summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c32
-rw-r--r--source4/ldap_server/config.mk1
-rw-r--r--source4/ldap_server/ldap_backend.c32
3 files changed, 44 insertions, 21 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index a8bc3fbdc2..88f5eba2b4 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -25,7 +25,6 @@
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb/include/ldb_private.h"
-#include "auth/gensec/gensec.h"
#include "system/time.h"
struct private_data {
@@ -52,7 +51,7 @@ static int do_attribute(const char * const *attrs, const char *name)
static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, const char * const *attrs)
{
struct private_data *priv = talloc_get_type(module->private_data, struct private_data);
- struct cli_credentials *server_creds;
+ char **server_sasl;
msg->dn = ldb_dn_explode(msg, "");
@@ -93,25 +92,18 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
- server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"),
- struct cli_credentials);
- if (server_creds && do_attribute(attrs, "supportedSASLMechanisms")) {
- struct gensec_security_ops **backends = gensec_security_all();
- enum credentials_use_kerberos use_kerberos
- = cli_credentials_get_kerberos_state(server_creds);
- struct gensec_security_ops **ops
- = gensec_use_kerberos_mechs(msg, backends, use_kerberos);
+ server_sasl = talloc_get_type(ldb_get_opaque(module->ldb, "supportedSASLMechanims"),
+ char *);
+ if (server_sasl && do_attribute(attrs, "supportedSASLMechanisms")) {
int i;
- for (i = 0; ops && ops[i]; i++) {
- if (ops[i]->sasl_name && ops[i]->server_start) {
- char *sasl_name = talloc_strdup(msg, ops[i]->sasl_name);
- if (!sasl_name) {
- goto failed;
- }
- if (ldb_msg_add_steal_string(msg, "supportedSASLMechanisms",
- sasl_name) != 0) {
- goto failed;
- }
+ for (i = 0; server_sasl && server_sasl[i]; i++) {
+ char *sasl_name = talloc_strdup(msg, server_sasl[i]);
+ if (!sasl_name) {
+ goto failed;
+ }
+ if (ldb_msg_add_steal_string(msg, "supportedSASLMechanisms",
+ sasl_name) != 0) {
+ goto failed;
}
}
}
diff --git a/source4/ldap_server/config.mk b/source4/ldap_server/config.mk
index f5e6636879..013be57396 100644
--- a/source4/ldap_server/config.mk
+++ b/source4/ldap_server/config.mk
@@ -11,6 +11,7 @@ OBJ_FILES = \
ldap_backend.o \
ldap_bind.o \
ldap_extended.o
+PRIVATE_DEPENDENCIES = CREDENTIALS
PUBLIC_DEPENDENCIES = \
LIBCLI_LDAP SAMDB process_model auth GENSEC_SOCKET
# End SUBSYSTEM SMB
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 3cd1f1c58a..9e26f1c6eb 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -25,6 +25,8 @@
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/db_wrap.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
#define VALID_DN_SYNTAX(dn,i) do {\
if (!(dn)) {\
@@ -54,7 +56,35 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
if (conn->ldb == NULL) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- ldb_set_opaque(conn->ldb, "server_credentials", conn->server_credentials);
+
+ if (conn->server_credentials) {
+ char **sasl_mechs = NULL;
+ struct gensec_security_ops **backends = gensec_security_all();
+ enum credentials_use_kerberos use_kerberos
+ = cli_credentials_get_kerberos_state(conn->server_credentials);
+ struct gensec_security_ops **ops
+ = gensec_use_kerberos_mechs(conn, backends, use_kerberos);
+ int i, j = 0;
+ for (i = 0; ops && ops[i]; i++) {
+ if (ops[i]->sasl_name && ops[i]->server_start) {
+ char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name);
+
+ if (!sasl_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ sasl_mechs = talloc_realloc(conn, sasl_mechs, char *, j + 2);
+ if (!sasl_mechs) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ sasl_mechs[j] = sasl_name;
+ talloc_steal(sasl_mechs, sasl_name);
+ sasl_mechs[j+1] = NULL;
+ j++;
+ }
+ }
+ talloc_free(ops);
+ ldb_set_opaque(conn->ldb, "supportedSASLMechanims", sasl_mechs);
+ }
if (conn->global_catalog) {
ldb_set_opaque(conn->ldb, "global_catalog", (void *)(-1));