summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/lib/smbldap.c8
-rw-r--r--source3/passdb/secrets.c1
-rw-r--r--source3/winbindd/idmap_ldap.c1
3 files changed, 9 insertions, 1 deletions
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 47b2208880..7287e3d998 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -1054,12 +1054,18 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
int version;
if (!ldap_state->anonymous && !ldap_state->bind_dn) {
+ char *bind_dn = NULL;
+ char *bind_secret = NULL;
/* get the default dn and password only if they are not set already */
- if (!fetch_ldap_pw(&ldap_state->bind_dn, &ldap_state->bind_secret)) {
+ if (!fetch_ldap_pw(&bind_dn, &bind_secret)) {
DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n"));
return LDAP_INVALID_CREDENTIALS;
}
+ smbldap_set_creds(ldap_state, false, bind_dn, bind_secret);
+ SAFE_FREE(bind_dn);
+ memset(bind_secret, '\0', strlen(bind_secret));
+ SAFE_FREE(bind_secret);
}
/* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 8b87c2cd4c..29e0662396 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -891,6 +891,7 @@ bool fetch_ldap_pw(char **dn, char** pw)
if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) {
SAFE_FREE(*dn);
DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n"));
+ return false;
}
*pw=(char *)secrets_fetch(key, &size);
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 3d1dd488d6..375c04a0bf 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -131,6 +131,7 @@ static NTSTATUS get_credentials( TALLOC_CTX *mem_ctx,
DEBUG(2, ("get_credentials: Failed to lookup ldap "
"bind creds. Using anonymous connection.\n"));
anon = True;
+ *dn = NULL;
} else {
*dn = talloc_strdup(mem_ctx, user_dn);
SAFE_FREE( user_dn );