couchbase 3.2.4 → 3.2.6

package/deps/lcb/src/capi/cmd_exists.hh

@@ -127,6 +127,17 @@ struct lcb_CMDEXISTS_ {
         return LCB_SUCCESS;
     }
 
+    lcb_STATUS on_behalf_of_add_extra_privilege(std::string privilege)
+    {
+        extra_privileges_.emplace_back(std::move(privilege));
+        return LCB_SUCCESS;
+    }
+
+    const std::vector<std::string> &extra_privileges() const
+    {
+        return extra_privileges_;
+    }
+
     bool want_impersonation() const
     {
         return !impostor_.empty();
@@ -145,6 +156,7 @@ struct lcb_CMDEXISTS_ {
     void *cookie_{nullptr};
     std::string key_{};
     std::string impostor_{};
+    std::vector<std::string> extra_privileges_{};
 };
 
 /**

package/deps/lcb/src/capi/cmd_get.hh

@@ -186,6 +186,17 @@ struct lcb_CMDGET_ {
         return LCB_SUCCESS;
     }
 
+    lcb_STATUS on_behalf_of_add_extra_privilege(std::string privilege)
+    {
+        extra_privileges_.emplace_back(std::move(privilege));
+        return LCB_SUCCESS;
+    }
+
+    const std::vector<std::string> &extra_privileges() const
+    {
+        return extra_privileges_;
+    }
+
     bool want_impersonation() const
     {
         return !impostor_.empty();
@@ -208,6 +219,7 @@ struct lcb_CMDGET_ {
     get_mode mode_{get_mode::normal};
     bool cookie_is_callback_{false};
     std::string impostor_{};
+    std::vector<std::string> extra_privileges_{};
 };
 
 /** @private */

package/deps/lcb/src/capi/cmd_get_replica.hh

@@ -60,7 +60,8 @@ struct lcb_CMDGETREPLICA_ {
         return LCB_SUCCESS;
     }
 
-    int selected_replica_index() const {
+    int selected_replica_index() const
+    {
         return select_index_;
     }
 
@@ -162,6 +163,17 @@ struct lcb_CMDGETREPLICA_ {
         return LCB_SUCCESS;
     }
 
+    lcb_STATUS on_behalf_of_add_extra_privilege(std::string privilege)
+    {
+        extra_privileges_.emplace_back(std::move(privilege));
+        return LCB_SUCCESS;
+    }
+
+    const std::vector<std::string> &extra_privileges() const
+    {
+        return extra_privileges_;
+    }
+
     bool want_impersonation() const
     {
         return !impostor_.empty();
@@ -182,6 +194,7 @@ struct lcb_CMDGETREPLICA_ {
     get_replica_mode mode_{get_replica_mode::any};
     int select_index_{0};
     std::string impostor_{};
+    std::vector<std::string> extra_privileges_{};
 };
 
 struct lcb_RESPGETREPLICA_ {

package/deps/lcb/src/capi/cmd_query.cc

@@ -268,6 +268,11 @@ LIBCOUCHBASE_API lcb_STATUS lcb_cmdquery_on_behalf_of(lcb_CMDQUERY *cmd, const c
     return cmd->on_behalf_of(std::string(data, data_len));
 }
 
+LIBCOUCHBASE_API lcb_STATUS lcb_cmdquery_preserve_expiry(lcb_CMDQUERY *cmd, int preserve_expiry)
+{
+    return cmd->preserve_expiry(preserve_expiry);
+}
+
 LIBCOUCHBASE_API lcb_STATUS lcb_errctx_query_rc(const lcb_QUERY_ERROR_CONTEXT *ctx)
 {
     return ctx->rc;
@@ -287,6 +292,14 @@ LIBCOUCHBASE_API lcb_STATUS lcb_errctx_query_first_error_message(const lcb_QUERY
     return LCB_SUCCESS;
 }
 
