diff options
| author | Andrew Tridgell <tridge@samba.org> | 2010-10-19 11:17:53 +1100 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2010-10-19 11:22:35 +1100 |
| commit | ff456cd1007dc06a51c5e60394964bcf898b24d2 (patch) | |
| tree | ea256206ec2ca8cc6f788d1debeb529367b9e276 | |
| parent | 968381a4e2e7c8350b89104c17568259d35787a5 (diff) | |
| download | samba-ff456cd1007dc06a51c5e60394964bcf898b24d2.tar.gz samba-ff456cd1007dc06a51c5e60394964bcf898b24d2.tar.bz2 samba-ff456cd1007dc06a51c5e60394964bcf898b24d2.zip | |
s4-ldb: added ldb_req_mark_untrusted() and ldb_req_is_untrusted()
these will be used to determine if a ldb request comes from an
untrusted source. We want requests over ldap:// to be marked untrusted
so we can reject unregistered controls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | source4/lib/ldb/common/ldb.c | 17 | ||||
| -rw-r--r-- | source4/lib/ldb/include/ldb_module.h | 11 | ||||
| -rw-r--r-- | source4/lib/ldb/include/ldb_private.h | 2 |
3 files changed, 30 insertions, 0 deletions
diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c index 922237482f..33d6c48cbe 100644 --- a/source4/lib/ldb/common/ldb.c +++ b/source4/lib/ldb/common/ldb.c @@ -1810,3 +1810,20 @@ const char *ldb_req_location(struct ldb_request *req) { return req->handle->location; } + +/** + mark a request as untrusted. This tells the rootdse module to remove + unregistered controls + */ +void ldb_req_mark_untrusted(struct ldb_request *req) +{ + req->handle->flags |= LDB_HANDLE_FLAG_UNTRUSTED; +} + +/** + return true is a request is untrusted + */ +bool ldb_req_is_untrusted(struct ldb_request *req) +{ + return (req->handle->flags & LDB_HANDLE_FLAG_UNTRUSTED) != 0; +} diff --git a/source4/lib/ldb/include/ldb_module.h b/source4/lib/ldb/include/ldb_module.h index a708063ed8..c1d668222f 100644 --- a/source4/lib/ldb/include/ldb_module.h +++ b/source4/lib/ldb/include/ldb_module.h @@ -216,4 +216,15 @@ void ldb_set_default_dns(struct ldb_context *ldb); */ int ldb_reply_add_control(struct ldb_reply *ares, const char *oid, bool critical, void *data); +/** + mark a request as untrusted. This tells the rootdse module to remove + unregistered controls + */ +void ldb_req_mark_untrusted(struct ldb_request *req); + +/** + return true is a request is untrusted + */ +bool ldb_req_is_untrusted(struct ldb_request *req); + #endif diff --git a/source4/lib/ldb/include/ldb_private.h b/source4/lib/ldb/include/ldb_private.h index c8efb6bbc5..ef8cd25030 100644 --- a/source4/lib/ldb/include/ldb_private.h +++ b/source4/lib/ldb/include/ldb_private.h @@ -48,6 +48,8 @@ struct ldb_module_ops; struct ldb_backend_ops; #define LDB_HANDLE_FLAG_DONE_CALLED 1 +/* call is from an untrusted source - eg. over ldap:// */ +#define LDB_HANDLE_FLAG_UNTRUSTED 2 struct ldb_handle { int status; |