s4:ldap_controls: allow DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID over sockets.

The DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID control has to data attached to it.
So we can allow it to be send over LDAP.

We'll accept this control over the privileged ldapi socket only.

metze

diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
index 6ded87a0ba83c36121667304c081140c26ca2066..8405a031425556bf82f90756cca91f647bc0d1cb 100644 (file)
--- a/source4/libcli/ldap/ldap_controls.c
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -1179,8 +1179,8 @@ static const struct ldap_control_handler ldap_known_controls[] = {
        { DSDB_CONTROL_PASSWORD_CHANGE_OID, NULL, NULL },
 /* DSDB_CONTROL_APPLY_LINKS is internal only, and has no network representation */
        { DSDB_CONTROL_APPLY_LINKS, NULL, NULL },
-/* DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID is internal only, and has no network representation */
-       { DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID, NULL, NULL },
+/* DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID is internal only, and has an empty network representation */
+       { DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID, decode_flag_request, encode_flag_request },
 /* LDB_CONTROL_BYPASS_OPERATIONAL_OID is internal only, and has no network representation */
        { LDB_CONTROL_BYPASS_OPERATIONAL_OID, NULL, NULL },
 /* DSDB_CONTROL_CHANGEREPLMETADATA_OID is internal only, and has no network representation */