 }
583
584 ret = ldb_request(ldb, req);
585 if (ret == LDB_SUCCESS) {
586 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
587 }
588
589 if (ret == LDB_SUCCESS) {
590 return ldb_transaction_commit(ldb);
591 }
592 ldb_transaction_cancel(ldb);
593
594 return ret;
595 }
596
ldb_wait(struct ldb_handle * handle,enum ldb_wait_type type)597 int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type type)
598 {
599 struct tevent_context *ev;
600 int ret;
601
602 if (handle == NULL) {
603 return LDB_ERR_UNAVAILABLE;
604 }
605
606 if (handle->state == LDB_ASYNC_DONE) {
607 if ((handle->status != LDB_SUCCESS) &&
608 (handle->ldb->err_string == NULL)) {
609 /* if no error string was setup by the backend */
610 ldb_asprintf_errstring(handle->ldb,
611 "ldb_wait from %s with LDB_ASYNC_DONE: %s (%d)",
612 handle->location,
613 ldb_strerror(handle->status),
614 handle->status);
615 }
616 return handle->status;
617 }
618
619 ev = ldb_handle_get_event_context(handle);
620 if (NULL == ev) {
621 return ldb_oom(handle->ldb);
622 }
623
624 switch (type) {
625 case LDB_WAIT_NONE:
626 ret = tevent_loop_once(ev);
627 if (ret != 0) {
628 return ldb_operr(handle->ldb);
629 }
630 if (handle->status == LDB_SUCCESS) {
631 return LDB_SUCCESS;
632 }
633 if (handle->ldb->err_string != NULL) {
634 return handle->status;
635 }
636 /*
637 * if no error string was setup by the backend
638 */
639 ldb_asprintf_errstring(handle->ldb,
640 "ldb_wait from %s with LDB_WAIT_NONE: %s (%d)",
641 handle->location,
642 ldb_strerror(handle->status),
643 handle->status);
644 return handle->status;
645
646 case LDB_WAIT_ALL:
647 while (handle->state != LDB_ASYNC_DONE) {
648 ret = tevent_loop_once(ev);
649 if (ret != 0) {
650 return ldb_operr(handle->ldb);
651 }
652 if (handle->status != LDB_SUCCESS) {
653 if (handle->ldb->err_string != NULL) {
654 return handle->status;
655 }
656 /*
657 * if no error string was setup by the
658 * backend
659 */
660 ldb_asprintf_errstring(handle->ldb,
661 "ldb_wait from %s with "
662 "LDB_WAIT_ALL: %s (%d)",
663 handle->location,
664 ldb_strerror(handle->status),
665 handle->status);
666 return handle->status;
667 }
668 }
669 if (handle->status == LDB_SUCCESS) {
670 return LDB_SUCCESS;
671 }
672 if (handle->ldb->err_string != NULL) {
673 return handle->status;
674 }
675 /*
676 * if no error string was setup by the backend
677 */
678 ldb_asprintf_errstring(handle->ldb,
679 "ldb_wait from %s with LDB_WAIT_ALL,"
680 " LDB_ASYNC_DONE: %s (%d)",
681 handle->location,
682 ldb_strerror(handle->status),
683 handle->status);
684 return handle->status;
685 }
686
687 return LDB_SUCCESS;
688 }
689
690 /* set the specified timeout or, if timeout is 0 set the default timeout */
ldb_set_timeout(struct ldb_context * ldb,struct ldb_request * req,int timeout)691 int ldb_set_timeout(struct ldb_context *ldb,
692 struct ldb_request *req,
693 int timeout)
694 {
695 if (req == NULL) return LDB_ERR_OPERATIONS_ERROR;
696
697 if (timeout != 0) {
698 req->timeout = timeout;
699 } else {
700 req->timeout = ldb->default_timeout;
701 }
702 req->starttime = time(NULL);
703
704 return LDB_SUCCESS;
705 }
706
707 /* calculates the new timeout based on the previous starttime and timeout */
ldb_set_timeout_from_prev_req(struct ldb_context * ldb,struct ldb_request * oldreq,struct ldb_request * newreq)708 int ldb_set_timeout_from_prev_req(struct ldb_context *ldb,
709 struct ldb_request *oldreq,
710 struct ldb_request *newreq)
711 {
712 if (newreq == NULL) return LDB_ERR_OPERATIONS_ERROR;
713
714 if (oldreq == NULL) {
715 return ldb_set_timeout(ldb, newreq, 0);
716 }
717
718 newreq->starttime = oldreq->starttime;
719 newreq->timeout = oldreq->timeout;
720
721 return LDB_SUCCESS;
722 }
723
724
ldb_handle_new(TALLOC_CTX * mem_ctx,struct ldb_context * ldb)725 struct ldb_handle *ldb_handle_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb)
726 {
727 struct ldb_handle *h;
728
729 h = talloc_zero(mem_ctx, struct ldb_handle);
730 if (h == NULL) {
731 ldb_set_errstring(ldb, "Out of Memory");
732 return NULL;
733 }
734
735 h->status = LDB_SUCCESS;
736 h->state = LDB_ASYNC_INIT;
737 h->ldb = ldb;
738 h->flags = 0;
739 h->location = NULL;
740 h->parent = NULL;
741
742 if (h->ldb->require_private_event_context == true) {
743 h->event_context = tevent_context_init(h);
744 if (h->event_context == NULL) {
745 ldb_set_errstring(ldb,
746 "Out of Memory allocating "
747 "event context for new handle");
748 return NULL;
749 }
750 tevent_set_debug(h->event_context, ldb_tevent_debug, ldb);
751 tevent_loop_allow_nesting(h->event_context);
752 }
753
754 return h;
755 }
756
ldb_handle_new_child(TALLOC_CTX * mem_ctx,struct ldb_request * parent_req)757 static struct ldb_handle *ldb_handle_new_child(TALLOC_CTX *mem_ctx,
758 struct ldb_request *parent_req)
759 {
760 struct ldb_handle *h;
761
762 h = talloc_zero(mem_ctx, struct ldb_handle);
763 if (h == NULL) {
764 ldb_set_errstring(parent_req->handle->ldb,
765 "Out of Memory");
766 return NULL;
767 }
768
769 h->status = LDB_SUCCESS;
770 h->state = LDB_ASYNC_INIT;
771 h->ldb = parent_req->handle->ldb;
772 h->parent = parent_req;
773 h->nesting = parent_req->handle->nesting + 1;
774 h->flags = parent_req->handle->flags;
775 h->custom_flags = parent_req->handle->custom_flags;
776 h->event_context = parent_req->handle->event_context;
777
778 return h;
779 }
780
781 /*
782 set the permissions for new files to be passed to open() in
783 backends that use local files
784 */
ldb_set_create_perms(struct ldb_context * ldb,unsigned int perms)785 void ldb_set_create_perms(struct ldb_context *ldb, unsigned int perms)
786 {
787 ldb->create_perms = perms;
788 }
789
ldb_get_create_perms(struct ldb_context * ldb)790 unsigned int ldb_get_create_perms(struct ldb_context *ldb)
791 {
792 return ldb->create_perms;
793 }
794
ldb_set_event_context(struct ldb_context * ldb,struct tevent_context * ev)795 void ldb_set_event_context(struct ldb_context *ldb, struct tevent_context *ev)
796 {
797 ldb->ev_ctx = ev;
798 }
799
ldb_get_event_context(struct ldb_context * ldb)800 struct tevent_context * ldb_get_event_context(struct ldb_context *ldb)
801 {
802 return ldb->ev_ctx;
803 }
804
ldb_request_set_state(struct ldb_request * req,int state)805 void ldb_request_set_state(struct ldb_request *req, int state)
806 {
807 req->handle->state = state;
808 }
809
ldb_request_get_status(struct ldb_request * req)810 int ldb_request_get_status(struct ldb_request *req)
811 {
812 return req->handle->status;
813 }
814
815 /*
816 * This function obtains the private event context for the handle,
817 * which may have been created to avoid nested event loops during
818 * ldb_tdb with the locks held
819 */
ldb_handle_get_event_context(struct ldb_handle * handle)820 struct tevent_context *ldb_handle_get_event_context(struct ldb_handle *handle)
821 {
822 if (handle->event_context != NULL) {
823 return handle->event_context;
824 }
825 return ldb_get_event_context(handle->ldb);
826 }
827
828 /*
829 * This function forces a specific ldb handle to use the global event
830 * context. This allows a nested event loop to operate, so any open
831 * transaction also needs to be aborted.