+LIBCOUCHBASE_API lcb_STATUS lcb_errctx_query_error_response_body(const lcb_QUERY_ERROR_CONTEXT *ctx, const char **body,
+                                                                 size_t *body_len)
+{
+    *body = ctx->error_response_body;
+    *body_len = ctx->error_response_body_len;
+    return LCB_SUCCESS;
+}
+
 LIBCOUCHBASE_API lcb_STATUS lcb_errctx_query_statement(const lcb_QUERY_ERROR_CONTEXT *ctx, const char **statement,
                                                        size_t *statement_len)
 {

package/deps/lcb/src/capi/cmd_query.hh

@@ -30,20 +30,22 @@
  */
 struct lcb_QUERY_ERROR_CONTEXT_ {
     lcb_STATUS rc;
-    uint32_t first_error_code;
-    const char *first_error_message;
-    size_t first_error_message_len;
-    const char *statement;
-    size_t statement_len;
-    const char *client_context_id;
-    size_t client_context_id_len;
-    const char *query_params;
-    size_t query_params_len;
-    uint32_t http_response_code;
-    const char *http_response_message;
-    size_t http_response_message_len;
-    const char *endpoint;
-    size_t endpoint_len;
+    uint32_t first_error_code{};
+    const char *first_error_message{};
+    size_t first_error_message_len{};
+    const char *error_response_body{};
+    size_t error_response_body_len{};
+    const char *statement{};
+    size_t statement_len{};
+    const char *client_context_id{};
+    size_t client_context_id_len{};
+    const char *query_params{};
+    size_t query_params_len{};
+    uint32_t http_response_code{};
+    const char *http_response_message{};
+    size_t http_response_message_len{};
+    const char *endpoint{};
+    size_t endpoint_len{};
 };
 
 /**
@@ -203,6 +205,12 @@ struct lcb_CMDQUERY_ {
         return LCB_SUCCESS;
     }
 
+    lcb_STATUS preserve_expiry(bool preserve_expiry)
+    {
+        root_["preserve_expiry"] = preserve_expiry;
+        return LCB_SUCCESS;
+    }
+
     lcb_STATUS callback(lcb_QUERY_CALLBACK row_callback)
     {
         callback_ = row_callback;

package/deps/lcb/src/capi/cmd_remove.hh

@@ -154,6 +154,17 @@ struct lcb_CMDREMOVE_ {
         return LCB_SUCCESS;
     }
 
+    lcb_STATUS on_behalf_of_add_extra_privilege(std::string privilege)
+    {
+        extra_privileges_.emplace_back(std::move(privilege));
+        return LCB_SUCCESS;
+    }
+
+    const std::vector<std::string> &extra_privileges() const
+    {
+        return extra_privileges_;
+    }
+
     bool want_impersonation() const
     {
         return !impostor_.empty();
@@ -174,6 +185,7 @@ struct lcb_CMDREMOVE_ {
     std::uint64_t cas_{0};
     lcb_DURABILITY_LEVEL durability_level_{LCB_DURABILITYLEVEL_NONE};
     std::string impostor_{};
+    std::vector<std::string> extra_privileges_{};
 };
 
 /**

package/deps/lcb/src/capi/cmd_store.hh

@@ -371,6 +371,17 @@ struct lcb_CMDSTORE_ {
         return LCB_SUCCESS;
     }
 
+    lcb_STATUS on_behalf_of_add_extra_privilege(std::string privilege)
+    {
+        extra_privileges_.emplace_back(std::move(privilege));
+        return LCB_SUCCESS;
+    }
+
+    const std::vector<std::string> &extra_privileges() const
+    {
+        return extra_privileges_;
+    }
+
     bool want_impersonation() const
     {
         return !impostor_.empty();
@@ -402,6 +413,7 @@ struct lcb_CMDSTORE_ {
     bool cookie_is_callback_{false};
     bool preserve_expiry_{false};
     std::string impostor_{};
+    std::vector<std::string> extra_privileges_{};
 };
 
