#include <stdbool.h>
#include <talloc.h>
#include <tevent.h>
+#include "ldb_version.h"
#include "ldb_errors.h"
/*
};
struct ldb_parse_tree *ldb_parse_tree(TALLOC_CTX *mem_ctx, const char *s);
-char *ldb_filter_from_tree(TALLOC_CTX *mem_ctx, struct ldb_parse_tree *tree);
+char *ldb_filter_from_tree(TALLOC_CTX *mem_ctx, const struct ldb_parse_tree *tree);
/**
Encode a binary blob
*/
typedef int (*ldb_attr_handler_t)(struct ldb_context *, TALLOC_CTX *mem_ctx, const struct ldb_val *, struct ldb_val *);
typedef int (*ldb_attr_comparison_t)(struct ldb_context *, TALLOC_CTX *mem_ctx, const struct ldb_val *, const struct ldb_val *);
+struct ldb_schema_attribute;
+typedef int (*ldb_attr_operator_t)(struct ldb_context *, enum ldb_parse_op operation,
+ const struct ldb_schema_attribute *a,
+ const struct ldb_val *, const struct ldb_val *, bool *matched);
/*
attribute handler structure
ldb_attr_handler_t ldif_write_fn;
ldb_attr_handler_t canonicalise_fn;
ldb_attr_comparison_t comparison_fn;
+ ldb_attr_operator_t operator_fn;
};
struct ldb_schema_attribute {
It can be used to access attribute that used to be stored in the sam
and that are now calculated.
*/
-#define LDB_CONTROL_BYPASSOPERATIONAL_OID "1.3.6.1.4.1.7165.4.3.13"
+#define LDB_CONTROL_BYPASS_OPERATIONAL_OID "1.3.6.1.4.1.7165.4.3.13"
+#define LDB_CONTROL_BYPASS_OPERATIONAL_NAME "bypassoperational"
/**
OID for recalculate SD control. This control force the
*/
#define LDB_CONTROL_RECALCULATE_SD_OID "1.3.6.1.4.1.7165.4.3.5"
+#define LDB_CONTROL_RECALCULATE_SD_NAME "recalculate_sd"
/**
REVEAL_INTERNALS is used to reveal internal attributes and DN
components which are not normally shown to the user
*/
#define LDB_CONTROL_REVEAL_INTERNALS "1.3.6.1.4.1.7165.4.3.6"
+#define LDB_CONTROL_REVEAL_INTERNALS_NAME "reveal_internals"
/**
LDB_CONTROL_AS_SYSTEM is used to skip access checks on operations
*/
#define LDB_CONTROL_AS_SYSTEM_OID "1.3.6.1.4.1.7165.4.3.7"
+/**
+ LDB_CONTROL_PROVISION_OID is used to skip some constraint checks. It's is
+ mainly thought to be used for the provisioning.
+*/
+#define LDB_CONTROL_PROVISION_OID "1.3.6.1.4.1.7165.4.3.16"
+#define LDB_CONTROL_PROVISION_NAME "provision"
+
/* AD controls */
/**
\sa <a href="http://www.ietf.org/rfc/rfc2696.txt">RFC 2696</a>.
*/
#define LDB_CONTROL_PAGED_RESULTS_OID "1.2.840.113556.1.4.319"
+#define LDB_CONTROL_PAGED_RESULTS_NAME "paged_result"
/**
OID for specifying the returned elements of the ntSecurityDescriptor
\sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_sd_flags_oid.asp">Microsoft documentation of this OID</a>
*/
#define LDB_CONTROL_SD_FLAGS_OID "1.2.840.113556.1.4.801"
+#define LDB_CONTROL_SD_FLAGS_NAME "sd_flags"
/**
OID for specifying an advanced scope for the search (one partition)
\sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_domain_scope_oid.asp">Microsoft documentation of this OID</a>
*/
#define LDB_CONTROL_DOMAIN_SCOPE_OID "1.2.840.113556.1.4.1339"
+#define LDB_CONTROL_DOMAIN_SCOPE_NAME "domain_scope"
/**
OID for specifying an advanced scope for a search
\sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_search_options_oid.asp">Microsoft documentation of this OID</a>
*/
#define LDB_CONTROL_SEARCH_OPTIONS_OID "1.2.840.113556.1.4.1340"
+#define LDB_CONTROL_SEARCH_OPTIONS_NAME "search_options"
/**
OID for notification
\sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_notification_oid.asp">Microsoft documentation of this OID</a>
*/
#define LDB_CONTROL_NOTIFICATION_OID "1.2.840.113556.1.4.528"
+#define LDB_CONTROL_NOTIFICATION_NAME "notification"
/**
OID for performing subtree deletes
\sa <a href="http://msdn.microsoft.com/en-us/library/aa366991(v=VS.85).aspx">Microsoft documentation of this OID</a>
*/
#define LDB_CONTROL_TREE_DELETE_OID "1.2.840.113556.1.4.805"
+#define LDB_CONTROL_TREE_DELETE_NAME "tree_delete"
/**
OID for getting deleted objects
\sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_show_deleted_oid.asp">Microsoft documentation of this OID</a>
*/
#define LDB_CONTROL_SHOW_DELETED_OID "1.2.840.113556.1.4.417"
+#define LDB_CONTROL_SHOW_DELETED_NAME "show_deleted"
/**
OID for getting recycled objects
\sa <a href="http://msdn.microsoft.com/en-us/library/dd304621(PROT.13).aspx">Microsoft documentation of this OID</a>
*/
#define LDB_CONTROL_SHOW_RECYCLED_OID "1.2.840.113556.1.4.2064"
+#define LDB_CONTROL_SHOW_RECYCLED_NAME "show_recycled"
/**
OID for getting deactivated linked attributes
\sa <a href="http://msdn.microsoft.com/en-us/library/dd302781(PROT.13).aspx">Microsoft documentation of this OID</a>
*/
#define LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID "1.2.840.113556.1.4.2065"
+#define LDB_CONTROL_SHOW_DEACTIVATED_LINK_NAME "show_deactivated_link"
/**
OID for extended DN
\sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_extended_dn_oid.asp">Microsoft documentation of this OID</a>
*/
#define LDB_CONTROL_EXTENDED_DN_OID "1.2.840.113556.1.4.529"
+#define LDB_CONTROL_EXTENDED_DN_NAME "extended_dn"
/**
OID for LDAP server sort result extension.
