diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-12-18 05:01:15 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:47:28 -0500 |
commit | 97b54b007e0f8a44074fa570b06b7ff9d4f2489b (patch) | |
tree | f9a06df62f18cd3ac8f50b883d01e0c79db28810 | |
parent | 810833ad93ede2caabebbe78e354651508fb4d2a (diff) | |
download | samba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.tar.gz samba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.tar.bz2 samba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.zip |
r12310: Link simple bind support in our internal LDAP libs to LDB and the
command line processing system.
This is a little ugly at the moment, but works. What I cannot manage
to get to work is the extraction and propogation of command line
credentials into the js interface to ldb.
Andrew Bartlett
(This used to be commit f34ede763e7f80507d06224d114cf6b5ac7c8f7d)
-rw-r--r-- | source4/auth/credentials/credentials.c | 23 | ||||
-rw-r--r-- | source4/auth/credentials/credentials.h | 2 | ||||
-rw-r--r-- | source4/lib/ldb/ldb_ildap/ldb_ildap.c | 21 |
3 files changed, 41 insertions, 5 deletions
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c index 0e37fdc4a6..0ea2a01ea1 100644 --- a/source4/auth/credentials/credentials.c +++ b/source4/auth/credentials/credentials.c @@ -57,6 +57,8 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) cred->machine_account = False; cred->gensec_list = NULL; + cred->bind_dn = NULL; + return cred; } @@ -104,6 +106,23 @@ BOOL cli_credentials_set_username_callback(struct cli_credentials *cred, return False; } +BOOL cli_credentials_set_bind_dn(struct cli_credentials *cred, + const char *bind_dn) +{ + cred->bind_dn = talloc_strdup(cred, bind_dn); + return True; +} + +/** + * Obtain the BIND DN for this credentials context. + * @param cred credentials context + * @retval The username set on this context. + * @note Return value will be NULL if not specified explictly + */ +const char *cli_credentials_get_bind_dn(struct cli_credentials *cred) +{ + return cred->bind_dn; +} /** @@ -171,6 +190,10 @@ BOOL cli_credentials_set_principal_callback(struct cli_credentials *cred, BOOL cli_credentials_authentication_requested(struct cli_credentials *cred) { + if (cred->bind_dn) { + return True; + } + if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred); } diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index 027cf4469d..c8a95e2b51 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -61,6 +61,8 @@ struct cli_credentials { const char *principal; const char *salt_principal; + const char *bind_dn; + struct samr_Password *nt_hash; struct ccache_container *ccache; diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index 582513df6f..0802469079 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -510,11 +510,22 @@ int ildb_connect(struct ldb_context *ldb, const char *url, } if (creds != NULL && cli_credentials_authentication_requested(creds)) { - status = ldap_bind_sasl(ildb->ldap, creds); - if (!NT_STATUS_IS_OK(status)) { - ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n", - ldap_errstr(ildb->ldap, status)); - goto failed; + const char *bind_dn = cli_credentials_get_bind_dn(creds); + if (bind_dn) { + const char *password = cli_credentials_get_password(creds); + status = ldap_bind_simple(ildb->ldap, bind_dn, password); + if (!NT_STATUS_IS_OK(status)) { + ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n", + ldap_errstr(ildb->ldap, status)); + goto failed; + } + } else { + status = ldap_bind_sasl(ildb->ldap, creds); + if (!NT_STATUS_IS_OK(status)) { + ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n", + ldap_errstr(ildb->ldap, status)); + goto failed; + } } } |