[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Sat Oct 16 13:44:01 MDT 2010 

The branch, master has been updated
       via  10adee8 s4:dsdb - make the RELAX control private
       via  02d9d8e s4:libcli/ldap/ldap_controls.c - fix up the controls list
       via  c4739f7 ldb:ldb.h - reorder controls/extended operations
      from  c161ad8 heimdal: Remove some unused arguments from HEIMDAL_SUBSYSTEM().

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 10adee89367cee9add993869280542418fb3d370
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Oct 16 20:58:51 2010 +0200

    s4:dsdb - make the RELAX control private
    
    This makes our LDAP much more secure and less error-prone.
    
    Autobuild-User: Matthias Dieter Wallnöfer <mdw at samba.org>
    Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104

commit 02d9d8eeaff4337e28a8ad061c028f31bf214773
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Oct 16 20:46:20 2010 +0200

    s4:libcli/ldap/ldap_controls.c - fix up the controls list
    
    - add missing private controls and comments
    - use control defines rather than hardcoded values -> easier to comprehend
    - reorder controls

commit c4739f7be88bb7ef1da48cfef07b47cc351a1cb8
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Oct 16 20:45:08 2010 +0200

    ldb:ldb.h - reorder controls/extended operations
    
    This makes it easier to read

-----------------------------------------------------------------------

Summary of changes:
 source4/lib/ldb/include/ldb.h       |   53 +++++++++++------------
 source4/libcli/ldap/ldap_controls.c |   79 ++++++++++++++++++++++-------------
 2 files changed, 76 insertions(+), 56 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index c53cb7a..d346b0f 100644
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -510,6 +510,12 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 */
 #define LDB_CONTROL_AS_SYSTEM_OID "1.3.6.1.4.1.7165.4.3.7"
 
+/**
+   LDB_CONTROL_RELAX_OID relaxes some of the AD constraints to allow some
+   special operations - should be used carefully!
+*/
+#define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12"
+
 /* AD controls */
 
 /**
@@ -654,12 +660,30 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 /** 
     OID to allow the server to be more 'fast and loose' with the data being added.  
 
-    \sa 
-
+    \sa <a href="http://msdn.microsoft.com/en-us/library/aa366982(v=VS.85).aspx">Microsoft documentation of this OID</a>
 */
 #define LDB_CONTROL_SERVER_LAZY_COMMIT   "1.2.840.113556.1.4.619"
 
 /**
+   Control for RODC join -see [MS-ADTS] section 3.1.1.3.4.1.23
+
+   \sa <a href="">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_RODC_DCPROMO_OID "1.2.840.113556.1.4.1341"
+
+/* Other standardised controls */
+
+/*
+   OID for LDAP Extended Operation PASSWORD_CHANGE.
+
+   This Extended operation is used to allow user password changes by the user
+   itself.
+*/
+#define LDB_EXTENDED_PASSWORD_CHANGE_OID	"1.3.6.1.4.1.4203.1.11.1"
+
+/* Extended operations */
+
+/**
    OID for LDAP Extended Operation FAST_BIND
 
    This Extended operations is used to perform a fast bind.
@@ -684,31 +708,6 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 */
 #define LDB_EXTENDED_DYNAMIC_OID	"1.3.6.1.4.1.1466.101.119.1"
 
-/* Other standardised controls */
-
-/**
-   OID for the allowing client to request temporary relaxed
-   enforcement of constraints of the x.500 model.
-
-   \sa <a href="http://opends.dev.java.net/public/standards/draft-zeilenga-ldap-managedit.txt">draft managedit</a>.
-*/
-#define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12"
-
-/**
-   control for RODC join
-   See [MS-ADTS] section 3.1.1.3.4.1.23
-*/
-#define LDB_CONTROL_RODC_DCPROMO_OID "1.2.840.113556.1.4.1341"
-
-/*
-   OID for LDAP Extended Operation PASSWORD_CHANGE.
-
-   This Extended operation is used to allow user password changes by the user
-   itself.
-*/
-#define LDB_EXTENDED_PASSWORD_CHANGE_OID	"1.3.6.1.4.1.4203.1.11.1"
-
-
 struct ldb_sd_flags_control {
 	/*
 	 * request the owner	0x00000001
diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
index b8becb8..37ade5b 100644
--- a/source4/libcli/ldap/ldap_controls.c
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -22,7 +22,6 @@
 #include "includes.h"
 #include "../lib/util/asn1.h"
 #include "libcli/ldap/libcli_ldap.h"
-#include "lib/ldb/include/ldb.h"
 #include "libcli/ldap/ldap_proto.h"
 #include "dsdb/samdb/samdb.h"
 