\sa <a href="http://www.ietf.org/rfc/rfc2891.txt">RFC 2891</a>.
*/
#define LDB_CONTROL_SERVER_SORT_OID "1.2.840.113556.1.4.473"
+#define LDB_CONTROL_SERVER_SORT_NAME "server_sort"
/**
OID for LDAP server sort result response extension.
\sa <a href="http://www.ietf.org/rfc/rfc2891.txt">RFC 2891</a>.
*/
#define LDB_CONTROL_SORT_RESP_OID "1.2.840.113556.1.4.474"
+#define LDB_CONTROL_SORT_RESP_NAME "server_sort_resp"
/**
OID for LDAP Attribute Scoped Query extension.
messages as part of the controls field of the LDAPMessage.
*/
#define LDB_CONTROL_ASQ_OID "1.2.840.113556.1.4.1504"
+#define LDB_CONTROL_ASQ_NAME "asq"
/**
OID for LDAP Directory Sync extension.
messages as part of the controls field of the LDAPMessage.
*/
#define LDB_CONTROL_DIRSYNC_OID "1.2.840.113556.1.4.841"
+#define LDB_CONTROL_DIRSYNC_NAME "dirsync"
/**
as part of the controls field of the LDAPMessage.
*/
#define LDB_CONTROL_VLV_REQ_OID "2.16.840.1.113730.3.4.9"
+#define LDB_CONTROL_VLV_REQ_NAME "vlv"
/**
OID for LDAP Virtual List View Response extension.
as part of the controls field of the LDAPMessage.
*/
#define LDB_CONTROL_VLV_RESP_OID "2.16.840.1.113730.3.4.10"
+#define LDB_CONTROL_VLV_RESP_NAME "vlv_resp"
/**
OID to let modifies don't give an error when adding an existing
\sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_permissive_modify_oid.asp">Microsoft documentation of this OID</a>
*/
#define LDB_CONTROL_PERMISSIVE_MODIFY_OID "1.2.840.113556.1.4.1413"
+#define LDB_CONTROL_PERMISSIVE_MODIFY_NAME "permissive_modify"
/**
OID to allow the server to be more 'fast and loose' with the data being added.
- \sa
-
+ \sa <a href="http://msdn.microsoft.com/en-us/library/aa366982(v=VS.85).aspx">Microsoft documentation of this OID</a>
*/
#define LDB_CONTROL_SERVER_LAZY_COMMIT "1.2.840.113556.1.4.619"
/**
- OID for LDAP Extended Operation FAST_BIND
-
- This Extended operations is used to perform a fast bind.
-*/
-#define LDB_EXTENDED_FAST_BIND_OID "1.2.840.113556.1.4.1781"
-
-/**
- OID for LDAP Extended Operation START_TLS.
+ Control for RODC join -see [MS-ADTS] section 3.1.1.3.4.1.23
- This Extended operation is used to start a new TLS channel on top of a clear
- text channel.
+ \sa <a href="">Microsoft documentation of this OID</a>
*/
-#define LDB_EXTENDED_START_TLS_OID "1.3.6.1.4.1.1466.20037"
-
-/**
- OID for LDAP Extended Operation DYNAMIC_REFRESH.
-
- This Extended operation is used to create and maintain objects which exist
- only a specific time, e.g. when a certain client or a certain person is
- logged in. Data refreshes have to be periodically sent in a specific
- interval. Otherwise the entry is going to be removed.
