diff options
| author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-10-16 20:58:51 +0200 |
|---|---|---|
| committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-10-16 19:43:36 +0000 |
| commit | 10adee89367cee9add993869280542418fb3d370 (patch) | |
| tree | 60e3bfc24c955b056231c5c0bc8ca164c153f45a | |
| parent | 02d9d8eeaff4337e28a8ad061c028f31bf214773 (diff) | |
| download | samba-10adee89367cee9add993869280542418fb3d370.tar.gz samba-10adee89367cee9add993869280542418fb3d370.tar.bz2 samba-10adee89367cee9add993869280542418fb3d370.zip | |
s4:dsdb - make the RELAX control private
This makes our LDAP much more secure and less error-prone.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104
| -rw-r--r-- | source4/lib/ldb/include/ldb.h | 14 | ||||
| -rw-r--r-- | source4/libcli/ldap/ldap_controls.c | 3 |
2 files changed, 8 insertions, 9 deletions
diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index 7f4752e252..d346b0f2d4 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -510,6 +510,12 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque); */ #define LDB_CONTROL_AS_SYSTEM_OID "1.3.6.1.4.1.7165.4.3.7" +/** + LDB_CONTROL_RELAX_OID relaxes some of the AD constraints to allow some + special operations - should be used carefully! +*/ +#define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12" + /* AD controls */ /** @@ -667,14 +673,6 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque); /* Other standardised controls */ -/** - OID for the allowing client to request temporary relaxed - enforcement of constraints of the x.500 model. - - \sa <a href="http://opends.dev.java.net/public/standards/draft-zeilenga-ldap-managedit.txt">draft managedit</a>. -*/ -#define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12" - /* OID for LDAP Extended Operation PASSWORD_CHANGE. diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c index 8cc0a61cb3..37ade5b299 100644 --- a/source4/libcli/ldap/ldap_controls.c +++ b/source4/libcli/ldap/ldap_controls.c @@ -1156,9 +1156,10 @@ static const struct ldap_control_handler ldap_known_controls[] = { { LDB_CONTROL_PERMISSIVE_MODIFY_OID, decode_flag_request, encode_flag_request }, { LDB_CONTROL_SERVER_LAZY_COMMIT, decode_flag_request, encode_flag_request }, { LDB_CONTROL_RODC_DCPROMO_OID, decode_flag_request, encode_flag_request }, - { LDB_CONTROL_RELAX_OID, decode_flag_request, encode_flag_request }, { DSDB_OPENLDAP_DEREFERENCE_CONTROL, decode_openldap_dereference, encode_openldap_dereference }, +/* LDB_CONTROL_RELAX_OID is internal only, and has no network representation */ + { LDB_CONTROL_RELAX_OID, NULL, NULL }, /* DSDB_CONTROL_CURRENT_PARTITION_OID is internal only, and has no network representation */ { DSDB_CONTROL_CURRENT_PARTITION_OID, NULL, NULL }, /* DSDB_CONTROL_REPLICATED_UPDATE_OID is internal only, and has no network representation */ |