832 *
833 * Any events on this event context will be lost
834 *
835 * This is used in Samba when sending an IRPC to another part of the
836 * same process instead of making a local DB modification.
837 */
ldb_handle_use_global_event_context(struct ldb_handle * handle)838 void ldb_handle_use_global_event_context(struct ldb_handle *handle)
839 {
840 TALLOC_FREE(handle->event_context);
841 }
842
ldb_set_require_private_event_context(struct ldb_context * ldb)843 void ldb_set_require_private_event_context(struct ldb_context *ldb)
844 {
845 ldb->require_private_event_context = true;
846 }
847
848 /*
849 trace a ldb request
850 */
ldb_trace_request(struct ldb_context * ldb,struct ldb_request * req)851 static void ldb_trace_request(struct ldb_context *ldb, struct ldb_request *req)
852 {
853 TALLOC_CTX *tmp_ctx = talloc_new(req);
854 unsigned int i;
855 struct ldb_ldif ldif;
856
857 switch (req->operation) {
858 case LDB_SEARCH:
859 ldb_debug_add(ldb, "ldb_trace_request: SEARCH\n");
860 ldb_debug_add(ldb, " dn: %s\n",
861 ldb_dn_is_null(req->op.search.base)?"<rootDSE>":
862 ldb_dn_get_linearized(req->op.search.base));
863 ldb_debug_add(ldb, " scope: %s\n",
864 req->op.search.scope==LDB_SCOPE_BASE?"base":
865 req->op.search.scope==LDB_SCOPE_ONELEVEL?"one":
866 req->op.search.scope==LDB_SCOPE_SUBTREE?"sub":"UNKNOWN");
867 ldb_debug_add(ldb, " expr: %s\n",
868 ldb_filter_from_tree(tmp_ctx, req->op.search.tree));
869 if (req->op.search.attrs == NULL) {
870 ldb_debug_add(ldb, " attr: <ALL>\n");
871 } else {
872 for (i=0; req->op.search.attrs[i]; i++) {
873 ldb_debug_add(ldb, " attr: %s\n", req->op.search.attrs[i]);
874 }
875 }
876 break;
877 case LDB_DELETE:
878 ldb_debug_add(ldb, "ldb_trace_request: DELETE\n");
879 ldb_debug_add(ldb, " dn: %s\n",
880 ldb_dn_get_linearized(req->op.del.dn));
881 break;
882 case LDB_RENAME:
883 ldb_debug_add(ldb, "ldb_trace_request: RENAME\n");
884 ldb_debug_add(ldb, " olddn: %s\n",
885 ldb_dn_get_linearized(req->op.rename.olddn));
886 ldb_debug_add(ldb, " newdn: %s\n",
887 ldb_dn_get_linearized(req->op.rename.newdn));
888 break;
889 case LDB_EXTENDED:
890 ldb_debug_add(ldb, "ldb_trace_request: EXTENDED\n");
891 ldb_debug_add(ldb, " oid: %s\n", req->op.extended.oid);
892 ldb_debug_add(ldb, " data: %s\n", req->op.extended.data?"yes":"no");
893 break;
894 case LDB_ADD:
895 ldif.changetype = LDB_CHANGETYPE_ADD;
896 ldif.msg = discard_const_p(struct ldb_message, req->op.add.message);
897
898 ldb_debug_add(ldb, "ldb_trace_request: ADD\n");
899
900 /*
901 * The choice to call
902 * ldb_ldif_write_redacted_trace_string() is CRITICAL
903 * for security. It ensures that we do not output
904 * passwords into debug logs
905 */
906
907 ldb_debug_add(req->handle->ldb, "%s\n",
908 ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif));
909 break;
910 case LDB_MODIFY:
911 ldif.changetype = LDB_CHANGETYPE_MODIFY;
912 ldif.msg = discard_const_p(struct ldb_message, req->op.mod.message);
913
914 ldb_debug_add(ldb, "ldb_trace_request: MODIFY\n");
915
916 /*
917 * The choice to call
918 * ldb_ldif_write_redacted_trace_string() is CRITICAL
919 * for security. It ensures that we do not output
920 * passwords into debug logs
921 */
922
923 ldb_debug_add(req->handle->ldb, "%s\n",
924 ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif));
925 break;
926 case LDB_REQ_REGISTER_CONTROL:
927 ldb_debug_add(ldb, "ldb_trace_request: REGISTER_CONTROL\n");
928 ldb_debug_add(req->handle->ldb, "%s\n",
929 req->op.reg_control.oid);
930 break;
931 case LDB_REQ_REGISTER_PARTITION:
932 ldb_debug_add(ldb, "ldb_trace_request: REGISTER_PARTITION\n");
933 ldb_debug_add(req->handle->ldb, "%s\n",
934 ldb_dn_get_linearized(req->op.reg_partition.dn));
935 break;
936 default:
937 ldb_debug_add(ldb, "ldb_trace_request: UNKNOWN(%u)\n",
938 req->operation);
939 break;
940 }
941
942 if (req->controls == NULL) {
943 ldb_debug_add(ldb, " control: <NONE>\n");
944 } else {
945 for (i=0; req->controls && req->controls[i]; i++) {
946 if (req->controls[i]->oid) {
947 ldb_debug_add(ldb, " control: %s crit:%u data:%s\n",
948 req->controls[i]->oid,
949 req->controls[i]->critical,
950 req->controls[i]->data?"yes":"no");
951 }
952 }
953 }
954
955 ldb_debug_end(ldb, LDB_DEBUG_TRACE);
956
957 talloc_free(tmp_ctx);
958 }
959
960 /*
961 check that the element flags don't have any internal bits set
962 */
ldb_msg_check_element_flags(struct ldb_context * ldb,const struct ldb_message * message)963 static int ldb_msg_check_element_flags(struct ldb_context *ldb,
964 const struct ldb_message *message)
965 {
966 unsigned i;
967 for (i=0; i<message->num_elements; i++) {
968 if (message->elements[i].flags & LDB_FLAG_INTERNAL_MASK) {
969 ldb_asprintf_errstring(ldb, "Invalid element flags 0x%08x on element %s in %s\n",
970 message->elements[i].flags, message->elements[i].name,
971 ldb_dn_get_linearized(message->dn));
972 return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
973 }
974 }
975 return LDB_SUCCESS;
976 }
977
978 /*
979 * This context allows us to make the unlock be a talloc destructor
980 *
981 * This ensures that a request started, but not waited on, will still
982 * unlock.
983 */
984 struct ldb_db_lock_context {
985 struct ldb_request *req;
986 struct ldb_context *ldb;
987 };
988
989 /*
990 * We have to have a the unlock on a destructor so that we unlock the
991 * DB if a caller calls talloc_free(req). We trust that the ldb
992 * context has not already gone away.