 /**

package/deps/lcb/src/capi/cmd_subdoc.hh

@@ -445,6 +445,17 @@ struct lcb_CMDSUBDOC_ {
         return LCB_SUCCESS;
     }
 
+    lcb_STATUS on_behalf_of_add_extra_privilege(std::string privilege)
+    {
+        extra_privileges_.emplace_back(std::move(privilege));
+        return LCB_SUCCESS;
+    }
+
+    const std::vector<std::string> &extra_privileges() const
+    {
+        return extra_privileges_;
+    }
+
     bool want_impersonation() const
     {
         return !impostor_.empty();
@@ -469,6 +480,7 @@ struct lcb_CMDSUBDOC_ {
     lcb_SUBDOCSPECS_ specs_{};
     bool preserve_expiry_{false};
     std::string impostor_{};
+    std::vector<std::string> extra_privileges_{};
 };
 
 /**

package/deps/lcb/src/capi/cmd_touch.hh

@@ -138,6 +138,17 @@ struct lcb_CMDTOUCH_ {
         return LCB_SUCCESS;
     }
 
+    lcb_STATUS on_behalf_of_add_extra_privilege(std::string privilege)
+    {
+        extra_privileges_.emplace_back(std::move(privilege));
+        return LCB_SUCCESS;
+    }
+
+    const std::vector<std::string> &extra_privileges() const
+    {
+        return extra_privileges_;
+    }
+
     bool want_impersonation() const
     {
         return !impostor_.empty();
@@ -157,6 +168,7 @@ struct lcb_CMDTOUCH_ {
     void *cookie_{nullptr};
     std::string key_{};
     std::string impostor_{};
+    std::vector<std::string> extra_privileges_{};
 };
 
 /**

package/deps/lcb/src/capi/cmd_unlock.hh

@@ -141,6 +141,17 @@ struct lcb_CMDUNLOCK_ {
         return LCB_SUCCESS;
     }
 
+    lcb_STATUS on_behalf_of_add_extra_privilege(std::string privilege)
+    {
+        extra_privileges_.emplace_back(std::move(privilege));
+        return LCB_SUCCESS;
+    }
+
+    const std::vector<std::string> &extra_privileges() const
+    {
+        return extra_privileges_;
+    }
+
     bool want_impersonation() const
     {
         return !impostor_.empty();
@@ -160,6 +171,7 @@ struct lcb_CMDUNLOCK_ {
     std::string key_{};
     std::uint64_t cas_{};
     std::string impostor_{};
+    std::vector<std::string> extra_privileges_{};
 };
 
 /**

package/deps/lcb/src/capi/collection_qualifier.hh

@@ -21,7 +21,6 @@
 #include <cstddef>
 #include <cstdint>
 #include <string>
-#include <sstream>
 #include <stdexcept>
 
 namespace lcb
@@ -48,11 +47,10 @@ struct collection_qualifier {
         if (collection_name != nullptr && collection_name_len > 0) {
             collection_.assign(collection_name, collection_name_len);
         }
-        std::stringstream ss;
-        ss << (scope_.empty() ? "_default" : scope_);
-        ss << '.';
-        ss << (collection_.empty() ? "_default" : collection_);
-        spec_ = ss.str();
+
+        spec_ = (scope_.empty() ? "_default" : scope_) +
+                '.' +
+                (collection_.empty() ? "_default" : collection_);
     }
 
     const std::string &scope() const
@@ -124,9 +122,6 @@ struct collection_qualifier {
             /* nullptr/0 for collection is mapped to default collection */
             return true;
         }
-        if (element_len < 1 || element_len > 30) {
-            return false;
-        }
         for (size_t i = 0; i < element_len; ++i) {
             if (!is_valid_collection_char(element[i])) {
                 return false;

package/deps/lcb/src/instance.cc

@@ -466,6 +466,25 @@ lcb_STATUS lcb_create(lcb_INSTANCE **instance, const lcb_CREATEOPTS *options)
         goto GT_DONE;
     }
 
