summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2005-11-23 11:29:55 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:05:33 -0500
commit98cd8edc565cae464edd257bb811a792eea6849e (patch)
tree217edfca0a14c2bd49bc5aba23b6abdac70930c7
parentf6b8327fac33a7758f1c66131238a1945807e535 (diff)
downloadsamba-98cd8edc565cae464edd257bb811a792eea6849e.tar.gz
samba-98cd8edc565cae464edd257bb811a792eea6849e.tar.bz2
samba-98cd8edc565cae464edd257bb811a792eea6849e.zip
r11876: When we are using START_TLS to secure the LDAP connection, we *have* to
call START_TLS again after rebinding to another LDAP server. (ldaps:// uri's are handled at by recent versions of OpenLDAP). Guenther (This used to be commit 3ccea032cb681426a1b29907a44b87b8a94e0840)
-rw-r--r--source3/lib/smbldap.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 75842ec193..a3ebe72df2 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -777,9 +777,18 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct,
{
struct smbldap_state *ldap_state = arg;
int rc;
- DEBUG(5,("rebindproc_connect_with_state: Rebinding as \"%s\"\n",
- ldap_state->bind_dn));
-
+ int version;
+
+ DEBUG(5,("rebindproc_connect_with_state: Rebinding to %s as \"%s\"\n",
+ url, ldap_state->bind_dn));
+
+ /* call START_TLS again (ldaps:// is handled by the OpenLDAP library
+ * itself) before rebinding to another LDAP server to avoid to expose
+ * our credentials. At least *try* to secure the connection - Guenther */
+
+ smb_ldap_upgrade_conn(ldap_struct, &version);
+ smb_ldap_start_tls(ldap_struct, version);
+
/** @TODO Should we be doing something to check what servers we rebind to?
Could we get a referral to a machine that we don't want to give our
username and password to? */