Fix ldapmod list overrun check. Also better document and format ldap control for permissive modify.

(This used to be commit 01e7f7c3d9006883b71e43d917d32e325cff7a15)

source3/libads/ldap.c

@@ -71,7 +71,7 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope,
 
 	rc = ldap_search_ext_s(ads->ld, 
 			       bind_path, scope,
-			       exp, attrs, 0, NULL, NULL, 
+			       exp, (char **) attrs, 0, NULL, NULL, 
 			       &timeout, LDAP_NO_LIMIT, (LDAPMessage **)res);
 	return ADS_ERROR(rc);
 }
@@ -187,10 +187,11 @@ static ADS_STATUS ads_modlist_add(void **mods, int mod_op, char *name, char **va
 	LDAPMod **modlist = (LDAPMod **) mods;
 
 	/* find the first empty slot */
-	for (curmod=0; modlist[curmod] > 0; curmod++);
+	for (curmod=0; modlist[curmod] && modlist[curmod] != (LDAPMod *) -1;
+	     curmod++);
 	if (modlist[curmod] == (LDAPMod *) -1)
 		return ADS_ERROR(LDAP_NO_MEMORY);
-
+		
 	if (!(modlist[curmod] = malloc(sizeof(LDAPMod))))
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	modlist[curmod]->mod_type = name;
@@ -313,21 +314,17 @@ void ads_free_mods(void **mods)
 ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, void **mods)
 {
 	int ret,i;
-	LDAPControl control;
-	LDAPControl *controls[2];
-	char bv_val = (char) 1;
-
 	/* 
-	   this control seems to be necessary to have any modify
+	   this control is needed to modify that contains a currently 
-	   that contains a currently non-existent attribute (but
+	   non-existent attribute (but allowable for the object) to run
-	   allowable for the object) to run
 	*/
-	control.ldctl_oid = "1.2.840.113556.1.4.1413";
+	LDAPControl PermitModify = {
-	control.ldctl_value.bv_len = 1;
+		"1.2.840.113556.1.4.1413",
-	control.ldctl_value.bv_val = &bv_val;
+		{0, NULL},
-	control.ldctl_iscritical = (char) 0;
+		(char) 1};
-	controls[0] = &control;
+	LDAPControl *controls[2] = {
-	controls[1] = NULL;
+		&PermitModify,
+		NULL };
 
 	/* find the end of the list, marked by NULL or -1 */
 	for(i=0;mods[i]>0;i++);