+    {
+        // Warn users if they attempt to use Capella without TLS being enabled.
+        bool is_capella = false;
+        static std::string suffix = "cloud.couchbase.com";
+        for (auto &node : spec.hosts()) {
+            auto pos = node.hostname.find(suffix);
+            if (pos != std::string::npos && pos + suffix.size() == node.hostname.size()) {
+                is_capella = true;
+                break;
+            }
+        }
+
+        if (is_capella && (spec.sslopts() & LCB_SSL_ENABLED) == 0) {
+            lcb_log(LOGARGS(obj, INFO),
+                    "TLS is required when connecting to Couchbase Capella. Please enable TLS by prefixing "
+                    "the connection string with \"couchbases://\" (note the final 's').");
+        }
+    }
+
     if ((obj = (lcb_INSTANCE *)calloc(1, sizeof(*obj))) == nullptr) {
         err = LCB_ERR_NO_MEMORY;
         goto GT_DONE;

package/deps/lcb/src/internal.h

@@ -259,7 +259,8 @@ lcb_STATUS lcb_initialize_socket_subsystem(void);
 lcb_STATUS lcb_reinit(lcb_INSTANCE *obj, const char *connstr);
 
 lcb_RETRY_ACTION lcb_kv_should_retry(const lcb_settings *settings, const mc_PACKET *pkt, lcb_STATUS err);
-lcb_RETRY_ACTION lcb_query_should_retry(const lcb_settings *settings, lcb_QUERY_HANDLE *query, lcb_STATUS err);
+lcb_RETRY_ACTION lcb_query_should_retry(const lcb_settings *settings, lcb_QUERY_HANDLE *query, lcb_STATUS err,
+                                        int retry_attribute);
 
 lcb_RESPCALLBACK lcb_find_callback(lcb_INSTANCE *instance, lcb_CALLBACK_TYPE cbtype);
 

package/deps/lcb/src/mcserver/negotiate.cc

@@ -660,6 +660,9 @@ GT_NEXT_PACKET:
                         status);
                 set_error(LCB_ERR_PROTOCOL_ERROR, "GET_ERRMAP response unexpected", &resp);
             }
+            if (settings->keypath) {
+                completed = !maybe_select_bucket();
+            }
             // Note, there is no explicit state transition here. LIST_MECHS is
             // pipelined after this request.
             break;

package/deps/lcb/src/n1ql/n1ql.cc

@@ -52,10 +52,14 @@ static lcb_RETRY_REASON query_code_to_reason(lcb_STATUS err)
     }
 }
 
-lcb_RETRY_ACTION lcb_query_should_retry(const lcb_settings *settings, lcb_QUERY_HANDLE *query, lcb_STATUS err)
+lcb_RETRY_ACTION lcb_query_should_retry(const lcb_settings *settings, lcb_QUERY_HANDLE *query, lcb_STATUS err,
+                                        int retry_attribute)
 {
     lcb_RETRY_ACTION retry_action{};
     lcb_RETRY_REASON retry_reason = query_code_to_reason(err);
+    if (retry_attribute) {
+        retry_reason = LCB_RETRY_REASON_QUERY_ERROR_RETRYABLE;
+    }
     if (err == LCB_ERR_TIMEOUT) {
         /* We can't exceed a timeout for ETIMEDOUT */
         retry_action.should_retry = 0;

package/deps/lcb/src/n1ql/query_handle.cc

@@ -95,8 +95,8 @@ static void prepare_rowcb(lcb_INSTANCE *instance, int, const lcb_RESPQUERY *row)
 
 bool lcb_QUERY_HANDLE_::parse_meta(const char *row, size_t row_len, lcb_STATUS &rc)
 {
-    first_error_message.clear();
-    first_error_code = 0;
+    first_error.message.clear();
+    first_error.code = 0;
 
