Changeset 745 for trunk/server/source4/lib/ldb/include

Timestamp:

Nov 27, 2012, 4:43:17 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.0

Location:

trunk/server

Files:

• . (modified) (1 prop)
• source4/lib/ldb/include/dlinklist.h (modified) (3 diffs)
• source4/lib/ldb/include/ldb.h (modified) (37 diffs)
• source4/lib/ldb/include/ldb_errors.h (modified) (1 diff)
• source4/lib/ldb/include/ldb_handlers.h (modified) (1 diff)
• source4/lib/ldb/include/ldb_includes.h (deleted)
• source4/lib/ldb/include/ldb_module.h (modified) (8 diffs)
• source4/lib/ldb/include/ldb_private.h (modified) (7 diffs)

trunk/server/source4/lib/ldb/include/dlinklist.h

@@ -2 +2 @@
    Unix SMB/CIFS implementation.
    some simple double linked list macros
-   Copyright (C) Andrew Tridgell 1998
+
+   Copyright (C) Andrew Tridgell 1998-2010
+
+     ** NOTE! The following LGPL license applies to the ldb
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
    
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see <http://www.gnu.org/licenses/>.
 */
 
@@ -24 +29 @@
 #define _DLINKLIST_H
 
+/*
+  February 2010 - changed list format to have a prev pointer from the
+  list head. This makes DLIST_ADD_END() O(1) even though we only have
+  one list pointer.
 
-/* hook into the front of the list */
+  The scheme is as follows:
+
+     1) with no entries in the list:
+          list_head == NULL
+
+     2) with 1 entry in the list:
+          list_head->next == NULL
+          list_head->prev == list_head
+
+     3) with 2 entries in the list:
+          list_head->next == element2
+          list_head->prev == element2
+          element2->prev == list_head
+          element2->next == NULL
+
+     4) with N entries in the list:
+          list_head->next == element2
+          list_head->prev == elementN
+          elementN->prev == element{N-1}
+          elementN->next == NULL
+
+  This allows us to find the tail of the list by using
+  list_head->prev, which means we can add to the end of the list in
+  O(1) time
+
+
+  Note that the 'type' arguments below are no longer needed, but
+  are kept for now to prevent an incompatible argument change
+ */
+
+
+/*
+   add an element at the front of a list
+*/
 #define DLIST_ADD(list, p) \
 do { \
         if (!(list)) { \
-                (list) = (p); \
-                (p)->next = (p)->prev = NULL; \
+                (p)->prev = (list) = (p);  \
+                (p)->next = NULL; \
         } else { \
+                (p)->prev = (list)->prev; \
                 (list)->prev = (p); \
                 (p)->next = (list); \
-                (p)->prev = NULL; \
                 (list) = (p); \
-        }\
+        } \
 } while (0)
 
-/* remove an element from a list - element doesn't have to be in list. */
+/*
+   remove an element from a list
+   Note that the element doesn't have to be in the list. If it
+   isn't then this is a no-op
+*/
 #define DLIST_REMOVE(list, p) \
 do { \
         if ((p) == (list)) { \
+                if ((p)->next) (p)->next->prev = (p)->prev; \
                 (list) = (p)->next; \
-                if (list) (list)->prev = NULL; \
+        } else if ((list) && (p) == (list)->prev) {     \
+                (p)->prev->next = NULL; \
+                (list)->prev = (p)->prev; \
         } else { \
                 if ((p)->prev) (p)->prev->next = (p)->next; \
                 if ((p)->next) (p)->next->prev = (p)->prev; \
         } \
-        if ((p) && ((p) != (list))) (p)->next = (p)->prev = NULL; \
+        if ((p) != (list)) (p)->next = (p)->prev = NULL;        \
 } while (0)
 
-/* promote an element to the top of the list */
-#define DLIST_PROMOTE(list, p) \
+/*
+   find the head of the list given any element in it.
+   Note that this costs O(N), so you should avoid this macro
+   if at all possible!
+*/
+#define DLIST_HEAD(p, result_head) \
 do { \
-          DLIST_REMOVE(list, p); \
-          DLIST_ADD(list, p); \
-} while (0)
+       (result_head) = (p); \
+       while (DLIST_PREV(result_head)) (result_head) = (result_head)->prev; \
+} while(0)
 
-/* hook into the end of the list - needs the entry type */
-#define DLIST_ADD_END(list, p, type) \
-do { \
-                if (!(list)) { \
-                        (list) = (p); \
-                        (p)->next = (p)->prev = NULL; \
-                } else { \
-                        type tmp; \
-                        for (tmp = (list); tmp->next; tmp = tmp->next) ; \
-                        tmp->next = (p); \
-                        (p)->next = NULL; \
-                        (p)->prev = tmp; \
-                } \
-} while (0)
+/* return the last element in the list */
+#define DLIST_TAIL(list) ((list)?(list)->prev:NULL)
+
+/* return the previous element in the list. */
+#define DLIST_PREV(p) (((p)->prev && (p)->prev->next != NULL)?(p)->prev:NULL)
 
