2 notification control module
4 Copyright (C) Stefan Metzmacher 2015
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "ldb/include/ldb.h"
23 #include "ldb/include/ldb_errors.h"
24 #include "ldb/include/ldb_module.h"
25 #include "dsdb/samdb/samdb.h"
26 #include "dsdb/samdb/ldb_modules/util.h"
28 struct dsdb_notification_cookie {
32 static int dsdb_notification_verify_tree(struct ldb_parse_tree *tree)
36 unsigned int num_ok = 0;
38 * these attributes are present on every object
39 * and windows accepts them.
41 * While [MS-ADTS] says only '(objectClass=*)'
44 static const char * const attrs_ok[] = {
52 switch (tree->operation) {
54 for (i = 0; i < tree->u.list.num_elements; i++) {
56 * all elements need to be valid
58 ret = dsdb_notification_verify_tree(tree->u.list.elements[i]);
59 if (ret != LDB_SUCCESS) {
66 for (i = 0; i < tree->u.list.num_elements; i++) {
68 * at least one element needs to be valid
70 ret = dsdb_notification_verify_tree(tree->u.list.elements[i]);
71 if (ret == LDB_SUCCESS) {
82 case LDB_OP_SUBSTRING:
87 ret = ldb_attr_in_list(attrs_ok, tree->u.present.attr);
98 return LDB_ERR_UNWILLING_TO_PERFORM;
101 static int dsdb_notification_filter_search(struct ldb_module *module,
102 struct ldb_request *req,
103 struct ldb_control *control)
105 struct ldb_context *ldb = ldb_module_get_ctx(module);
106 char *filter_usn = NULL;
107 struct ldb_parse_tree *down_tree = NULL;
108 struct ldb_request *down_req = NULL;
109 struct dsdb_notification_cookie *cookie = NULL;
112 if (req->op.search.tree == NULL) {
113 return dsdb_module_werror(module, LDB_ERR_OTHER,
114 WERR_DS_NOTIFY_FILTER_TOO_COMPLEX,
115 "Search filter missing.");
118 ret = dsdb_notification_verify_tree(req->op.search.tree);
119 if (ret != LDB_SUCCESS) {
120 return dsdb_module_werror(module, ret,
121 WERR_DS_NOTIFY_FILTER_TOO_COMPLEX,
122 "Search filter too complex.");
126 * For now we use a very simple design:
128 * - We don't do fully async ldb_requests,
129 * the caller needs to retry periodically!
130 * - The only useful caller is the LDAP server, which is a long
131 * running task that can do periodic retries.
132 * - We use a cookie in order to transfer state between the
134 * - We just search the available new objects each time we're
137 * As the only valid search filter is '(objectClass=*)' or
138 * something similar that matches every object, we simply
139 * replace it with (uSNChanged >= ) filter.
140 * We could improve this later if required...
144 * The ldap_control_handler() decode_flag_request for
145 * LDB_CONTROL_NOTIFICATION_OID. This makes sure
146 * notification_control->data is NULL when comming from
149 if (control->data == NULL) {
150 cookie = talloc_zero(control, struct dsdb_notification_cookie);
151 if (cookie == NULL) {
152 return ldb_module_oom(module);
154 control->data = (uint8_t *)cookie;
156 /* mark the control as done */
157 control->critical = 0;
160 cookie = talloc_get_type_abort(control->data,
161 struct dsdb_notification_cookie);
163 if (cookie->known_usn != 0) {
164 filter_usn = talloc_asprintf(req, "%llu",
165 (unsigned long long)(cookie->known_usn)+1);
166 if (filter_usn == NULL) {
167 return ldb_module_oom(module);
171 ret = ldb_sequence_number(ldb, LDB_SEQ_HIGHEST_SEQ,
173 if (ret != LDB_SUCCESS) {
177 if (filter_usn == NULL) {
179 * It's the first time, let the caller comeback later
180 * as we won't find any new objects.
182 return ldb_request_done(req, LDB_SUCCESS);
185 down_tree = talloc_zero(req, struct ldb_parse_tree);
186 if (down_tree == NULL) {
187 return ldb_module_oom(module);
189 down_tree->operation = LDB_OP_GREATER;
190 down_tree->u.equality.attr = "uSNChanged";
191 down_tree->u.equality.value = data_blob_string_const(filter_usn);
192 talloc_move(down_req, &filter_usn);
194 ret = ldb_build_search_req_ex(&down_req, ldb, req,
196 req->op.search.scope,
198 req->op.search.attrs,
200 req, dsdb_next_callback,
202 LDB_REQ_SET_LOCATION(down_req);
203 if (ret != LDB_SUCCESS) {
207 /* perform the search */
208 return ldb_next_request(module, down_req);
211 static int dsdb_notification_search(struct ldb_module *module, struct ldb_request *req)
213 struct ldb_control *control = NULL;
215 if (ldb_dn_is_special(req->op.search.base)) {
216 return ldb_next_request(module, req);
220 * check if there's an extended dn control
222 control = ldb_request_get_control(req, LDB_CONTROL_NOTIFICATION_OID);
223 if (control == NULL) {
224 /* not found go on */
225 return ldb_next_request(module, req);
228 return dsdb_notification_filter_search(module, req, control);
231 static int dsdb_notification_init(struct ldb_module *module)
235 ret = ldb_mod_register_control(module, LDB_CONTROL_NOTIFICATION_OID);
236 if (ret != LDB_SUCCESS) {
237 struct ldb_context *ldb = ldb_module_get_ctx(module);
239 ldb_debug(ldb, LDB_DEBUG_ERROR,
240 "notification: Unable to register control with rootdse!\n");
241 return ldb_module_operr(module);
244 return ldb_next_init(module);
247 static const struct ldb_module_ops ldb_dsdb_notification_module_ops = {
248 .name = "dsdb_notification",
249 .search = dsdb_notification_search,
250 .init_context = dsdb_notification_init,
254 initialise the module
256 _PUBLIC_ int ldb_dsdb_notification_module_init(const char *version)
259 LDB_MODULE_CHECK_VERSION(version);
260 ret = ldb_register_module(&ldb_dsdb_notification_module_ops);