s3-smbldap: Add API for external callback to perform LDAP bind in smbldap

In order to support other bind methods, introduce a generic bind callback.
When smbldap_state.bind_callback is set, it means there is an alternative
way to perform LDAP bind to ldap_simple_bind_s() so call it instead.
The call is wrapped in become_root()/unbecome_root() to allow proper permissions
in smbd to access needed resources in the callback, for example, credential caches.
When run outside smbd, become_root()/unbecome_root() are no-op.

The API expectation is similar to ldap_simple_bind_s().

A caller of smbldap API can pass additional information to the callback by setting
smbldap_state.bind_callback_data pointer.

Both callback and the data pointer elements of smbldap_state structure get
cleaned up if someone sets proper credentials on smbldap_state with
smbldap_set_creds() so if you are interested in using smbldap_state.bind_dn
with the callback, make sure to set callback after credentials are set.

1 files changed, 2 insertions, 0 deletions

diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index df9df766b3..5051fcf333 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -44,6 +44,8 @@ struct smbldap_state {
 	bool anonymous;
 	char *bind_dn;
 	char *bind_secret;
+	int (*bind_callback)(LDAP *ldap_struct, struct smbldap_state *ldap_state, void *data);
+	void *bind_callback_data;
 
 	bool paged_results;