 /* insert 'p' after the given element 'el' in a list. If el is NULL then
@@ -81 +125 @@
                 DLIST_ADD(list, p); \
         } else { \
-                p->prev = el; \
-                p->next = el->next; \
-                el->next = p; \
-                if (p->next) p->next->prev = p; \
+                (p)->prev = (el);   \
+                (p)->next = (el)->next;         \
+                (el)->next = (p);               \
+                if ((p)->next) (p)->next->prev = (p);   \
+                if ((list)->prev == (el)) (list)->prev = (p); \
         }\
 } while (0)
 
-/* demote an element to the end of the list, needs the entry type */
-#define DLIST_DEMOTE(list, p, type) \
+
+/*
+   add to the end of a list.
+   Note that 'type' is ignored
+*/
+#define DLIST_ADD_END(list, p, type)                    \
 do { \
-                DLIST_REMOVE(list, p); \
-                DLIST_ADD_END(list, p, type); \
+        if (!(list)) { \
+                DLIST_ADD(list, p); \
+        } else { \
+                DLIST_ADD_AFTER(list, p, (list)->prev); \
+        } \
 } while (0)
 
-/* concatenate two lists - putting all elements of the 2nd list at the
-   end of the first list */
-#define DLIST_CONCATENATE(list1, list2, type) \
+/* promote an element to the from of a list */
+#define DLIST_PROMOTE(list, p) \
 do { \
-                if (!(list1)) { \
-                        (list1) = (list2); \
-                } else { \
-                        type tmp; \
-                        for (tmp = (list1); tmp->next; tmp = tmp->next) ; \
-                        tmp->next = (list2); \
-                        if (list2) { \
-                                (list2)->prev = tmp;    \
-                        } \
+          DLIST_REMOVE(list, p); \
+          DLIST_ADD(list, p); \
+} while (0)
+
+/*
+   demote an element to the end of a list.
+   Note that 'type' is ignored
+*/
+#define DLIST_DEMOTE(list, p, type)                     \
+do { \
+        DLIST_REMOVE(list, p); \
+        DLIST_ADD_END(list, p, NULL);           \
+} while (0)
+
+/*
+   concatenate two lists - putting all elements of the 2nd list at the
+   end of the first list.
+   Note that 'type' is ignored
+*/
+#define DLIST_CONCATENATE(list1, list2, type)   \
+do { \
+        if (!(list1)) { \
+                (list1) = (list2); \
+        } else { \
+                (list1)->prev->next = (list2); \
+                if (list2) { \
+                        void *_tmplist = (void *)(list1)->prev; \
+                        (list1)->prev = (list2)->prev; \
+                        (list2)->prev = _tmplist; \
                 } \
+        } \
 } while (0)
 

trunk/server/source4/lib/ldb/include/ldb.h

@@ -48 +48 @@
 
 #include <stdbool.h>
-#include "talloc.h"
-#include "tevent.h"
-#include "ldb_errors.h"
+#include <talloc.h>
+#include <tevent.h>
+#include <ldb_version.h>
+#include <ldb_errors.h>
 
 /*
@@ -86 +87 @@
 #ifndef PRINTF_ATTRIBUTE
 #define PRINTF_ATTRIBUTE(a,b)
+#endif
+
+#ifndef _DEPRECATED_
+#if (__GNUC__ >= 3) && (__GNUC_MINOR__ >= 1 )
+#define _DEPRECATED_ __attribute__ ((deprecated))
+#else
+#define _DEPRECATED_
+#endif
 #endif
 /*! \endcond */
@@ -103 +112 @@
 
 /**
+  use this to extract the mod type from the operation
+ */
+#define LDB_FLAG_MOD_TYPE(flags) ((flags) & LDB_FLAG_MOD_MASK)
+
+/**
    Flag value used in ldap_modify() to indicate that attributes are
    being added.
@@ -125 +139 @@
 */
 #define LDB_FLAG_MOD_DELETE  3
+
+/**
+    flag bits on an element usable only by the internal implementation
+*/
+#define LDB_FLAG_INTERNAL_MASK 0xFFFFFFF0
 
 /**
@@ -297 +316 @@
 
 struct ldb_parse_tree *ldb_parse_tree(TALLOC_CTX *mem_ctx, const char *s);
-char *ldb_filter_from_tree(TALLOC_CTX *mem_ctx, struct ldb_parse_tree *tree);
+char *ldb_filter_from_tree(TALLOC_CTX *mem_ctx, const struct ldb_parse_tree *tree);
 
 /**
@@ -336 +355 @@
 typedef int (*ldb_attr_handler_t)(struct ldb_context *, TALLOC_CTX *mem_ctx, const struct ldb_val *, struct ldb_val *);
 typedef int (*ldb_attr_comparison_t)(struct ldb_context *, TALLOC_CTX *mem_ctx, const struct ldb_val *, const struct ldb_val *);
+struct ldb_schema_attribute;
+typedef int (*ldb_attr_operator_t)(struct ldb_context *, enum ldb_parse_op operation,
+                                   const struct ldb_schema_attribute *a,
+                                   const struct ldb_val *, const struct ldb_val *, bool *matched);
 
