| blob | ad70fba407b817ac28504ae4b27aa1a58bc5e81b |
1 /*
2 ldb database library
4 Copyright (C) Simo Sorce 2008
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
8 ** under the LGPL
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
22 */
24 /*
25 * Name: ldb
26 *
27 * Component: ldb module header
28 *
29 * Description: defines ldb modules structures and helpers
30 *
31 */
33 #ifndef _LDB_MODULE_H_
34 #define _LDB_MODULE_H_
36 #include <ldb.h>
38 #if defined(_SAMBA_BUILD_) && defined(USING_SYSTEM_LDB)
40 /*
41 * Versions before 1.2.0 doesn't define these values
42 * so we assume 1.1.29 (which was used in Samba 4.6)
43 *
44 * See https://bugzilla.samba.org/show_bug.cgi?id=12859
45 */
46 #ifndef EXPECTED_SYSTEM_LDB_VERSION_MAJOR
47 #define EXPECTED_SYSTEM_LDB_VERSION_MAJOR 1
48 #endif
49 #ifndef EXPECTED_SYSTEM_LDB_VERSION_MINOR
50 #define EXPECTED_SYSTEM_LDB_VERSION_MINOR 1
51 #endif
52 #ifndef EXPECTED_SYSTEM_LDB_VERSION_MINOR
53 #define EXPECTED_SYSTEM_LDB_VERSION_MINOR 29
54 #endif
56 /*
57 * Only Samba versions which expect ldb >= 1.4.0
58 * reopen the ldb after each fork().
59 *
60 * See https://bugzilla.samba.org/show_bug.cgi?id=13519
61 */
62 #if EXPECTED_SYSTEM_LDB_VERSION_MAJOR > 1
63 #define __LDB_FORK_COMPATIBLE__ 1
64 #elif EXPECTED_SYSTEM_LDB_VERSION_MINOR > 3
65 #define __LDB_FORK_COMPATIBLE__ 1
66 #endif
67 #ifndef __LDB_FORK_COMPATIBLE__
68 #error "Samba < 4.9 is not compatible with this version of ldb due to assumptions around fork() behaviour"
69 #endif
76 /**
77 internal flag bits on message elements. Must be within LDB_FLAG_INTERNAL_MASK
78 */
79 #define LDB_FLAG_INTERNAL_DISABLE_VALIDATION 0x10
81 /* disable any single value checking on this attribute */
82 #define LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK 0x20
84 /* attribute has failed access check and must not be exposed */
85 #define LDB_FLAG_INTERNAL_INACCESSIBLE_ATTRIBUTE 0x40
87 /* force single value checking on this attribute */
88 #define LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK 0x80
90 /*
91 * ensure that this value is unique on an index
92 * (despite the index not otherwise being configured as UNIQUE).
93 * For example, all words starting with 'a' must be unique, but duplicates of
94 * words starting with b are allowed. This is specifically for Samba's
95 * objectSid index which is unique in the primary domain only.
96 */
97 #define LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX 0x100
99 /*
100 * indicates that this element's values are shared with another element (for
101 * example, in a shallow copy of an ldb_message) and should not be freed
102 */
103 #define LDB_FLAG_INTERNAL_SHARED_VALUES 0x200
105 /*
106 * this attribute has been access checked. Used internally in Samba aclread
107 * module.
