{
struct ldb_context *ldb = talloc_get_type(context, struct ldb_context);
enum ldb_debug_level ldb_level = LDB_DEBUG_FATAL;
- char *s = NULL;
switch (level) {
case TEVENT_DEBUG_FATAL:
break;
};
- vasprintf(&s, fmt, ap);
- if (!s) return;
- ldb_debug(ldb, ldb_level, "tevent: %s", s);
- free(s);
+ /* There isn't a tevent: prefix here because to add it means
+ * actually printing the string, and most of the time we don't
+ * want to show it */
+ ldb_vdebug(ldb, ldb_level, fmt, ap);
}
/*
* having to provide their own private one explicitly */
if (ev_ctx == NULL) {
ev_ctx = tevent_context_init(ldb);
+ if (ev_ctx == NULL) {
+ talloc_free(ldb);
+ return NULL;
+ }
tevent_set_debug(ev_ctx, ldb_tevent_debug, ldb);
tevent_loop_allow_nesting(ev_ctx);
}
ldb_set_create_perms(ldb, 0666);
ldb_set_modules_dir(ldb, LDB_MODULESDIR);
ldb_set_event_context(ldb, ev_ctx);
+ ret = ldb_register_extended_match_rules(ldb);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(ldb);
+ return NULL;
+ }
/* TODO: get timeout from options if available there */
ldb->default_timeout = 300; /* set default to 5 minutes */
return ret;
}
- if (ldb_load_modules(ldb, options) != LDB_SUCCESS) {
+ ret = ldb_load_modules(ldb, options);
+ if (ret != LDB_SUCCESS) {
ldb_debug(ldb, LDB_DEBUG_FATAL,
"Unable to load modules for %s: %s",
url, ldb_errstring(ldb));
- return LDB_ERR_OTHER;
+ return ret;
}
/* set the default base dn */
ldb_strerror(status),
status);
}
- }
- if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
- ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s",
- ldb_errstring(module->ldb));
+ if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s",
+ ldb_errstring(module->ldb));
+ }
+ } else {
+ if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction success");
+ }
}
return status;
}
status = module->ops->prepare_commit(module);
if (status != LDB_SUCCESS) {
+ ldb->transaction_active--;
/* if a module fails the prepare then we need
to call the end transaction for everyone */
FIRST_OP(ldb, del_transaction);
struct tevent_context *ev;
int ret;
- if (!handle) {
- return ldb_error(handle->ldb, LDB_ERR_UNAVAILABLE, NULL);
+ if (handle == NULL) {
+ return LDB_ERR_UNAVAILABLE;
}
if (handle->state == LDB_ASYNC_DONE) {
{
TALLOC_CTX *tmp_ctx = talloc_new(req);
unsigned int i;
+ struct ldb_ldif ldif;
switch (req->operation) {
case LDB_SEARCH:
ldb_debug_add(ldb, " data: %s\n", req->op.extended.data?"yes":"no");
break;
case LDB_ADD:
+ ldif.changetype = LDB_CHANGETYPE_ADD;
+ ldif.msg = discard_const_p(struct ldb_message, req->op.add.message);
+
ldb_debug_add(ldb, "ldb_trace_request: ADD\n");
+
+ /*
+ * The choice to call
+ * ldb_ldif_write_redacted_trace_string() is CRITICAL
+ * for security. It ensures that we do not output
+ * passwords into debug logs
+ */
+
ldb_debug_add(req->handle->ldb, "%s\n",
- ldb_ldif_message_string(req->handle->ldb, tmp_ctx,
- LDB_CHANGETYPE_ADD,
- req->op.add.message));
+ ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif));
break;
case LDB_MODIFY:
+ ldif.changetype = LDB_CHANGETYPE_MODIFY;
+ ldif.msg = discard_const_p(struct ldb_message, req->op.mod.message);
+
ldb_debug_add(ldb, "ldb_trace_request: MODIFY\n");
+
+ /*
+ * The choice to call
+ * ldb_ldif_write_redacted_trace_string() is CRITICAL
+ * for security. It ensures that we do not output
+ * passwords into debug logs
+ */
+
ldb_debug_add(req->handle->ldb, "%s\n",
- ldb_ldif_message_string(req->handle->ldb, tmp_ctx,
- LDB_CHANGETYPE_ADD,
- req->op.mod.message));
+ ldb_ldif_write_redacted_trace_string(req->handle->ldb, tmp_ctx, &ldif));
break;
case LDB_REQ_REGISTER_CONTROL:
ldb_debug_add(ldb, "ldb_trace_request: REGISTER_CONTROL\n");
/**
- return true is a request is untrusted
+ * return true if a request is untrusted
*/
bool ldb_req_is_untrusted(struct ldb_request *req)
{