summaryrefslogtreecommitdiff
path: root/source4/ldap_server
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2006-02-15 15:19:10 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:51:56 -0500
commit7449f4d8030e7d4a14c75d35af5ea68cf682d24f (patch)
treea433b4c6e2e8c19e8eee332078169c461bce62c2 /source4/ldap_server
parent37bd0b655f2483b2a04fa4a53d55abcc7c9705bb (diff)
downloadsamba-7449f4d8030e7d4a14c75d35af5ea68cf682d24f.tar.gz
samba-7449f4d8030e7d4a14c75d35af5ea68cf682d24f.tar.bz2
samba-7449f4d8030e7d4a14c75d35af5ea68cf682d24f.zip
r13508: some ASN.1 element in LDAP are optional,
make it possible to code the difference between a zero length and a NULL DATA_BLOB... metze (This used to be commit 54f0b19c55df8ad3882f31a114e2ea0e4cf940ae)
Diffstat (limited to 'source4/ldap_server')
-rw-r--r--source4/ldap_server/ldap_backend.c5
-rw-r--r--source4/ldap_server/ldap_bind.c31
2 files changed, 25 insertions, 11 deletions
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 562263371b..37e45ce3e6 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -139,9 +139,8 @@ NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
r->response.dn = NULL;
r->response.errormessage = NULL;
r->response.referral = NULL;
- r->name = NULL;
- r->value.data = NULL;
- r->value.length = 0;
+ r->oid = NULL;
+ r->value = NULL;
ldapsrv_queue_reply(call, reply);
return NT_STATUS_OK;
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index b42fe51b38..5341b9f741 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -49,8 +49,6 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
req->creds.password, &session_info);
}
- /* When we add authentication here, we also need to handle telling the backends */
-
reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
if (!reply) {
return NT_STATUS_NO_MEMORY;
@@ -84,9 +82,7 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
resp->response.errormessage = errstr;
resp->response.dn = NULL;
resp->response.referral = NULL;
-
- /* This looks wrong... */
- resp->SASL.secblob = data_blob(NULL, 0);
+ resp->SASL.secblob = NULL;
ldapsrv_queue_reply(call, reply);
return NT_STATUS_OK;
@@ -145,10 +141,29 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
}
if (NT_STATUS_IS_OK(status)) {
+ DATA_BLOB input = data_blob(NULL, 0);
+ DATA_BLOB output = data_blob(NULL, 0);
+
+ if (req->creds.SASL.secblob) {
+ input = *req->creds.SASL.secblob;
+ }
+
+ resp->SASL.secblob = talloc(reply, DATA_BLOB);
+ NT_STATUS_HAVE_NO_MEMORY(resp->SASL.secblob);
+
status = gensec_update(conn->gensec, reply,
- req->creds.SASL.secblob, &resp->SASL.secblob);
+ input, &output);
+
+ /* TODO: gensec should really handle the difference between NULL and length=0 better! */
+ if (output.data) {
+ resp->SASL.secblob = talloc(reply, DATA_BLOB);
+ NT_STATUS_HAVE_NO_MEMORY(resp->SASL.secblob);
+ *resp->SASL.secblob = output;
+ } else {
+ resp->SASL.secblob = NULL;
+ }
} else {
- resp->SASL.secblob = data_blob(NULL, 0);
+ resp->SASL.secblob = NULL;
}
if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
@@ -223,7 +238,7 @@ NTSTATUS ldapsrv_BindRequest(struct ldapsrv_call *call)
resp->response.dn = NULL;
resp->response.errormessage = talloc_asprintf(reply, "Bad AuthenticationChoice [%d]", req->mechanism);
resp->response.referral = NULL;
- resp->SASL.secblob = data_blob(NULL, 0);
+ resp->SASL.secblob = NULL;
ldapsrv_queue_reply(call, reply);
return NT_STATUS_OK;