108 */
109 #define LDB_FLAG_INTERNAL_ACCESS_CHECKED 0x400
111 /* an extended match rule that always fails to match */
114 /* The const char * const * pointer to a list of secret (password)
115 * attributes, not to be printed in trace messages */
118 /*
119 * The scheme to be used for referral entries, i.e. ldap or ldaps
120 */
123 /*
124 these function pointers define the operations that a ldb module can intercept
125 */
144 };
147 /* The following definitions come from lib/ldb/common/ldb_debug.c */
148 void ldb_debug(struct ldb_context *ldb, enum ldb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4);
153 void ldb_vdebug(struct ldb_context *ldb, enum ldb_debug_level level, const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3, 0);
155 #define ldb_error(ldb, ecode, reason) ldb_error_at(ldb, ecode, reason, __FILE__, __LINE__)
156 #define ldb_module_error(module, ecode, reason) ldb_error_at(ldb_module_get_ctx(module), ecode, reason, __FILE__, __LINE__)
159 #define ldb_module_oom(module) ldb_oom(ldb_module_get_ctx(module))
161 #define ldb_module_operr(module) ldb_error(ldb_module_get_ctx(module), LDB_ERR_OPERATIONS_ERROR, "operations error")
163 /* The following definitions come from lib/ldb/common/ldb.c */
173 /* The following definitions come from lib/ldb/common/ldb_attributes.c */
185 /* we allow external code to override the name -> schema_attribute function */
186 typedef const struct ldb_schema_attribute *(*ldb_attribute_handler_override_fn_t)(struct ldb_context *, void *, const char *);
188 /**
189 Allow the caller to define a callback for the attribute handler
191 \param ldb The ldb context
192 \param override The callback to be used for attribute lookups
193 \param private_data Private data for the callback
195 */
197 ldb_attribute_handler_override_fn_t override,
200 /**
201 Allow the caller to define that the callback for the attribute handler
202 also overrides the index list
204 \param ldb The ldb context
205 \param one_level_indexes Indicates that the index for SCOPE_ONELEVEL
206 should also be maintained
208 */
212 /**
214 \param ldb The ldb context
215 \param GUID_index_attribute The globally attribute (eg objectGUID)
216 on each entry
217 \param GUID_index_attribute The DN component matching the
218 globally attribute on each entry (eg GUID)
220 The caller must ensure the supplied strings do not go out of
221 scope (they are typically constant memory).
223 */
228 /* A useful function to build comparison functions with */
230 ldb_attr_handler_t canonicalise_fn,
234 /* The following definitions come from lib/ldb/common/ldb_controls.c */
235 int ldb_save_controls(struct ldb_control *exclude, struct ldb_request *req, struct ldb_control ***saver);
236 /* Returns a list of controls, except the one specified. Included
237 * controls become a child of returned list if they were children of
238 * controls_in */
244 /* The following definitions come from lib/ldb/common/ldb_ldif.c */
247 /* The following definitions come from lib/ldb/common/ldb_match.c */
266 /* The following definitions come from lib/ldb/common/ldb_modules.c */
289 void ldb_asprintf_errstring(struct ldb_context *ldb, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
291 int ldb_error_at(struct ldb_context *ldb, int ecode, const char *reason, const char *file, int line);
301 /**
302 Require that LDB use a private event context for each request
304 A private event context may need to be created to avoid nested event
305 loops during ldb_tdb with the locks held. This indicates that a
306 backend is in use that requires this to hold locks safely.
308 \param handle The ldb handle to set the flag on
309 */
314 ldb_connect_fn connect_fn;
315 };
323 /**
324 Obtains the private event context for the handle,
326 A private event context may have been created to avoid nested event
327 loops during ldb_tdb with the locks held. Otherwise return the
328 global one.
330 \param handle The ldb handle to obtain the event context for
331 \return the tevent event context for this handle (private or global)
332 */
350 /**
351 Add a ldb_control to a ldb_reply
353 \param ares the reply struct where to add the control
354 \param oid the object identifier of the control as string
355 \param critical whether the control should be critical or not
356 \param data a talloc pointer to the control specific data
358 \return result code (LDB_SUCCESS on success, or a failure code)
359 */
362 /**
363 mark a request as untrusted.
365 This tells the rootdse module to remove unregistered controls
367 \param req the request to mark as untrusted
368 */
371 /**
372 mark a request as trusted.
374 This tells the rootdse module to allow unregistered controls
376 \param req the request to mark as trusted
377 */
380 /**
381 return true if a request is untrusted
383 This indicates the request came across a trust boundary
384 for example over LDAP
386 \param req the request to check
387 \return is req trusted
388 */
391 /**
392 set custom flags. Those flags are set by applications using ldb,
393 they are application dependent and the same bit can have different
394 meaning in different application.
395 */
398 /**
399 get custom flags. Those flags are set by applications using ldb,
400 they are application dependent and the same bit can have different
401 meaning in different application.
