summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/lib/ldb/include/ldb.h17
-rw-r--r--source4/lib/ldb/tools/cmdline.c27
-rw-r--r--source4/libcli/ldap/ldap_controls.c59
3 files changed, 102 insertions, 1 deletions
diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index 08bb2dd2f6..6730824fdd 100644
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -423,6 +423,13 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
#define LDB_CONTROL_PAGED_RESULTS_OID "1.2.840.113556.1.4.319"
/**
+ OID for specifying the returned elements of the ntSecurityDescriptor
+
+ \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_sd_flags_oid.asp">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_SD_FLAGS_OID "1.2.840.113556.1.4.801"
+
+/**
OID for notification
\sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_notification_oid.asp">Microsoft documentation of this OID</a>
@@ -518,6 +525,16 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
*/
#define LDB_EXTENDED_FAST_BIND_OID "1.2.840.113556.1.4.1781"
+struct ldb_sd_flags_control {
+ /*
+ * request the owner 0x00000001
+ * request the group 0x00000002
+ * request the DACL 0x00000004
+ * request the SACL 0x00000008
+ */
+ unsigned secinfo_flags;
+};
+
struct ldb_paged_control {
int size;
int cookie_len;
diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c
index e7e5186b55..d5a52cf370 100644
--- a/source4/lib/ldb/tools/cmdline.c
+++ b/source4/lib/ldb/tools/cmdline.c
@@ -381,6 +381,31 @@ struct ldb_control **parse_controls(void *mem_ctx, char **control_strings)
continue;
}
+ if (strncmp(control_strings[i], "sd_flags:", 9) == 0) {
+ struct ldb_sd_flags_control *control;
+ const char *p;
+ int crit, ret;
+ unsigned secinfo_flags;
+
+ p = &(control_strings[i][9]);
+ ret = sscanf(p, "%d:%u", &crit, &secinfo_flags);
+ if ((ret != 2) || (crit < 0) || (crit > 1) || (secinfo_flags < 0) || (secinfo_flags > 0xF)) {
+ fprintf(stderr, "invalid sd_flags control syntax\n");
+ fprintf(stderr, " syntax: crit(b):secinfo_flags(n)\n");
+ fprintf(stderr, " note: b = boolean, n = number\n");
+ return NULL;
+ }
+
+ ctrl[i] = talloc(ctrl, struct ldb_control);
+ ctrl[i]->oid = LDB_CONTROL_SD_FLAGS_OID;
+ ctrl[i]->critical = crit;
+ control = talloc(ctrl[i], struct ldb_sd_flags_control);
+ control->secinfo_flags = secinfo_flags;
+ ctrl[i]->data = control;
+
+ continue;
+ }
+
if (strncmp(control_strings[i], "paged_results:", 14) == 0) {
struct ldb_paged_control *control;
const char *p;
@@ -464,7 +489,7 @@ struct ldb_control **parse_controls(void *mem_ctx, char **control_strings)
}
/* no controls matched, throw an error */
- fprintf(stderr, "Invalid control name\n");
+ fprintf(stderr, "Invalid control name: '%s'\n", control_strings[i]);
return NULL;
}
diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
index ee8f9d4bb1..445b5f8086 100644
--- a/source4/libcli/ldap/ldap_controls.c
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -182,6 +182,37 @@ static BOOL decode_extended_dn_request(void *mem_ctx, DATA_BLOB in, void **out)
return True;
}
+static BOOL decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void **out)
+{
+ struct asn1_data data;
+ struct ldb_sd_flags_control *lsdfc;
+
+ if (!asn1_load(&data, in)) {
+ return False;
+ }
+
+ lsdfc = talloc(mem_ctx, struct ldb_sd_flags_control);
+ if (!lsdfc) {
+ return False;
+ }
+
+ if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
+ return False;
+ }
+
+ if (!asn1_read_Integer(&data, &(lsdfc->secinfo_flags))) {
+ return False;
+ }
+
+ if (!asn1_end_tag(&data)) {
+ return False;
+ }
+
+ *out = lsdfc;
+
+ return True;
+}
+
static BOOL decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void **out)
{
DATA_BLOB cookie;
@@ -631,6 +662,33 @@ static BOOL encode_extended_dn_request(void *mem_ctx, void *in, DATA_BLOB *out)
return True;
}
+static BOOL encode_sd_flags_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+ struct ldb_sd_flags_control *lsdfc = talloc_get_type(in, struct ldb_sd_flags_control);
+ struct asn1_data data;
+
+ ZERO_STRUCT(data);
+
+ if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
+ return False;
+ }
+
+ if (!asn1_write_Integer(&data, lsdfc->secinfo_flags)) {
+ return False;
+ }
+
+ if (!asn1_pop_tag(&data)) {
+ return False;
+ }
+
+ *out = data_blob_talloc(mem_ctx, data.data, data.length);
+ if (out->data == NULL) {
+ return False;
+ }
+
+ return True;
+}
+
static BOOL encode_paged_results_request(void *mem_ctx, void *in, DATA_BLOB *out)
{
struct ldb_paged_control *lprc = talloc_get_type(in, struct ldb_paged_control);
@@ -878,6 +936,7 @@ struct control_handler ldap_known_controls[] = {
{ "1.2.840.113556.1.4.1504", decode_asq_control, encode_asq_control },
{ "1.2.840.113556.1.4.841", decode_dirsync_request, encode_dirsync_request },
{ "1.2.840.113556.1.4.528", decode_notification_request, encode_notification_request },
+ { "1.2.840.113556.1.4.801", decode_sd_flags_request, encode_sd_flags_request },
{ "2.16.840.1.113730.3.4.2", decode_manageDSAIT_request, encode_manageDSAIT_request },
{ "2.16.840.1.113730.3.4.9", decode_vlv_request, encode_vlv_request },
{ "2.16.840.1.113730.3.4.10", decode_vlv_response, encode_vlv_response },