 /*
@@ -353 +376 @@
         ldb_attr_handler_t canonicalise_fn;
         ldb_attr_comparison_t comparison_fn;
+        ldb_attr_operator_t operator_fn;
 };
 
@@ -457 +481 @@
 typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 
+/* Individual controls */
+
+/**
+  OID for getting and manipulating attributes from the ldb
+  without interception in the operational module.
+  It can be used to access attribute that used to be stored in the sam 
+  and that are now calculated.
+*/
+#define LDB_CONTROL_BYPASS_OPERATIONAL_OID "1.3.6.1.4.1.7165.4.3.13"
+#define LDB_CONTROL_BYPASS_OPERATIONAL_NAME "bypassoperational"
+
+/**
+  OID for recalculate SD control. This control force the
+  dsdb code to recalculate the SD of the object as if the
+  object was just created.
+
+*/
+#define LDB_CONTROL_RECALCULATE_SD_OID "1.3.6.1.4.1.7165.4.3.5"
+#define LDB_CONTROL_RECALCULATE_SD_NAME "recalculate_sd"
+
+/**
+   REVEAL_INTERNALS is used to reveal internal attributes and DN
+   components which are not normally shown to the user
+*/
+#define LDB_CONTROL_REVEAL_INTERNALS "1.3.6.1.4.1.7165.4.3.6"
+#define LDB_CONTROL_REVEAL_INTERNALS_NAME       "reveal_internals"
+
+/**
+   LDB_CONTROL_AS_SYSTEM is used to skip access checks on operations
+   that are performed by the system, but with a user's credentials, e.g.
+   updating prefix map
+*/
+#define LDB_CONTROL_AS_SYSTEM_OID "1.3.6.1.4.1.7165.4.3.7"
+
+/**
+   LDB_CONTROL_PROVISION_OID is used to skip some constraint checks. It's is
+   mainly thought to be used for the provisioning.
+*/
+#define LDB_CONTROL_PROVISION_OID "1.3.6.1.4.1.7165.4.3.16"
+#define LDB_CONTROL_PROVISION_NAME      "provision"
+
+/* AD controls */
+
 /**
    OID for the paged results control. This control is included in the
@@ -466 +533 @@
 */
 #define LDB_CONTROL_PAGED_RESULTS_OID   "1.2.840.113556.1.4.319"
+#define LDB_CONTROL_PAGED_RESULTS_NAME  "paged_result"
 
 /**
@@ -473 +541 @@
 */
 #define LDB_CONTROL_SD_FLAGS_OID        "1.2.840.113556.1.4.801"
+#define LDB_CONTROL_SD_FLAGS_NAME       "sd_flags"
 
 /**
@@ -480 +549 @@
 */
 #define LDB_CONTROL_DOMAIN_SCOPE_OID    "1.2.840.113556.1.4.1339"
+#define LDB_CONTROL_DOMAIN_SCOPE_NAME   "domain_scope"
 
 /**
@@ -487 +557 @@
 */
 #define LDB_CONTROL_SEARCH_OPTIONS_OID  "1.2.840.113556.1.4.1340"
+#define LDB_CONTROL_SEARCH_OPTIONS_NAME "search_options"
 
 /**
@@ -494 +565 @@
 */
 #define LDB_CONTROL_NOTIFICATION_OID    "1.2.840.113556.1.4.528"
+#define LDB_CONTROL_NOTIFICATION_NAME   "notification"
+
+/**
+   OID for performing subtree deletes
+
+   \sa <a href="http://msdn.microsoft.com/en-us/library/aa366991(v=VS.85).aspx">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_TREE_DELETE_OID     "1.2.840.113556.1.4.805"
+#define LDB_CONTROL_TREE_DELETE_NAME    "tree_delete"
 
 /**
@@ -501 +581 @@
 */
 #define LDB_CONTROL_SHOW_DELETED_OID    "1.2.840.113556.1.4.417"
+#define LDB_CONTROL_SHOW_DELETED_NAME   "show_deleted"
 
 /**
@@ -508 +589 @@
 */
 #define LDB_CONTROL_SHOW_RECYCLED_OID         "1.2.840.113556.1.4.2064"
+#define LDB_CONTROL_SHOW_RECYCLED_NAME  "show_recycled"
 
 /**
@@ -515 +597 @@
 */
 #define LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID "1.2.840.113556.1.4.2065"
+#define LDB_CONTROL_SHOW_DEACTIVATED_LINK_NAME  "show_deactivated_link"
 
 /**
@@ -522 +605 @@
 */
 #define LDB_CONTROL_EXTENDED_DN_OID     "1.2.840.113556.1.4.529"
+#define LDB_CONTROL_EXTENDED_DN_NAME    "extended_dn"
 
 /**
@@ -536 +620 @@
 */
 #define LDB_CONTROL_SERVER_SORT_OID     "1.2.840.113556.1.4.473"
+#define LDB_CONTROL_SERVER_SORT_NAME    "server_sort"
 
