summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-06-14 03:55:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:18:10 -0500
commitdb2e86f75cf08715503f28046fd29fcc1c0f6867 (patch)
tree68399d68516d593d29be01177062dbc237d245f5
parent6426f2a39ab42e164e29265b6d04cec9dca92eca (diff)
downloadsamba-db2e86f75cf08715503f28046fd29fcc1c0f6867.tar.gz
samba-db2e86f75cf08715503f28046fd29fcc1c0f6867.tar.bz2
samba-db2e86f75cf08715503f28046fd29fcc1c0f6867.zip
r7568: enable the NTLMSSP bulk data sign/seal code for out ldap server. This
now works with windows clients, as I fixed the zero length bind ack packet. Andrew, note that this has the strncmp("NTLMSSP", data, 7) hack. Please replace with a more correct fix as we discussed. (This used to be commit 69b02e8adb25a5152aec15f55b2b2f67457cf08a)
-rw-r--r--source4/ldap_server/ldap_bind.c21
1 files changed, 13 insertions, 8 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index d6b0332b6e..3b14606439 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -56,8 +56,8 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
const char *errstr;
NTSTATUS status = NT_STATUS_OK;
NTSTATUS sasl_status;
-/* BOOL ret;
-*/
+ BOOL ret;
+
DEBUG(10, ("BindSASL dn: %s\n",req->dn));
if (!call->conn->gensec) {
@@ -71,10 +71,15 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
gensec_set_target_service(call->conn->gensec, "ldap");
- /*gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SIGN);
+ gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SIGN);
gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SEAL);
- */
- status = gensec_start_mech_by_sasl_name(call->conn->gensec, req->creds.SASL.mechanism);
+
+ if (req->creds.SASL.secblob.length >= 7 &&
+ strncmp(req->creds.SASL.secblob.data, "NTLMSSP", 7) == 0) {
+ status = gensec_start_mech_by_sasl_name(call->conn->gensec, "NTLM");
+ } else {
+ status = gensec_start_mech_by_sasl_name(call->conn->gensec, req->creds.SASL.mechanism);
+ }
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC SASL[%s] server code: %s\n",
req->creds.SASL.mechanism, nt_errstr(status)));
@@ -93,7 +98,7 @@ reply:
if (NT_STATUS_IS_OK(status)) {
status = gensec_update(call->conn->gensec, reply,
- req->creds.SASL.secblob, &resp->SASL.secblob);
+ req->creds.SASL.secblob, &resp->SASL.secblob);
}
if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
@@ -123,7 +128,7 @@ reply:
return status;
}
-/* ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, conn->out_buffer.data, conn->out_buffer.length);
+ ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, conn->out_buffer.data, conn->out_buffer.length);
if (!ret) {
return NT_STATUS_NO_MEMORY;
}
@@ -131,7 +136,7 @@ reply:
if (NT_STATUS_IS_OK(status)) {
status = gensec_session_info(conn->gensec, &conn->session_info);
}
-*/
+
return status;
}