     Json::Value meta;
     if (!Json::Reader(Json::Features::strictMode()).parse(row, row + row_len, meta)) {
@@ -105,22 +105,42 @@ bool lcb_QUERY_HANDLE_::parse_meta(const char *row, size_t row_len, lcb_STATUS &
     const Json::Value &errors = meta["errors"];
     if (errors.isArray() && !errors.empty()) {
         const Json::Value &err = errors[0];
+        if (err.isMember("retry") && err["retry"].isBool()) {
+            first_error.retry = err["retry"].asBool();
+        }
+        if (err.isMember("reason") && err["reason"].isObject()) {
+            const Json::Value &reason = err["reason"];
+            if (reason.isMember("code") && reason["code"].isNumeric()) {
+                first_error.reason_code = reason["code"].asInt();
+            }
+        }
         const Json::Value &msg = err["msg"];
         if (msg.isString()) {
-            first_error_message = msg.asString();
+            first_error.message = msg.asString();
         }
         const Json::Value &code = err["code"];
         if (code.isNumeric()) {
-            first_error_code = code.asUInt();
-            switch (first_error_code) {
+            first_error.code = code.asUInt();
+            switch (first_error.code) {
                 case 3000:
                     rc = LCB_ERR_PARSING_FAILURE;
                     break;
                 case 12009:
                     rc = LCB_ERR_DML_FAILURE;
-                    if (first_error_message.find("CAS mismatch") != std::string::npos) {
+                    if (first_error.message.find("CAS mismatch") != std::string::npos) {
                         rc = LCB_ERR_CAS_MISMATCH;
                     }
+                    switch (first_error.reason_code) {
+                        case 12033:
+                            rc = LCB_ERR_CAS_MISMATCH;
+                            break;
+                        case 17014:
+                            rc = LCB_ERR_DOCUMENT_NOT_FOUND;
+                            break;
+                        case 17012:
+                            rc = LCB_ERR_DOCUMENT_EXISTS;
+                            break;
+                    }
                     break;
                 case 4040:
                 case 4050:
@@ -132,31 +152,34 @@ bool lcb_QUERY_HANDLE_::parse_meta(const char *row, size_t row_len, lcb_STATUS &
                     break;
                 case 4300:
                     rc = LCB_ERR_PLANNING_FAILURE;
-                    if (!first_error_message.empty()) {
+                    if (!first_error.message.empty()) {
                         std::regex already_exists("index.+already exists");
-                        if (std::regex_search(first_error_message, already_exists)) {
+                        if (std::regex_search(first_error.message, already_exists)) {
                             rc = LCB_ERR_INDEX_EXISTS;
                         }
                     }
                     break;
                 case 5000:
                     rc = LCB_ERR_INTERNAL_SERVER_FAILURE;
-                    if (!first_error_message.empty()) {
+                    if (!first_error.message.empty()) {
                         std::regex already_exists("Index.+already exists"); /* NOTE: case sensitive */
                         std::regex not_found("index.+not found");
-                        if (std::regex_search(first_error_message, already_exists)) {
+                        if (std::regex_search(first_error.message, already_exists)) {
                             rc = LCB_ERR_INDEX_EXISTS;
-                        } else if (std::regex_search(first_error_message, not_found)) {
+                        } else if (std::regex_search(first_error.message, not_found)) {
                             rc = LCB_ERR_INDEX_NOT_FOUND;
-                        } else if (first_error_message.find(
+                        } else if (first_error.message.find(
                                        "Limit for number of indexes that can be created per scope has been reached") !=
                                    std::string::npos) {
                             rc = LCB_ERR_QUOTA_LIMITED;
                         }
                     }
                     break;
-                case 12004:
                 case 12016:
+                    /* see MB-50643 */
+                    first_error.retry = false;
+                    /* fallthrough */
+                case 12004:
                     rc = LCB_ERR_INDEX_NOT_FOUND;
                     break;
                 case 12003:
@@ -177,14 +200,14 @@ bool lcb_QUERY_HANDLE_::parse_meta(const char *row, size_t row_len, lcb_STATUS &
                     break;
 