 /**
@@ -547 +632 @@
 */
 #define LDB_CONTROL_SORT_RESP_OID       "1.2.840.113556.1.4.474"
+#define LDB_CONTROL_SORT_RESP_NAME      "server_sort_resp"
 
 /**
@@ -555 +641 @@
 */
 #define LDB_CONTROL_ASQ_OID             "1.2.840.113556.1.4.1504"
+#define LDB_CONTROL_ASQ_NAME    "asq"
 
 /**
@@ -563 +650 @@
 */
 #define LDB_CONTROL_DIRSYNC_OID         "1.2.840.113556.1.4.841"
+#define LDB_CONTROL_DIRSYNC_NAME        "dirsync"
 
 
@@ -572 +660 @@
 */
 #define LDB_CONTROL_VLV_REQ_OID         "2.16.840.1.113730.3.4.9"
+#define LDB_CONTROL_VLV_REQ_NAME        "vlv"
 
 /**
@@ -580 +669 @@
 */
 #define LDB_CONTROL_VLV_RESP_OID        "2.16.840.1.113730.3.4.10"
+#define LDB_CONTROL_VLV_RESP_NAME       "vlv_resp"
 
 /**
@@ -588 +678 @@
 */
 #define LDB_CONTROL_PERMISSIVE_MODIFY_OID       "1.2.840.113556.1.4.1413"
+#define LDB_CONTROL_PERMISSIVE_MODIFY_NAME      "permissive_modify"
+
+/** 
+    OID to allow the server to be more 'fast and loose' with the data being added.  
+
+    \sa <a href="http://msdn.microsoft.com/en-us/library/aa366982(v=VS.85).aspx">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_SERVER_LAZY_COMMIT   "1.2.840.113556.1.4.619"
+
+/**
+   Control for RODC join -see [MS-ADTS] section 3.1.1.3.4.1.23
+
+   \sa <a href="">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_RODC_DCPROMO_OID "1.2.840.113556.1.4.1341"
+#define LDB_CONTROL_RODC_DCPROMO_NAME   "rodc_join"
+
+/* Other standardised controls */
+
+/**
+   OID for the allowing client to request temporary relaxed
+   enforcement of constraints of the x.500 model.
+
+   Mainly used for the OpenLDAP backend.
+
+   \sa <a href="http://opends.dev.java.net/public/standards/draft-zeilenga-ldap-managedit.txt">draft managedit</a>.
+*/
+#define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12"
+#define LDB_CONTROL_RELAX_NAME  "relax"
+
+/* Extended operations */
+
+/**
+   OID for LDAP Extended Operation SEQUENCE_NUMBER
+
+   This extended operation is used to retrieve the extended sequence number.
+*/
+#define LDB_EXTENDED_SEQUENCE_NUMBER    "1.3.6.1.4.1.7165.4.4.3"
+
+/**
+   OID for LDAP Extended Operation PASSWORD_CHANGE.
+
+   This Extended operation is used to allow user password changes by the user
+   itself.
+*/
+#define LDB_EXTENDED_PASSWORD_CHANGE_OID        "1.3.6.1.4.1.4203.1.11.1"
+
+
+/**
+   OID for LDAP Extended Operation FAST_BIND
+
+   This Extended operations is used to perform a fast bind.
+*/
+#define LDB_EXTENDED_FAST_BIND_OID      "1.2.840.113556.1.4.1781"
 
 /**
    OID for LDAP Extended Operation START_TLS.
 
-   This Extended operation is used to start a new TLS
-   channel on top of a clear text channel.
+   This Extended operation is used to start a new TLS channel on top of a clear
+   text channel.
 */
 #define LDB_EXTENDED_START_TLS_OID      "1.3.6.1.4.1.1466.20037"
 
 /**
+   OID for LDAP Extended Operation DYNAMIC_REFRESH.
+
+   This Extended operation is used to create and maintain objects which exist
+   only a specific time, e.g. when a certain client or a certain person is
+   logged in. Data refreshes have to be periodically sent in a specific
+   interval. Otherwise the entry is going to be removed.
 */
 #define LDB_EXTENDED_DYNAMIC_OID        "1.3.6.1.4.1.1466.101.119.1"
-
-/**
-*/
-#define LDB_EXTENDED_FAST_BIND_OID      "1.2.840.113556.1.4.1781"
 
 struct ldb_sd_flags_control {
@@ -736 +882 @@
 };
 
-#define LDB_EXTENDED_SEQUENCE_NUMBER    "1.3.6.1.4.1.7165.4.4.3"
-
 enum ldb_sequence_type {
         LDB_SEQ_HIGHEST_SEQ,
@@ -964 +1108 @@
 int ldb_op_default_callback(struct ldb_request *req, struct ldb_reply *ares);
 
+int ldb_modify_default_callback(struct ldb_request *req, struct ldb_reply *ares);
 
