summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-12-18 05:01:15 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:47:28 -0500
commit97b54b007e0f8a44074fa570b06b7ff9d4f2489b (patch)
treef9a06df62f18cd3ac8f50b883d01e0c79db28810 /source4
parent810833ad93ede2caabebbe78e354651508fb4d2a (diff)
downloadsamba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.tar.gz
samba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.tar.bz2
samba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.zip
r12310: Link simple bind support in our internal LDAP libs to LDB and the
command line processing system. This is a little ugly at the moment, but works. What I cannot manage to get to work is the extraction and propogation of command line credentials into the js interface to ldb. Andrew Bartlett (This used to be commit f34ede763e7f80507d06224d114cf6b5ac7c8f7d)
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/credentials/credentials.c23
-rw-r--r--source4/auth/credentials/credentials.h2
-rw-r--r--source4/lib/ldb/ldb_ildap/ldb_ildap.c21
3 files changed, 41 insertions, 5 deletions
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 0e37fdc4a6..0ea2a01ea1 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -57,6 +57,8 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
cred->machine_account = False;
cred->gensec_list = NULL;
+ cred->bind_dn = NULL;
+
return cred;
}
@@ -104,6 +106,23 @@ BOOL cli_credentials_set_username_callback(struct cli_credentials *cred,
return False;
}
+BOOL cli_credentials_set_bind_dn(struct cli_credentials *cred,
+ const char *bind_dn)
+{
+ cred->bind_dn = talloc_strdup(cred, bind_dn);
+ return True;
+}
+
+/**
+ * Obtain the BIND DN for this credentials context.
+ * @param cred credentials context
+ * @retval The username set on this context.
+ * @note Return value will be NULL if not specified explictly
+ */
+const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
+{
+ return cred->bind_dn;
+}
/**
@@ -171,6 +190,10 @@ BOOL cli_credentials_set_principal_callback(struct cli_credentials *cred,
BOOL cli_credentials_authentication_requested(struct cli_credentials *cred)
{
+ if (cred->bind_dn) {
+ return True;
+ }
+
if (cred->machine_account_pending) {
cli_credentials_set_machine_account(cred);
}
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index 027cf4469d..c8a95e2b51 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -61,6 +61,8 @@ struct cli_credentials {
const char *principal;
const char *salt_principal;
+ const char *bind_dn;
+
struct samr_Password *nt_hash;
struct ccache_container *ccache;
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index 582513df6f..0802469079 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -510,11 +510,22 @@ int ildb_connect(struct ldb_context *ldb, const char *url,
}
if (creds != NULL && cli_credentials_authentication_requested(creds)) {
- status = ldap_bind_sasl(ildb->ldap, creds);
- if (!NT_STATUS_IS_OK(status)) {
- ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
- ldap_errstr(ildb->ldap, status));
- goto failed;
+ const char *bind_dn = cli_credentials_get_bind_dn(creds);
+ if (bind_dn) {
+ const char *password = cli_credentials_get_password(creds);
+ status = ldap_bind_simple(ildb->ldap, bind_dn, password);
+ if (!NT_STATUS_IS_OK(status)) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
+ ldap_errstr(ildb->ldap, status));
+ goto failed;
+ }
+ } else {
+ status = ldap_bind_sasl(ildb->ldap, creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
+ ldap_errstr(ildb->ldap, status));
+ goto failed;
+ }
}
}