402 */
405 /* load all modules from the given directory */
408 /* init functions prototype */
411 /*
412 general ldb hook function
413 */
420 /*
421 register a ldb hook function
422 */
425 /*
426 call ldb hooks of a given type
427 */
430 #define LDB_MODULE_CHECK_VERSION(version) do { \
431 if (strcmp(version, LDB_VERSION) != 0) { \
433 __FILE__, version, LDB_VERSION); \
434 return LDB_ERR_UNAVAILABLE; \
435 }} while (0)
438 /*
439 return a string representation of the calling chain for the given
440 ldb request
441 */
444 /*
445 return the next module in the chain
446 */
449 /*
450 set the next module in the module chain
451 */
454 /*
455 load a list of modules
456 */
460 /*
461 get the popt_options pointer in the ldb structure. This allows a ldb
462 module to change the command line parsing
463 */
466 /* modules are called in inverse order on the stack.
467 Lets place them as an admin would think the right order is.
468 Modules order is important */
469 const char **ldb_modules_list_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *string);
471 /*
472 return the current ldb flags LDB_FLG_*
473 */
481 /*
482 initialise a chain of modules
483 */
486 /*
487 * prototype for the init function defined by dynamically loaded modules
488 */
491 /* replace the components of a DN with those from another DN, without
492 * touching the extended components
493 *
494 * return true if successful and false if not
495 * if false is returned the dn may be marked invalid
496 */
499 /* Get the attribute (if any) associated with the top node of a parse tree. */
502 /*
503 walk a parse tree, calling the provided callback on each node
504 */
509 /* compare two message elements with ordering - used by modify */
514 struct ldb_extended_match_rule
515 {
520 };
531 ldb_redact_fn redact_fn,
534 /*
535 * these pack/unpack functions are exposed in the library for use by
536 * ldb tools like ldbdump and for use in tests,
537 * but are not part of the public API
538 */
543 /*
544 * Unpack a ldb message from a linear buffer in ldb_val
545 */
550 /*
551 * filter the specified list of attributes from msg,
552 * adding requested attributes, and perhaps all for *,
553 * but not the DN to filtered_msg.
554 */
560 /*
561 * filter the specified list of attributes from msg,
562 * adding requested attributes, and perhaps all for *.
563 * Unlike ldb_filter_attrs(), the DN will not be added
564 * if it is missing.
565 */
569 /* Have an unpacked ldb message take talloc ownership of its elements. */
572 /*
573 * Unpack a ldb message from a linear buffer in ldb_val
574 *
575 * If LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC is specified, then values
576 * array are not allocated individually (for single-valued
577 * attributes), instead they point into a single buffer per message.
578 *
579 * Likewise if LDB_UNPACK_DATA_FLAG_NO_DN is specified, the DN is omitted.
580 *
581 * If LDB_UNPACK_DATA_FLAG_NO_ATTRS is specified, then no attributes
582 * are unpacked or returned.
583 *
584 */
593 /* currently unused (was NO_DATA_ALLOC) 0x0001 */
594 #define LDB_UNPACK_DATA_FLAG_NO_DN 0x0002
595 #define LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC 0x0004
596 #define LDB_UNPACK_DATA_FLAG_NO_ATTRS 0x0008
597 #define LDB_UNPACK_DATA_FLAG_READ_LOCKED 0x0010
601 /* Old packing format (based on a somewhat arbitrary date) */
604 /* In-use packing formats */
605 LDB_PACKING_FORMAT,
606 LDB_PACKING_FORMAT_V2
607 };
609 /**
610 Forces a specific ldb handle to use the global event context.
612 This allows a nested event loop to operate, so any open
613 transaction also needs to be aborted.
615 Any events on this event context will be lost.
617 This is used in Samba when sending an IRPC to another part of the
618 same process instead of making a local DB modification.
620 \param handle The ldb handle to force to use the global context
622 */
625 /**
626 * Get the options passed to ldb_connect.
627 *
628 * This allows the options to be inspected by elements in the module stack
629 *
630 */
640 #endif