summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-12-18 05:01:15 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:47:28 -0500
commit97b54b007e0f8a44074fa570b06b7ff9d4f2489b (patch)
treef9a06df62f18cd3ac8f50b883d01e0c79db28810
parent810833ad93ede2caabebbe78e354651508fb4d2a (diff)
downloadsamba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.tar.gz
samba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.tar.bz2
samba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.zip
r12310: Link simple bind support in our internal LDAP libs to LDB and the
command line processing system. This is a little ugly at the moment, but works. What I cannot manage to get to work is the extraction and propogation of command line credentials into the js interface to ldb. Andrew Bartlett (This used to be commit f34ede763e7f80507d06224d114cf6b5ac7c8f7d)
-rw-r--r--source4/auth/credentials/credentials.c23
-rw-r--r--source4/auth/credentials/credentials.h2
-rw-r--r--source4/lib/ldb/ldb_ildap/ldb_ildap.c21
3 files changed, 41 insertions, 5 deletions
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 0e37fdc4a6..0ea2a01ea1 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -57,6 +57,8 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
cred->machine_account = False;
cred->gensec_list = NULL;
+ cred->bind_dn = NULL;
+
return cred;
}
@@ -104,6 +106,23 @@ BOOL cli_credentials_set_username_callback(struct cli_credentials *cred,
return False;
}
+BOOL cli_credentials_set_bind_dn(struct cli_credentials *cred,
+ const char *bind_dn)
+{
+ cred->bind_dn = talloc_strdup(cred, bind_dn);
+ return True;
+}
+
+/**
+ * Obtain the BIND DN for this credentials context.
+ * @param cred credentials context
+ * @retval The username set on this context.
+ * @note Return value will be NULL if not specified explictly
+ */
+const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
+{
+ return cred->bind_dn;
+}
/**
@@ -171,6 +190,10 @@ BOOL cli_credentials_set_principal_callback(struct cli_credentials *cred,
BOOL cli_credentials_authentication_requested(struct cli_credentials *cred)
{
+ if (cred->bind_dn) {
+ return True;
+ }
+
if (cred->machine_account_pending) {
cli_credentials_set_machine_account(cred);
}
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index 027cf4469d..c8a95e2b51 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -61,6 +61,8 @@ struct cli_credentials {
const char *principal;
const char *salt_principal;
+ const char *bind_dn;
+
struct samr_Password *nt_hash;
struct ccache_container *ccache;
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index 582513df6f..0802469079 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -510,11 +510,22 @@ int ildb_connect(struct ldb_context *ldb, const char *url,
}
if (creds != NULL && cli_credentials_authentication_requested(creds)) {
- status = ldap_bind_sasl(ildb->ldap, creds);
- if (!NT_STATUS_IS_OK(status)) {
- ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
- ldap_errstr(ildb->ldap, status));
- goto failed;
+ const char *bind_dn = cli_credentials_get_bind_dn(creds);
+ if (bind_dn) {
+ const char *password = cli_credentials_get_password(creds);
+ status = ldap_bind_simple(ildb->ldap, bind_dn, password);
+ if (!NT_STATUS_IS_OK(status)) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
+ ldap_errstr(ildb->ldap, status));
+ goto failed;
+ }
+ } else {
+ status = ldap_bind_sasl(ildb->ldap, creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
+ ldap_errstr(ildb->ldap, status));
+ goto failed;
+ }
}
}