summaryrefslogtreecommitdiff
path: root/source4/lib/ldb/include
AgeCommit message (Collapse)AuthorFilesLines
2011-01-17ldb: added ldb_req_mark_trusted()Andrew Tridgell1-0/+5
this is used to mark a ldb child request trusted, if the caller has validated all inputs. This will be used when creating new child requests with trusted inputs. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14ldb: added ldb_dn_minimise()Andrew Tridgell1-0/+10
this removes any extraneous components from a DN. For an extended DN, this means removing the string DN and all but the first extended component. This is needed as AD returns "invalid syntax" if you don't use a minimal DN as the base DN for a search. A non-minimal DN also doesn't ever match in a search expression. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14ldb: added ldb_dn_get_extended_comp_num()Andrew Tridgell1-0/+1
this returns the number of extended components. We need this to validate a DN in the extended_dn_in module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-12-18ldb: Rename controls_except_specified -> ldb_controls_except_specified.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 18 01:33:24 CET 2010 on sn-devel-104
2010-12-18ldb: Add prototype for ldb_init_module.Jelmer Vernooij1-0/+5
2010-12-18ldb: Rename two exported functions so they match abi_match.Jelmer Vernooij1-3/+2
2010-12-08s4-acl: Fixed incorrect value of LDB_FLAG_INTERNAL_INACCESSIBLE_ATTRIBUTENadezhda Ivanova1-1/+1
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Dec 8 13:31:48 CET 2010 on sn-devel-104
2010-12-08s4-acl: Added a flag to mark an element as failing an access check.Nadezhda Ivanova1-0/+3
2010-12-06s4:fix some shadowed declaration warnings on Solaris by renaming the symbolsMatthias Dieter Wallnöfer1-1/+1
2010-11-23s4-ldb: added an environment varibale LDB_WARN_UNINDEXEDAndrew Tridgell1-1/+1
when LDB_WARN_UNINDEXED is set, we produce warnings about unindexed searches. This makes it easier to find performance problems caused by unindexed searches.
2010-11-05ldb:ldb.h - reorder extended operations listMatthias Dieter Wallnöfer1-4/+10
We always define the controls and operations with a comment block. The data structure definitions lie a bit below. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 5 08:44:14 UTC 2010 on sn-devel-104
2010-11-04s4-ldb_module.h: use LDB error code for ldb_error() macro rather than ↵Kamen Mazdrashki1-1/+1
LDB_DEBUG_FATAL We end up calling ldb_error_at() which expects an LDB error, but LDB_DEBUG_FATAL is not such code. It is actually equal to LDB_SUCCESS. Thus the effect is that we report a *fatal* error, but return LDB_SUCCESS in many places. Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Thu Nov 4 12:57:33 UTC 2010 on sn-devel-104
2010-11-04s4-ldb: implement LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECKAndrew Tridgell1-0/+3
this disables the single value checking for one attribute. It is much more specific than a general RELAX control, and also more efficient. I think we should try to have more precise overrides like this, rather than using RELAX as a general purpose override
2010-11-03s4-ldb: expose some more ldb module functionsAndrew Tridgell2-6/+50
this exposes enough functions for s4 to not need ldb_private.h any more.
2010-11-01s4-ldb: removed ldb_includes.hAndrew Tridgell2-12/+3
it causes problems with the openchange build as it is not installed Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 1 21:49:47 UTC 2010 on sn-devel-104
2010-11-01s4-ldb: use ldb_set_modules_dir() to load additional ldb modulesAndrew Tridgell1-2/+0
this allows ldb_wrap to enable s4 modules in a standalone ldb install without any additional installation Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 1 13:47:33 UTC 2010 on sn-devel-104
2010-11-01s4-ldb: added support for ldb module version checkingAndrew Tridgell1-0/+7
2010-11-01s4-ldb: added ldb command line hook supportAndrew Tridgell2-7/+2
ldb modules can now add hooks to the command line processing for ldb tools Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-01s4-ldb: added support for general ldb hooks in modulesAndrew Tridgell1-1/+20
this allows a ldb module to register a hook function called at various stages of processing. It will be initially used for ldb command line hooks, but should work generally. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-01s4-ldb: removed the old ldb module loading styleAndrew Tridgell1-0/+3
this gets rid of some particularly obscure cpp macros for module lists
2010-11-01s4-ldb: support a new type of ldb module loadingAndrew Tridgell1-0/+3
this supports module loading in ldb which uses the approach of "load all modules in a directory". This is much more flexible than the current module loading, as it will allow us to load modules for command line parsing and authentication. Modules are loaded from a colon separated path, in the environment variable LDB_MODULES_PATH. If unset, it defaults to LDB_MODULESDIR. Within each directory modules are loaded recursively (traversing down the directory tree). The device/inode number of each module is remembered to prevent us loading a module twice. Each module is checked for a ldb_init_module() function with dlsym(). If found, it is called with the ldb module version as an argument.
2010-10-23ldb:ldb.h - include a comment that the relax control is mainly used by the ↵Matthias Dieter Wallnöfer1-0/+2
OpenLDAP backend Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 23 16:40:04 UTC 2010 on sn-devel-104
2010-10-23s4/ldb:introduce the LDB_CONTROL_PROVISION_OID controlMatthias Dieter Wallnöfer1-0/+6
This control is exactly thought for the actions which previously were performed using the RELAX one. We agreed that the RELAX control will only remain for interactions with OpenLDAP.
