diff options
| -rw-r--r-- | source4/ldap_server/ldap_bind.c | 17 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_server.c | 20 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_server.h | 1 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_simple_ldb.c | 3 | ||||
| -rw-r--r-- | source4/setup/provision_init.ldif | 1 |
5 files changed, 25 insertions, 17 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index beaf3da46c..feb36135a8 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -115,22 +115,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) gensec_set_target_service(call->conn->gensec, "ldap"); - server_credentials - = cli_credentials_init(call); - if (!server_credentials) { - DEBUG(1, ("Failed to init server credentials\n")); - return NT_STATUS_NO_MEMORY; - } - - cli_credentials_set_conf(server_credentials); - status = cli_credentials_set_machine_account(server_credentials); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); - talloc_free(server_credentials); - server_credentials = NULL; - } - - gensec_set_credentials(call->conn->gensec, server_credentials); + gensec_set_credentials(call->conn->gensec, call->conn->server_credentials); gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SIGN); gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SEAL); diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index ba72326084..26bb2402e8 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -267,6 +267,8 @@ static void ldapsrv_accept(struct stream_connection *c) struct ldapsrv_service *ldapsrv_service = talloc_get_type(c->private, struct ldapsrv_service); struct ldapsrv_connection *conn; + struct cli_credentials *server_credentials; + NTSTATUS status; int port; conn = talloc_zero(c, struct ldapsrv_connection); @@ -279,6 +281,24 @@ static void ldapsrv_accept(struct stream_connection *c) conn->packet = NULL; conn->connection = c; conn->service = ldapsrv_service; + + server_credentials + = cli_credentials_init(conn); + if (!server_credentials) { + stream_terminate_connection(c, "Failed to init server credentials\n"); + talloc_free(conn); + return; + } + + cli_credentials_set_conf(server_credentials); + status = cli_credentials_set_machine_account(server_credentials); + if (!NT_STATUS_IS_OK(status)) { + stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); + talloc_free(conn); + return; + } + conn->server_credentials = server_credentials; + c->private = conn; port = socket_get_my_port(c->socket); diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h index a2039fe7f1..d25f52bf4e 100644 --- a/source4/ldap_server/ldap_server.h +++ b/source4/ldap_server/ldap_server.h @@ -29,6 +29,7 @@ struct ldapsrv_connection { struct tls_context *tls; struct ldapsrv_partition *default_partition; struct ldapsrv_partition *partitions; + struct cli_credentials *server_credentials; /* are we using gensec wrapping? */ BOOL enable_wrap; diff --git a/source4/ldap_server/ldap_simple_ldb.c b/source4/ldap_server/ldap_simple_ldb.c index 6fd6020988..0421bb42ab 100644 --- a/source4/ldap_server/ldap_simple_ldb.c +++ b/source4/ldap_server/ldap_simple_ldb.c @@ -64,6 +64,9 @@ NTSTATUS sldb_Init(struct ldapsrv_partition *partition, struct ldapsrv_connectio talloc_steal(partition, ldb); partition->private = ldb; talloc_free(mem_ctx); + + ldb_set_opaque(ldb, "server_credentials", conn->server_credentials); + return NT_STATUS_OK; } diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index ff6b1def19..99bbc01acf 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -58,7 +58,6 @@ rootDomainNamingContext: ${BASEDN} configurationNamingContext: CN=Configuration,${BASEDN} schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} supportedLDAPVersion: 3 -supportedSASLMechanisms: GSS-SPNEGO dnsHostName: ${DNSNAME} ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} |