summaryrefslogtreecommitdiff
path: root/source4/ldap_server/ldap_bind.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/ldap_server/ldap_bind.c')
-rw-r--r--source4/ldap_server/ldap_bind.c44
1 files changed, 42 insertions, 2 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 6525840232..4350f3abe8 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -30,8 +30,22 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
struct ldapsrv_reply *reply;
struct ldap_BindResponse *resp;
+ int result;
+ const char *errstr;
+ const char *nt4_domain, *nt4_account;
+
+ struct auth_session_info *session_info;
+
+ NTSTATUS status;
+
DEBUG(10, ("BindSimple dn: %s\n",req->dn));
+ status = crack_dn_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account);
+ if (NT_STATUS_IS_OK(status)) {
+ status = authenticate_username_pw(call, nt4_domain, nt4_account,
+ req->creds.password, &session_info);
+ }
+
/* When we add authentication here, we also need to handle telling the backends */
reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
@@ -39,11 +53,37 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
return NT_STATUS_NO_MEMORY;
}
+ if (NT_STATUS_IS_OK(status)) {
+ struct ldapsrv_partition *part;
+ result = LDAP_SUCCESS;
+ errstr = NULL;
+
+ talloc_free(call->conn->session_info);
+ call->conn->session_info = session_info;
+ for (part = call->conn->partitions; part; part = part->next) {
+ if (!part->ops->Bind) {
+ continue;
+ }
+ status = part->ops->Bind(part, call->conn);
+ if (!NT_STATUS_IS_OK(status)) {
+ result = LDAP_OPERATIONS_ERROR;
+ errstr = talloc_asprintf(reply, "Simple Bind: Failed to advise partition %s of new credentials: %s", part->base_dn, nt_errstr(status));
+ }
+ }
+ } else {
+ status = auth_nt_status_squash(status);
+
+ result = LDAP_INVALID_CREDENTIALS;
+ errstr = talloc_asprintf(reply, "Simple Bind Failed: %s", nt_errstr(status));
+ }
+
resp = &reply->msg->r.BindResponse;
- resp->response.resultcode = 0;
+ resp->response.resultcode = result;
+ resp->response.errormessage = errstr;
resp->response.dn = NULL;
- resp->response.errormessage = NULL;
resp->response.referral = NULL;
+
+ /* This looks wrong... */
resp->SASL.secblob = data_blob(NULL, 0);
ldapsrv_queue_reply(call, reply);