ldb: add the VERIFY_NAME control

diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
index 7ce4fc34af62f43d91ba7d2470b4c661a17b6206..097ae20ece75073871f2ab9aa7cbc6e496cea2db 100644 (file)
--- a/lib/ldb/common/ldb_controls.c
+++ b/lib/ldb/common/ldb_controls.c
@@ -368,6 +368,25 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
                return res;
        }
 
+       if (strcmp(control->oid, LDB_CONTROL_VERIFY_NAME_OID) == 0) {
+               struct ldb_verify_name_control *rep_control = talloc_get_type(control->data, struct ldb_verify_name_control);
+
+               if (rep_control->gc != NULL) {
+                       res = talloc_asprintf(mem_ctx, "%s:%d:%d:%s",
+                                               LDB_CONTROL_VERIFY_NAME_NAME,
+                                               control->critical,
+                                               rep_control->flags,
+                                               rep_control->gc);
+
+               } else {
+                       res = talloc_asprintf(mem_ctx, "%s:%d:%d",
+                                               LDB_CONTROL_VERIFY_NAME_NAME,
+                                               control->critical,
+                                               rep_control->flags);
+               }
+               return res;
+       }
+
        /*
         * From here we don't know the control
         */
@@ -1018,6 +1037,40 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 
                return ctrl;
        }
+       if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_VERIFY_NAME_NAME) == 0) {
+               const char *p;
+               char gc[1024];
+               int crit, flags, ret;
+               struct ldb_verify_name_control *control;
+
+               gc[0] = '\0';
+
+               p = &(control_strings[sizeof(LDB_CONTROL_VERIFY_NAME_NAME)]);
+               ret = sscanf(p, "%d:%d:%1023[^$]", &crit, &flags, gc);
+               if ((ret != 3) || (crit < 0) || (crit > 1)) {
+                       ret = sscanf(p, "%d:%d", &crit, &flags);
+                       if ((ret != 2) || (crit < 0) || (crit > 1)) {
+                               error_string = talloc_asprintf(mem_ctx, "invalid verify_name control syntax\n");
+                               error_string = talloc_asprintf_append(error_string, " syntax: crit(b):flags(i)[:gc(s)]\n");
+                               error_string = talloc_asprintf_append(error_string, "   note: b = boolean");
+                               error_string = talloc_asprintf_append(error_string, "   note: i = integer");
+                               error_string = talloc_asprintf_append(error_string, "   note: s = string");
+                               ldb_set_errstring(ldb, error_string);
+                               talloc_free(error_string);
+                               talloc_free(ctrl);
+                               return NULL;
+                       }
+               }
+
+               ctrl->oid = LDB_CONTROL_VERIFY_NAME_OID;
+               ctrl->critical = crit;
+               control = talloc(ctrl, struct ldb_verify_name_control);
+               control->gc = talloc_strdup(control, gc);
+               control->gc_len = strlen(gc);
+               control->flags = flags;
+               ctrl->data = control;
+               return ctrl;
+       }
        /*
         * When no matching control has been found.
         */

diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
index ae340192161402988a2922e7c7798ac6356f5610..d3a20c5ff8e22c4c3e6bcad586a8ba28717fdc76 100644 (file)
--- a/lib/ldb/include/ldb.h
+++ b/lib/ldb/include/ldb.h
@@ -708,6 +708,15 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 #define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12"
 #define LDB_CONTROL_RELAX_NAME "relax"
 
+/**
+   OID for the allowing some kind of relax check for attributes with DNs
+
+
+   \sa 3.1.1.3.4.1.16 in [MS-ADTS].pdf
+*/
+#define LDB_CONTROL_VERIFY_NAME_OID "1.2.840.113556.1.4.1338"
+#define LDB_CONTROL_VERIFY_NAME_NAME   "verify_name"
+
 /* Extended operations */
 
 /**
@@ -843,6 +852,12 @@ struct ldb_vlv_resp_control {
        char *contextId;
 };
 
+struct ldb_verify_name_control {
+       int flags;
+       size_t gc_len;
+       char *gc;
+};
+
 struct ldb_control {
        const char *oid;
        int critical;