 /**
@@ -1118 +1263 @@
 
 /**
+  replace a ldb_control in a ldb_request
+
+  \param req the request struct where to add the control
+  \param oid the object identifier of the control as string
+  \param critical whether the control should be critical or not
+  \param data a talloc pointer to the control specific data
+
+  \return result code (LDB_SUCCESS on success, or a failure code)
+*/
+int ldb_request_replace_control(struct ldb_request *req, const char *oid, bool critical, void *data);
+
+/**
    check if a control with the specified "oid" exist and return it 
   \param req the request struct where to add the control
@@ -1309 +1466 @@
 int ldb_transaction_cancel(struct ldb_context *ldb);
 
+/*
+  cancel a transaction with no error if no transaction is pending
+  used when we fork() to clear any parent transactions
+*/
+int ldb_transaction_cancel_noerr(struct ldb_context *ldb);
+
 
 /**
@@ -1551 +1714 @@
   \param mode Style of extended DN to return (0 is HEX representation of binary form, 1 is a string form)
 */
-char *ldb_dn_get_extended_linearized(void *mem_ctx, struct ldb_dn *dn, int mode);
+char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int mode);
 const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn, const char *name);
 int ldb_dn_set_extended_component(struct ldb_dn *dn, const char *name, const struct ldb_val *val);
-
+void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list);
 void ldb_dn_remove_extended_components(struct ldb_dn *dn);
 bool ldb_dn_has_extended(struct ldb_dn *dn);
@@ -1591 +1754 @@
 */
 
-struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, struct ldb_context *ldb, const struct ldb_val *strdn);
+struct ldb_dn *ldb_dn_from_ldb_val(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const struct ldb_val *strdn);
 
 /**
@@ -1620 +1783 @@
 char *ldb_dn_canonical_ex_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
 int ldb_dn_get_comp_num(struct ldb_dn *dn);
+int ldb_dn_get_extended_comp_num(struct ldb_dn *dn);
 const char *ldb_dn_get_component_name(struct ldb_dn *dn, unsigned int num);
 const struct ldb_val *ldb_dn_get_component_val(struct ldb_dn *dn, unsigned int num);
@@ -1630 +1794 @@
 bool ldb_dn_check_special(struct ldb_dn *dn, const char *check);
 bool ldb_dn_is_null(struct ldb_dn *dn);
+int ldb_dn_update_components(struct ldb_dn *dn, const struct ldb_dn *ref_dn);
 
 
@@ -1713 +1878 @@
 int ldb_msg_add_string(struct ldb_message *msg, 
                        const char *attr_name, const char *str);
+int ldb_msg_add_linearized_dn(struct ldb_message *msg, const char *attr_name,
+                              struct ldb_dn *dn);
 int ldb_msg_add_fmt(struct ldb_message *msg, 
                     const char *attr_name, const char *fmt, ...) PRINTF_ATTRIBUTE(3,4);
@@ -1766 +1933 @@
                                  const struct ldb_message *msg);
 
+/*
+ * ldb_msg_canonicalize() is now depreciated
+ * Please use ldb_msg_normalize() instead
+ *
+ * NOTE: Returned ldb_message object is allocated
+ * into *ldb's context. Callers are recommended
+ * to steal the returned object into a TALLOC_CTX
+ * with short lifetime.
+ */
 struct ldb_message *ldb_msg_canonicalize(struct ldb_context *ldb, 
-                                         const struct ldb_message *msg);
-
-
+                                         const struct ldb_message *msg) _DEPRECATED_;
+
+int ldb_msg_normalize(struct ldb_context *ldb,
+                      TALLOC_CTX *mem_ctx,
+                      const struct ldb_message *msg,
+                      struct ldb_message **_msg_out);
+
+
+/*
+ * ldb_msg_diff() is now depreciated
+ * Please use ldb_msg_difference() instead
+ *
+ * NOTE: Returned ldb_message object is allocated
+ * into *ldb's context. Callers are recommended
+ * to steal the returned object into a TALLOC_CTX
+ * with short lifetime.
+ */
 struct ldb_message *ldb_msg_diff(struct ldb_context *ldb, 
                                  struct ldb_message *msg1,
-                                 struct ldb_message *msg2);
-
+                                 struct ldb_message *msg2) _DEPRECATED_;
+
+/**
+ * return a ldb_message representing the differences between msg1 and msg2.
+ * If you then use this in a ldb_modify() call,
+ * it can be used to save edits to a message
+ *
+ * Result message is constructed as follows:
+ * - LDB_FLAG_MOD_ADD     - elements found only in msg2
+ * - LDB_FLAG_MOD_REPLACE - elements in msg2 that have
+ *                          different value in msg1
+ *                          Value for msg2 element is used
+ * - LDB_FLAG_MOD_DELETE  - elements found only in msg2
+ *
+ * @return LDB_SUCCESS or LDB_ERR_OPERATIONS_ERROR
+ */
+int ldb_msg_difference(struct ldb_context *ldb,
+                       TALLOC_CTX *mem_ctx,
+                       struct ldb_message *msg1,
+                       struct ldb_message *msg2,
+                       struct ldb_message **_msg_out);
+
+/**
+   Tries to find a certain string attribute in a message
+
+   \param msg the message to check
+   \param name attribute name
+   \param value attribute value
+
+   \return 1 on match and 0 otherwise.
+*/
 int ldb_msg_check_string_attribute(const struct ldb_message *msg,
                                    const char *name,
@@ -1880 +2099 @@
 