993 */
ldb_db_lock_destructor(struct ldb_db_lock_context * lock_context)994 static int ldb_db_lock_destructor(struct ldb_db_lock_context *lock_context)
995 {
996 int ret;
997 struct ldb_module *next_module;
998 FIRST_OP_NOERR(lock_context->ldb, read_unlock);
999 if (next_module != NULL) {
1000 ret = next_module->ops->read_unlock(next_module);
1001 } else {
1002 ret = LDB_SUCCESS;
1003 }
1004
1005 if (ret != LDB_SUCCESS) {
1006 ldb_debug(lock_context->ldb,
1007 LDB_DEBUG_FATAL,
1008 "Failed to unlock db: %s / %s",
1009 ldb_errstring(lock_context->ldb),
1010 ldb_strerror(ret));
1011 }
1012 return 0;
1013 }
1014
ldb_lock_backend_callback(struct ldb_request * req,struct ldb_reply * ares)1015 static int ldb_lock_backend_callback(struct ldb_request *req,
1016 struct ldb_reply *ares)
1017 {
1018 struct ldb_db_lock_context *lock_context;
1019 int ret;
1020
1021 if (req->context == NULL) {
1022 /*
1023 * The usual way to get here is to ignore the return codes
1024 * and continuing processing after an error.
1025 */
1026 abort();
1027 }
1028 lock_context = talloc_get_type(req->context,
1029 struct ldb_db_lock_context);
1030
1031 if (!ares) {
1032 return ldb_module_done(lock_context->req, NULL, NULL,
1033 LDB_ERR_OPERATIONS_ERROR);
1034 }
1035 if (ares->error != LDB_SUCCESS || ares->type == LDB_REPLY_DONE) {
1036 ret = ldb_module_done(lock_context->req, ares->controls,
1037 ares->response, ares->error);
1038 /*
1039 * If this is a LDB_REPLY_DONE or an error, unlock the
1040 * DB by calling the destructor on this context
1041 */
1042 TALLOC_FREE(req->context);
1043 return ret;
1044 }
1045
1046 /* Otherwise pass on the callback */
1047 switch (ares->type) {
1048 case LDB_REPLY_ENTRY:
1049 return ldb_module_send_entry(lock_context->req, ares->message,
1050 ares->controls);
1051
1052 case LDB_REPLY_REFERRAL:
1053 return ldb_module_send_referral(lock_context->req,
1054 ares->referral);
1055 default:
1056 /* Can't happen */
1057 return LDB_ERR_OPERATIONS_ERROR;
1058 }
1059 }
1060
1061 /*
1062 * Do an ldb_search() with a lock held, but release it if the request
1063 * is freed with talloc_free()
1064 */
lock_search(struct ldb_module * lock_module,struct ldb_request * req)1065 static int lock_search(struct ldb_module *lock_module, struct ldb_request *req)
1066 {
1067 /* Used in FIRST_OP_NOERR to find where to send the lock request */
1068 struct ldb_module *next_module = NULL;
1069 struct ldb_request *down_req = NULL;
1070 struct ldb_db_lock_context *lock_context;
1071 struct ldb_context *ldb = ldb_module_get_ctx(lock_module);
1072 int ret;
1073
1074 lock_context = talloc(req, struct ldb_db_lock_context);
1075 if (lock_context == NULL) {
1076 return ldb_oom(ldb);
1077 }
1078
1079 lock_context->ldb = ldb;
1080 lock_context->req = req;
1081
1082 ret = ldb_build_search_req_ex(&down_req, ldb, req,
1083 req->op.search.base,
1084 req->op.search.scope,
1085 req->op.search.tree,
1086 req->op.search.attrs,
1087 req->controls,
1088 lock_context,
1089 ldb_lock_backend_callback,
1090 req);
1091 LDB_REQ_SET_LOCATION(down_req);
1092 if (ret != LDB_SUCCESS) {
1093 return ret;
1094 }
1095
1096 /* call DB lock */
1097 FIRST_OP_NOERR(ldb, read_lock);
1098 if (next_module != NULL) {
1099 ret = next_module->ops->read_lock(next_module);
1100 } else {
1101 ret = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
1102 }
1103
1104 if (ret == LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION) {
1105 /* We might be talking LDAP */
1106 ldb_reset_err_string(ldb);
1107 TALLOC_FREE(lock_context);
1108
1109 return ldb_next_request(lock_module, req);
1110 } else if ((ret != LDB_SUCCESS) && (ldb->err_string == NULL)) {
1111 /* if no error string was setup by the backend */
1112 ldb_asprintf_errstring(ldb, "Failed to get DB lock: %s (%d)",
1113 ldb_strerror(ret), ret);
1114 } else {
1115 talloc_set_destructor(lock_context, ldb_db_lock_destructor);
1116 }
1117
1118 if (ret != LDB_SUCCESS) {
1119 return ret;
1120 }
1121
1122 return ldb_next_request(lock_module, down_req);
1123 }
1124
1125 /*
1126 start an ldb request
1127 NOTE: the request must be a talloc context.
1128 returns LDB_ERR_* on errors.
1129 */
ldb_request(struct ldb_context * ldb,struct ldb_request * req)1130 int ldb_request(struct ldb_context *ldb, struct ldb_request *req)
1131 {
1132 struct ldb_module *next_module;
1133 int ret;
1134
1135 if (req->callback == NULL) {
1136 ldb_set_errstring(ldb, "Requests MUST define callbacks");
1137 return LDB_ERR_UNWILLING_TO_PERFORM;
1138 }
1139
1140 ldb_reset_err_string(ldb);
1141
1142 if (ldb->flags & LDB_FLG_ENABLE_TRACING) {
1143 ldb_trace_request(ldb, req);
1144 }
1145
1146 /* call the first module in the chain */
1147 switch (req->operation) {
1148 case LDB_SEARCH:
1149 {
1150 /*
1151 * A fake module to allow ldb_next_request() to be
1152 * re-used and to keep the locking out of this function.
