s4:dsdb - make the RELAX control private

This makes our LDAP much more secure and less error-prone.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104

source4/lib/ldb/include/ldb.h

@@ -510,6 +510,12 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 */
 #define LDB_CONTROL_AS_SYSTEM_OID "1.3.6.1.4.1.7165.4.3.7"
 
+/**
+   LDB_CONTROL_RELAX_OID relaxes some of the AD constraints to allow some
+   special operations - should be used carefully!
+*/
+#define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12"
+
 /* AD controls */
 
 /**
@@ -667,14 +673,6 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 
 /* Other standardised controls */
 
-/**
-   OID for the allowing client to request temporary relaxed
-   enforcement of constraints of the x.500 model.
-
-   \sa <a href="http://opends.dev.java.net/public/standards/draft-zeilenga-ldap-managedit.txt">draft managedit</a>.
-*/
-#define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12"
-
 /*
    OID for LDAP Extended Operation PASSWORD_CHANGE.
 

source4/libcli/ldap/ldap_controls.c

@@ -1156,9 +1156,10 @@ static const struct ldap_control_handler ldap_known_controls[] = {
 	{ LDB_CONTROL_PERMISSIVE_MODIFY_OID, decode_flag_request, encode_flag_request },
 	{ LDB_CONTROL_SERVER_LAZY_COMMIT, decode_flag_request, encode_flag_request },
 	{ LDB_CONTROL_RODC_DCPROMO_OID, decode_flag_request, encode_flag_request },
-	{ LDB_CONTROL_RELAX_OID, decode_flag_request, encode_flag_request },
 	{ DSDB_OPENLDAP_DEREFERENCE_CONTROL, decode_openldap_dereference, encode_openldap_dereference },
 
+/* LDB_CONTROL_RELAX_OID is internal only, and has no network representation */
+	{ LDB_CONTROL_RELAX_OID, NULL, NULL },
 /* DSDB_CONTROL_CURRENT_PARTITION_OID is internal only, and has no network representation */
 	{ DSDB_CONTROL_CURRENT_PARTITION_OID, NULL, NULL },
 /* DSDB_CONTROL_REPLICATED_UPDATE_OID is internal only, and has no network representation */