2010-10-23ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into ↵Matthias Dieter Wallnöfer1-1/+1
LDB_CONTROL_BYPASS_OPERATIONAL_OID It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
2010-10-19s4-ldb: added ldb_req_mark_untrusted() and ldb_req_is_untrusted()Andrew Tridgell2-0/+13
these will be used to determine if a ldb request comes from an untrusted source. We want requests over ldap:// to be marked untrusted so we can reject unregistered controls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-18Revert "s4:dsdb - make the RELAX control private"Andrew Bartlett1-6/+8
This must be available to the OpenLDAP backend, to set the GUID values in some situations. We need a proper ACL mechanism to control the use or abuse of this control. This reverts commit 10adee89367cee9add993869280542418fb3d370.
2010-10-16s4:dsdb - make the RELAX control privateMatthias Dieter Wallnöfer1-8/+6
This makes our LDAP much more secure and less error-prone. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104
2010-10-16ldb:ldb.h - reorder controls/extended operationsMatthias Dieter Wallnöfer1-27/+28
This makes it easier to read
2010-10-13s4-ldb: take advantage of ldb_match_msg_error() in more placesAndrew Tridgell1-0/+7
this gives better error checking
2010-10-13s4-ldb: added an optional operator_fn in the schema syntaxAndrew Tridgell1-0/+5
this function takes the operator being invoked, which will allow schema functions to provide more fine grained control over comparisons. The key bug this was introduced to fix is the incorrect handling of the LDB_OP_PRESENT test for deleted linked attributes. The backends are unaware of the deleted state of these links, so they cannot do a LDB_OP_PRESENT test on their own. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-27s4-ldb: Added ldb_request_replace_controlNadezhda Ivanova1-0/+12
It is the same as ldb_request_add_control, except it will replace an existing control. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
2010-09-25ldb: added request location trackingAndrew Tridgell2-0/+11
this is used to help debug async ldb requests. The ldb request handle now contains a location string and the parent request pointer. This allows us to print a backtrace of ldb requests in the dsdb modules.
2010-08-17s4-ldb: added LDB_FLAG_INTERNAL_DISABLE_VALIDATIONAndrew Tridgell1-0/+6
When this flag is set on an element in an add/modify request then the normal validate_ldb() call that checks the element against schema constraints is disabled Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: added LDB_FLAG_INTERNAL_MASKAndrew Tridgell1-0/+5
This ensures that internal bits for the element flags in add/modify requests are not set via the ldb API Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messagesAndrew Tridgell1-0/+5
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell1-0/+6
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-07-29s4-ldb: use TALLOC_CTX type instead of 'void'Kamen Mazdrashki2-5/+5
2010-07-19ldb: Mark _DEPRECATED_ ldb_msg_diff() and ldb_msg_canonicalize() functionsKamen Mazdrashki1-2/+28
They are not quite safe to use (requires caller to steal resulting message in own context) and may lead to holding memory for too long. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19s4-ldb: Add ldb_msg_normalize() to accept a memory context from clientKamen Mazdrashki1-0/+5
Previos implementation from ldb_msg_canonicalize() was moved into this function and now ldb_msg_canonicalize() is based on ldb_msg_normalize() Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19s4-ldb: Implement ldb_msg_difference() function to accept a memory context ↵Kamen Mazdrashki1-0/+20
from client Old implementation from ldb_msg_diff() was moved into this this function but with changed interface so that a memory context may be passed. ldb_msg_diff() function is now based on ldb_msg_difference(), which fixes a hidden leak - internal ldb_msg object (returned from ldb_msg_canonicalize) wasn't freed and stays attached to ldb_context for the connection lifetime. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-07s4-ldb: added ldb_error() and ldb_operr()Andrew Tridgell1-1/+5
These will be used to help avoid the problem we have with hundreds of places that do "return LDB_ERR_OPERATIONS_ERROR" without an explanation. It is very difficult to track down ldb errors which don't have any explanation. By replacing "return LDB_ERR_OPERATIONS_ERROR;" with "return ldb_operr(ldb);" we at least get a file:line message in the ldb error string. It isn't an ideal error message, but it is much better than just "operations error" This change also makes ldb_oom() return the error code (LDB_ERR_OPERATIONS_ERROR) so you can do: return ldb_oom(ldb); instead of: ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR;
2010-07-07s4-ldb: added ldb_options_find()Andrew Tridgell1-0/+6
ldb_options_find() allows backends to find options in the options[] array passed to the connect operation. This will be used by the ldb_ldap bind code
2010-06-20ldb:controls - add the "TREE_DELETE" control for allowing subtree deletesMatthias Dieter Wallnöfer1-0/+7
2010-06-20ldb:ldb.h - add classifications to the control declarationsMatthias Dieter Wallnöfer1-7/+13
This makes it easier to understand which standard specifies which control.
2010-06-20ldb: add a new control bypassioperationnalMatthieu Patou1-0/+9
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-06-13Support system talloc/tevent headers.Jelmer Vernooij1-2/+2
2010-05-31ldb: Remove unexisting and mistyped function from headerSimo Sorce1-2/+0
2010-05-04s4/rodc: Support read-only databaseAnatoliy Atanasov1-0/+1
Check on modify if we are RODC and return referral. On the ldap backend side now we pass context and ldb_modify_default_callback to propagate the referral error to the client.
2010-02-22LDB related spelling fixes.Brad Hards1-1/+1
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-14s4-ldb: use TYPESAFE_QSORT() in the rest of the ldb codeAndrew Tridgell1-0/+11