summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-11-29 08:02:36 +0100
committerStefan Metzmacher <metze@samba.org>2007-12-21 05:46:44 +0100
commit1da2cfe03d956e5f209b049f931851b4afa1287c (patch)
treec975f052c42658271af7069aab463fa2b2665a4e
parent364266e22a08e730f2442cf87ec385620cff2700 (diff)
downloadsamba-1da2cfe03d956e5f209b049f931851b4afa1287c.tar.gz
samba-1da2cfe03d956e5f209b049f931851b4afa1287c.tar.bz2
samba-1da2cfe03d956e5f209b049f931851b4afa1287c.zip
r26193: In the LDAP server, use the new 'controls_decoded' element to
determine if this (possibly critical) control has been decoded. This allows us to return an error, rather than just dropping the socket. Andrew Bartlett (This used to be commit 230a60c1910f95ce5139c174d6d79786fca08433)
-rw-r--r--source4/ldap_server/ldap_backend.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 5a953947f3..a6697dfba8 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -720,6 +720,18 @@ static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
{
+ int i;
+ struct ldap_message *msg = call->request;
+ /* Check for undecoded critical extensions */
+ for (i=0; msg->controls && msg->controls[i]; i++) {
+ if (!msg->controls_decoded[i] &&
+ msg->controls[i]->critical) {
+ DEBUG(3, ("ldapsrv_do_call: Critical extension %s is not known to this server\n",
+ msg->controls[i]->oid));
+ return ldapsrv_unwilling(call, LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
+ }
+ }
+
switch(call->request->type) {
case LDAP_TAG_BindRequest:
return ldapsrv_BindRequest(call);