s4-ldb: added ldb_req_mark_untrusted() and ldb_req_is_untrusted()

these will be used to determine if a ldb request comes from an
untrusted source. We want requests over ldap:// to be marked untrusted
so we can reject unregistered controls

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

source4/lib/ldb/common/ldb.c

@@ -1810,3 +1810,20 @@ const char *ldb_req_location(struct ldb_request *req)
 {
 	return req->handle->location;
 }
+
+/**
+  mark a request as untrusted. This tells the rootdse module to remove
+  unregistered controls
+ */
+void ldb_req_mark_untrusted(struct ldb_request *req)
+{
+	req->handle->flags |= LDB_HANDLE_FLAG_UNTRUSTED;
+}
+
+/**
+   return true is a request is untrusted
+ */
+bool ldb_req_is_untrusted(struct ldb_request *req)
+{
+	return (req->handle->flags & LDB_HANDLE_FLAG_UNTRUSTED) != 0;
+}

source4/lib/ldb/include/ldb_module.h

@@ -216,4 +216,15 @@ void ldb_set_default_dns(struct ldb_context *ldb);
 */
 int ldb_reply_add_control(struct ldb_reply *ares, const char *oid, bool critical, void *data);
 
+/**
+  mark a request as untrusted. This tells the rootdse module to remove
+  unregistered controls
+ */
+void ldb_req_mark_untrusted(struct ldb_request *req);
+
+/**
+   return true is a request is untrusted
+ */
+bool ldb_req_is_untrusted(struct ldb_request *req);
+
 #endif

source4/lib/ldb/include/ldb_private.h

@@ -48,6 +48,8 @@ struct ldb_module_ops;
 struct ldb_backend_ops;
 
 #define LDB_HANDLE_FLAG_DONE_CALLED 1
+/* call is from an untrusted source - eg. over ldap:// */
+#define LDB_HANDLE_FLAG_UNTRUSTED   2
 
 struct ldb_handle {
 	int status;