-*/
-#define LDB_EXTENDED_DYNAMIC_OID "1.3.6.1.4.1.1466.101.119.1"
+#define LDB_CONTROL_RODC_DCPROMO_OID "1.2.840.113556.1.4.1341"
+#define LDB_CONTROL_RODC_DCPROMO_NAME "rodc_join"
/* Other standardised controls */
OID for the allowing client to request temporary relaxed
enforcement of constraints of the x.500 model.
+ Mainly used for the OpenLDAP backend.
+
\sa <a href="http://opends.dev.java.net/public/standards/draft-zeilenga-ldap-managedit.txt">draft managedit</a>.
*/
#define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12"
+#define LDB_CONTROL_RELAX_NAME "relax"
+
+/* Extended operations */
/**
- control for RODC join
- See [MS-ADTS] section 3.1.1.3.4.1.23
+ OID for LDAP Extended Operation SEQUENCE_NUMBER
+
+ This extended operation is used to retrieve the extended sequence number.
*/
-#define LDB_CONTROL_RODC_DCPROMO_OID "1.2.840.113556.1.4.1341"
+#define LDB_EXTENDED_SEQUENCE_NUMBER "1.3.6.1.4.1.7165.4.4.3"
-/*
+/**
OID for LDAP Extended Operation PASSWORD_CHANGE.
This Extended operation is used to allow user password changes by the user
#define LDB_EXTENDED_PASSWORD_CHANGE_OID "1.3.6.1.4.1.4203.1.11.1"
+/**
+ OID for LDAP Extended Operation FAST_BIND
+
+ This Extended operations is used to perform a fast bind.
+*/
+#define LDB_EXTENDED_FAST_BIND_OID "1.2.840.113556.1.4.1781"
+
+/**
+ OID for LDAP Extended Operation START_TLS.
+
+ This Extended operation is used to start a new TLS channel on top of a clear
+ text channel.
+*/
+#define LDB_EXTENDED_START_TLS_OID "1.3.6.1.4.1.1466.20037"
+
+/**
+ OID for LDAP Extended Operation DYNAMIC_REFRESH.
+
+ This Extended operation is used to create and maintain objects which exist
+ only a specific time, e.g. when a certain client or a certain person is
+ logged in. Data refreshes have to be periodically sent in a specific
+ interval. Otherwise the entry is going to be removed.
+*/
+#define LDB_EXTENDED_DYNAMIC_OID "1.3.6.1.4.1.1466.101.119.1"
+
struct ldb_sd_flags_control {
/*
* request the owner 0x00000001
void *data; /* NULL or a valid talloc pointer! talloc_get_type() will be used on it */
};
-#define LDB_EXTENDED_SEQUENCE_NUMBER "1.3.6.1.4.1.7165.4.4.3"
-
enum ldb_sequence_type {
LDB_SEQ_HIGHEST_SEQ,
LDB_SEQ_HIGHEST_TIMESTAMP,
*/
int ldb_request_add_control(struct ldb_request *req, const char *oid, bool critical, void *data);
+/**
+ replace a ldb_control in a ldb_request
+
+ \param req the request struct where to add the control
+ \param oid the object identifier of the control as string
+ \param critical whether the control should be critical or not
+ \param data a talloc pointer to the control specific data
+
+ \return result code (LDB_SUCCESS on success, or a failure code)
+*/
+int ldb_request_replace_control(struct ldb_request *req, const char *oid, bool critical, void *data);
+
/**
check if a control with the specified "oid" exist and return it
\param req the request struct where to add the control
char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int mode);
const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn, const char *name);
int ldb_dn_set_extended_component(struct ldb_dn *dn, const char *name, const struct ldb_val *val);
-void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept);
+void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list);
void ldb_dn_remove_extended_components(struct ldb_dn *dn);
bool ldb_dn_has_extended(struct ldb_dn *dn);
char *ldb_dn_canonical_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
char *ldb_dn_canonical_ex_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
int ldb_dn_get_comp_num(struct ldb_dn *dn);
+int ldb_dn_get_extended_comp_num(struct ldb_dn *dn);
const char *ldb_dn_get_component_name(struct ldb_dn *dn, unsigned int num);
const struct ldb_val *ldb_dn_get_component_val(struct ldb_dn *dn, unsigned int num);
const char *ldb_dn_get_rdn_name(struct ldb_dn *dn);
int ldb_dn_get_binary(struct ldb_dn *dn, struct ldb_val *val);
int ldb_dn_set_binary(struct ldb_dn *dn, struct ldb_val *val);
+/* debugging functions for ldb requests */
+void ldb_req_set_location(struct ldb_request *req, const char *location);
+const char *ldb_req_location(struct ldb_request *req);
+
+/* set the location marker on a request handle - used for debugging */
+#define LDB_REQ_SET_LOCATION(req) ldb_req_set_location(req, __location__)
+
+/*
+ minimise a DN. The caller must pass in a validated DN.
+
+ If the DN has an extended component then only the first extended
+ component is kept, the DN string is stripped.
+
+ The existing dn is modified
+ */
+bool ldb_dn_minimise(struct ldb_dn *dn);
+
#endif