ldb database library
Copyright (C) Andrew Tridgell 2005
+ Copyright (C) Simo Sorce 2006
** NOTE! The following LGPL license applies to the ldb
** library. This does NOT imply that all of Samba is released
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
- version 2 of the License, or (at your option) any later version.
+ version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
/*
handle operational attributes
subschemaSubentry: HIDDEN, not-searchable,
- points at DN CN=Aggregate,CN=Schema,CN=Configuration,$BASEDN
+ points at DN CN=Aggregate,$SCHEMADN
for this one we do the search as normal, then add the static
value if requested. How do we work out the $BASEDN from inside a
for this one we do the search as normal, then if requested ask
for objectclass, change the attribute name, and add it
+ allowedAttributesEffective: HIDDEN, CONSTRUCTED, not-searchable,
+ list of attributes that can be modified - requires schema lookup
+
+
attributeTypes: in schema only
objectClasses: in schema only
matchingRules: in schema only
modifiersName: not supported by w2k3?
*/
+#include "ldb_includes.h"
-#include "includes.h"
-#include "ldb/include/ldb.h"
-#include "ldb/include/ldb_private.h"
-#include <time.h>
+/*
+ construct a canonical name from a message
+*/
+static int construct_canonical_name(struct ldb_module *module, struct ldb_message *msg)
+{
+ char *canonicalName;
+ canonicalName = ldb_dn_canonical_string(msg, msg->dn);
+ if (canonicalName == NULL) {
+ return -1;
+ }
+ return ldb_msg_add_steal_string(msg, "canonicalName", canonicalName);
+}
/*
a list of attribute names that should be substituted in the parse
{ "modifyTimestamp", "whenChanged" }
};
+
/*
a list of attribute names that are hidden, but can be searched for
using another (non-hidden) name to produce the correct result
static const struct {
const char *attr;
const char *replace;
+ int (*constructor)(struct ldb_module *, struct ldb_message *);
} search_sub[] = {
- { "createTimestamp", "whenCreated" },
- { "modifyTimestamp", "whenChanged" },
- { "structuralObjectClass", "objectClass" }
+ { "createTimestamp", "whenCreated", NULL },
+ { "modifyTimestamp", "whenChanged", NULL },
+ { "structuralObjectClass", "objectClass", NULL },
+ { "canonicalName", "distinguishedName", construct_canonical_name }
};
/*
- hook search operations
+ post process a search result record. For any search_sub[] attributes that were
+ asked for, we need to call the appropriate copy routine to copy the result
+ into the message, then remove any attributes that we added to the search but were
+ not asked for by the user
*/
-static int operational_search_bytree(struct ldb_module *module,
- const struct ldb_dn *base,
- enum ldb_scope scope, struct ldb_parse_tree *tree,
- const char * const *attrs,
- struct ldb_message ***res)
+static int operational_search_post_process(struct ldb_module *module,
+ struct ldb_message *msg,
+ const char * const *attrs)
{
- int i, r, a;
- int ret;
- const char **search_attrs = NULL;
+ int i, a=0;
- /* replace any attributes in the parse tree that are
- searchable, but are stored using a different name in the
- backend */
- for (i=0;i<ARRAY_SIZE(parse_tree_sub);i++) {
- ldb_parse_tree_attr_replace(tree,
- parse_tree_sub[i].attr,
- parse_tree_sub[i].replace);
- }
+ for (a=0;attrs && attrs[a];a++) {
+ for (i=0;i<ARRAY_SIZE(search_sub);i++) {
+ if (ldb_attr_cmp(attrs[a], search_sub[i].attr) != 0) {
+ continue;
+ }
- /* in the list of attributes we are looking for, rename any
- attributes to the alias for any hidden attributes that can
- be fetched directly using non-hidden names */
- for (i=0;i<ARRAY_SIZE(search_sub);i++) {
- for (a=0;attrs && attrs[a];a++) {
- if (ldb_attr_cmp(attrs[a], search_sub[i].attr) == 0) {
- if (!search_attrs) {
- search_attrs = ldb_attr_list_copy(module, attrs);
- if (search_attrs == NULL) {
- goto oom;
- }
+ /* construct the new attribute, using either a supplied
+ constructor or a simple copy */
+ if (search_sub[i].constructor) {
+ if (search_sub[i].constructor(module, msg) != 0) {
+ goto failed;
}
- search_attrs[a] = search_sub[i].replace;