1153 */
1154 static const struct ldb_module_ops lock_module_ops = {
1155 .name = "lock_searches",
1156 .search = lock_search
1157 };
1158 struct ldb_module lock_module = {
1159 .ldb = ldb,
1160 .next = ldb->modules,
1161 .ops = &lock_module_ops
1162 };
1163 next_module = &lock_module;
1164
1165 /* due to "ldb_build_search_req" base DN always != NULL */
1166 if (!ldb_dn_validate(req->op.search.base)) {
1167 ldb_asprintf_errstring(ldb, "ldb_search: invalid basedn '%s'",
1168 ldb_dn_get_linearized(req->op.search.base));
1169 return LDB_ERR_INVALID_DN_SYNTAX;
1170 }
1171
1172 ret = next_module->ops->search(next_module, req);
1173 break;
1174 }
1175 case LDB_ADD:
1176 if (!ldb_dn_validate(req->op.add.message->dn)) {
1177 ldb_asprintf_errstring(ldb, "ldb_add: invalid dn '%s'",
1178 ldb_dn_get_linearized(req->op.add.message->dn));
1179 return LDB_ERR_INVALID_DN_SYNTAX;
1180 }
1181 /*
1182 * we have to normalize here, as so many places
1183 * in modules and backends assume we don't have two
1184 * elements with the same name
1185 */
1186 ret = ldb_msg_normalize(ldb, req, req->op.add.message,
1187 discard_const(&req->op.add.message));
1188 if (ret != LDB_SUCCESS) {
1189 ldb_oom(ldb);
1190 return ret;
1191 }
1192 FIRST_OP(ldb, add);
1193 ret = ldb_msg_check_element_flags(ldb, req->op.add.message);
1194 if (ret != LDB_SUCCESS) {
1195 /*
1196 * "ldb_msg_check_element_flags" generates an error
1197 * string
1198 */
1199 return ret;
1200 }
1201 ret = next_module->ops->add(next_module, req);
1202 break;
1203 case LDB_MODIFY:
1204 if (!ldb_dn_validate(req->op.mod.message->dn)) {
1205 ldb_asprintf_errstring(ldb, "ldb_modify: invalid dn '%s'",
1206 ldb_dn_get_linearized(req->op.mod.message->dn));
1207 return LDB_ERR_INVALID_DN_SYNTAX;
1208 }
1209 FIRST_OP(ldb, modify);
1210 ret = ldb_msg_check_element_flags(ldb, req->op.mod.message);
1211 if (ret != LDB_SUCCESS) {
1212 /*
1213 * "ldb_msg_check_element_flags" generates an error
1214 * string
1215 */
1216 return ret;
1217 }
1218 ret = next_module->ops->modify(next_module, req);
1219 break;
1220 case LDB_DELETE:
1221 if (!ldb_dn_validate(req->op.del.dn)) {
1222 ldb_asprintf_errstring(ldb, "ldb_delete: invalid dn '%s'",
1223 ldb_dn_get_linearized(req->op.del.dn));
1224 return LDB_ERR_INVALID_DN_SYNTAX;
1225 }
1226 FIRST_OP(ldb, del);
1227 ret = next_module->ops->del(next_module, req);
1228 break;
1229 case LDB_RENAME:
1230 if (!ldb_dn_validate(req->op.rename.olddn)) {
1231 ldb_asprintf_errstring(ldb, "ldb_rename: invalid olddn '%s'",
1232 ldb_dn_get_linearized(req->op.rename.olddn));
1233 return LDB_ERR_INVALID_DN_SYNTAX;
1234 }
1235 if (!ldb_dn_validate(req->op.rename.newdn)) {
1236 ldb_asprintf_errstring(ldb, "ldb_rename: invalid newdn '%s'",
1237 ldb_dn_get_linearized(req->op.rename.newdn));
1238 return LDB_ERR_INVALID_DN_SYNTAX;
1239 }
1240 FIRST_OP(ldb, rename);
1241 ret = next_module->ops->rename(next_module, req);
1242 break;
1243 case LDB_EXTENDED:
1244 FIRST_OP(ldb, extended);
1245 ret = next_module->ops->extended(next_module, req);
1246 break;
1247 default:
1248 FIRST_OP(ldb, request);
1249 ret = next_module->ops->request(next_module, req);
1250 break;
1251 }
1252
1253 if ((ret != LDB_SUCCESS) && (ldb->err_string == NULL)) {
1254 /* if no error string was setup by the backend */
1255 ldb_asprintf_errstring(ldb, "ldb_request: %s (%d)",
1256 ldb_strerror(ret), ret);
1257 }
1258
1259 return ret;
1260 }
1261
ldb_request_done(struct ldb_request * req,int status)1262 int ldb_request_done(struct ldb_request *req, int status)
1263 {
1264 req->handle->state = LDB_ASYNC_DONE;
1265 req->handle->status = status;
1266 return status;
1267 }
1268
1269 /*
1270 search the database given a LDAP-like search expression
1271
1272 returns an LDB error code
1273
1274 Use talloc_free to free the ldb_message returned in 'res', if successful
1275
1276 */
ldb_search_default_callback(struct ldb_request * req,struct ldb_reply * ares)1277 int ldb_search_default_callback(struct ldb_request *req,
1278 struct ldb_reply *ares)
1279 {
1280 struct ldb_result *res;
1281 unsigned int n;
1282
1283 res = talloc_get_type(req->context, struct ldb_result);
1284
1285 if (!ares) {
1286 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1287 }
1288 if (ares->error != LDB_SUCCESS) {
1289 return ldb_request_done(req, ares->error);
1290 }
1291
1292 switch (ares->type) {
1293 case LDB_REPLY_ENTRY:
1294 res->msgs = talloc_realloc(res, res->msgs,
1295 struct ldb_message *, res->count + 2);
1296 if (! res->msgs) {
1297 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1298 }
1299
1300 res->msgs[res->count + 1] = NULL;
1301
1302 res->msgs[res->count] = talloc_move(res->msgs, &ares->message);
1303 res->count++;
1304 break;
1305
1306 case LDB_REPLY_REFERRAL:
1307 if (res->refs) {
1308 for (n = 0; res->refs[n]; n++) /*noop*/ ;
1309 } else {
1310 n = 0;
1311 }
1312
1313 res->refs = talloc_realloc(res, res->refs, char *, n + 2);
1314 if (! res->refs) {
1315 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1316 }
1317
1318 res->refs[n] = talloc_move(res->refs, &ares->referral);
1319 res->refs[n + 1] = NULL;
1320 break;
1321
1322 case LDB_REPLY_DONE:
1323 /* TODO: we should really support controls on entries
1324 * and referrals too! */
1325 res->controls = talloc_move(res, &ares->controls);
1326
1327 /* this is the last message, and means the request is done */
1328 /* we have to signal and eventual ldb_wait() waiting that the
1329 * async request operation was completed */
1330 talloc_free(ares);
1331 return ldb_request_done(req, LDB_SUCCESS);
1332 }
1333
1334 talloc_free(ares);
1335
1336 return LDB_SUCCESS;
1337 }
1338
ldb_modify_default_callback(struct ldb_request * req,struct ldb_reply * ares)1339 int ldb_modify_default_callback(struct ldb_request *req, struct ldb_reply *ares)
1340 {
1341 struct ldb_result *res;
1342 unsigned int n;
1343 int ret;
1344
1345 res = talloc_get_type(req->context, struct ldb_result);
1346
1347 if (!ares) {
1348 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1349 }
1350
1351 if (ares->error != LDB_SUCCESS) {
1352 ret = ares->error;
1353 talloc_free(ares);
1354 return ldb_request_done(req, ret);
1355 }
1356
