summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli/ldap')
-rw-r--r--source4/libcli/ldap/config.mk2
-rw-r--r--source4/libcli/ldap/ldap_bind.c22
-rw-r--r--source4/libcli/ldap/ldap_client.c94
-rw-r--r--source4/libcli/ldap/ldap_client.h3
4 files changed, 26 insertions, 95 deletions
diff --git a/source4/libcli/ldap/config.mk b/source4/libcli/ldap/config.mk
index 88ebc3256f..e5a7133cfa 100644
--- a/source4/libcli/ldap/config.mk
+++ b/source4/libcli/ldap/config.mk
@@ -11,7 +11,7 @@ OBJ_FILES = ldap.o \
ldap_ildap.o \
ldap_controls.o
PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBEVENTS LIBPACKET
-PRIVATE_DEPENDENCIES = LIBCLI_COMPOSITE samba-socket LIBCLI_RESOLVE NDR_SAMR LIBTLS ASN1_UTIL
+PRIVATE_DEPENDENCIES = LIBCLI_COMPOSITE samba-socket LIBCLI_RESOLVE NDR_SAMR LIBTLS ASN1_UTIL GENSEC_SOCKET
#PRIVATE_DEPENDENCIES = gensec
# End SUBSYSTEM LIBCLI_LDAP
#################################
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index 6714d68b0e..2b209c3871 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -27,6 +27,8 @@
#include "libcli/ldap/ldap_client.h"
#include "lib/tls/tls.h"
#include "auth/auth.h"
+#include "auth/gensec/socket.h"
+#include "lib/stream/packet.h"
struct ldap_simple_creds {
const char *dn;
@@ -365,15 +367,23 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr
}
}
- if (NT_STATUS_IS_OK(status) &&
- (gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL) ||
- gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN))) {
- conn->enable_wrap = True;
- }
-
talloc_free(tmp_ctx);
if (NT_STATUS_IS_OK(status)) {
+ struct socket_context *socket = gensec_socket_init(conn->gensec,
+ conn->sock,
+ conn->event.event_ctx,
+ ldap_read_io_handler,
+ conn);
+ if (socket) {
+ conn->sock = socket;
+ talloc_steal(conn->sock, socket);
+ packet_set_socket(conn->packet, socket);
+ } else {
+ status = NT_STATUS_NO_MEMORY;
+ goto failed;
+ }
+
conn->bind.type = LDAP_BIND_SASL;
conn->bind.creds = creds;
}
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index 07b7f2b412..2e834b5244 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -165,25 +165,13 @@ static void ldap_match_message(struct ldap_connection *conn, struct ldap_message
/*
- check if a blob is a complete ldap packet
- handle wrapper or unwrapped connections
+ decode/process LDAP data
*/
-NTSTATUS ldap_complete_packet(void *private_data, DATA_BLOB blob, size_t *size)
-{
- struct ldap_connection *conn = talloc_get_type(private_data,
- struct ldap_connection);
- if (conn->enable_wrap) {
- return packet_full_request_u32(private_data, blob, size);
- }
- return ldap_full_packet(private_data, blob, size);
-}
-
-/*
- decode/process plain data
-*/
-static NTSTATUS ldap_decode_plain(struct ldap_connection *conn, DATA_BLOB blob)
+static NTSTATUS ldap_recv_handler(void *private_data, DATA_BLOB blob)
{
struct asn1_data asn1;
+ struct ldap_connection *conn = talloc_get_type(private_data,
+ struct ldap_connection);
struct ldap_message *msg = talloc(conn, struct ldap_message);
if (msg == NULL) {
@@ -205,60 +193,14 @@ static NTSTATUS ldap_decode_plain(struct ldap_connection *conn, DATA_BLOB blob)
return NT_STATUS_OK;
}
-/*
- decode/process wrapped data
-*/
-static NTSTATUS ldap_decode_wrapped(struct ldap_connection *conn, DATA_BLOB blob)
-{
- DATA_BLOB wrapped, unwrapped;
- struct asn1_data asn1;
- struct ldap_message *msg = talloc(conn, struct ldap_message);
- NTSTATUS status;
-
- if (msg == NULL) {
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
-
- wrapped = data_blob_const(blob.data+4, blob.length-4);
-
- status = gensec_unwrap(conn->gensec, msg, &wrapped, &unwrapped);
- if (!NT_STATUS_IS_OK(status)) {
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
-
- data_blob_free(&blob);
-
- if (!asn1_load(&asn1, unwrapped)) {
- return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
- }
-
- while (ldap_decode(&asn1, msg)) {
- ldap_match_message(conn, msg);
- msg = talloc(conn, struct ldap_message);
- }
-
- talloc_free(msg);
- asn1_free(&asn1);
-
- return NT_STATUS_OK;
-}
-
-
-/*
- handle ldap recv events
-*/
-static NTSTATUS ldap_recv_handler(void *private_data, DATA_BLOB blob)
+/* Handle read events, from the GENSEC socket callback, or real events */
+void ldap_read_io_handler(void *private_data, uint16_t flags)
{
struct ldap_connection *conn = talloc_get_type(private_data,
struct ldap_connection);
- if (conn->enable_wrap) {
- return ldap_decode_wrapped(conn, blob);
- }
-
- return ldap_decode_plain(conn, blob);
+ packet_recv(conn->packet);
}
-
/*
handle ldap socket events
*/
@@ -272,7 +214,7 @@ static void ldap_io_handler(struct event_context *ev, struct fd_event *fde,
if (!tls_enabled(conn->sock)) return;
}
if (flags & EVENT_FD_READ) {
- packet_recv(conn->packet);
+ ldap_read_io_handler(private_data, flags);
}
}
@@ -417,7 +359,7 @@ static void ldap_connect_recv_conn(struct composite_context *ctx)
packet_set_private(conn->packet, conn);
packet_set_socket(conn->packet, conn->sock);
packet_set_callback(conn->packet, ldap_recv_handler);
- packet_set_full_request(conn->packet, ldap_complete_packet);
+ packet_set_full_request(conn->packet, ldap_full_packet);
packet_set_error_handler(conn->packet, ldap_error_handler);
packet_set_event_context(conn->packet, conn->event.event_ctx);
packet_set_fde(conn->packet, conn->event.fde);
@@ -561,24 +503,6 @@ struct ldap_request *ldap_request_send(struct ldap_connection *conn,
goto failed;
}
- /* possibly encrypt/sign the request */
- if (conn->enable_wrap) {
- DATA_BLOB wrapped;
-
- status = gensec_wrap(conn->gensec, req, &req->data, &wrapped);
- if (!NT_STATUS_IS_OK(status)) {
- goto failed;
- }
- data_blob_free(&req->data);
- req->data = data_blob_talloc(req, NULL, wrapped.length + 4);
- if (req->data.data == NULL) {
- goto failed;
- }
- RSIVAL(req->data.data, 0, wrapped.length);
- memcpy(req->data.data+4, wrapped.data, wrapped.length);
- data_blob_free(&wrapped);
- }
-
status = packet_send(conn->packet, req->data);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h
index 28b9f2763c..849737d8a9 100644
--- a/source4/libcli/ldap/ldap_client.h
+++ b/source4/libcli/ldap/ldap_client.h
@@ -80,9 +80,6 @@ struct ldap_connection {
/* Let's support SASL */
struct gensec_security *gensec;
- /* set if we are wrapping requests */
- BOOL enable_wrap;
-
/* the default timeout for messages */
int timeout;
generated by cgit (git 2.34.1) at 2024-06-28 07:15:03 +0000