r17419: add client support for the LDAP_SERVER_SEARCH_OPTIONS support.

with this you can limit a search to a specific partitions
or a search over all partitions without getting referrals.
(Witch is the default behavior on the Global Catalog Port)

metze
(This used to be commit 4ccd0f8171f3748ee6efe1abd3f894d2cdf46bf4)

source4/lib/ldb/include/ldb.h

@@ -429,6 +429,13 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 */
 #define LDB_CONTROL_SD_FLAGS_OID	"1.2.840.113556.1.4.801"
 
+/**
+   OID for specifying an advanced scope for a search
+
+   \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_search_options_oid.asp">Microsoft documentation of this OID</a>
+*/
+#define LDB_CONTROL_SEARCH_OPTIONS_OID	"1.2.840.113556.1.4.1340"
+
 /**
    OID for notification
 
@@ -535,6 +542,23 @@ struct ldb_sd_flags_control {
 	unsigned secinfo_flags;
 };
 
+struct ldb_search_options_control {
+	/*
+	 * DOMAIN_SCOPE		0x00000001
+	 * this limits the search to one partition,
+	 * and no referrals will be returned.
+	 * (Note this doesn't limit the entries by there
+	 *  objectSid belonging to a domain! Builtin and Foreign Sids
+	 *  are still returned)
+	 *
+	 * PHANTOM_ROOT		0x00000002
+	 * this search on the whole tree on a domain controller
+	 * over multiple partitions without referrals.
+	 * (This is the default behavior on the Global Catalog Port)
+	 */
+	unsigned search_options;
+};
+
 struct ldb_paged_control {
 	int size;
 	int cookie_len;

source4/lib/ldb/tools/cmdline.c

@@ -406,6 +406,31 @@ struct ldb_control **parse_controls(void *mem_ctx, char **control_strings)
 			continue;
 		}
 
+		if (strncmp(control_strings[i], "search_options:", 15) == 0) {
+			struct ldb_search_options_control *control;
+			const char *p;
+			int crit, ret;
+			unsigned search_options;
+
+			p = &(control_strings[i][15]);
+			ret = sscanf(p, "%d:%u", &crit, &search_options);
+			if ((ret != 2) || (crit < 0) || (crit > 1) || (search_options < 0) || (search_options > 0x0FFFFFFFF)) {
+				fprintf(stderr, "invalid sd_flags control syntax\n");
+				fprintf(stderr, " syntax: crit(b):search_options(n)\n");
+				fprintf(stderr, "   note: b = boolean, n = number\n");
+				return NULL;
+			}
+
+			ctrl[i] = talloc(ctrl, struct ldb_control);
+			ctrl[i]->oid = LDB_CONTROL_SEARCH_OPTIONS_OID;
+			ctrl[i]->critical = crit;
+			control = talloc(ctrl[i], struct ldb_search_options_control);
+			control->search_options = search_options;
+			ctrl[i]->data = control;
+
+			continue;
+		}
+
 		if (strncmp(control_strings[i], "paged_results:", 14) == 0) {
 			struct ldb_paged_control *control;
 			const char *p;

source4/libcli/ldap/ldap_controls.c

@@ -213,6 +213,37 @@ static BOOL decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void **out)
 	return True;
 }
 
+static BOOL decode_search_options_request(void *mem_ctx, DATA_BLOB in, void **out)
+{
+	struct asn1_data data;
+	struct ldb_search_options_control *lsoc;
+
+	if (!asn1_load(&data, in)) {
+		return False;
+	}
+
+	lsoc = talloc(mem_ctx, struct ldb_search_options_control);
+	if (!lsoc) {
+		return False;
+	}
+
+	if (!asn1_start_tag(&data, ASN1_SEQUENCE(0))) {
+		return False;
+	}
+
+	if (!asn1_read_Integer(&data, &(lsoc->search_options))) {
+		return False;
+	}
+
+	if (!asn1_end_tag(&data)) {
+		return False;
+	}
+
+	*out = lsoc;
+
+	return True;
+}
+
 static BOOL decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void **out)
 {
 	DATA_BLOB cookie;
@@ -689,6 +720,33 @@ static BOOL encode_sd_flags_request(void *mem_ctx, void *in, DATA_BLOB *out)
 	return True;
 }
 
+static BOOL encode_search_options_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_search_options_control *lsoc = talloc_get_type(in, struct ldb_search_options_control);
+	struct asn1_data data;
+
+	ZERO_STRUCT(data);
+
+	if (!asn1_push_tag(&data, ASN1_SEQUENCE(0))) {
+		return False;
+	}
+
+	if (!asn1_write_Integer(&data, lsoc->search_options)) {
+		return False;
+	}
+
+	if (!asn1_pop_tag(&data)) {
+		return False;
+	}
+
+	*out = data_blob_talloc(mem_ctx, data.data, data.length);
+	if (out->data == NULL) {
+		return False;
+	}
+
+	return True;
+}
+
 static BOOL encode_paged_results_request(void *mem_ctx, void *in, DATA_BLOB *out)
 {
 	struct ldb_paged_control *lprc = talloc_get_type(in, struct ldb_paged_control);
@@ -937,6 +995,7 @@ struct control_handler ldap_known_controls[] = {
 	{ "1.2.840.113556.1.4.841", decode_dirsync_request, encode_dirsync_request },
 	{ "1.2.840.113556.1.4.528", decode_notification_request, encode_notification_request },
 	{ "1.2.840.113556.1.4.801", decode_sd_flags_request, encode_sd_flags_request },
+	{ "1.2.840.113556.1.4.1340", decode_search_options_request, encode_search_options_request },
 	{ "2.16.840.1.113730.3.4.2", decode_manageDSAIT_request, encode_manageDSAIT_request },
 	{ "2.16.840.1.113730.3.4.9", decode_vlv_request, encode_vlv_request },
 	{ "2.16.840.1.113730.3.4.10", decode_vlv_response, encode_vlv_response },