1357 switch (ares->type) {
1358 case LDB_REPLY_REFERRAL:
1359 if (res->refs) {
1360 for (n = 0; res->refs[n]; n++) /*noop*/ ;
1361 } else {
1362 n = 0;
1363 }
1364
1365 res->refs = talloc_realloc(res, res->refs, char *, n + 2);
1366 if (! res->refs) {
1367 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1368 }
1369
1370 res->refs[n] = talloc_move(res->refs, &ares->referral);
1371 res->refs[n + 1] = NULL;
1372 break;
1373
1374 case LDB_REPLY_DONE:
1375 talloc_free(ares);
1376 return ldb_request_done(req, LDB_SUCCESS);
1377 default:
1378 talloc_free(ares);
1379 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1380 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1381 }
1382
1383 talloc_free(ares);
1384 return ldb_request_done(req, LDB_SUCCESS);
1385 }
1386
ldb_op_default_callback(struct ldb_request * req,struct ldb_reply * ares)1387 int ldb_op_default_callback(struct ldb_request *req, struct ldb_reply *ares)
1388 {
1389 int ret;
1390
1391 if (!ares) {
1392 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1393 }
1394
1395 if (ares->error != LDB_SUCCESS) {
1396 ret = ares->error;
1397 talloc_free(ares);
1398 return ldb_request_done(req, ret);
1399 }
1400
1401 if (ares->type != LDB_REPLY_DONE) {
1402 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1403 TALLOC_FREE(ares);
1404 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1405 }
1406
1407 talloc_free(ares);
1408 return ldb_request_done(req, LDB_SUCCESS);
1409 }
1410
ldb_build_req_common(TALLOC_CTX * mem_ctx,struct ldb_context * ldb,struct ldb_control ** controls,void * context,ldb_request_callback_t callback,struct ldb_request * parent)1411 static struct ldb_request *ldb_build_req_common(TALLOC_CTX *mem_ctx,
1412 struct ldb_context *ldb,
1413 struct ldb_control **controls,
1414 void *context,
1415 ldb_request_callback_t callback,
1416 struct ldb_request *parent)
1417 {
1418 struct ldb_request *req = NULL;
1419
1420 req = talloc_zero(mem_ctx, struct ldb_request);
1421 if (req == NULL) {
1422 return NULL;
1423 }
1424 req->controls = controls;
1425 req->context = context;
1426 req->callback = callback;
1427
1428 ldb_set_timeout_from_prev_req(ldb, parent, req);
1429
1430 if (parent != NULL) {
1431 req->handle = ldb_handle_new_child(req, parent);
1432 if (req->handle == NULL) {
1433 TALLOC_FREE(req);
1434 return NULL;
1435 }
1436 } else {
1437 req->handle = ldb_handle_new(req, ldb);
1438 if (req->handle == NULL) {
1439 TALLOC_FREE(req);
1440 return NULL;
1441 }
1442 }
1443
1444 return req;
1445 }
1446
ldb_build_search_req_ex(struct ldb_request ** ret_req,struct ldb_context * ldb,TALLOC_CTX * mem_ctx,struct ldb_dn * base,enum ldb_scope scope,struct ldb_parse_tree * tree,const char * const * attrs,struct ldb_control ** controls,void * context,ldb_request_callback_t callback,struct ldb_request * parent)1447 int ldb_build_search_req_ex(struct ldb_request **ret_req,
1448 struct ldb_context *ldb,
1449 TALLOC_CTX *mem_ctx,
1450 struct ldb_dn *base,
1451 enum ldb_scope scope,
1452 struct ldb_parse_tree *tree,
1453 const char * const *attrs,
1454 struct ldb_control **controls,
1455 void *context,
1456 ldb_request_callback_t callback,
1457 struct ldb_request *parent)
1458 {
1459 struct ldb_request *req;
1460
1461 *ret_req = NULL;
1462
1463 req = ldb_build_req_common(mem_ctx, ldb, controls,
1464 context, callback, parent);
1465 if (req == NULL) {
1466 ldb_oom(ldb);
1467 return LDB_ERR_OPERATIONS_ERROR;
1468 }
1469
1470 req->operation = LDB_SEARCH;
1471 if (base == NULL) {
1472 req->op.search.base = ldb_dn_new(req, ldb, NULL);
1473 } else {
1474 req->op.search.base = base;
1475 }
1476 req->op.search.scope = scope;
1477
1478 req->op.search.tree = tree;
1479 if (req->op.search.tree == NULL) {
1480 ldb_set_errstring(ldb, "'tree' can't be NULL");
1481 talloc_free(req);
1482 return LDB_ERR_OPERATIONS_ERROR;
1483 }
1484
1485 req->op.search.attrs = attrs;
1486 *ret_req = req;
1487 return LDB_SUCCESS;
1488 }
1489
ldb_build_search_req(struct ldb_request ** ret_req,struct ldb_context * ldb,TALLOC_CTX * mem_ctx,struct ldb_dn * base,enum ldb_scope scope,const char * expression,const char * const * attrs,struct ldb_control ** controls,void * context,ldb_request_callback_t callback,struct ldb_request * parent)1490 int ldb_build_search_req(struct ldb_request **ret_req,
1491 struct ldb_context *ldb,
1492 TALLOC_CTX *mem_ctx,
1493 struct ldb_dn *base,
1494 enum ldb_scope scope,
1495 const char *expression,
1496 const char * const *attrs,
1497 struct ldb_control **controls,
1498 void *context,
1499 ldb_request_callback_t callback,
1500 struct ldb_request *parent)
1501 {
1502 struct ldb_parse_tree *tree;
1503 int ret;
1504
1505 tree = ldb_parse_tree(mem_ctx, expression);
1506 if (tree == NULL) {
1507 ldb_set_errstring(ldb, "Unable to parse search expression");
1508 return LDB_ERR_OPERATIONS_ERROR;
1509 }
1510
1511 ret = ldb_build_search_req_ex(ret_req, ldb, mem_ctx, base,
1512 scope, tree, attrs, controls,
1513 context, callback, parent);
1514 if (ret == LDB_SUCCESS) {
1515 talloc_steal(*ret_req, tree);
1516 }
1517 return ret;
1518 }
1519
ldb_build_add_req(struct ldb_request ** ret_req,struct ldb_context * ldb,TALLOC_CTX * mem_ctx,const struct ldb_message * message,struct ldb_control ** controls,void * context,ldb_request_callback_t callback,struct ldb_request * parent)1520 int ldb_build_add_req(struct ldb_request **ret_req,
1521 struct ldb_context *ldb,
1522 TALLOC_CTX *mem_ctx,
1523 const struct ldb_message *message,
1524 struct ldb_control **controls,
1525 void *context,
1526 ldb_request_callback_t callback,
1527 struct ldb_request *parent)
1528 {
1529 struct ldb_request *req;
1530
1531 *ret_req = NULL;
1532
1533 req = ldb_build_req_common(mem_ctx, ldb, controls,
1534 context, callback, parent);
1535 if (req == NULL) {
1536 ldb_set_errstring(ldb, "Out of Memory");
1537 return LDB_ERR_OPERATIONS_ERROR;
1538 }
1539
1540 req->operation = LDB_ADD;
1541 req->op.add.message = message;
1542 *ret_req = req;
1543 return LDB_SUCCESS;
1544 }
1545
ldb_build_mod_req(struct ldb_request ** ret_req,struct ldb_context * ldb,TALLOC_CTX * mem_ctx,const struct ldb_message * message,struct ldb_control ** controls,void * context,ldb_request_callback_t callback,struct ldb_request * parent)1546 int ldb_build_mod_req(struct ldb_request **ret_req,