@@ -1138,41 +1137,63 @@ static bool decode_flag_request(void *mem_ctx, DATA_BLOB in, void *_out)
 }
 
 static const struct ldap_control_handler ldap_known_controls[] = {
-	{ "1.2.840.113556.1.4.319", decode_paged_results_request, encode_paged_results_request },
-	{ "1.2.840.113556.1.4.529", decode_extended_dn_request, encode_extended_dn_request },
-	{ "1.2.840.113556.1.4.473", decode_server_sort_request, encode_server_sort_request },
-	{ "1.2.840.113556.1.4.474", decode_server_sort_response, encode_server_sort_response },
-	{ "1.2.840.113556.1.4.1504", decode_asq_control, encode_asq_control },
-	{ "1.2.840.113556.1.4.841", decode_dirsync_request, encode_dirsync_request },
-	{ "1.2.840.113556.1.4.528", decode_flag_request, encode_flag_request },
-	{ "1.2.840.113556.1.4.805", decode_flag_request, encode_flag_request },
-	{ "1.2.840.113556.1.4.417", decode_flag_request, encode_flag_request },
-	{ "1.2.840.113556.1.4.2064", decode_flag_request, encode_flag_request },
-	{ "1.2.840.113556.1.4.2065", decode_flag_request, encode_flag_request },
-	{ "1.2.840.113556.1.4.1413", decode_flag_request, encode_flag_request },
-	{ "1.2.840.113556.1.4.801", decode_sd_flags_request, encode_sd_flags_request },
-	{ "1.2.840.113556.1.4.1339", decode_flag_request, encode_flag_request },
-	{ "1.2.840.113556.1.4.1340", decode_search_options_request, encode_search_options_request },
-	{ "2.16.840.1.113730.3.4.2", decode_flag_request, encode_flag_request },
-	{ "2.16.840.1.113730.3.4.9", decode_vlv_request, encode_vlv_request },
-	{ "2.16.840.1.113730.3.4.10", decode_vlv_response, encode_vlv_response },
+	{ LDB_CONTROL_PAGED_RESULTS_OID, decode_paged_results_request, encode_paged_results_request },
+	{ LDB_CONTROL_SD_FLAGS_OID, decode_sd_flags_request, encode_sd_flags_request },
+	{ LDB_CONTROL_DOMAIN_SCOPE_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_SEARCH_OPTIONS_OID, decode_search_options_request, encode_search_options_request },
+	{ LDB_CONTROL_NOTIFICATION_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_TREE_DELETE_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_SHOW_DELETED_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_SHOW_RECYCLED_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_EXTENDED_DN_OID, decode_extended_dn_request, encode_extended_dn_request },
+	{ LDB_CONTROL_SERVER_SORT_OID, decode_server_sort_request, encode_server_sort_request },
+	{ LDB_CONTROL_SORT_RESP_OID, decode_server_sort_response, encode_server_sort_response },
+	{ LDB_CONTROL_ASQ_OID, decode_asq_control, encode_asq_control },
+	{ LDB_CONTROL_DIRSYNC_OID, decode_dirsync_request, encode_dirsync_request },
+	{ LDB_CONTROL_VLV_REQ_OID, decode_vlv_request, encode_vlv_request },
+	{ LDB_CONTROL_VLV_RESP_OID, decode_vlv_response, encode_vlv_response },
+	{ LDB_CONTROL_PERMISSIVE_MODIFY_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_SERVER_LAZY_COMMIT, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_RODC_DCPROMO_OID, decode_flag_request, encode_flag_request },
+	{ DSDB_OPENLDAP_DEREFERENCE_CONTROL, decode_openldap_dereference, encode_openldap_dereference },
+
+/* LDB_CONTROL_RELAX_OID is internal only, and has no network representation */
+	{ LDB_CONTROL_RELAX_OID, NULL, NULL },
