s4/ldb:introduce the LDB_CONTROL_PROVISION_OID control

This control is exactly thought for the actions which previously were performed
using the RELAX one.

We agreed that the RELAX control will only remain for interactions with OpenLDAP.

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index f56cd07f3a34c1ac6dfab6b8e226d63a90306897..9b813d1b52784909eba9d94ca2632ecb10a43efd 100644 (file)
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -3660,6 +3660,13 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
                }
        }
 
+       if (dsdb_flags & DSDB_PROVISION) {
+               ret = ldb_request_add_control(req, LDB_CONTROL_PROVISION_OID, false, NULL);
+               if (ret != LDB_SUCCESS) {
+                       return ret;
+               }
+       }
+
        return LDB_SUCCESS;
 }
 

diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h
index 7dabef8d870354537033e2d07c9175254f684990..fa876484cb9235e6c2d0bd56faa0554d52659d5d 100644 (file)
--- a/source4/dsdb/common/util.h
+++ b/source4/dsdb/common/util.h
@@ -34,5 +34,6 @@
 #define DSDB_TREE_DELETE                     0x0100
 #define DSDB_SEARCH_ONE_ONLY                 0x0200 /* give an error unless 1 record */
 #define DSDB_SEARCH_SHOW_RECYCLED            0x0400
+#define DSDB_PROVISION                       0x0800
 
 bool is_attr_in_list(const char * const * attrs, const char *attr);

diff --git a/source4/lib/ldb/common/ldb_controls.c b/source4/lib/ldb/common/ldb_controls.c
index 6ce08652a7a5039d10e4e37060900cdac5cc7147..99154aa7d9f67c1325fb433ca5b2e66498a3d2cc 100644 (file)
--- a/source4/lib/ldb/common/ldb_controls.c
+++ b/source4/lib/ldb/common/ldb_controls.c
@@ -939,6 +939,33 @@ struct ldb_control **ldb_parse_control_strings(struct ldb_context *ldb, TALLOC_C
                        continue;
                }
 
+               if (strncmp(control_strings[i], "provision:", 10) == 0) {
+                       const char *p;
+                       int crit, ret;
+
+                       p = &(control_strings[i][10]);
+                       ret = sscanf(p, "%d", &crit);
+                       if ((ret != 1) || (crit < 0) || (crit > 1)) {
+                               error_string = talloc_asprintf(mem_ctx, "invalid provision control syntax\n");
+                               error_string = talloc_asprintf_append(error_string, " syntax: crit(b)\n");
+                               error_string = talloc_asprintf_append(error_string, "   note: b = boolean");
+                               ldb_set_errstring(ldb, error_string);
+                               talloc_free(error_string);
+                               return NULL;
+                       }
+
+                       ctrl[i] = talloc(ctrl, struct ldb_control);
+                       if (!ctrl[i]) {
+                               ldb_oom(ldb);
+                               return NULL;
+                       }
+                       ctrl[i]->oid = LDB_CONTROL_PROVISION_OID;
+                       ctrl[i]->critical = crit;
+                       ctrl[i]->data = NULL;
+
+                       continue;
+               }
+
                /* no controls matched, throw an error */
                ldb_asprintf_errstring(ldb, "Invalid control name: '%s'", control_strings[i]);
                return NULL;

diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index 7edad06957354a804afaa6f0d92687ac5d15f45f..d1e29010b1d7ff9f43ead4299158829c0608d4f3 100644 (file)
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -510,6 +510,12 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 */
 #define LDB_CONTROL_AS_SYSTEM_OID "1.3.6.1.4.1.7165.4.3.7"
 
+/**
+   LDB_CONTROL_PROVISION_OID is used to skip some constraint checks. It's is
+   mainly thought to be used for the provisioning.
+*/
+#define LDB_CONTROL_PROVISION_OID "1.3.6.1.4.1.7165.4.3.16"
+
 /* AD controls */
 
 /**

diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
index 478481b422cde37b9e8a832fc3eef77905b21548..592635d59cbb801641be6ec3d4e9a2011d54a531 100644 (file)
--- a/source4/libcli/ldap/ldap_controls.c
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -1187,6 +1187,8 @@ static const struct ldap_control_handler ldap_known_controls[] = {
        { DSDB_CONTROL_CHANGEREPLMETADATA_OID, NULL, NULL },
 /* DSDB_CONTROL_SEARCH_APPLY_ACCESS is internal only, and has no network representation */
        { DSDB_CONTROL_SEARCH_APPLY_ACCESS, NULL, NULL },
+/* LDB_CONTROL_PROVISION_OID is internal only, and has no network representation */
+       { LDB_CONTROL_PROVISION_OID, NULL, NULL },
 /* DSDB_EXTENDED_REPLICATED_OBJECTS_OID is internal only, and has no network representation */
        { DSDB_EXTENDED_REPLICATED_OBJECTS_OID, NULL, NULL },
 /* DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID is internal only, and has no network representation */

diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index f703b5aaaddb8429f191786840e6e20a36400668..212097ba5fe79f7fe6c96cd8e33c17464c896a60 100644 (file)
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -188,6 +188,7 @@
 #Allocated: LDB_CONTROL_BYPASS_OPERATIONAL_OID 1.3.6.1.4.1.7165.4.3.13
 #Allocated: DSDB_CONTROL_CHANGEREPLMETADATA_OID 1.3.6.1.4.1.7165.4.3.14
 #Allocated: DSDB_CONTROL_SEARCH_APPLY_ACCESS 1.3.6.1.4.1.7165.4.3.15
+#Allocated: LDB_CONTROL_PROVISION_OID 1.3.6.1.4.1.7165.4.3.16
 
 # Extended 1.3.6.1.4.1.7165.4.4.x
 #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1