1547 struct ldb_context *ldb,
1548 TALLOC_CTX *mem_ctx,
1549 const struct ldb_message *message,
1550 struct ldb_control **controls,
1551 void *context,
1552 ldb_request_callback_t callback,
1553 struct ldb_request *parent)
1554 {
1555 struct ldb_request *req;
1556
1557 *ret_req = NULL;
1558
1559 req = ldb_build_req_common(mem_ctx, ldb, controls,
1560 context, callback, parent);
1561 if (req == NULL) {
1562 ldb_set_errstring(ldb, "Out of Memory");
1563 return LDB_ERR_OPERATIONS_ERROR;
1564 }
1565
1566 req->operation = LDB_MODIFY;
1567 req->op.mod.message = message;
1568
1569 *ret_req = req;
1570 return LDB_SUCCESS;
1571 }
1572
ldb_build_del_req(struct ldb_request ** ret_req,struct ldb_context * ldb,TALLOC_CTX * mem_ctx,struct ldb_dn * dn,struct ldb_control ** controls,void * context,ldb_request_callback_t callback,struct ldb_request * parent)1573 int ldb_build_del_req(struct ldb_request **ret_req,
1574 struct ldb_context *ldb,
1575 TALLOC_CTX *mem_ctx,
1576 struct ldb_dn *dn,
1577 struct ldb_control **controls,
1578 void *context,
1579 ldb_request_callback_t callback,
1580 struct ldb_request *parent)
1581 {
1582 struct ldb_request *req;
1583
1584 *ret_req = NULL;
1585
1586 req = ldb_build_req_common(mem_ctx, ldb, controls,
1587 context, callback, parent);
1588 if (req == NULL) {
1589 ldb_set_errstring(ldb, "Out of Memory");
1590 return LDB_ERR_OPERATIONS_ERROR;
1591 }
1592
1593 req->operation = LDB_DELETE;
1594 req->op.del.dn = dn;
1595 *ret_req = req;
1596 return LDB_SUCCESS;
1597 }
1598
ldb_build_rename_req(struct ldb_request ** ret_req,struct ldb_context * ldb,TALLOC_CTX * mem_ctx,struct ldb_dn * olddn,struct ldb_dn * newdn,struct ldb_control ** controls,void * context,ldb_request_callback_t callback,struct ldb_request * parent)1599 int ldb_build_rename_req(struct ldb_request **ret_req,
1600 struct ldb_context *ldb,
1601 TALLOC_CTX *mem_ctx,
1602 struct ldb_dn *olddn,
1603 struct ldb_dn *newdn,
1604 struct ldb_control **controls,
1605 void *context,
1606 ldb_request_callback_t callback,
1607 struct ldb_request *parent)
1608 {
1609 struct ldb_request *req;
1610
1611 *ret_req = NULL;
1612
1613 req = ldb_build_req_common(mem_ctx, ldb, controls,
1614 context, callback, parent);
1615 if (req == NULL) {
1616 ldb_set_errstring(ldb, "Out of Memory");
1617 return LDB_ERR_OPERATIONS_ERROR;
1618 }
1619
1620 req->operation = LDB_RENAME;
1621 req->op.rename.olddn = olddn;
1622 req->op.rename.newdn = newdn;
1623 *ret_req = req;
1624 return LDB_SUCCESS;
1625 }
1626
ldb_extended_default_callback(struct ldb_request * req,struct ldb_reply * ares)1627 int ldb_extended_default_callback(struct ldb_request *req,
1628 struct ldb_reply *ares)
1629 {
1630 struct ldb_result *res;
1631
1632 res = talloc_get_type(req->context, struct ldb_result);
1633
1634 if (!ares) {
1635 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1636 }
1637 if (ares->error != LDB_SUCCESS) {
1638 return ldb_request_done(req, ares->error);
1639 }
1640
1641 if (ares->type == LDB_REPLY_DONE) {
1642
1643 /* TODO: we should really support controls on entries and referrals too! */
1644 res->extended = talloc_move(res, &ares->response);
1645 res->controls = talloc_move(res, &ares->controls);
1646
1647 talloc_free(ares);
1648 return ldb_request_done(req, LDB_SUCCESS);
1649 }
1650
1651 talloc_free(ares);
1652 ldb_asprintf_errstring(req->handle->ldb, "Invalid LDB reply type %d", ares->type);
1653 return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
1654 }
1655
ldb_build_extended_req(struct ldb_request ** ret_req,struct ldb_context * ldb,TALLOC_CTX * mem_ctx,const char * oid,void * data,struct ldb_control ** controls,void * context,ldb_request_callback_t callback,struct ldb_request * parent)1656 int ldb_build_extended_req(struct ldb_request **ret_req,
1657 struct ldb_context *ldb,
1658 TALLOC_CTX *mem_ctx,
1659 const char *oid,
1660 void *data,
1661 struct ldb_control **controls,
1662 void *context,
1663 ldb_request_callback_t callback,
1664 struct ldb_request *parent)
1665 {
1666 struct ldb_request *req;
1667
1668 *ret_req = NULL;
1669
1670 req = ldb_build_req_common(mem_ctx, ldb, controls,
1671 context, callback, parent);
1672 if (req == NULL) {
1673 ldb_set_errstring(ldb, "Out of Memory");
1674 return LDB_ERR_OPERATIONS_ERROR;
1675 }
1676
1677 req->operation = LDB_EXTENDED;
1678 req->op.extended.oid = oid;
1679 req->op.extended.data = data;
1680 *ret_req = req;
1681 return LDB_SUCCESS;
1682 }
1683
ldb_extended(struct ldb_context * ldb,const char * oid,void * data,struct ldb_result ** _res)1684 int ldb_extended(struct ldb_context *ldb,
1685 const char *oid,
1686 void *data,
1687 struct ldb_result **_res)
1688 {
1689 struct ldb_request *req;
1690 int ret;
1691 struct ldb_result *res;
1692
1693 *_res = NULL;
1694 req = NULL;
1695
1696 res = talloc_zero(ldb, struct ldb_result);
1697 if (!res) {
1698 return LDB_ERR_OPERATIONS_ERROR;
1699 }
1700
1701 ret = ldb_build_extended_req(&req, ldb, ldb,
1702 oid, data, NULL,
1703 res, ldb_extended_default_callback,
1704 NULL);
1705 ldb_req_set_location(req, "ldb_extended");
1706
1707 if (ret != LDB_SUCCESS) goto done;
1708
1709 ldb_set_timeout(ldb, req, 0); /* use default timeout */
1710
1711 ret = ldb_request(ldb, req);
1712
1713 if (ret == LDB_SUCCESS) {
1714 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
1715 }
1716
1717 done:
1718 if (ret != LDB_SUCCESS) {
1719 talloc_free(res);
1720 res = NULL;
1721 }
1722
1723 talloc_free(req);
1724
1725 *_res = res;
1726 return ret;
1727 }
1728
1729 /*
1730 note that ldb_search() will automatically replace a NULL 'base' value
1731 with the defaultNamingContext from the rootDSE if available.
1732 */
ldb_search(struct ldb_context * ldb,TALLOC_CTX * mem_ctx,struct ldb_result ** result,struct ldb_dn * base,enum ldb_scope scope,const char * const * attrs,const char * exp_fmt,...)1733 int ldb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
1734 struct ldb_result **result, struct ldb_dn *base,
1735 enum ldb_scope scope, const char * const *attrs,
1736 const char *exp_fmt, ...)
