diff options
| author | Stefan Metzmacher <metze@samba.org> | 2010-10-05 07:47:51 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2010-10-07 10:31:18 +0000 |
| commit | ab31d9aac9a02756cf5af313ed36fc549a8f4b67 (patch) | |
| tree | b0a3b0201e187a7a7e51c8b2e206efb5250e6eb7 /source4/ldap_server/ldap_bind.c | |
| parent | ea36245ebeb26e5bc98983c817fb023cd8a8d50f (diff) | |
| download | samba-ab31d9aac9a02756cf5af313ed36fc549a8f4b67.tar.gz samba-ab31d9aac9a02756cf5af313ed36fc549a8f4b67.tar.bz2 samba-ab31d9aac9a02756cf5af313ed36fc549a8f4b67.zip | |
Revert "s4:ldap_server: rewrite to socket layer to use tstream"
This reverts commit b53fbc75acc525f2e2450370e704a62791271788.
There are problems with problems with broken gnutls versions.
We can readd this once we have the needed configure checks to
detect the bug in gnutls. See https://bugzilla.samba.org/show_bug.cgi?id=7218.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Oct 7 10:31:18 UTC 2010 on sn-devel-104
Diffstat (limited to 'source4/ldap_server/ldap_bind.c')
| -rw-r--r-- | source4/ldap_server/ldap_bind.c | 93 |
1 files changed, 26 insertions, 67 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 5036353a4b..529a12d1ca 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -25,9 +25,7 @@ #include "lib/ldb/include/ldb_errors.h" #include "dsdb/samdb/samdb.h" #include "auth/gensec/gensec.h" -#include "auth/gensec/gensec_tstream.h" #include "param/param.h" -#include "../lib/util/tevent_ntstatus.h" static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) { @@ -96,42 +94,20 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) return NT_STATUS_OK; } -struct ldapsrv_sasl_postprocess_context { +struct ldapsrv_sasl_context { struct ldapsrv_connection *conn; - struct tstream_context *sasl; + struct socket_context *sasl_socket; }; -struct ldapsrv_sasl_postprocess_state { - uint8_t dummy; -}; - -static struct tevent_req *ldapsrv_sasl_postprocess_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - void *private_data) +static void ldapsrv_set_sasl(void *private_data) { - struct ldapsrv_sasl_postprocess_context *context = - talloc_get_type_abort(private_data, - struct ldapsrv_sasl_postprocess_context); - struct tevent_req *req; - struct ldapsrv_sasl_postprocess_state *state; - - req = tevent_req_create(mem_ctx, &state, - struct ldapsrv_sasl_postprocess_state); - if (req == NULL) { - return NULL; - } + struct ldapsrv_sasl_context *ctx = talloc_get_type(private_data, struct ldapsrv_sasl_context); + talloc_steal(ctx->conn->connection, ctx->sasl_socket); + talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket); - TALLOC_FREE(context->conn->sockets.sasl); - context->conn->sockets.sasl = talloc_move(context->conn, &context->sasl); - context->conn->sockets.active = context->conn->sockets.sasl; - - tevent_req_done(req); - return tevent_req_post(req, ev); -} - -static NTSTATUS ldapsrv_sasl_postprocess_recv(struct tevent_req *req) -{ - return tevent_req_simple_recv_ntstatus(req); + ctx->conn->sockets.sasl = ctx->sasl_socket; + ctx->conn->connection->socket = ctx->sasl_socket; + packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket); } static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) @@ -217,41 +193,27 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) errstr = NULL; } else if (NT_STATUS_IS_OK(status)) { struct auth_session_info *old_session_info=NULL; - struct ldapsrv_sasl_postprocess_context *context = NULL; + struct ldapsrv_sasl_context *ctx; result = LDAP_SUCCESS; errstr = NULL; - if (gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) || - gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) { - - context = talloc(call, struct ldapsrv_sasl_postprocess_context); - - if (!context) { - status = NT_STATUS_NO_MEMORY; - } - } + ctx = talloc(call, struct ldapsrv_sasl_context); - if (context && conn->sockets.tls) { - TALLOC_FREE(context); - status = NT_STATUS_NOT_SUPPORTED; - result = LDAP_UNWILLING_TO_PERFORM; - errstr = talloc_asprintf(reply, - "SASL:[%s]: Sign or Seal are not allowed if TLS is used", - req->creds.SASL.mechanism); - } - - if (context) { - context->conn = conn; - status = gensec_create_tstream(context, - context->conn->gensec, - context->conn->sockets.raw, - &context->sasl); + if (!ctx) { + status = NT_STATUS_NO_MEMORY; + } else { + ctx->conn = conn; + status = gensec_socket_init(conn->gensec, + conn->connection, + conn->connection->socket, + conn->connection->event.ctx, + stream_io_handler_callback, + conn->connection, + &ctx->sasl_socket); } - if (result != LDAP_SUCCESS) { - conn->session_info = old_session_info; - } else if (!NT_STATUS_IS_OK(status)) { + if (!ctx || !NT_STATUS_IS_OK(status)) { conn->session_info = old_session_info; result = LDAP_OPERATIONS_ERROR; errstr = talloc_asprintf(reply, @@ -259,6 +221,9 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) req->creds.SASL.mechanism, nt_errstr(status)); } else { + call->send_callback = ldapsrv_set_sasl; + call->send_private = ctx; + old_session_info = conn->session_info; conn->session_info = NULL; status = gensec_session_info(conn->gensec, &conn->session_info); @@ -286,12 +251,6 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) } } } - - if (NT_STATUS_IS_OK(status) && context) { - call->postprocess_send = ldapsrv_sasl_postprocess_send; - call->postprocess_recv = ldapsrv_sasl_postprocess_recv; - call->postprocess_private = context; - } } else { status = auth_nt_status_squash(status); if (result == 0) { |