From 817610f38540fb99595f6e3b77b9f6696f9e3b3f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 5 Aug 2006 11:18:14 +0000 Subject: r17419: add client support for the LDAP_SERVER_SEARCH_OPTIONS support. with this you can limit a search to a specific partitions or a search over all partitions without getting referrals. (Witch is the default behavior on the Global Catalog Port) metze (This used to be commit 4ccd0f8171f3748ee6efe1abd3f894d2cdf46bf4) --- source4/lib/ldb/include/ldb.h | 24 +++++++++++++++ source4/lib/ldb/tools/cmdline.c | 25 ++++++++++++++++ source4/libcli/ldap/ldap_controls.c | 59 +++++++++++++++++++++++++++++++++++++ 3 files changed, 108 insertions(+) diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index 6730824fdd..4a04c3df44 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -429,6 +429,13 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque); */ #define LDB_CONTROL_SD_FLAGS_OID "1.2.840.113556.1.4.801" +/** + OID for specifying an advanced scope for a search + + \sa Microsoft documentation of this OID +*/ +#define LDB_CONTROL_SEARCH_OPTIONS_OID "1.2.840.113556.1.4.1340" + /** OID for notification @@ -535,6 +542,23 @@ struct ldb_sd_flags_control { unsigned secinfo_flags; }; +struct ldb_search_options_control { + /* + * DOMAIN_SCOPE 0x00000001 + * this limits the search to one partition, + * and no referrals will be returned. + * (Note this doesn't limit the entries by there + * objectSid belonging to a domain! Builtin and Foreign Sids + * are still returned) + * + * PHANTOM_ROOT 0x00000002 + * this search on the whole tree on a domain controller + * over multiple partitions without referrals. + * (This is the default behavior on the Global Catalog Port) + */ + unsigned search_options; +}; + struct ldb_paged_control { int size; int cookie_len; diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c index d5a52cf370..0901c7bbf2 100644 --- a/source4/lib/ldb/tools/cmdline.c +++ b/source4/lib/ldb/tools/cmdline.c @@ -406,6 +406,31 @@ struct ldb_control **parse_controls(void *mem_ctx, char **control_strings) continue; } + if (strncmp(control_strings[i], "search_options:", 15) == 0) { + struct ldb_search_options_control *control; + const char *p; + int crit, ret; + unsigned search_options; + + p = &(control_strings[i][15]); + ret = sscanf(p, "%d:%u", &crit, &search_options); + if ((ret != 2) || (crit < 0) || (crit > 1) || (search_options < 0) || (search_options > 0x0FFFFFFFF)) { + fprintf(stderr, "invalid sd_flags control syntax\n"); + fprintf(stderr, " syntax: crit(b):search_options(n)\n"); + fprintf(stderr, " note: b = boolean, n = number\n"); + return NULL; + } + + ctrl[i] = talloc(ctrl, struct ldb_control); + ctrl[i]->oid = LDB_CONTROL_SEARCH_OPTIONS_OID; + ctrl[i]->critical = crit; + control = talloc(ctrl[i], struct ldb_search_options_control); + control->search_options = search_options; + ctrl[i]->data = control; + + continue; + } + if (strncmp(control_strings[i], "paged_results:", 14) == 0) { struct ldb_paged_control *control; const char *p; diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c index 445b5f8086..4c5d214a8f 100644 --- a/source4/libcli/ldap/ldap_controls.c +++ b/source4/libcli/ldap/ldap_controls.c @@ -213,6 +213,37 @@ static BOOL decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void **out) return True; } +static BOOL decode_search_options_request(void *mem_ctx, DATA_BLOB in, void **out) +{ + struct asn1_data data; + struct ldb_search_options_control *lsoc; + + if (!asn1_load(&data, in)) { + return False; + } + + lsoc = talloc(mem_ctx, struct ldb_search_options_control); + if (!lsoc) { + return False; + } + + if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) { + return False; + } + + if (!asn1_read_Integer(&data, &(lsoc->search_options))) { + return False; + } + + if (!asn1_end_tag(&data)) { + return False; + } + + *out = lsoc; + + return True; +} + static BOOL decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void **out) { DATA_BLOB cookie; @@ -689,6 +720,33 @@ static BOOL encode_sd_flags_request(void *mem_ctx, void *in, DATA_BLOB *out) return True; } +static BOOL encode_search_options_request(void *mem_ctx, void *in, DATA_BLOB *out) +{ + struct ldb_search_options_control *lsoc = talloc_get_type(in, struct ldb_search_options_control); + struct asn1_data data; + + ZERO_STRUCT(data); + + if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) { + return False; + } + + if (!asn1_write_Integer(&data, lsoc->search_options)) { + return False; + } + + if (!asn1_pop_tag(&data)) { + return False; + } + + *out = data_blob_talloc(mem_ctx, data.data, data.length); + if (out->data == NULL) { + return False; + } + + return True; +} + static BOOL encode_paged_results_request(void *mem_ctx, void *in, DATA_BLOB *out) { struct ldb_paged_control *lprc = talloc_get_type(in, struct ldb_paged_control); @@ -937,6 +995,7 @@ struct control_handler ldap_known_controls[] = { { "1.2.840.113556.1.4.841", decode_dirsync_request, encode_dirsync_request }, { "1.2.840.113556.1.4.528", decode_notification_request, encode_notification_request }, { "1.2.840.113556.1.4.801", decode_sd_flags_request, encode_sd_flags_request }, + { "1.2.840.113556.1.4.1340", decode_search_options_request, encode_search_options_request }, { "2.16.840.1.113730.3.4.2", decode_manageDSAIT_request, encode_manageDSAIT_request }, { "2.16.840.1.113730.3.4.9", decode_vlv_request, encode_vlv_request }, { "2.16.840.1.113730.3.4.10", decode_vlv_response, encode_vlv_response }, -- cgit