+ } else if (ldb_msg_copy_attr(msg,
+ search_sub[i].replace,
+ search_sub[i].attr) != 0) {
+ goto failed;
}
- }
- }
-
- /* perform the search */
- ret = ldb_next_search_bytree(module, base, scope, tree,
- search_attrs?search_attrs:attrs, res);
- if (ret <= 0) {
- return ret;
- }
-
- /* for each record returned see if we have added any
- attributes to the search, and if we have then either copy
- them (if the aliased name was also asked for) or rename
- them (if the aliased entry was not asked for) */
- for (r=0;r<ret;r++) {
- for (i=0;i<ARRAY_SIZE(search_sub);i++) {
- for (a=0;attrs && attrs[a];a++) {
- if (ldb_attr_cmp(attrs[a], search_sub[i].attr) != 0) {
- continue;
- }
- if (ldb_attr_in_list(attrs, search_sub[i].replace) ||
- ldb_attr_in_list(attrs, "*")) {
- if (ldb_msg_copy_attr((*res)[r],
- search_sub[i].replace,
- search_sub[i].attr) != 0) {
- goto oom;
- }
- } else {
- ldb_msg_rename_attr((*res)[r],
- search_sub[i].replace,
- search_sub[i].attr);
- }
+ /* remove the added search attribute, unless it was asked for
+ by the user */
+ if (search_sub[i].replace == NULL ||
+ ldb_attr_in_list(attrs, search_sub[i].replace) ||
+ ldb_attr_in_list(attrs, "*")) {
+ continue;
}
+
+ ldb_msg_remove_attr(msg, search_sub[i].replace);
}
}
- /* all done */
- talloc_free(search_attrs);
- return ret;
+ return 0;
-oom:
- talloc_free(search_attrs);
- ldb_oom(module->ldb);
+failed:
+ ldb_debug_set(module->ldb, LDB_DEBUG_WARNING,
+ "operational_search_post_process failed for attribute '%s'\n",
+ attrs[a]);
return -1;
}
+
/*
- add a time element to a record
+ hook search operations
*/
-static int add_time_element(struct ldb_message *msg, const char *attr, time_t t)
+
+struct operational_context {
+
+ struct ldb_module *module;
+ void *up_context;
+ int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *);
+
+ const char * const *attrs;
+};
+
+static int operational_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares)
{
- struct ldb_message_element *el;
- char *s;
+ struct operational_context *ac;
- if (ldb_msg_find_element(msg, attr) != NULL) {
- return 0;
+ if (!context || !ares) {
+ ldb_set_errstring(ldb, "NULL Context or Result in callback");
+ goto error;
}
- s = ldb_timestring(msg, t);
- if (s == NULL) {
- return -1;
- }
+ ac = talloc_get_type(context, struct operational_context);
- if (ldb_msg_add_string(msg, attr, s) != 0) {
- return -1;
+ if (ares->type == LDB_REPLY_ENTRY) {
+ /* for each record returned post-process to add any derived
+ attributes that have been asked for */
+ if (operational_search_post_process(ac->module, ares->message, ac->attrs) != 0) {
+ goto error;
+ }
}
- el = ldb_msg_find_element(msg, attr);
- /* always set as replace. This works because on add ops, the flag
- is ignored */
- el->flags = LDB_FLAG_MOD_REPLACE;
+ return ac->up_callback(ldb, ac->up_context, ares);
- return 0;
+error:
+ talloc_free(ares);
+ return LDB_ERR_OPERATIONS_ERROR;
}
-
-/*
- hook add record ops
-*/
-static int operational_add_record(struct ldb_module *module,
- const struct ldb_message *msg)
+static int operational_search(struct ldb_module *module, struct ldb_request *req)
{
- time_t t = time(NULL);
- struct ldb_message *msg2;
- int ret;
+ struct operational_context *ac;
+ struct ldb_request *down_req;
+ const char **search_attrs = NULL;
+ int i, a, ret;
- if (ldb_dn_is_special(msg->dn)) {
- return ldb_next_add_record(module, msg);
- }
+ req->handle = NULL;
- /* we have to copy the message as the caller might have it as a const */
- msg2 = ldb_msg_copy_shallow(module, msg);
- if (msg2 == NULL) {
- return -1;
+ ac = talloc(req, struct operational_context);
+ if (ac == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
}
- if (add_time_element(msg2, "whenCreated", t) != 0 ||
- add_time_element(msg2, "whenChanged", t) != 0) {
- talloc_free(msg2);
- return -1;
- }
- ret = ldb_next_add_record(module, msg2);
- talloc_free(msg2);
- return ret;
-}
-/*
- hook modify record ops
-*/
-static int operational_modify_record(struct ldb_module *module,
- const struct ldb_message *msg)
-{
- time_t t = time(NULL);
- struct ldb_message *msg2;
