From 65e2944c678a7d4d111ee00e9e964fde14b163a6 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Tue, 15 Nov 2011 23:56:38 +0100
Subject: s3-smbldap: extend smbldap_init() with binddn/bindsecret arguments.

Guenther
---
 source3/include/smbldap.h     |  7 +++++--
 source3/lib/smbldap.c         |  3 +++
 source3/passdb/pdb_ldap.c     | 14 ++++++++++++--
 source3/utils/net_sam.c       | 17 ++++++++++++++++-
 source3/winbindd/idmap_ldap.c |  4 +++-
 5 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index f7f0de19c8..d8f12bc373 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -32,8 +32,11 @@ struct smbldap_state;
 
 NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx,
 		      struct tevent_context *tevent_ctx,
-                      const char *location,
-                      struct smbldap_state **smbldap_state);
+		      const char *location,
+		      bool anon,
+		      const char *bind_dn,
+		      const char *bind_secret,
+		      struct smbldap_state **smbldap_state);
 
 void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value);
 void smbldap_set_mod_blob(LDAPMod *** modlist, int modop, const char *attribute, const DATA_BLOB *newblob);
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index ea21ed6b4b..5a1ba09ff1 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -1703,6 +1703,9 @@ static int smbldap_state_destructor(struct smbldap_state *state)
 
 NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct tevent_context *tevent_ctx,
 		      const char *location,
+		      bool anon,
+		      const char *bind_dn,
+		      const char *bind_secret,
 		      struct smbldap_state **smbldap_state)
 {
 	*smbldap_state = talloc_zero(mem_ctx, struct smbldap_state);
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 701b74609b..49eb3e12fa 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -6447,6 +6447,8 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c
 {
 	NTSTATUS nt_status;
 	struct ldapsam_privates *ldap_state;
+	char *bind_dn = NULL;
+	char *bind_secret = NULL;
 
 	if (!NT_STATUS_IS_OK(nt_status = make_pdb_method( pdb_method ))) {
 		return nt_status;
@@ -6489,9 +6491,17 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	nt_status = smbldap_init(*pdb_method, pdb_get_tevent_context(),
-				 location, &ldap_state->smbldap_state);
+	if (!fetch_ldap_pw(&bind_dn, &bind_secret)) {
+		DEBUG(0, ("pdb_init_ldapsam_common: Failed to retrieve LDAP password from secrets.tdb\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
 
+	nt_status = smbldap_init(*pdb_method, pdb_get_tevent_context(),
+				 location, false, bind_dn, bind_secret,
+				 &ldap_state->smbldap_state);
+	memset(bind_secret, '\0', strlen(bind_secret));
+	SAFE_FREE(bind_secret);
+	SAFE_FREE(bind_dn);
 	if ( !NT_STATUS_IS_OK(nt_status) ) {
 		return nt_status;
 	}
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 7798fbb908..7163e663f8 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -29,6 +29,7 @@
 #include "passdb/pdb_ldap_util.h"
 #include "passdb/pdb_ldap_schema.h"
 #include "lib/privileges.h"
+#include "secrets.h"
 
 /*
  * Set a user's data
@@ -1591,6 +1592,9 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
 	struct samu *samuser;
 	struct passwd *pwd;
 	bool is_ipa = false;
+	char *bind_dn = NULL;
+	char *bind_secret = NULL;
+	NTSTATUS status;
 
 	if (c->display_usage) {
 		d_printf(  "%s\n"
@@ -1645,7 +1649,18 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
 		goto failed;
 	}
 
-	if (!NT_STATUS_IS_OK(smbldap_init(tc, NULL, ldap_uri, &state))) {
+	if (!fetch_ldap_pw(&bind_dn, &bind_secret)) {
+		d_fprintf(stderr, _("Failed to retrieve LDAP password from secrets.tdb\n"));
+		goto failed;
+	}
+
+	status = smbldap_init(tc, NULL, ldap_uri, false, bind_dn, bind_secret, &state);
+
+	memset(bind_secret, '\0', strlen(bind_secret));
+	SAFE_FREE(bind_secret);
+	SAFE_FREE(bind_dn);
+
+	if (!NT_STATUS_IS_OK(status)) {
 		d_fprintf(stderr, _("Unable to connect to the LDAP server.\n"));
 		goto failed;
 	}
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 5246cd3595..4f1dc8c7f4 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -488,8 +488,10 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom)
 	ctx->rw_ops->get_new_id = idmap_ldap_allocate_id_internal;
 	ctx->rw_ops->set_mapping = idmap_ldap_set_mapping;
 
+	/* get_credentials deals with setting up creds */
+
 	ret = smbldap_init(ctx, winbind_event_context(), ctx->url,
-			   &ctx->smbldap_state);
+			   false, NULL, NULL, &ctx->smbldap_state);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(1, ("ERROR: smbldap_init (%s) failed!\n", ctx->url));
 		goto done;
-- 
cgit