 /**
+  convert a LDAP GeneralizedTime string in ldb_val format to a
+  time_t.
+*/
+int ldb_val_to_time(const struct ldb_val *v, time_t *t);
+
+/**
    Convert a time structure to a string
 
@@ -1908 +2133 @@
 void ldb_qsort (void *const pbase, size_t total_elems, size_t size, void *opaque, ldb_qsort_cmp_fn_t cmp);
 
-
+#ifndef discard_const
+#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
+#endif
+
+/*
+  a wrapper around ldb_qsort() that ensures the comparison function is
+  type safe. This will produce a compilation warning if the types
+  don't match
+ */
+#define LDB_TYPESAFE_QSORT(base, numel, opaque, comparison)     \
+do { \
+        if (numel > 1) { \
+                ldb_qsort(base, numel, sizeof((base)[0]), discard_const(opaque), (ldb_qsort_cmp_fn_t)comparison); \
+                comparison(&((base)[0]), &((base)[1]), opaque);         \
+        } \
+} while (0)
+
+/* allow ldb to also call TYPESAFE_QSORT() */
+#ifndef TYPESAFE_QSORT
+#define TYPESAFE_QSORT(base, numel, comparison) \
+do { \
+        if (numel > 1) { \
+                qsort(base, numel, sizeof((base)[0]), (int (*)(const void *, const void *))comparison); \
+                comparison(&((base)[0]), &((base)[1])); \
+        } \
+} while (0)
+#endif
+
+
+
+/**
+   Convert a control into its string representation.
+   
+   \param mem_ctx TALLOC context to return result on, and to allocate error_string on
+   \param control A struct ldb_control to convert
+
+   \return string representation of the control 
+*/
+char* ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *control);
+/**
+   Convert a string representing a control into a ldb_control structure 
+   
+   \param ldb LDB context
+   \param mem_ctx TALLOC context to return result on, and to allocate error_string on
+   \param control_strings A string-formatted control
+
+   \return a ldb_control element
+*/
+struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *control_strings);
 /**
    Convert an array of string represention of a control into an array of ldb_control structures 
@@ -1929 +2202 @@
 
 
+struct ldb_dn *ldb_dn_binary_from_ldb_val(TALLOC_CTX *mem_ctx,
+                                          struct ldb_context *ldb,
+                                          const struct ldb_val *strdn);
+
+int ldb_dn_get_binary(struct ldb_dn *dn, struct ldb_val *val);
+int ldb_dn_set_binary(struct ldb_dn *dn, struct ldb_val *val);
+
+/* debugging functions for ldb requests */
+void ldb_req_set_location(struct ldb_request *req, const char *location);
+const char *ldb_req_location(struct ldb_request *req);
+
+/* set the location marker on a request handle - used for debugging */
+#define LDB_REQ_SET_LOCATION(req) ldb_req_set_location(req, __location__)
+
+/*
+  minimise a DN. The caller must pass in a validated DN.
+
+  If the DN has an extended component then only the first extended
+  component is kept, the DN string is stripped.
+
+  The existing dn is modified
+ */
+bool ldb_dn_minimise(struct ldb_dn *dn);
+
 #endif

trunk/server/source4/lib/ldb/include/ldb_errors.h

@@ -198 +198 @@
 
 /**
-   The function referred to an alias which points to a non-existant
+   The function referred to an alias which points to a non-existent
    object in the database.
 */

trunk/server/source4/lib/ldb/include/ldb_handlers.h

@@ -36 +36 @@
 int ldb_comparison_binary(      struct ldb_context *ldb, void *mem_ctx,
                                 const struct ldb_val *v1, const struct ldb_val *v2);
-int db_handler_fold(            struct ldb_context *ldb, void *mem_ctx,
-                                const struct ldb_val *in, struct ldb_val *out);
 int ldb_comparison_fold(        struct ldb_context *ldb, void *mem_ctx,
                                 const struct ldb_val *v1, const struct ldb_val *v2);

trunk/server/source4/lib/ldb/include/ldb_module.h

@@ -34 +34 @@
 #define _LDB_MODULE_H_
 
-#include "ldb.h"
+#include <ldb.h>
 
 struct ldb_context;
 struct ldb_module;
+
+/**
+   internal flag bits on message elements. Must be within LDB_FLAG_INTERNAL_MASK
+ */
+#define LDB_FLAG_INTERNAL_DISABLE_VALIDATION 0x10
+
+/* disable any single value checking on this attribute */
+#define LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK 0x20
+
+/* attribute has failed access check and must not be exposed */
+#define LDB_FLAG_INTERNAL_INACCESSIBLE_ATTRIBUTE 0x40
+
+/* force single value checking on this attribute */
+#define LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK 0x80
+
 
