summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/Makefile.in3
-rw-r--r--source3/configure.in8
-rw-r--r--source3/include/ads.h10
-rw-r--r--source3/libads/sasl_wrapping.c109
-rw-r--r--source3/libsmb/namequery_dc.c4
5 files changed, 129 insertions, 5 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 162f58e9ef..f26afb1179 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -317,7 +317,8 @@ LIBGPO_OBJ0 = libgpo/gpo_ldap.o libgpo/gpo_parse.o libgpo/gpo_util.o \
libgpo/gpo_fetch.o libgpo/gpo_filesync.o libgpo/gpo_sec.o
LIBGPO_OBJ = $(LIBGPO_OBJ0)
-LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o libads/sasl.o \
+LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o \
+ libads/sasl.o libads/sasl_wrapping.o \
libads/krb5_setpw.o libads/ldap_user.o \
libads/ads_struct.o libads/kerberos_keytab.o \
libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \
diff --git a/source3/configure.in b/source3/configure.in
index eacbe6a466..5e5d550555 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3478,6 +3478,14 @@ if test x"$with_ldap_support" != x"no"; then
AC_CHECK_LIB_EXT(lber, LDAP_LIBS, ber_scanf)
########################################################
+ # If ber_sockbuf_add_io() is available we can add
+ # SASL wrapping hooks
+ AC_CHECK_FUNC_EXT(ber_sockbuf_add_io,$LDAP_LIBS)
+ if test x"$ac_cv_func_ext_ber_sockbuf_add_io" = x"yes"; then
+ AC_DEFINE(HAVE_ADS_SASL_WRAPPING, 1, [Support for SASL wrapping])
+ fi
+
+ ########################################################
# now see if we can find the ldap libs in standard paths
AC_CHECK_LIB_EXT(ldap, LDAP_LIBS, ldap_init)
diff --git a/source3/include/ads.h b/source3/include/ads.h
index 179aa742f2..ad7720fc36 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -54,16 +54,18 @@ typedef struct {
} config;
/* info about the current LDAP connection */
+#ifdef HAVE_ADS
struct {
-#ifdef HAVE_LDAP
LDAP *ld;
-#else
- void *ld; /* the active ldap structure */
-#endif
struct in_addr ip; /* the ip of the active connection, if any */
time_t last_attempt; /* last attempt to reconnect */
int port;
+
+#ifdef HAVE_ADS_SASL_WRAPPING
+ Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */
+#endif /* HAVE_ADS_SASL_WRAPPING */
} ldap;
+#endif /* HAVE_ADS */
} ADS_STRUCT;
/* used to remember the names of the posix attributes in AD */
diff --git a/source3/libads/sasl_wrapping.c b/source3/libads/sasl_wrapping.c
new file mode 100644
index 0000000000..4bac35fddb
--- /dev/null
+++ b/source3/libads/sasl_wrapping.c
@@ -0,0 +1,109 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads sasl wrapping code
+ Copyright (C) Stefan Metzmacher 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_ADS_SASL_WRAPPING
+
+static int ads_saslwrap_setup(Sockbuf_IO_Desc *sbiod, void *arg)
+{
+ ADS_STRUCT *ads = (ADS_STRUCT *)arg;
+
+ ads->ldap.sbiod = sbiod;
+
+ sbiod->sbiod_pvt = ads;
+
+ return 0;
+}
+
+static int ads_saslwrap_remove(Sockbuf_IO_Desc *sbiod)
+{
+ return 0;
+}
+
+static ber_slen_t ads_saslwrap_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+ return LBER_SBIOD_READ_NEXT(sbiod, buf, len);
+}
+
+static ber_slen_t ads_saslwrap_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+ return LBER_SBIOD_WRITE_NEXT(sbiod, buf, len);
+}
+
+
+static int ads_saslwrap_ctrl(Sockbuf_IO_Desc *sbiod, int opt, void *arg)
+{
+ return LBER_SBIOD_CTRL_NEXT(sbiod, opt, arg);
+}
+
+static int ads_saslwrap_close(Sockbuf_IO_Desc *sbiod)
+{
+ return 0;
+}
+
+static const Sockbuf_IO ads_saslwrap_sockbuf_io = {
+ ads_saslwrap_setup, /* sbi_setup */
+ ads_saslwrap_remove, /* sbi_remove */
+ ads_saslwrap_ctrl, /* sbi_ctrl */
+ ads_saslwrap_read, /* sbi_read */
+ ads_saslwrap_write, /* sbi_write */
+ ads_saslwrap_close /* sbi_close */
+};
+
+ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads)
+{
+ ADS_STATUS status;
+ Sockbuf *sb;
+ Sockbuf_IO *io = discard_const_p(Sockbuf_IO, &ads_saslwrap_sockbuf_io);
+ int rc;
+
+ rc = ldap_get_option(ads->ldap.ld, LDAP_OPT_SOCKBUF, &sb);
+ status = ADS_ERROR_LDAP(rc);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ /* debugging for the layer above SASL */
+ rc = ber_sockbuf_add_io(sb, io, LBER_SBIOD_LEVEL_TRANSPORT,
+ (void *)"ads_sasl_wrapping_above" );
+ status = ADS_ERROR_LDAP(rc);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ /* setup the real wrapping callbacks */
+ rc = ber_sockbuf_add_io(sb, io, LBER_SBIOD_LEVEL_TRANSPORT, ads);
+ status = ADS_ERROR_LDAP(rc);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ /* debugging for the layer below SASL */
+ rc = ber_sockbuf_add_io(sb, io, LBER_SBIOD_LEVEL_TRANSPORT,
+ (void *)"ads_sasl_wrapping_below" );
+ status = ADS_ERROR_LDAP(rc);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ return ADS_SUCCESS;
+}
+
+#endif /* HAVE_ADS_SASL_WRAPPING */
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index 0c1207d4e5..7dac69e2db 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -123,7 +123,11 @@ static BOOL ads_dc_name(const char *domain,
fstrcpy(srv_name, ads->config.ldap_server_name);
strupper_m(srv_name);
+#ifdef HAVE_ADS
*dc_ip = ads->ldap.ip;
+#else
+ ZERO_STRUCT(*dc_ip);
+#endif
ads_destroy(&ads);
DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n",