git.samba.org / mat / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5ffacff)
s4-ldap: Added a control to apply the access checks on read via LDAP
authorNadezhda Ivanova <nivanova@samba.org>
Tue, 14 Sep 2010 07:51:14 +0000 (10:51 +0300)
committerNadezhda Ivanova <nivanova@samba.org>
Sun, 26 Sep 2010 22:36:09 +0000 (15:36 -0700)
source4/dsdb/samdb/samdb.h patch | blob | history
source4/ldap_server/ldap_backend.c patch | blob | history
source4/libcli/ldap/ldap_controls.c patch | blob | history

diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index a3d8f7952d29098af47652944e18ed386e2a1aa4..4a9edbae10198da0d5b21b4f0e53409f14f0438d 100644 (file)
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -192,4 +192,7 @@ struct dsdb_fsmo_extended_op {
        struct GUID destination_dsa_guid;
 };
 
+/* applied access checks on LDAP reads */
+#define DSDB_CONTROL_SEARCH_APPLY_ACCESS "1.3.6.1.4.1.7165.4.3.15"
+
 #endif /* __SAMDB_H__ */
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 6faaa30c2f1efc64aaa0121c2efcc43763ada740..6a518e48a31c769c96f2904568f207458bb8ada2 100644 (file)
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -579,6 +579,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
                }
        }
 
+       ldb_request_add_control(lreq, DSDB_CONTROL_SEARCH_APPLY_ACCESS, false, NULL);
        ldb_set_timeout(samdb, lreq, req->timelimit);
 
        ldb_ret = ldb_request(samdb, lreq);
diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
index 5244975dfc31bdcc53fc9e2adfc5a815e8778bac..b8becb8955430ca459ea3847d3335d14d59048dd 100644 (file)
--- a/source4/libcli/ldap/ldap_controls.c
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -1166,6 +1166,8 @@ static const struct ldap_control_handler ldap_known_controls[] = {
        { "1.3.6.1.4.1.7165.4.3.7", NULL, NULL },
 /* DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID is internal only, and has no network representation */
        { "1.3.6.1.4.1.7165.4.3.8", NULL, NULL },
+/* DSDB_CONTROL_SEARCH_APPLY_ACCESS is internal only, and has no network representation */
+       { "1.3.6.1.4.1.7165.4.3.15", NULL, NULL },
 /* DSDB_EXTENDED_REPLICATED_OBJECTS_OID is internal only, and has no network representation */
        { "1.3.6.1.4.1.7165.4.4.1", NULL, NULL },
        { DSDB_OPENLDAP_DEREFERENCE_CONTROL, decode_openldap_dereference, encode_openldap_dereference},
Default public repo for matthieu