The branch, master has been updated
via 34f47a3 s4-rootdse: mark registered controls as non-critical
from c1a6820 s3-waf: fix the file locations of gen_ndr'ed files.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 34f47a33dffa429c6f8bc58c4d8b27a1152ad259
Author: Andrew Tridgell <[email protected]>
Date: Sun Sep 19 16:11:57 2010 -0700
s4-rootdse: mark registered controls as non-critical
this is needed for clients that may include unnecessary controls in
requests and mark them as non-critical
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/rootdse.c | 37 ++++++++++++++++++++++++++++++
1 files changed, 37 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c
b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 2e7c97a..b84621f 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -492,6 +492,35 @@ static int rootdse_callback(struct ldb_request *req,
struct ldb_reply *ares)
return LDB_SUCCESS;
}
+/*
+ mark our registered controls as non-critical in the request
+
+ This is needed as clients may mark controls as critical even if they
+ are not needed at all in a request. For example, the centrify client
+ sets the SD_FLAGS control as critical on ldap modify requests which
+ are setting the dNSHostName attribute on the machine account. That
+ request doesn't need SD_FLAGS at all, but centrify adds it on all
+ ldap requests.
+ */
+static void rootdse_mark_noncritical(struct ldb_module *module, struct
ldb_control **controls)
+{
+ int i, j;
+ struct private_data *priv =
talloc_get_type(ldb_module_get_private(module), struct private_data);
+
+ if (!controls) return;
+
+ for (i=0; controls[i]; i++) {
+ if (controls[i]->critical == 0) {
+ continue;
+ }
+ for (j=0; j<priv->num_controls; j++) {
+ if (strcasecmp(priv->controls[j], controls[i]->oid) ==
0) {
+ controls[i]->critical = 0;
+ }
+ }
+ }
+}
+
static int rootdse_search(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
@@ -499,6 +528,8 @@ static int rootdse_search(struct ldb_module *module, struct
ldb_request *req)
struct ldb_request *down_req;
int ret;
+ rootdse_mark_noncritical(module, req->controls);
+
ldb = ldb_module_get_ctx(module);
/* see if its for the rootDSE - only a base search on the "" DN
qualifies */
@@ -963,6 +994,8 @@ static int rootdse_add(struct ldb_module *module, struct
ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ rootdse_mark_noncritical(module, req->controls);
+
/*
If dn is not "" we should let it pass through
*/
@@ -1013,6 +1046,8 @@ static int rootdse_modify(struct ldb_module *module,
struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ rootdse_mark_noncritical(module, req->controls);
+
/*
If dn is not "" we should let it pass through
*/
@@ -1054,6 +1089,8 @@ static int rootdse_delete(struct ldb_module *module,
struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ rootdse_mark_noncritical(module, req->controls);
+
/*
If dn is not "" we should let it pass through
*/
--
Samba Shared Repository