1737 {
1738 struct ldb_request *req;
1739 struct ldb_result *res;
1740 char *expression;
1741 va_list ap;
1742 int ret;
1743
1744 expression = NULL;
1745 *result = NULL;
1746 req = NULL;
1747
1748 res = talloc_zero(mem_ctx, struct ldb_result);
1749 if (!res) {
1750 return LDB_ERR_OPERATIONS_ERROR;
1751 }
1752
1753 if (exp_fmt) {
1754 va_start(ap, exp_fmt);
1755 expression = talloc_vasprintf(mem_ctx, exp_fmt, ap);
1756 va_end(ap);
1757
1758 if (!expression) {
1759 talloc_free(res);
1760 return LDB_ERR_OPERATIONS_ERROR;
1761 }
1762 }
1763
1764 ret = ldb_build_search_req(&req, ldb, mem_ctx,
1765 base?base:ldb_get_default_basedn(ldb),
1766 scope,
1767 expression,
1768 attrs,
1769 NULL,
1770 res,
1771 ldb_search_default_callback,
1772 NULL);
1773 ldb_req_set_location(req, "ldb_search");
1774
1775 if (ret != LDB_SUCCESS) goto done;
1776
1777 ret = ldb_request(ldb, req);
1778
1779 if (ret == LDB_SUCCESS) {
1780 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
1781 }
1782
1783 done:
1784 if (ret != LDB_SUCCESS) {
1785 talloc_free(res);
1786 res = NULL;
1787 }
1788
1789 talloc_free(expression);
1790 talloc_free(req);
1791
1792 *result = res;
1793 return ret;
1794 }
1795
1796 /*
1797 add a record to the database. Will fail if a record with the given class
1798 and key already exists
1799 */
ldb_add(struct ldb_context * ldb,const struct ldb_message * message)1800 int ldb_add(struct ldb_context *ldb,
1801 const struct ldb_message *message)
1802 {
1803 struct ldb_request *req;
1804 int ret;
1805
1806 ret = ldb_msg_sanity_check(ldb, message);
1807 if (ret != LDB_SUCCESS) {
1808 return ret;
1809 }
1810
1811 ret = ldb_build_add_req(&req, ldb, ldb,
1812 message,
1813 NULL,
1814 NULL,
1815 ldb_op_default_callback,
1816 NULL);
1817 ldb_req_set_location(req, "ldb_add");
1818
1819 if (ret != LDB_SUCCESS) return ret;
1820
1821 /* do request and autostart a transaction */
1822 ret = ldb_autotransaction_request(ldb, req);
1823
1824 talloc_free(req);
1825 return ret;
1826 }
1827
1828 /*
1829 modify the specified attributes of a record
1830 */
ldb_modify(struct ldb_context * ldb,const struct ldb_message * message)1831 int ldb_modify(struct ldb_context *ldb,
1832 const struct ldb_message *message)
1833 {
1834 struct ldb_request *req;
1835 int ret;
1836
1837 ret = ldb_msg_sanity_check(ldb, message);
1838 if (ret != LDB_SUCCESS) {
1839 return ret;
1840 }
1841
1842 ret = ldb_build_mod_req(&req, ldb, ldb,
1843 message,
1844 NULL,
1845 NULL,
1846 ldb_op_default_callback,
1847 NULL);
1848 ldb_req_set_location(req, "ldb_modify");
1849
1850 if (ret != LDB_SUCCESS) return ret;
1851
1852 /* do request and autostart a transaction */
1853 ret = ldb_autotransaction_request(ldb, req);
1854
1855 talloc_free(req);
1856 return ret;
1857 }
1858
1859
1860 /*
1861 delete a record from the database
1862 */
ldb_delete(struct ldb_context * ldb,struct ldb_dn * dn)1863 int ldb_delete(struct ldb_context *ldb, struct ldb_dn *dn)
1864 {
1865 struct ldb_request *req;
1866 int ret;
1867
1868 ret = ldb_build_del_req(&req, ldb, ldb,
1869 dn,
1870 NULL,
1871 NULL,
1872 ldb_op_default_callback,
1873 NULL);
1874 ldb_req_set_location(req, "ldb_delete");
1875
1876 if (ret != LDB_SUCCESS) return ret;
1877
1878 /* do request and autostart a transaction */
1879 ret = ldb_autotransaction_request(ldb, req);
1880
1881 talloc_free(req);
1882 return ret;
1883 }
1884
1885 /*
1886 rename a record in the database
1887 */
ldb_rename(struct ldb_context * ldb,struct ldb_dn * olddn,struct ldb_dn * newdn)1888 int ldb_rename(struct ldb_context *ldb,
1889 struct ldb_dn *olddn, struct ldb_dn *newdn)
1890 {
1891 struct ldb_request *req;
1892 int ret;
1893
1894 ret = ldb_build_rename_req(&req, ldb, ldb,
1895 olddn,
1896 newdn,
1897 NULL,
1898 NULL,
1899 ldb_op_default_callback,
1900 NULL);
1901 ldb_req_set_location(req, "ldb_rename");
1902
1903 if (ret != LDB_SUCCESS) return ret;
1904
1905 /* do request and autostart a transaction */
1906 ret = ldb_autotransaction_request(ldb, req);
1907
1908 talloc_free(req);
1909 return ret;
1910 }
1911
1912
1913 /*
1914 return the global sequence number
1915 */
ldb_sequence_number(struct ldb_context * ldb,enum ldb_sequence_type type,uint64_t * seq_num)1916 int ldb_sequence_number(struct ldb_context *ldb,
1917 enum ldb_sequence_type type, uint64_t *seq_num)
1918 {
1919 struct ldb_seqnum_request *seq;
1920 struct ldb_seqnum_result *seqr;
1921 struct ldb_result *res;
1922 TALLOC_CTX *tmp_ctx;
1923 int ret;
1924
1925 *seq_num = 0;
1926
1927 tmp_ctx = talloc_zero(ldb, struct ldb_request);
1928 if (tmp_ctx == NULL) {
1929 ldb_set_errstring(ldb, "Out of Memory");
1930 return LDB_ERR_OPERATIONS_ERROR;
1931 }
1932 seq = talloc_zero(tmp_ctx, struct ldb_seqnum_request);
1933 if (seq == NULL) {
1934 ldb_set_errstring(ldb, "Out of Memory");
1935 ret = LDB_ERR_OPERATIONS_ERROR;
1936 goto done;
1937 }
1938 seq->type = type;
1939
1940 ret = ldb_extended(ldb, LDB_EXTENDED_SEQUENCE_NUMBER, seq, &res);
1941 if (ret != LDB_SUCCESS) {
1942 goto done;
1943 }
1944 talloc_steal(tmp_ctx, res);
1945
1946 if (strcmp(LDB_EXTENDED_SEQUENCE_NUMBER, res->extended->oid) != 0) {
1947 ldb_set_errstring(ldb, "Invalid OID in reply");
1948 ret = LDB_ERR_OPERATIONS_ERROR;
1949 goto done;
1950 }
1951 seqr = talloc_get_type(res->extended->data,
1952 struct ldb_seqnum_result);
1953 *seq_num = seqr->seq_num;
1954
1955 done:
1956 talloc_free(tmp_ctx);
1957 return ret;
1958 }
1959
1960 /*
1961 return extended error information
1962 */
ldb_errstring(struct ldb_context * ldb)1963 const char *ldb_errstring(struct ldb_context *ldb)
1964 {
1965 if (ldb->err_string) {
1966 return ldb->err_string;
1967 }
1968
1969 return NULL;
1970 }
1971
1972 /*
1973 return a string explaining what a ldb error constant meancs
1974 */
ldb_strerror(int ldb_err)1975 const char *ldb_strerror(int ldb_err)
1976 {
1977 switch (ldb_err) {
1978 case LDB_SUCCESS:
1979 return "Success";
1980 case LDB_ERR_OPERATIONS_ERROR:
1981 return "Operations error";
1982 case LDB_ERR_PROTOCOL_ERROR:
1983 return "Protocol error";
1984 case LDB_ERR_TIME_LIMIT_EXCEEDED:
1985 return "Time limit exceeded";
1986 case LDB_ERR_SIZE_LIMIT_EXCEEDED:
1987 return "Size limit exceeded";
1988 case LDB_ERR_COMPARE_FALSE:
1989 return "Compare false";
1990 case LDB_ERR_COMPARE_TRUE:
1991 return "Compare true";
1992 case LDB_ERR_AUTH_METHOD_NOT_SUPPORTED:
1993 return "Auth method not supported";
1994 case LDB_ERR_STRONG_AUTH_REQUIRED:
1995 return "Strong auth required";
1996 /* 9 RESERVED */
