diff options
| author | Andrew Tridgell <tridge@samba.org> | 2010-09-19 16:11:57 -0700 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2010-09-19 19:20:48 -0700 |
| commit | 34f47a33dffa429c6f8bc58c4d8b27a1152ad259 (patch) | |
| tree | 99ba6655f17619bc0a7fe6077b6ed9b65f307ed1 /source4/dsdb/samdb/ldb_modules | |
| parent | c1a6820c85334da43ad47fcc1975a9b4c9577479 (diff) | |
| download | samba-34f47a33dffa429c6f8bc58c4d8b27a1152ad259.tar.gz samba-34f47a33dffa429c6f8bc58c4d8b27a1152ad259.tar.bz2 samba-34f47a33dffa429c6f8bc58c4d8b27a1152ad259.zip | |
s4-rootdse: mark registered controls as non-critical
this is needed for clients that may include unnecessary controls in
requests and mark them as non-critical
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/rootdse.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 2e7c97af38..b84621f9ee 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -492,6 +492,35 @@ static int rootdse_callback(struct ldb_request *req, struct ldb_reply *ares) return LDB_SUCCESS; } +/* + mark our registered controls as non-critical in the request + + This is needed as clients may mark controls as critical even if they + are not needed at all in a request. For example, the centrify client + sets the SD_FLAGS control as critical on ldap modify requests which + are setting the dNSHostName attribute on the machine account. That + request doesn't need SD_FLAGS at all, but centrify adds it on all + ldap requests. + */ +static void rootdse_mark_noncritical(struct ldb_module *module, struct ldb_control **controls) +{ + int i, j; + struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data); + + if (!controls) return; + + for (i=0; controls[i]; i++) { + if (controls[i]->critical == 0) { + continue; + } + for (j=0; j<priv->num_controls; j++) { + if (strcasecmp(priv->controls[j], controls[i]->oid) == 0) { + controls[i]->critical = 0; + } + } + } +} + static int rootdse_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; @@ -499,6 +528,8 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) struct ldb_request *down_req; int ret; + rootdse_mark_noncritical(module, req->controls); + ldb = ldb_module_get_ctx(module); /* see if its for the rootDSE - only a base search on the "" DN qualifies */ @@ -963,6 +994,8 @@ static int rootdse_add(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb = ldb_module_get_ctx(module); + rootdse_mark_noncritical(module, req->controls); + /* If dn is not "" we should let it pass through */ @@ -1013,6 +1046,8 @@ static int rootdse_modify(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb = ldb_module_get_ctx(module); + rootdse_mark_noncritical(module, req->controls); + /* If dn is not "" we should let it pass through */ @@ -1054,6 +1089,8 @@ static int rootdse_delete(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb = ldb_module_get_ctx(module); + rootdse_mark_noncritical(module, req->controls); + /* If dn is not "" we should let it pass through */ |