 /* DSDB_CONTROL_CURRENT_PARTITION_OID is internal only, and has no network representation */
-	{ "1.3.6.1.4.1.7165.4.3.2", NULL, NULL },
+	{ DSDB_CONTROL_CURRENT_PARTITION_OID, NULL, NULL },
+/* DSDB_CONTROL_REPLICATED_UPDATE_OID is internal only, and has no network representation */
+	{ DSDB_CONTROL_REPLICATED_UPDATE_OID, NULL, NULL },
 /* DSDB_CONTROL_DN_STORAGE_FORMAT_OID is internal only, and has no network representation */
-	{ "1.3.6.1.4.1.7165.4.3.4", NULL, NULL },
+	{ DSDB_CONTROL_DN_STORAGE_FORMAT_OID, NULL, NULL },
+/* LDB_CONTROL_RECALCULATE_SD_OID is internal only, and has no network representation */
+	{ LDB_CONTROL_RECALCULATE_SD_OID, NULL, NULL },
 /* LDB_CONTROL_REVEAL_INTERNALS is internal only, and has no network representation */
-	{ "1.3.6.1.4.1.7165.4.3.6", NULL, NULL },
+	{ LDB_CONTROL_REVEAL_INTERNALS, NULL, NULL },
 /* LDB_CONTROL_AS_SYSTEM_OID is internal only, and has no network representation */
-	{ "1.3.6.1.4.1.7165.4.3.7", NULL, NULL },
+	{ LDB_CONTROL_AS_SYSTEM_OID, NULL, NULL },
 /* DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID is internal only, and has no network representation */
-	{ "1.3.6.1.4.1.7165.4.3.8", NULL, NULL },
+	{ DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID, NULL, NULL },
+/* DSDB_CONTROL_PASSWORD_HASH_VALUES_OID is internal only, and has no network representation */
+	{ DSDB_CONTROL_PASSWORD_HASH_VALUES_OID, NULL, NULL },
+/* DSDB_CONTROL_PASSWORD_CHANGE_OID is internal only, and has no network representation */
+	{ DSDB_CONTROL_PASSWORD_CHANGE_OID, NULL, NULL },
+/* DSDB_CONTROL_APPLY_LINKS is internal only, and has no network representation */
+	{ DSDB_CONTROL_APPLY_LINKS, NULL, NULL },
+/* DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID is internal only, and has no network representation */
+	{ DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID, NULL, NULL },
+/* LDB_CONTROL_BYPASSOPERATIONAL_OID is internal only, and has no network representation */
+	{ LDB_CONTROL_BYPASSOPERATIONAL_OID, NULL, NULL },
+/* DSDB_CONTROL_CHANGEREPLMETADATA_OID is internal only, and has no network representation */
+	{ DSDB_CONTROL_CHANGEREPLMETADATA_OID, NULL, NULL },
 /* DSDB_CONTROL_SEARCH_APPLY_ACCESS is internal only, and has no network representation */
-	{ "1.3.6.1.4.1.7165.4.3.15", NULL, NULL },
+	{ DSDB_CONTROL_SEARCH_APPLY_ACCESS, NULL, NULL },
 /* DSDB_EXTENDED_REPLICATED_OBJECTS_OID is internal only, and has no network representation */
-	{ "1.3.6.1.4.1.7165.4.4.1", NULL, NULL },
-	{ DSDB_OPENLDAP_DEREFERENCE_CONTROL, decode_openldap_dereference, encode_openldap_dereference},
-	{ LDB_CONTROL_RELAX_OID, decode_flag_request, encode_flag_request },
-	{ LDB_CONTROL_RODC_DCPROMO_OID, decode_flag_request, encode_flag_request },
+	{ DSDB_EXTENDED_REPLICATED_OBJECTS_OID, NULL, NULL },
+/* DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID is internal only, and has no network representation */
+	{ DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID, NULL, NULL },
+/* DSDB_EXTENDED_ALLOCATE_RID_POOL is internal only, and has no network representation */
+	{ DSDB_EXTENDED_ALLOCATE_RID_POOL, NULL, NULL },
 	{ NULL, NULL, NULL }
 };
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list