 /*
@@ -68 +83 @@
 void ldb_debug_end(struct ldb_context *ldb, enum ldb_debug_level level);
 
-#define ldb_oom(ldb) ldb_debug_set(ldb, LDB_DEBUG_FATAL, "ldb out of memory at %s:%d\n", __FILE__, __LINE__)
+#define ldb_error(ldb, ecode, reason) ldb_error_at(ldb, ecode, reason, __FILE__, __LINE__)
+
+#define ldb_oom(ldb) ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, "ldb out of memory")
+#define ldb_module_oom(module) ldb_oom(ldb_module_get_ctx(module))
+#define ldb_operr(ldb) ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, "operations error")
 
 /* The following definitions come from lib/ldb/common/ldb.c  */
@@ -99 +118 @@
                                                void *private_data);
 
+/* A useful function to build comparison functions with */
+int ldb_any_comparison(struct ldb_context *ldb, void *mem_ctx, 
+                       ldb_attr_handler_t canonicalise_fn, 
+                       const struct ldb_val *v1,
+                       const struct ldb_val *v2);
+
 /* The following definitions come from lib/ldb/common/ldb_controls.c  */
-struct ldb_control *get_control_from_list(struct ldb_control **controls, const char *oid);
-int save_controls(struct ldb_control *exclude, struct ldb_request *req, struct ldb_control ***saver);
-int check_critical_controls(struct ldb_control **controls);
+int ldb_save_controls(struct ldb_control *exclude, struct ldb_request *req, struct ldb_control ***saver);
+/* Returns a list of controls, except the one specified.  Included
+ * controls become a child of returned list if they were children of
+ * controls_in */
+struct ldb_control **ldb_controls_except_specified(struct ldb_control **controls_in, 
+                                               TALLOC_CTX *mem_ctx, 
+                                               struct ldb_control *exclude);
+int ldb_check_critical_controls(struct ldb_control **controls);
 
 /* The following definitions come from lib/ldb/common/ldb_ldif.c  */
@@ -114 +144 @@
                   enum ldb_scope scope);
 
+int ldb_match_msg_error(struct ldb_context *ldb,
+                        const struct ldb_message *msg,
+                        const struct ldb_parse_tree *tree,
+                        struct ldb_dn *base,
+                        enum ldb_scope scope,
+                        bool *matched);
+
+int ldb_match_msg_objectclass(const struct ldb_message *msg,
+                              const char *objectclass);
+
 /* The following definitions come from lib/ldb/common/ldb_modules.c  */
 
@@ -125 +165 @@
 void *ldb_module_get_private(struct ldb_module *module);
 void ldb_module_set_private(struct ldb_module *module, void *private_data);
+const struct ldb_module_ops *ldb_module_get_ops(struct ldb_module *module);
 
 int ldb_next_request(struct ldb_module *module, struct ldb_request *request);
@@ -136 +177 @@
 void ldb_asprintf_errstring(struct ldb_context *ldb, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
 void ldb_reset_err_string(struct ldb_context *ldb);
+int ldb_error_at(struct ldb_context *ldb, int ecode, const char *reason, const char *file, int line);
 
 const char *ldb_default_modules_dir(void);
@@ -152 +194 @@
 const char *ldb_default_modules_dir(void);
 
-int ldb_register_backend(const char *url_prefix, ldb_connect_fn);
+int ldb_register_backend(const char *url_prefix, ldb_connect_fn, bool);
 
 struct ldb_handle *ldb_handle_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb);
@@ -171 +213 @@
 
