r17418: add client support for the LDAP_SERVER_SD_FLAGS control

metze
(This used to be commit 23759a1e9b05c4fde475a9016cb0b7447656d7e7)

diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index 08bb2dd2f6051f80ff62448936bd00b5ff26f231..6730824fddbd30d8324f17fef98bef9142efd9c5 100644 (file)
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -422,6 +422,13 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 */
 #define LDB_CONTROL_PAGED_RESULTS_OID  "1.2.840.113556.1.4.319"
 
+/**
+   OID for specifying the returned elements of the ntSecurityDescriptor
+
+   \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_sd_flags_oid.asp">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_SD_FLAGS_OID       "1.2.840.113556.1.4.801"
+
 /**
    OID for notification
 
@@ -518,6 +525,16 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 */
 #define LDB_EXTENDED_FAST_BIND_OID     "1.2.840.113556.1.4.1781"
 
+struct ldb_sd_flags_control {
+       /*
+        * request the owner    0x00000001
+        * request the group    0x00000002
+        * request the DACL     0x00000004
+        * request the SACL     0x00000008
+        */
+       unsigned secinfo_flags;
+};
+
 struct ldb_paged_control {
        int size;
        int cookie_len;

diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c
index e7e5186b55f3179a04de114e0bbfe7c29b3748e5..d5a52cf370e05ffb86d1a6b9c87128d23b65f8a7 100644 (file)
--- a/source4/lib/ldb/tools/cmdline.c
+++ b/source4/lib/ldb/tools/cmdline.c
@@ -381,6 +381,31 @@ struct ldb_control **parse_controls(void *mem_ctx, char **control_strings)
                        continue;
                }
 
+               if (strncmp(control_strings[i], "sd_flags:", 9) == 0) {
+                       struct ldb_sd_flags_control *control;
+                       const char *p;
+                       int crit, ret;
+                       unsigned secinfo_flags;
+
+                       p = &(control_strings[i][9]);
+                       ret = sscanf(p, "%d:%u", &crit, &secinfo_flags);
+                       if ((ret != 2) || (crit < 0) || (crit > 1) || (secinfo_flags < 0) || (secinfo_flags > 0xF)) {
+                               fprintf(stderr, "invalid sd_flags control syntax\n");
+                               fprintf(stderr, " syntax: crit(b):secinfo_flags(n)\n");
+                               fprintf(stderr, "   note: b = boolean, n = number\n");
+                               return NULL;
+                       }
+
+                       ctrl[i] = talloc(ctrl, struct ldb_control);
+                       ctrl[i]->oid = LDB_CONTROL_SD_FLAGS_OID;
+                       ctrl[i]->critical = crit;
+                       control = talloc(ctrl[i], struct ldb_sd_flags_control);
+                       control->secinfo_flags = secinfo_flags;
+                       ctrl[i]->data = control;
+
+                       continue;
+               }
+
                if (strncmp(control_strings[i], "paged_results:", 14) == 0) {
                        struct ldb_paged_control *control;
                        const char *p;
@@ -464,7 +489,7 @@ struct ldb_control **parse_controls(void *mem_ctx, char **control_strings)
                }
 
                /* no controls matched, throw an error */
-               fprintf(stderr, "Invalid control name\n");
+               fprintf(stderr, "Invalid control name: '%s'\n", control_strings[i]);
                return NULL;
        }
 

diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
index ee8f9d4bb131c30f35bae761d0d76ea55879f020..445b5f8086ed7e4d1fdffa1e48810c5b53559271 100644 (file)
--- a/source4/libcli/ldap/ldap_controls.c
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -182,6 +182,37 @@ static BOOL decode_extended_dn_request(void *mem_ctx, DATA_BLOB in, void **out)
        return True;
 }
 
+static BOOL decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void **out)
+{
+       struct asn1_data data;
+       struct ldb_sd_flags_control *lsdfc;
+
+       if (!asn1_load(&data, in)) {
+               return False;
+       }
+
+       lsdfc = talloc(mem_ctx, struct ldb_sd_flags_control);
+       if (!lsdfc) {
+               return False;
+       }
+
+       if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
+               return False;
+       }
+
+       if (!asn1_read_Integer(&data, &(lsdfc->secinfo_flags))) {
+               return False;
+       }
+
+       if (!asn1_end_tag(&data)) {
+               return False;
+       }
+
+       *out = lsdfc;
+
+       return True;
+}
+
 static BOOL decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void **out)
 {
        DATA_BLOB cookie;
@@ -631,6 +662,33 @@ static BOOL encode_extended_dn_request(void *mem_ctx, void *in, DATA_BLOB *out)
        return True;
 }
 
+static BOOL encode_sd_flags_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+       struct ldb_sd_flags_control *lsdfc = talloc_get_type(in, struct ldb_sd_flags_control);
+       struct asn1_data data;
+
+       ZERO_STRUCT(data);
+
+       if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
+               return False;
+       }
+
+       if (!asn1_write_Integer(&data, lsdfc->secinfo_flags)) {
+               return False;
+       }
+
+       if (!asn1_pop_tag(&data)) {
+               return False;
+       }
+
+       *out = data_blob_talloc(mem_ctx, data.data, data.length);
+       if (out->data == NULL) {
+               return False;
+       }
+
+       return True;
+}
+
 static BOOL encode_paged_results_request(void *mem_ctx, void *in, DATA_BLOB *out)
 {
        struct ldb_paged_control *lprc = talloc_get_type(in, struct ldb_paged_control);
@@ -878,6 +936,7 @@ struct control_handler ldap_known_controls[] = {
        { "1.2.840.113556.1.4.1504", decode_asq_control, encode_asq_control },
        { "1.2.840.113556.1.4.841", decode_dirsync_request, encode_dirsync_request },
        { "1.2.840.113556.1.4.528", decode_notification_request, encode_notification_request },
+       { "1.2.840.113556.1.4.801", decode_sd_flags_request, encode_sd_flags_request },
        { "2.16.840.1.113730.3.4.2", decode_manageDSAIT_request, encode_manageDSAIT_request },
        { "2.16.840.1.113730.3.4.9", decode_vlv_request, encode_vlv_request },
        { "2.16.840.1.113730.3.4.10", decode_vlv_response, encode_vlv_response },