diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-12-19 06:56:45 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:47:30 -0500 |
| commit | 6bd8be867130686946e687512d7a4a68934217e1 (patch) | |
| tree | 706672e72e96e9b2f676933273b448d0c49b5167 /source4/ldap_server/ldap_bind.c | |
| parent | a30726581e594013ae9b61a42dab813051999548 (diff) | |
| download | samba-6bd8be867130686946e687512d7a4a68934217e1.tar.gz samba-6bd8be867130686946e687512d7a4a68934217e1.tar.bz2 samba-6bd8be867130686946e687512d7a4a68934217e1.zip | |
r12360: Add simple bind support into our LDAP server.
Needs changes to our client code for automated testing.
Andrew Bartlett
(This used to be commit e751d814149d847ff1699542a4fa81eb8ca129ec)
Diffstat (limited to 'source4/ldap_server/ldap_bind.c')
| -rw-r--r-- | source4/ldap_server/ldap_bind.c | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 6525840232..4350f3abe8 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -30,8 +30,22 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) struct ldapsrv_reply *reply; struct ldap_BindResponse *resp; + int result; + const char *errstr; + const char *nt4_domain, *nt4_account; + + struct auth_session_info *session_info; + + NTSTATUS status; + DEBUG(10, ("BindSimple dn: %s\n",req->dn)); + status = crack_dn_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account); + if (NT_STATUS_IS_OK(status)) { + status = authenticate_username_pw(call, nt4_domain, nt4_account, + req->creds.password, &session_info); + } + /* When we add authentication here, we also need to handle telling the backends */ reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse); @@ -39,11 +53,37 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) return NT_STATUS_NO_MEMORY; } + if (NT_STATUS_IS_OK(status)) { + struct ldapsrv_partition *part; + result = LDAP_SUCCESS; + errstr = NULL; + + talloc_free(call->conn->session_info); + call->conn->session_info = session_info; + for (part = call->conn->partitions; part; part = part->next) { + if (!part->ops->Bind) { + continue; + } + status = part->ops->Bind(part, call->conn); + if (!NT_STATUS_IS_OK(status)) { + result = LDAP_OPERATIONS_ERROR; + errstr = talloc_asprintf(reply, "Simple Bind: Failed to advise partition %s of new credentials: %s", part->base_dn, nt_errstr(status)); + } + } + } else { + status = auth_nt_status_squash(status); + + result = LDAP_INVALID_CREDENTIALS; + errstr = talloc_asprintf(reply, "Simple Bind Failed: %s", nt_errstr(status)); + } + resp = &reply->msg->r.BindResponse; - resp->response.resultcode = 0; + resp->response.resultcode = result; + resp->response.errormessage = errstr; resp->response.dn = NULL; - resp->response.errormessage = NULL; resp->response.referral = NULL; + + /* This looks wrong... */ resp->SASL.secblob = data_blob(NULL, 0); ldapsrv_queue_reply(call, reply); |