s4/ldb:introduce the LDB_CONTROL_PROVISION_OID control

This control is exactly thought for the actions which previously were performed
using the RELAX one.

We agreed that the RELAX control will only remain for interactions with OpenLDAP.

source4/dsdb/common/util.c

@@ -3660,6 +3660,13 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
 		}
 	}
 
+	if (dsdb_flags & DSDB_PROVISION) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_PROVISION_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
 	return LDB_SUCCESS;
 }
 

source4/dsdb/common/util.h

@@ -34,5 +34,6 @@
 #define DSDB_TREE_DELETE		      0x0100
 #define DSDB_SEARCH_ONE_ONLY		      0x0200 /* give an error unless 1 record */
 #define DSDB_SEARCH_SHOW_RECYCLED	      0x0400
+#define DSDB_PROVISION			      0x0800
 
 bool is_attr_in_list(const char * const * attrs, const char *attr);

source4/lib/ldb/common/ldb_controls.c

@@ -939,6 +939,33 @@ struct ldb_control **ldb_parse_control_strings(struct ldb_context *ldb, TALLOC_C
 			continue;
 		}
 
+		if (strncmp(control_strings[i], "provision:", 10) == 0) {
+			const char *p;
+			int crit, ret;
+
+			p = &(control_strings[i][10]);
+			ret = sscanf(p, "%d", &crit);
+			if ((ret != 1) || (crit < 0) || (crit > 1)) {
+				error_string = talloc_asprintf(mem_ctx, "invalid provision control syntax\n");
+				error_string = talloc_asprintf_append(error_string, " syntax: crit(b)\n");
+				error_string = talloc_asprintf_append(error_string, "   note: b = boolean");
+				ldb_set_errstring(ldb, error_string);
+				talloc_free(error_string);
+				return NULL;
+			}
+
+			ctrl[i] = talloc(ctrl, struct ldb_control);
+			if (!ctrl[i]) {
+				ldb_oom(ldb);
+				return NULL;
+			}
+			ctrl[i]->oid = LDB_CONTROL_PROVISION_OID;
+			ctrl[i]->critical = crit;
+			ctrl[i]->data = NULL;
+
+			continue;
+		}
+
 		/* no controls matched, throw an error */
 		ldb_asprintf_errstring(ldb, "Invalid control name: '%s'", control_strings[i]);
 		return NULL;

source4/lib/ldb/include/ldb.h

@@ -510,6 +510,12 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
 */
 #define LDB_CONTROL_AS_SYSTEM_OID "1.3.6.1.4.1.7165.4.3.7"
 
+/**
+   LDB_CONTROL_PROVISION_OID is used to skip some constraint checks. It's is
+   mainly thought to be used for the provisioning.
+*/
+#define LDB_CONTROL_PROVISION_OID "1.3.6.1.4.1.7165.4.3.16"
+
 /* AD controls */
 
 /**

source4/libcli/ldap/ldap_controls.c

@@ -1187,6 +1187,8 @@ static const struct ldap_control_handler ldap_known_controls[] = {
 	{ DSDB_CONTROL_CHANGEREPLMETADATA_OID, NULL, NULL },
 /* DSDB_CONTROL_SEARCH_APPLY_ACCESS is internal only, and has no network representation */
 	{ DSDB_CONTROL_SEARCH_APPLY_ACCESS, NULL, NULL },
+/* LDB_CONTROL_PROVISION_OID is internal only, and has no network representation */
+	{ LDB_CONTROL_PROVISION_OID, NULL, NULL },
 /* DSDB_EXTENDED_REPLICATED_OBJECTS_OID is internal only, and has no network representation */
 	{ DSDB_EXTENDED_REPLICATED_OBJECTS_OID, NULL, NULL },
 /* DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID is internal only, and has no network representation */

source4/setup/schema_samba4.ldif

@@ -188,6 +188,7 @@
 #Allocated: LDB_CONTROL_BYPASS_OPERATIONAL_OID 1.3.6.1.4.1.7165.4.3.13
 #Allocated: DSDB_CONTROL_CHANGEREPLMETADATA_OID 1.3.6.1.4.1.7165.4.3.14
 #Allocated: DSDB_CONTROL_SEARCH_APPLY_ACCESS 1.3.6.1.4.1.7165.4.3.15
+#Allocated: LDB_CONTROL_PROVISION_OID 1.3.6.1.4.1.7165.4.3.16
 
 # Extended 1.3.6.1.4.1.7165.4.4.x
 #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1