From 9ebb081ccec0587736920e85a9de624e079836e5 Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Tue, 15 May 2012 10:14:55 -0700 Subject: [PATCH] ldb: add the VERIFY_NAME control --- lib/ldb/common/ldb_controls.c | 53 +++++++++++++++++++++++++++++++++++++++++++ lib/ldb/include/ldb.h | 15 ++++++++++++ 2 files changed, 68 insertions(+) diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c index 7ce4fc34af6..097ae20ece7 100644 --- a/lib/ldb/common/ldb_controls.c +++ b/lib/ldb/common/ldb_controls.c @@ -368,6 +368,25 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr return res; } + if (strcmp(control->oid, LDB_CONTROL_VERIFY_NAME_OID) == 0) { + struct ldb_verify_name_control *rep_control = talloc_get_type(control->data, struct ldb_verify_name_control); + + if (rep_control->gc != NULL) { + res = talloc_asprintf(mem_ctx, "%s:%d:%d:%s", + LDB_CONTROL_VERIFY_NAME_NAME, + control->critical, + rep_control->flags, + rep_control->gc); + + } else { + res = talloc_asprintf(mem_ctx, "%s:%d:%d", + LDB_CONTROL_VERIFY_NAME_NAME, + control->critical, + rep_control->flags); + } + return res; + } + /* * From here we don't know the control */ @@ -1018,6 +1037,40 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO return ctrl; } + if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_VERIFY_NAME_NAME) == 0) { + const char *p; + char gc[1024]; + int crit, flags, ret; + struct ldb_verify_name_control *control; + + gc[0] = '\0'; + + p = &(control_strings[sizeof(LDB_CONTROL_VERIFY_NAME_NAME)]); + ret = sscanf(p, "%d:%d:%1023[^$]", &crit, &flags, gc); + if ((ret != 3) || (crit < 0) || (crit > 1)) { + ret = sscanf(p, "%d:%d", &crit, &flags); + if ((ret != 2) || (crit < 0) || (crit > 1)) { + error_string = talloc_asprintf(mem_ctx, "invalid verify_name control syntax\n"); + error_string = talloc_asprintf_append(error_string, " syntax: crit(b):flags(i)[:gc(s)]\n"); + error_string = talloc_asprintf_append(error_string, " note: b = boolean"); + error_string = talloc_asprintf_append(error_string, " note: i = integer"); + error_string = talloc_asprintf_append(error_string, " note: s = string"); + ldb_set_errstring(ldb, error_string); + talloc_free(error_string); + talloc_free(ctrl); + return NULL; + } + } + + ctrl->oid = LDB_CONTROL_VERIFY_NAME_OID; + ctrl->critical = crit; + control = talloc(ctrl, struct ldb_verify_name_control); + control->gc = talloc_strdup(control, gc); + control->gc_len = strlen(gc); + control->flags = flags; + ctrl->data = control; + return ctrl; + } /* * When no matching control has been found. */ diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h index ae340192161..d3a20c5ff8e 100644 --- a/lib/ldb/include/ldb.h +++ b/lib/ldb/include/ldb.h @@ -708,6 +708,15 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque); #define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12" #define LDB_CONTROL_RELAX_NAME "relax" +/** + OID for the allowing some kind of relax check for attributes with DNs + + + \sa 3.1.1.3.4.1.16 in [MS-ADTS].pdf +*/ +#define LDB_CONTROL_VERIFY_NAME_OID "1.2.840.113556.1.4.1338" +#define LDB_CONTROL_VERIFY_NAME_NAME "verify_name" + /* Extended operations */ /** @@ -843,6 +852,12 @@ struct ldb_vlv_resp_control { char *contextId; }; +struct ldb_verify_name_control { + int flags; + size_t gc_len; + char *gc; +}; + struct ldb_control { const char *oid; int critical; -- 2.11.4.GIT