                 default:
-                    if (first_error_code >= 4000 && first_error_code < 5000) {
+                    if (first_error.code >= 4000 && first_error.code < 5000) {
                         rc = LCB_ERR_PLANNING_FAILURE;
-                    } else if (first_error_code >= 5000 && first_error_code < 6000) {
+                    } else if (first_error.code >= 5000 && first_error.code < 6000) {
                         rc = LCB_ERR_INTERNAL_SERVER_FAILURE;
-                    } else if (first_error_code >= 10000 && first_error_code < 11000) {
+                    } else if (first_error.code >= 10000 && first_error.code < 11000) {
                         rc = LCB_ERR_AUTHENTICATION_FAILURE;
-                    } else if ((first_error_code >= 12000 && first_error_code < 13000) ||
-                               (first_error_code >= 14000 && first_error_code < 15000)) {
+                    } else if ((first_error.code >= 12000 && first_error.code < 13000) ||
+                               (first_error.code >= 14000 && first_error.code < 15000)) {
                         rc = LCB_ERR_INDEX_FAILURE;
                     }
                     break;
@@ -218,11 +241,13 @@ void lcb_QUERY_HANDLE_::invoke_row(lcb_RESPQUERY *resp, bool is_last)
         resp->row = static_cast<const char *>(meta_buf.iov_base);
         resp->nrow = meta_buf.iov_len;
         parse_meta(resp->row, resp->nrow, resp->ctx.rc);
-        if (!first_error_message.empty()) {
-            resp->ctx.first_error_message = first_error_message.c_str();
-            resp->ctx.first_error_message_len = first_error_message.size();
+        resp->ctx.error_response_body = resp->row;
+        resp->ctx.error_response_body_len = resp->nrow;
+        if (!first_error.message.empty()) {
+            resp->ctx.first_error_message = first_error.message.c_str();
+            resp->ctx.first_error_message_len = first_error.message.size();
         }
-        resp->ctx.first_error_code = first_error_code;
+        resp->ctx.first_error_code = first_error.code;
         if (span_ != nullptr) {
             lcb::trace::finish_http_span(span_, this);
             span_ = nullptr;
@@ -358,27 +383,27 @@ lcb_RETRY_ACTION lcb_QUERY_HANDLE_::has_retriable_error(lcb_STATUS &rc)
     const uint32_t default_backoff = 100 /* ms */;
     if (rc == LCB_ERR_PREPARED_STATEMENT_FAILURE) {
         lcb_log(LOGARGS(this, TRACE), LOGFMT "Will retry request. rc: %s, code: %d, msg: %s", LOGID(this),
-                lcb_strerror_short(rc), first_error_code, first_error_message.c_str());
+                lcb_strerror_short(rc), first_error.code, first_error.message.c_str());
         return {1, default_backoff};
     }
-    if (first_error_code == 13014 &&
+    if (first_error.code == 13014 &&
         LCBT_SETTING(instance_, auth)->mode() == LCBAUTH_MODE_DYNAMIC) { // datastore.couchbase.insufficient_credentials
         auto result = request_credentials(LCBAUTH_REASON_AUTHENTICATION_FAILURE);
         bool credentials_found = result == LCBAUTH_RESULT_OK;
         lcb_log(LOGARGS(this, TRACE),
                 LOGFMT "Invalidate credentials and retry request. creds: %s, rc: %s, code: %d, msg: %s", LOGID(this),
-                credentials_found ? "ok" : "not_found", lcb_strerror_short(rc), first_error_code,
-                first_error_message.c_str());
+                credentials_found ? "ok" : "not_found", lcb_strerror_short(rc), first_error.code,
+                first_error.message.c_str());
         return {credentials_found, default_backoff};
     }
-    if (!first_error_message.empty()) {
+    if (!first_error.message.empty()) {
         for (const auto &magic_string : wtf_magic_strings) {
-            if (first_error_message.find(magic_string) != std::string::npos) {
+            if (first_error.message.find(magic_string) != std::string::npos) {
                 lcb_log(LOGARGS(this, TRACE),
                         LOGFMT
                         "Special error message detected. Will retry request. rc: %s (update to %s), code: %d, msg: %s",
                         LOGID(this), lcb_strerror_short(rc), lcb_strerror_short(LCB_ERR_PREPARED_STATEMENT_FAILURE),
-                        first_error_code, first_error_message.c_str());
+                        first_error.code, first_error.message.c_str());
                 rc = LCB_ERR_PREPARED_STATEMENT_FAILURE;
                 return {1, default_backoff};
             }
@@ -388,7 +413,7 @@ lcb_RETRY_ACTION lcb_QUERY_HANDLE_::has_retriable_error(lcb_STATUS &rc)
     if (rc == LCB_SUCCESS) {
         return {0, 0};
     }
-    return lcb_query_should_retry(instance_->settings, this, rc);
+    return lcb_query_should_retry(instance_->settings, this, rc, first_error.retry);
 }
 
 lcb_STATUS lcb_QUERY_HANDLE_::issue_htreq(const std::string &body)

package/deps/lcb/src/n1ql/query_handle.hh

@@ -27,6 +27,19 @@
 #include "capi/cmd_query.hh"
 #include "query_cache.hh"
 
