summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/ldb/common/ldb_controls.c53
-rw-r--r--lib/ldb/include/ldb.h15
2 files changed, 68 insertions, 0 deletions
diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
index 7ce4fc34af..097ae20ece 100644
--- a/lib/ldb/common/ldb_controls.c
+++ b/lib/ldb/common/ldb_controls.c
@@ -368,6 +368,25 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
return res;
}
+ if (strcmp(control->oid, LDB_CONTROL_VERIFY_NAME_OID) == 0) {
+ struct ldb_verify_name_control *rep_control = talloc_get_type(control->data, struct ldb_verify_name_control);
+
+ if (rep_control->gc != NULL) {
+ res = talloc_asprintf(mem_ctx, "%s:%d:%d:%s",
+ LDB_CONTROL_VERIFY_NAME_NAME,
+ control->critical,
+ rep_control->flags,
+ rep_control->gc);
+
+ } else {
+ res = talloc_asprintf(mem_ctx, "%s:%d:%d",
+ LDB_CONTROL_VERIFY_NAME_NAME,
+ control->critical,
+ rep_control->flags);
+ }
+ return res;
+ }
+
/*
* From here we don't know the control
*/
@@ -1018,6 +1037,40 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
return ctrl;
}
+ if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_VERIFY_NAME_NAME) == 0) {
+ const char *p;
+ char gc[1024];
+ int crit, flags, ret;
+ struct ldb_verify_name_control *control;
+
+ gc[0] = '\0';
+
+ p = &(control_strings[sizeof(LDB_CONTROL_VERIFY_NAME_NAME)]);
+ ret = sscanf(p, "%d:%d:%1023[^$]", &crit, &flags, gc);
+ if ((ret != 3) || (crit < 0) || (crit > 1)) {
+ ret = sscanf(p, "%d:%d", &crit, &flags);
+ if ((ret != 2) || (crit < 0) || (crit > 1)) {
+ error_string = talloc_asprintf(mem_ctx, "invalid verify_name control syntax\n");
+ error_string = talloc_asprintf_append(error_string, " syntax: crit(b):flags(i)[:gc(s)]\n");
+ error_string = talloc_asprintf_append(error_string, " note: b = boolean");
+ error_string = talloc_asprintf_append(error_string, " note: i = integer");
+ error_string = talloc_asprintf_append(error_string, " note: s = string");
+ ldb_set_errstring(ldb, error_string);
+ talloc_free(error_string);
+ talloc_free(ctrl);
+ return NULL;
+ }
+ }
+
+ ctrl->oid = LDB_CONTROL_VERIFY_NAME_OID;
+ ctrl->critical = crit;
+ control = talloc(ctrl, struct ldb_verify_name_control);
+ control->gc = talloc_strdup(control, gc);
+ control->gc_len = strlen(gc);
+ control->flags = flags;
+ ctrl->data = control;
+ return ctrl;
+ }
/*
* When no matching control has been found.
*/
diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
index ae34019216..d3a20c5ff8 100644
--- a/lib/ldb/include/ldb.h
+++ b/lib/ldb/include/ldb.h
@@ -708,6 +708,15 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
#define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12"
#define LDB_CONTROL_RELAX_NAME "relax"
+/**
+ OID for the allowing some kind of relax check for attributes with DNs
+
+
+ \sa 3.1.1.3.4.1.16 in [MS-ADTS].pdf
+*/
+#define LDB_CONTROL_VERIFY_NAME_OID "1.2.840.113556.1.4.1338"
+#define LDB_CONTROL_VERIFY_NAME_NAME "verify_name"
+
/* Extended operations */
/**
@@ -843,6 +852,12 @@ struct ldb_vlv_resp_control {
char *contextId;
};
+struct ldb_verify_name_control {
+ int flags;
+ size_t gc_len;
+ char *gc;
+};
+
struct ldb_control {
const char *oid;
int critical;