From 1da2cfe03d956e5f209b049f931851b4afa1287c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 29 Nov 2007 08:02:36 +0100 Subject: r26193: In the LDAP server, use the new 'controls_decoded' element to determine if this (possibly critical) control has been decoded. This allows us to return an error, rather than just dropping the socket. Andrew Bartlett (This used to be commit 230a60c1910f95ce5139c174d6d79786fca08433) --- source4/ldap_server/ldap_backend.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 5a953947f3..a6697dfba8 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -720,6 +720,18 @@ static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call) NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call) { + int i; + struct ldap_message *msg = call->request; + /* Check for undecoded critical extensions */ + for (i=0; msg->controls && msg->controls[i]; i++) { + if (!msg->controls_decoded[i] && + msg->controls[i]->critical) { + DEBUG(3, ("ldapsrv_do_call: Critical extension %s is not known to this server\n", + msg->controls[i]->oid)); + return ldapsrv_unwilling(call, LDAP_UNAVAILABLE_CRITICAL_EXTENSION); + } + } + switch(call->request->type) { case LDAP_TAG_BindRequest: return ldapsrv_BindRequest(call); -- cgit