+/**
+ * @private
+ */
+namespace lcb
+{
+struct query_error {
+    std::string message{};
+    uint32_t code{};
+    bool retry{false};
+    uint32_t reason_code{0};
+};
+} // namespace lcb
+
 /**
  * @private
  */
@@ -296,8 +309,7 @@ struct lcb_QUERY_HANDLE_ : lcb::jsparse::Parser::Actions {
     /** String of the original statement. Cached here to avoid jsoncpp lookups */
     std::string statement_;
     std::string client_context_id_;
-    std::string first_error_message{};
-    uint32_t first_error_code{};
+    lcb::query_error first_error{};
 
     /** Whether we're retrying this */
     int retries_{0};

package/deps/lcb/src/operations/counter.cc

@@ -141,6 +141,12 @@ LIBCOUCHBASE_API lcb_STATUS lcb_cmdcounter_on_behalf_of(lcb_CMDCOUNTER *cmd, con
     return cmd->on_behalf_of(std::string(data, data_len));
 }
 
+LIBCOUCHBASE_API lcb_STATUS lcb_cmdcounter_on_behalf_of_extra_privilege(lcb_CMDCOUNTER *cmd, const char *privilege,
+                                                                        size_t privilege_len)
+{
+    return cmd->on_behalf_of_add_extra_privilege(std::string(privilege, privilege_len));
+}
+
 static lcb_STATUS counter_validate(lcb_INSTANCE *instance, const lcb_CMDCOUNTER *cmd)
 {
     if (cmd->key().empty()) {
@@ -184,6 +190,12 @@ static lcb_STATUS counter_schedule(lcb_INSTANCE *instance, std::shared_ptr<lcb_C
         if (err != LCB_SUCCESS) {
             return err;
         }
+        for (const auto &privilege : cmd->extra_privileges()) {
+            err = lcb::flexible_framing_extras::encode_impersonate_users_extra_privilege(privilege, framing_extras);
+            if (err != LCB_SUCCESS) {
+                return err;
+            }
+        }
     }
 
     hdr.request.magic = framing_extras.empty() ? PROTOCOL_BINARY_REQ : PROTOCOL_BINARY_AREQ;

package/deps/lcb/src/operations/exists.cc

@@ -112,6 +112,12 @@ LIBCOUCHBASE_API lcb_STATUS lcb_cmdexists_on_behalf_of(lcb_CMDEXISTS *cmd, const
     return cmd->on_behalf_of(std::string(data, data_len));
 }
 
+LIBCOUCHBASE_API lcb_STATUS lcb_cmdexists_on_behalf_of_extra_privilege(lcb_CMDEXISTS *cmd, const char *privilege,
+                                                                       size_t privilege_len)
+{
+    return cmd->on_behalf_of_add_extra_privilege(std::string(privilege, privilege_len));
+}
+
 static lcb_STATUS exists_validate(lcb_INSTANCE *instance, const lcb_CMDEXISTS *cmd)
 {
     if (cmd->key().empty()) {
@@ -139,6 +145,12 @@ static lcb_STATUS exists_schedule(lcb_INSTANCE *instance, std::shared_ptr<lcb_CM
         if (err != LCB_SUCCESS) {
             return err;
         }
+        for (const auto &privilege : cmd->extra_privileges()) {
+            err = lcb::flexible_framing_extras::encode_impersonate_users_extra_privilege(privilege, framing_extras);
+            if (err != LCB_SUCCESS) {
+                return err;
+            }
+        }
     }
 
     hdr.request.magic = framing_extras.empty() ? PROTOCOL_BINARY_REQ : PROTOCOL_BINARY_AREQ;