diff options
Diffstat (limited to 'source4/ldap_server/ldap_bind.c')
-rw-r--r-- | source4/ldap_server/ldap_bind.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 166bd31ede..9c9cca362b 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -32,6 +32,8 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) DEBUG(10, ("BindSimple dn: %s\n",req->dn)); + /* When we add authentication here, we also need to handle telling the backends */ + reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse); if (!reply) { return NT_STATUS_NO_MEMORY; @@ -102,14 +104,33 @@ reply: result = LDAP_SASL_BIND_IN_PROGRESS; errstr = NULL; } else if (NT_STATUS_IS_OK(status)) { + struct ldapsrv_partition *part; + result = LDAP_SUCCESS; errstr = NULL; if (gensec_have_feature(call->conn->gensec, GENSEC_FEATURE_SEAL) || gensec_have_feature(call->conn->gensec, GENSEC_FEATURE_SIGN)) { call->conn->enable_wrap = True; } + status = gensec_session_info(call->conn->gensec, &call->conn->session_info); + if (!NT_STATUS_IS_OK(status)) { + result = LDAP_OPERATIONS_ERROR; + errstr = talloc_asprintf(reply, "SASL:[%s]: Failed to get session info: %s", req->creds.SASL.mechanism, nt_errstr(status)); + } else { + for (part = call->conn->partitions; part; part = part->next) { + if (!part->ops->Bind) { + continue; + } + status = part->ops->Bind(part, conn); + if (!NT_STATUS_IS_OK(status)) { + result = LDAP_OPERATIONS_ERROR; + errstr = talloc_asprintf(reply, "SASL:[%s]: Failed to advise partition %s of new credentials: %s", req->creds.SASL.mechanism, part->base_dn, nt_errstr(status)); + } + } + } } else { - result = 49; + status = auth_nt_status_squash(status); + result = LDAP_INVALID_CREDENTIALS; errstr = talloc_asprintf(reply, "SASL:[%s]: %s", req->creds.SASL.mechanism, nt_errstr(status)); } |