diff options
| author | Stefan Metzmacher <metze@samba.org> | 2006-02-15 15:19:10 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:56 -0500 |
| commit | 7449f4d8030e7d4a14c75d35af5ea68cf682d24f (patch) | |
| tree | a433b4c6e2e8c19e8eee332078169c461bce62c2 /source4/ldap_server/ldap_bind.c | |
| parent | 37bd0b655f2483b2a04fa4a53d55abcc7c9705bb (diff) | |
| download | samba-7449f4d8030e7d4a14c75d35af5ea68cf682d24f.tar.gz samba-7449f4d8030e7d4a14c75d35af5ea68cf682d24f.tar.bz2 samba-7449f4d8030e7d4a14c75d35af5ea68cf682d24f.zip | |
r13508: some ASN.1 element in LDAP are optional,
make it possible to code the difference between a zero length and a NULL DATA_BLOB...
metze
(This used to be commit 54f0b19c55df8ad3882f31a114e2ea0e4cf940ae)
Diffstat (limited to 'source4/ldap_server/ldap_bind.c')
| -rw-r--r-- | source4/ldap_server/ldap_bind.c | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index b42fe51b38..5341b9f741 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -49,8 +49,6 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) req->creds.password, &session_info); } - /* When we add authentication here, we also need to handle telling the backends */ - reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse); if (!reply) { return NT_STATUS_NO_MEMORY; @@ -84,9 +82,7 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) resp->response.errormessage = errstr; resp->response.dn = NULL; resp->response.referral = NULL; - - /* This looks wrong... */ - resp->SASL.secblob = data_blob(NULL, 0); + resp->SASL.secblob = NULL; ldapsrv_queue_reply(call, reply); return NT_STATUS_OK; @@ -145,10 +141,29 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) } if (NT_STATUS_IS_OK(status)) { + DATA_BLOB input = data_blob(NULL, 0); + DATA_BLOB output = data_blob(NULL, 0); + + if (req->creds.SASL.secblob) { + input = *req->creds.SASL.secblob; + } + + resp->SASL.secblob = talloc(reply, DATA_BLOB); + NT_STATUS_HAVE_NO_MEMORY(resp->SASL.secblob); + status = gensec_update(conn->gensec, reply, - req->creds.SASL.secblob, &resp->SASL.secblob); + input, &output); + + /* TODO: gensec should really handle the difference between NULL and length=0 better! */ + if (output.data) { + resp->SASL.secblob = talloc(reply, DATA_BLOB); + NT_STATUS_HAVE_NO_MEMORY(resp->SASL.secblob); + *resp->SASL.secblob = output; + } else { + resp->SASL.secblob = NULL; + } } else { - resp->SASL.secblob = data_blob(NULL, 0); + resp->SASL.secblob = NULL; } if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) { @@ -223,7 +238,7 @@ NTSTATUS ldapsrv_BindRequest(struct ldapsrv_call *call) resp->response.dn = NULL; resp->response.errormessage = talloc_asprintf(reply, "Bad AuthenticationChoice [%d]", req->mechanism); resp->response.referral = NULL; - resp->SASL.secblob = data_blob(NULL, 0); + resp->SASL.secblob = NULL; ldapsrv_queue_reply(call, reply); return NT_STATUS_OK; |