summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/include/smbldap.h7
-rw-r--r--source3/lib/smbldap.c3
-rw-r--r--source3/passdb/pdb_ldap.c14
-rw-r--r--source3/utils/net_sam.c17
-rw-r--r--source3/winbindd/idmap_ldap.c4
5 files changed, 39 insertions, 6 deletions
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index f7f0de19c8..d8f12bc373 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -32,8 +32,11 @@ struct smbldap_state;
NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx,
struct tevent_context *tevent_ctx,
- const char *location,
- struct smbldap_state **smbldap_state);
+ const char *location,
+ bool anon,
+ const char *bind_dn,
+ const char *bind_secret,
+ struct smbldap_state **smbldap_state);
void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value);
void smbldap_set_mod_blob(LDAPMod *** modlist, int modop, const char *attribute, const DATA_BLOB *newblob);
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index ea21ed6b4b..5a1ba09ff1 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -1703,6 +1703,9 @@ static int smbldap_state_destructor(struct smbldap_state *state)
NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct tevent_context *tevent_ctx,
const char *location,
+ bool anon,
+ const char *bind_dn,
+ const char *bind_secret,
struct smbldap_state **smbldap_state)
{
*smbldap_state = talloc_zero(mem_ctx, struct smbldap_state);
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 701b74609b..49eb3e12fa 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -6447,6 +6447,8 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c
{
NTSTATUS nt_status;
struct ldapsam_privates *ldap_state;
+ char *bind_dn = NULL;
+ char *bind_secret = NULL;
if (!NT_STATUS_IS_OK(nt_status = make_pdb_method( pdb_method ))) {
return nt_status;
@@ -6489,9 +6491,17 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c
return NT_STATUS_NO_MEMORY;
}
- nt_status = smbldap_init(*pdb_method, pdb_get_tevent_context(),
- location, &ldap_state->smbldap_state);
+ if (!fetch_ldap_pw(&bind_dn, &bind_secret)) {
+ DEBUG(0, ("pdb_init_ldapsam_common: Failed to retrieve LDAP password from secrets.tdb\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+ nt_status = smbldap_init(*pdb_method, pdb_get_tevent_context(),
+ location, false, bind_dn, bind_secret,
+ &ldap_state->smbldap_state);
+ memset(bind_secret, '\0', strlen(bind_secret));
+ SAFE_FREE(bind_secret);
+ SAFE_FREE(bind_dn);
if ( !NT_STATUS_IS_OK(nt_status) ) {
return nt_status;
}
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 7798fbb908..7163e663f8 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -29,6 +29,7 @@
#include "passdb/pdb_ldap_util.h"
#include "passdb/pdb_ldap_schema.h"
#include "lib/privileges.h"
+#include "secrets.h"
/*
* Set a user's data
@@ -1591,6 +1592,9 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
struct samu *samuser;
struct passwd *pwd;
bool is_ipa = false;
+ char *bind_dn = NULL;
+ char *bind_secret = NULL;
+ NTSTATUS status;
if (c->display_usage) {
d_printf( "%s\n"
@@ -1645,7 +1649,18 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
goto failed;
}
- if (!NT_STATUS_IS_OK(smbldap_init(tc, NULL, ldap_uri, &state))) {
+ if (!fetch_ldap_pw(&bind_dn, &bind_secret)) {
+ d_fprintf(stderr, _("Failed to retrieve LDAP password from secrets.tdb\n"));
+ goto failed;
+ }
+
+ status = smbldap_init(tc, NULL, ldap_uri, false, bind_dn, bind_secret, &state);
+
+ memset(bind_secret, '\0', strlen(bind_secret));
+ SAFE_FREE(bind_secret);
+ SAFE_FREE(bind_dn);
+
+ if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, _("Unable to connect to the LDAP server.\n"));
goto failed;
}
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 5246cd3595..4f1dc8c7f4 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -488,8 +488,10 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom)
ctx->rw_ops->get_new_id = idmap_ldap_allocate_id_internal;
ctx->rw_ops->set_mapping = idmap_ldap_set_mapping;
+ /* get_credentials deals with setting up creds */
+
ret = smbldap_init(ctx, winbind_event_context(), ctx->url,
- &ctx->smbldap_state);
+ false, NULL, NULL, &ctx->smbldap_state);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("ERROR: smbldap_init (%s) failed!\n", ctx->url));
goto done;