diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 3 | ||||
-rw-r--r-- | source3/configure.in | 8 | ||||
-rw-r--r-- | source3/include/ads.h | 10 | ||||
-rw-r--r-- | source3/libads/sasl_wrapping.c | 109 | ||||
-rw-r--r-- | source3/libsmb/namequery_dc.c | 4 |
5 files changed, 129 insertions, 5 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 162f58e9ef..f26afb1179 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -317,7 +317,8 @@ LIBGPO_OBJ0 = libgpo/gpo_ldap.o libgpo/gpo_parse.o libgpo/gpo_util.o \ libgpo/gpo_fetch.o libgpo/gpo_filesync.o libgpo/gpo_sec.o LIBGPO_OBJ = $(LIBGPO_OBJ0) -LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o libads/sasl.o \ +LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o \ + libads/sasl.o libads/sasl_wrapping.o \ libads/krb5_setpw.o libads/ldap_user.o \ libads/ads_struct.o libads/kerberos_keytab.o \ libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \ diff --git a/source3/configure.in b/source3/configure.in index eacbe6a466..5e5d550555 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3478,6 +3478,14 @@ if test x"$with_ldap_support" != x"no"; then AC_CHECK_LIB_EXT(lber, LDAP_LIBS, ber_scanf) ######################################################## + # If ber_sockbuf_add_io() is available we can add + # SASL wrapping hooks + AC_CHECK_FUNC_EXT(ber_sockbuf_add_io,$LDAP_LIBS) + if test x"$ac_cv_func_ext_ber_sockbuf_add_io" = x"yes"; then + AC_DEFINE(HAVE_ADS_SASL_WRAPPING, 1, [Support for SASL wrapping]) + fi + + ######################################################## # now see if we can find the ldap libs in standard paths AC_CHECK_LIB_EXT(ldap, LDAP_LIBS, ldap_init) diff --git a/source3/include/ads.h b/source3/include/ads.h index 179aa742f2..ad7720fc36 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -54,16 +54,18 @@ typedef struct { } config; /* info about the current LDAP connection */ +#ifdef HAVE_ADS struct { -#ifdef HAVE_LDAP LDAP *ld; -#else - void *ld; /* the active ldap structure */ -#endif struct in_addr ip; /* the ip of the active connection, if any */ time_t last_attempt; /* last attempt to reconnect */ int port; + +#ifdef HAVE_ADS_SASL_WRAPPING + Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */ +#endif /* HAVE_ADS_SASL_WRAPPING */ } ldap; +#endif /* HAVE_ADS */ } ADS_STRUCT; /* used to remember the names of the posix attributes in AD */ diff --git a/source3/libads/sasl_wrapping.c b/source3/libads/sasl_wrapping.c new file mode 100644 index 0000000000..4bac35fddb --- /dev/null +++ b/source3/libads/sasl_wrapping.c @@ -0,0 +1,109 @@ +/* + Unix SMB/CIFS implementation. + ads sasl wrapping code + Copyright (C) Stefan Metzmacher 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" + +#ifdef HAVE_ADS_SASL_WRAPPING + +static int ads_saslwrap_setup(Sockbuf_IO_Desc *sbiod, void *arg) +{ + ADS_STRUCT *ads = (ADS_STRUCT *)arg; + + ads->ldap.sbiod = sbiod; + + sbiod->sbiod_pvt = ads; + + return 0; +} + +static int ads_saslwrap_remove(Sockbuf_IO_Desc *sbiod) +{ + return 0; +} + +static ber_slen_t ads_saslwrap_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) +{ + return LBER_SBIOD_READ_NEXT(sbiod, buf, len); +} + +static ber_slen_t ads_saslwrap_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) +{ + return LBER_SBIOD_WRITE_NEXT(sbiod, buf, len); +} + + +static int ads_saslwrap_ctrl(Sockbuf_IO_Desc *sbiod, int opt, void *arg) +{ + return LBER_SBIOD_CTRL_NEXT(sbiod, opt, arg); +} + +static int ads_saslwrap_close(Sockbuf_IO_Desc *sbiod) +{ + return 0; +} + +static const Sockbuf_IO ads_saslwrap_sockbuf_io = { + ads_saslwrap_setup, /* sbi_setup */ + ads_saslwrap_remove, /* sbi_remove */ + ads_saslwrap_ctrl, /* sbi_ctrl */ + ads_saslwrap_read, /* sbi_read */ + ads_saslwrap_write, /* sbi_write */ + ads_saslwrap_close /* sbi_close */ +}; + +ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads) +{ + ADS_STATUS status; + Sockbuf *sb; + Sockbuf_IO *io = discard_const_p(Sockbuf_IO, &ads_saslwrap_sockbuf_io); + int rc; + + rc = ldap_get_option(ads->ldap.ld, LDAP_OPT_SOCKBUF, &sb); + status = ADS_ERROR_LDAP(rc); + if (!ADS_ERR_OK(status)) { + return status; + } + + /* debugging for the layer above SASL */ + rc = ber_sockbuf_add_io(sb, io, LBER_SBIOD_LEVEL_TRANSPORT, + (void *)"ads_sasl_wrapping_above" ); + status = ADS_ERROR_LDAP(rc); + if (!ADS_ERR_OK(status)) { + return status; + } + + /* setup the real wrapping callbacks */ + rc = ber_sockbuf_add_io(sb, io, LBER_SBIOD_LEVEL_TRANSPORT, ads); + status = ADS_ERROR_LDAP(rc); + if (!ADS_ERR_OK(status)) { + return status; + } + + /* debugging for the layer below SASL */ + rc = ber_sockbuf_add_io(sb, io, LBER_SBIOD_LEVEL_TRANSPORT, + (void *)"ads_sasl_wrapping_below" ); + status = ADS_ERROR_LDAP(rc); + if (!ADS_ERR_OK(status)) { + return status; + } + + return ADS_SUCCESS; +} + +#endif /* HAVE_ADS_SASL_WRAPPING */ diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 0c1207d4e5..7dac69e2db 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -123,7 +123,11 @@ static BOOL ads_dc_name(const char *domain, fstrcpy(srv_name, ads->config.ldap_server_name); strupper_m(srv_name); +#ifdef HAVE_ADS *dc_ip = ads->ldap.ip; +#else + ZERO_STRUCT(*dc_ip); +#endif ads_destroy(&ads); DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n", |