1997 case LDB_ERR_REFERRAL:
1998 return "Referral error";
1999 case LDB_ERR_ADMIN_LIMIT_EXCEEDED:
2000 return "Admin limit exceeded";
2001 case LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION:
2002 return "Unsupported critical extension";
2003 case LDB_ERR_CONFIDENTIALITY_REQUIRED:
2004 return "Confidentiality required";
2005 case LDB_ERR_SASL_BIND_IN_PROGRESS:
2006 return "SASL bind in progress";
2007 case LDB_ERR_NO_SUCH_ATTRIBUTE:
2008 return "No such attribute";
2009 case LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE:
2010 return "Undefined attribute type";
2011 case LDB_ERR_INAPPROPRIATE_MATCHING:
2012 return "Inappropriate matching";
2013 case LDB_ERR_CONSTRAINT_VIOLATION:
2014 return "Constraint violation";
2015 case LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS:
2016 return "Attribute or value exists";
2017 case LDB_ERR_INVALID_ATTRIBUTE_SYNTAX:
2018 return "Invalid attribute syntax";
2019 /* 22-31 unused */
2020 case LDB_ERR_NO_SUCH_OBJECT:
2021 return "No such object";
2022 case LDB_ERR_ALIAS_PROBLEM:
2023 return "Alias problem";
2024 case LDB_ERR_INVALID_DN_SYNTAX:
2025 return "Invalid DN syntax";
2026 /* 35 RESERVED */
2027 case LDB_ERR_ALIAS_DEREFERENCING_PROBLEM:
2028 return "Alias dereferencing problem";
2029 /* 37-47 unused */
2030 case LDB_ERR_INAPPROPRIATE_AUTHENTICATION:
2031 return "Inappropriate authentication";
2032 case LDB_ERR_INVALID_CREDENTIALS:
2033 return "Invalid credentials";
2034 case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
2035 return "insufficient access rights";
2036 case LDB_ERR_BUSY:
2037 return "Busy";
2038 case LDB_ERR_UNAVAILABLE:
2039 return "Unavailable";
2040 case LDB_ERR_UNWILLING_TO_PERFORM:
2041 return "Unwilling to perform";
2042 case LDB_ERR_LOOP_DETECT:
2043 return "Loop detect";
2044 /* 55-63 unused */
2045 case LDB_ERR_NAMING_VIOLATION:
2046 return "Naming violation";
2047 case LDB_ERR_OBJECT_CLASS_VIOLATION:
2048 return "Object class violation";
2049 case LDB_ERR_NOT_ALLOWED_ON_NON_LEAF:
2050 return "Not allowed on non-leaf";
2051 case LDB_ERR_NOT_ALLOWED_ON_RDN:
2052 return "Not allowed on RDN";
2053 case LDB_ERR_ENTRY_ALREADY_EXISTS:
2054 return "Entry already exists";
2055 case LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED:
2056 return "Object class mods prohibited";
2057 /* 70 RESERVED FOR CLDAP */
2058 case LDB_ERR_AFFECTS_MULTIPLE_DSAS:
2059 return "Affects multiple DSAs";
2060 /* 72-79 unused */
2061 case LDB_ERR_OTHER:
2062 return "Other";
2063 }
2064
2065 return "Unknown error";
2066 }
2067
2068 /*
2069 set backend specific opaque parameters
2070 */
ldb_set_opaque(struct ldb_context * ldb,const char * name,void * value)2071 int ldb_set_opaque(struct ldb_context *ldb, const char *name, void *value)
2072 {
2073 struct ldb_opaque *o;
2074
2075 /* allow updating an existing value */
2076 for (o=ldb->opaque;o;o=o->next) {
2077 if (strcmp(o->name, name) == 0) {
2078 o->value = value;
2079 return LDB_SUCCESS;
2080 }
2081 }
2082
2083 o = talloc(ldb, struct ldb_opaque);
2084 if (o == NULL) {
2085 ldb_oom(ldb);
2086 return LDB_ERR_OTHER;
2087 }
2088 o->next = ldb->opaque;
2089 o->name = name;
2090 o->value = value;
2091 ldb->opaque = o;
2092 return LDB_SUCCESS;
2093 }
2094
2095 /*
2096 get a previously set opaque value
2097 */
ldb_get_opaque(struct ldb_context * ldb,const char * name)2098 void *ldb_get_opaque(struct ldb_context *ldb, const char *name)
2099 {
2100 struct ldb_opaque *o;
2101 for (o=ldb->opaque;o;o=o->next) {
2102 if (strcmp(o->name, name) == 0) {
2103 return o->value;
2104 }
2105 }
2106 return NULL;
2107 }
2108
ldb_global_init(void)2109 int ldb_global_init(void)
2110 {
2111 /* Provided for compatibility with some older versions of ldb */
2112 return 0;
2113 }
2114
2115 /* return the ldb flags */
ldb_get_flags(struct ldb_context * ldb)2116 unsigned int ldb_get_flags(struct ldb_context *ldb)
2117 {
2118 return ldb->flags;
2119 }
2120
2121 /* set the ldb flags */
ldb_set_flags(struct ldb_context * ldb,unsigned flags)2122 void ldb_set_flags(struct ldb_context *ldb, unsigned flags)
2123 {
2124 ldb->flags = flags;
2125 }
2126
2127
2128 /*
2129 set the location in a ldb request. Used for debugging
2130 */
ldb_req_set_location(struct ldb_request * req,const char * location)2131 void ldb_req_set_location(struct ldb_request *req, const char *location)
2132 {
2133 if (req && req->handle) {
2134 req->handle->location = location;
2135 }
2136 }
2137
2138 /*
2139 return the location set with dsdb_req_set_location
2140 */
ldb_req_location(struct ldb_request * req)2141 const char *ldb_req_location(struct ldb_request *req)
2142 {
2143 return req->handle->location;
2144 }
2145
2146 /**
2147 mark a request as untrusted. This tells the rootdse module to remove
2148 unregistered controls
2149 */
ldb_req_mark_untrusted(struct ldb_request * req)2150 void ldb_req_mark_untrusted(struct ldb_request *req)
2151 {
2152 req->handle->flags |= LDB_HANDLE_FLAG_UNTRUSTED;
2153 }
2154
2155 /**
2156 mark a request as trusted.
2157 */
ldb_req_mark_trusted(struct ldb_request * req)2158 void ldb_req_mark_trusted(struct ldb_request *req)
2159 {
2160 req->handle->flags &= ~LDB_HANDLE_FLAG_UNTRUSTED;
2161 }
2162
2163 /**
2164 set custom flags. Those flags are set by applications using ldb,
2165 they are application dependent and the same bit can have different
2166 meaning in different application.
2167 */
ldb_req_set_custom_flags(struct ldb_request * req,uint32_t flags)2168 void ldb_req_set_custom_flags(struct ldb_request *req, uint32_t flags)
2169 {
2170 if (req != NULL && req->handle != NULL) {
2171 req->handle->custom_flags = flags;
2172 }
2173 }
2174
2175
2176 /**
2177 get custom flags. Those flags are set by applications using ldb,
2178 they are application dependent and the same bit can have different
2179 meaning in different application.
2180 */
ldb_req_get_custom_flags(struct ldb_request * req)2181 uint32_t ldb_req_get_custom_flags(struct ldb_request *req)
2182 {
2183 if (req != NULL && req->handle != NULL) {
2184 return req->handle->custom_flags;
2185 }
2186
2187 /*
2188 * 0 is not something any better or worse than
2189 * anything else as req or the handle is NULL
2190 */
2191 return 0;
2192 }
2193
2194
2195 /**
2196 * return true if a request is untrusted
2197 */
ldb_req_is_untrusted(struct ldb_request * req)2198 bool ldb_req_is_untrusted(struct ldb_request *req)
2199 {
2200 return (req->handle->flags & LDB_HANDLE_FLAG_UNTRUSTED) != 0;
2201 }
2202