From 07c034f7c443689749c2b4b138acb991da575c3a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 18 Jul 2007 07:45:16 +0000 Subject: r23945: add infrastructure to select plain, sign or seal LDAP connection metze (This used to be commit 2075c05b3d8baa7d6d8510cd962471a5781740a6) --- source3/include/ads.h | 13 ++++++++++++- source3/libads/ldap.c | 17 +++++++++++++++-- source3/libads/sasl.c | 8 ++++++++ 3 files changed, 35 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/include/ads.h b/source3/include/ads.h index c103c3a43e..1c02366ed4 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -39,6 +39,12 @@ struct ads_saslwrap_ops { ADS_STATUS (*disconnect)(struct ads_struct *); }; +enum ads_saslwrap_type { + ADS_SASLWRAP_TYPE_PLAIN = 1, + ADS_SASLWRAP_TYPE_SIGN = 2, + ADS_SASLWRAP_TYPE_SEAL = 4 +} wrap_type; + typedef struct ads_struct { int is_mine; /* do I own this structure's memory? */ @@ -85,8 +91,11 @@ typedef struct ads_struct { time_t last_attempt; /* last attempt to reconnect */ int port; + enum ads_saslwrap_type wrap_type; + #ifdef HAVE_LDAP_SASL_WRAPPING Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */ +#endif /* HAVE_LDAP_SASL_WRAPPING */ TALLOC_CTX *mem_ctx; const struct ads_saslwrap_ops *wrap_ops; void *wrap_private_data; @@ -108,7 +117,6 @@ typedef struct ads_struct { uint32 size; uint8 *buf; } out; -#endif /* HAVE_LDAP_SASL_WRAPPING */ } ldap; #endif /* HAVE_LDAP */ } ADS_STRUCT; @@ -321,6 +329,9 @@ typedef void **ADS_MODLIST; #define ADS_AUTH_ANON_BIND 0x04 #define ADS_AUTH_SIMPLE_BIND 0x08 #define ADS_AUTH_ALLOW_NTLMSSP 0x10 +#define ADS_AUTH_SASL_SIGN 0x20 +#define ADS_AUTH_SASL_SEAL 0x40 +#define ADS_AUTH_SASL_FORCE 0x80 /* Kerberos environment variable names */ #define KRB5_ENV_CCNAME "KRB5CCNAME" diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index fe7add5e75..0b73229736 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -372,8 +372,9 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) ADS_STATUS status; NTSTATUS ntstatus; - ads->ldap.last_attempt = time(NULL); - ads->ldap.ld = NULL; + ZERO_STRUCT(ads->ldap); + ads->ldap.last_attempt = time(NULL); + ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_PLAIN; /* try with a user specified server */ @@ -423,6 +424,11 @@ got_connection: if (ads->auth.flags & ADS_AUTH_NO_BIND) { return ADS_SUCCESS; } + + ads->ldap.mem_ctx = talloc_new("ads LDAP connection memory"); + if (!ads->ldap.mem_ctx) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } /* Otherwise setup the TCP LDAP session */ @@ -475,6 +481,13 @@ void ads_disconnect(ADS_STRUCT *ads) ldap_unbind(ads->ldap.ld); ads->ldap.ld = NULL; } + if (ads->ldap.wrap_ops && ads->ldap.wrap_ops->disconnect) { + ads->ldap.wrap_ops->disconnect(ads); + } + if (ads->ldap.mem_ctx) { + talloc_free(ads->ldap.mem_ctx); + } + ZERO_STRUCT(ads->ldap); } /* diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index a73545f8e5..94600d7234 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -517,6 +517,14 @@ ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads) values = ldap_get_values(ads->ldap.ld, res, "supportedSASLMechanisms"); + if (ads->auth.flags & ADS_AUTH_SASL_SEAL) { + ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SEAL; + } else if (ads->auth.flags & ADS_AUTH_SASL_SIGN) { + ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SIGN; + } else { + ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_PLAIN; + } + /* try our supported mechanisms in order */ for (i=0;sasl_mechanisms[i].name;i++) { /* see if the server supports it */ -- cgit