 void ldb_set_default_dns(struct ldb_context *ldb);
+/**
+  Add a ldb_control to a ldb_reply
+
+  \param ares the reply struct where to add the control
+  \param oid the object identifier of the control as string
+  \param critical whether the control should be critical or not
+  \param data a talloc pointer to the control specific data
+
+  \return result code (LDB_SUCCESS on success, or a failure code)
+*/
+int ldb_reply_add_control(struct ldb_reply *ares, const char *oid, bool critical, void *data);
+
+/**
+  mark a request as untrusted. This tells the rootdse module to remove
+  unregistered controls
+ */
+void ldb_req_mark_untrusted(struct ldb_request *req);
+
+/**
+  mark a request as trusted.
+ */
+void ldb_req_mark_trusted(struct ldb_request *req);
+
+/**
+   return true is a request is untrusted
+ */
+bool ldb_req_is_untrusted(struct ldb_request *req);
+
+/* load all modules from the given directory */
+int ldb_modules_load(const char *modules_path, const char *version);
+
+/* init functions prototype */
+typedef int (*ldb_module_init_fn)(const char *);
+
+/*
+  general ldb hook function
+ */
+enum ldb_module_hook_type { LDB_MODULE_HOOK_CMDLINE_OPTIONS     = 1,
+                            LDB_MODULE_HOOK_CMDLINE_PRECONNECT  = 2,
+                            LDB_MODULE_HOOK_CMDLINE_POSTCONNECT = 3 };
+
+typedef int (*ldb_hook_fn)(struct ldb_context *, enum ldb_module_hook_type );
+
+/*
+  register a ldb hook function
+ */
+int ldb_register_hook(ldb_hook_fn hook_fn);
+
+/*
+  call ldb hooks of a given type
+ */
+int ldb_modules_hook(struct ldb_context *ldb, enum ldb_module_hook_type t);
+
+#define LDB_MODULE_CHECK_VERSION(version) do { \
+ if (strcmp(version, LDB_VERSION) != 0) { \
+        fprintf(stderr, "ldb: module version mismatch in %s : ldb_version=%s module_version=%s\n", \
+                        __FILE__, version, LDB_VERSION); \
+        return LDB_ERR_UNAVAILABLE; \
+ }} while (0)
+
+
+/*
+  return a string representation of the calling chain for the given
+  ldb request
+ */
+char *ldb_module_call_chain(struct ldb_request *req, TALLOC_CTX *mem_ctx);
+
+/*
+  return the next module in the chain
+ */
+struct ldb_module *ldb_module_next(struct ldb_module *module);
+
+/*
+  set the next module in the module chain
+ */
+void ldb_module_set_next(struct ldb_module *module, struct ldb_module *next);
+
+/*
+  load a list of modules
+ */
+int ldb_module_load_list(struct ldb_context *ldb, const char **module_list,
+                         struct ldb_module *backend, struct ldb_module **out);
+
+/*
+  get the popt_options pointer in the ldb structure. This allows a ldb
+  module to change the command line parsing
+ */
+struct poptOption **ldb_module_popt_options(struct ldb_context *ldb);
+
+/* modules are called in inverse order on the stack.
+   Lets place them as an admin would think the right order is.
+   Modules order is important */
+const char **ldb_modules_list_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *string);
+
+/*
+  return the current ldb flags LDB_FLG_*
+ */
+uint32_t ldb_module_flags(struct ldb_context *ldb);
+
+int ldb_module_connect_backend(struct ldb_context *ldb,
+                               const char *url,
+                               const char *options[],
+                               struct ldb_module **backend_module);
+
+/*
+  initialise a chain of modules
+ */
+int ldb_module_init_chain(struct ldb_context *ldb, struct ldb_module *module);
+
+/*
+ * prototype for the init function defined by dynamically loaded modules
+ */
+int ldb_init_module(const char *version);
+
 
 #endif

trunk/server/source4/lib/ldb/include/ldb_private.h

@@ -38 +38 @@
 #define _LDB_PRIVATE_H_ 1
 
-#include "ldb_includes.h"
+#include "replace.h"
+#include "system/filesys.h"
+#include "system/time.h"
 #include "ldb.h"
 #include "ldb_module.h"
@@ -49 +51 @@
 
 #define LDB_HANDLE_FLAG_DONE_CALLED 1
+/* call is from an untrusted source - eg. over ldap:// */
+#define LDB_HANDLE_FLAG_UNTRUSTED   2
 
 struct ldb_handle {
@@ -56 +60 @@
         unsigned flags;
         unsigned nesting;
+
+        /* used for debugging */
+        struct ldb_request *parent;
+        const char *location;
 };
 
@@ -113 +121 @@
         unsigned int create_perms;
 
-        char *modules_dir;
-
         struct tevent_context *ev_ctx;
 
@@ -120 +126 @@
 
         char *partial_debug;
+
+        struct poptOption *popt_options;
 };
 
 /* The following definitions come from lib/ldb/common/ldb.c  */
-
-int ldb_connect_backend(struct ldb_context *ldb, const char *url, const char *options[],
-                        struct ldb_module **backend_module);
-
 
 extern const struct ldb_module_ops ldb_objectclass_module_ops;
@@ -158 +162 @@
 
 /* The following definitions come from lib/ldb/common/ldb_utf8.c */
-char *ldb_casefold_default(void *context, void *mem_ctx, const char *s, size_t n);
+char *ldb_casefold_default(void *context, TALLOC_CTX *mem_ctx, const char *s, size_t n);
 
 void ldb_dump_results(struct ldb_context *ldb, struct ldb_result *result, FILE *f);
@@ -166 +170 @@
 
 const char **ldb_modules_list_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *string);
-int ldb_load_modules_list(struct ldb_context *ldb, const char **module_list, struct ldb_module *backend, struct ldb_module **out);
 int ldb_load_modules(struct ldb_context *ldb, const char *options[]);
-int ldb_init_module_chain(struct ldb_context *ldb, struct ldb_module *module);
 
-struct ldb_val ldb_binary_decode(void *mem_ctx, const char *str);
+struct ldb_val ldb_binary_decode(TALLOC_CTX *mem_ctx, const char *str);
+
+
+/* The following definitions come from lib/ldb/common/ldb_options.c  */
+
+const char *ldb_options_find(struct ldb_context *ldb, const char *options[],
+                             const char *option_name);
 
 #endif