From 97b54b007e0f8a44074fa570b06b7ff9d4f2489b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 18 Dec 2005 05:01:15 +0000 Subject: r12310: Link simple bind support in our internal LDAP libs to LDB and the command line processing system. This is a little ugly at the moment, but works. What I cannot manage to get to work is the extraction and propogation of command line credentials into the js interface to ldb. Andrew Bartlett (This used to be commit f34ede763e7f80507d06224d114cf6b5ac7c8f7d) --- source4/auth/credentials/credentials.c | 23 +++++++++++++++++++++++ source4/auth/credentials/credentials.h | 2 ++ source4/lib/ldb/ldb_ildap/ldb_ildap.c | 21 ++++++++++++++++----- 3 files changed, 41 insertions(+), 5 deletions(-) diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c index 0e37fdc4a6..0ea2a01ea1 100644 --- a/source4/auth/credentials/credentials.c +++ b/source4/auth/credentials/credentials.c @@ -57,6 +57,8 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) cred->machine_account = False; cred->gensec_list = NULL; + cred->bind_dn = NULL; + return cred; } @@ -104,6 +106,23 @@ BOOL cli_credentials_set_username_callback(struct cli_credentials *cred, return False; } +BOOL cli_credentials_set_bind_dn(struct cli_credentials *cred, + const char *bind_dn) +{ + cred->bind_dn = talloc_strdup(cred, bind_dn); + return True; +} + +/** + * Obtain the BIND DN for this credentials context. + * @param cred credentials context + * @retval The username set on this context. + * @note Return value will be NULL if not specified explictly + */ +const char *cli_credentials_get_bind_dn(struct cli_credentials *cred) +{ + return cred->bind_dn; +} /** @@ -171,6 +190,10 @@ BOOL cli_credentials_set_principal_callback(struct cli_credentials *cred, BOOL cli_credentials_authentication_requested(struct cli_credentials *cred) { + if (cred->bind_dn) { + return True; + } + if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred); } diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index 027cf4469d..c8a95e2b51 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -61,6 +61,8 @@ struct cli_credentials { const char *principal; const char *salt_principal; + const char *bind_dn; + struct samr_Password *nt_hash; struct ccache_container *ccache; diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index 582513df6f..0802469079 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -510,11 +510,22 @@ int ildb_connect(struct ldb_context *ldb, const char *url, } if (creds != NULL && cli_credentials_authentication_requested(creds)) { - status = ldap_bind_sasl(ildb->ldap, creds); - if (!NT_STATUS_IS_OK(status)) { - ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n", - ldap_errstr(ildb->ldap, status)); - goto failed; + const char *bind_dn = cli_credentials_get_bind_dn(creds); + if (bind_dn) { + const char *password = cli_credentials_get_password(creds); + status = ldap_bind_simple(ildb->ldap, bind_dn, password); + if (!NT_STATUS_IS_OK(status)) { + ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n", + ldap_errstr(ildb->ldap, status)); + goto failed; + } + } else { + status = ldap_bind_sasl(ildb->ldap, creds); + if (!NT_STATUS_IS_OK(status)) { + ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n", + ldap_errstr(ildb->ldap, status)); + goto failed; + } } } -- cgit