diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-12-18 05:01:15 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:47:28 -0500 |
| commit | 97b54b007e0f8a44074fa570b06b7ff9d4f2489b (patch) | |
| tree | f9a06df62f18cd3ac8f50b883d01e0c79db28810 /source4 | |
| parent | 810833ad93ede2caabebbe78e354651508fb4d2a (diff) | |
| download | samba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.tar.gz samba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.tar.bz2 samba-97b54b007e0f8a44074fa570b06b7ff9d4f2489b.zip | |
r12310: Link simple bind support in our internal LDAP libs to LDB and the
command line processing system.
This is a little ugly at the moment, but works. What I cannot manage
to get to work is the extraction and propogation of command line
credentials into the js interface to ldb.
Andrew Bartlett
(This used to be commit f34ede763e7f80507d06224d114cf6b5ac7c8f7d)
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/auth/credentials/credentials.c | 23 | ||||
| -rw-r--r-- | source4/auth/credentials/credentials.h | 2 | ||||
| -rw-r--r-- | source4/lib/ldb/ldb_ildap/ldb_ildap.c | 21 |
3 files changed, 41 insertions, 5 deletions
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c index 0e37fdc4a6..0ea2a01ea1 100644 --- a/source4/auth/credentials/credentials.c +++ b/source4/auth/credentials/credentials.c @@ -57,6 +57,8 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) cred->machine_account = False; cred->gensec_list = NULL; + cred->bind_dn = NULL; + return cred; } @@ -104,6 +106,23 @@ BOOL cli_credentials_set_username_callback(struct cli_credentials *cred, return False; } +BOOL cli_credentials_set_bind_dn(struct cli_credentials *cred, + const char *bind_dn) +{ + cred->bind_dn = talloc_strdup(cred, bind_dn); + return True; +} + +/** + * Obtain the BIND DN for this credentials context. + * @param cred credentials context + * @retval The username set on this context. + * @note Return value will be NULL if not specified explictly + */ +const char *cli_credentials_get_bind_dn(struct cli_credentials *cred) +{ + return cred->bind_dn; +} /** @@ -171,6 +190,10 @@ BOOL cli_credentials_set_principal_callback(struct cli_credentials *cred, BOOL cli_credentials_authentication_requested(struct cli_credentials *cred) { + if (cred->bind_dn) { + return True; + } + if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred); } diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index 027cf4469d..c8a95e2b51 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -61,6 +61,8 @@ struct cli_credentials { const char *principal; const char *salt_principal; + const char *bind_dn; + struct samr_Password *nt_hash; struct ccache_container *ccache; diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index 582513df6f..0802469079 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -510,11 +510,22 @@ int ildb_connect(struct ldb_context *ldb, const char *url, } if (creds != NULL && cli_credentials_authentication_requested(creds)) { - status = ldap_bind_sasl(ildb->ldap, creds); - if (!NT_STATUS_IS_OK(status)) { - ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n", - ldap_errstr(ildb->ldap, status)); - goto failed; + const char *bind_dn = cli_credentials_get_bind_dn(creds); + if (bind_dn) { + const char *password = cli_credentials_get_password(creds); + status = ldap_bind_simple(ildb->ldap, bind_dn, password); + if (!NT_STATUS_IS_OK(status)) { + ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n", + ldap_errstr(ildb->ldap, status)); + goto failed; + } + } else { + status = ldap_bind_sasl(ildb->ldap, creds); + if (!NT_STATUS_IS_OK(status)) { + ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n", + ldap_errstr(ildb->ldap, status)); + goto failed; + } } } |