- int ret;
+ ac->module = module;
+ ac->up_context = req->context;
+ ac->up_callback = req->callback;
+ ac->attrs = req->op.search.attrs;
- if (ldb_dn_is_special(msg->dn)) {
- return ldb_next_modify_record(module, msg);
+ down_req = talloc_zero(req, struct ldb_request);
+ if (down_req == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
}
- /* we have to copy the message as the caller might have it as a const */
- msg2 = ldb_msg_copy_shallow(module, msg);
- if (msg2 == NULL) {
- return -1;
+ down_req->operation = req->operation;
+ down_req->op.search.base = req->op.search.base;
+ down_req->op.search.scope = req->op.search.scope;
+ down_req->op.search.tree = req->op.search.tree;
+
+ /* FIXME: I hink we should copy the tree and keep the original
+ * unmodified. SSS */
+ /* replace any attributes in the parse tree that are
+ searchable, but are stored using a different name in the
+ backend */
+ for (i=0;i<ARRAY_SIZE(parse_tree_sub);i++) {
+ ldb_parse_tree_attr_replace(req->op.search.tree,
+ parse_tree_sub[i].attr,
+ parse_tree_sub[i].replace);
}
- if (add_time_element(msg2, "whenChanged", t) != 0) {
- talloc_free(msg2);
- return -1;
+
+ /* in the list of attributes we are looking for, rename any
+ attributes to the alias for any hidden attributes that can
+ be fetched directly using non-hidden names */
+ for (a=0;ac->attrs && ac->attrs[a];a++) {
+ for (i=0;i<ARRAY_SIZE(search_sub);i++) {
+ if (ldb_attr_cmp(ac->attrs[a], search_sub[i].attr) == 0 &&
+ search_sub[i].replace) {
+ if (!search_attrs) {
+ search_attrs = ldb_attr_list_copy(req, ac->attrs);
+ if (search_attrs == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ }
+ search_attrs[a] = search_sub[i].replace;
+ }
+ }
}
- ret = ldb_next_modify_record(module, msg2);
- talloc_free(msg2);
- return ret;
-}
+
+ /* use new set of attrs if any */
+ if (search_attrs) down_req->op.search.attrs = search_attrs;
+ else down_req->op.search.attrs = req->op.search.attrs;
+
+ down_req->controls = req->controls;
-static const struct ldb_module_ops operational_ops = {
- .name = "operational",
- .search_bytree = operational_search_bytree,
- .add_record = operational_add_record,
- .modify_record = operational_modify_record
-};
+ down_req->context = ac;
+ down_req->callback = operational_callback;
+ ldb_set_timeout_from_prev_req(module->ldb, req, down_req);
+ /* perform the search */
+ ret = ldb_next_request(module, down_req);
-/* the init function */
-#ifdef HAVE_DLOPEN_DISABLED
- struct ldb_module *init_module(struct ldb_context *ldb, const char *options[])
-#else
-struct ldb_module *operational_module_init(struct ldb_context *ldb, const char *options[])
-#endif
-{
- struct ldb_module *ctx;
+ /* do not free down_req as the call results may be linked to it,
+ * it will be freed when the upper level request get freed */
+ if (ret == LDB_SUCCESS) {
+ req->handle = down_req->handle;
+ }
- ctx = talloc(ldb, struct ldb_module);
- if (!ctx)
- return NULL;
+ return ret;
+}
- ctx->private_data = NULL;
- ctx->ldb = ldb;
- ctx->prev = ctx->next = NULL;
- ctx->ops = &operational_ops;
+static int operational_init(struct ldb_module *ctx)
+{
+ int ret = 0;
/* setup some standard attribute handlers */
- ldb_set_attrib_handler_syntax(ldb, "whenCreated", LDB_SYNTAX_UTC_TIME);
- ldb_set_attrib_handler_syntax(ldb, "whenChanged", LDB_SYNTAX_UTC_TIME);
- ldb_set_attrib_handler_syntax(ldb, "subschemaSubentry", LDB_SYNTAX_DN);
- ldb_set_attrib_handler_syntax(ldb, "structuralObjectClass", LDB_SYNTAX_OBJECTCLASS);
+ ret |= ldb_schema_attribute_add(ctx->ldb, "whenCreated", 0, LDB_SYNTAX_UTC_TIME);
+ ret |= ldb_schema_attribute_add(ctx->ldb, "whenChanged", 0, LDB_SYNTAX_UTC_TIME);
+ ret |= ldb_schema_attribute_add(ctx->ldb, "subschemaSubentry", 0, LDB_SYNTAX_DN);
+ ret |= ldb_schema_attribute_add(ctx->ldb, "structuralObjectClass", 0, LDB_SYNTAX_OBJECTCLASS);
- return ctx;
+ if (ret != 0) {
+ return ret;
+ }
+
+ return ldb_next_init(ctx);
}
+
+const struct ldb_module_ops ldb_operational_module_ops = {
+ .name = "operational",
+ .search = operational_search,
+ .init_context = operational_init
+};