From db2e86f75cf08715503f28046fd29fcc1c0f6867 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 14 Jun 2005 03:55:27 +0000 Subject: r7568: enable the NTLMSSP bulk data sign/seal code for out ldap server. This now works with windows clients, as I fixed the zero length bind ack packet. Andrew, note that this has the strncmp("NTLMSSP", data, 7) hack. Please replace with a more correct fix as we discussed. (This used to be commit 69b02e8adb25a5152aec15f55b2b2f67457cf08a) --- source4/ldap_server/ldap_bind.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'source4') diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index d6b0332b6e..3b14606439 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -56,8 +56,8 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) const char *errstr; NTSTATUS status = NT_STATUS_OK; NTSTATUS sasl_status; -/* BOOL ret; -*/ + BOOL ret; + DEBUG(10, ("BindSASL dn: %s\n",req->dn)); if (!call->conn->gensec) { @@ -71,10 +71,15 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) gensec_set_target_service(call->conn->gensec, "ldap"); - /*gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SIGN); + gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SIGN); gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SEAL); - */ - status = gensec_start_mech_by_sasl_name(call->conn->gensec, req->creds.SASL.mechanism); + + if (req->creds.SASL.secblob.length >= 7 && + strncmp(req->creds.SASL.secblob.data, "NTLMSSP", 7) == 0) { + status = gensec_start_mech_by_sasl_name(call->conn->gensec, "NTLM"); + } else { + status = gensec_start_mech_by_sasl_name(call->conn->gensec, req->creds.SASL.mechanism); + } if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC SASL[%s] server code: %s\n", req->creds.SASL.mechanism, nt_errstr(status))); @@ -93,7 +98,7 @@ reply: if (NT_STATUS_IS_OK(status)) { status = gensec_update(call->conn->gensec, reply, - req->creds.SASL.secblob, &resp->SASL.secblob); + req->creds.SASL.secblob, &resp->SASL.secblob); } if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) { @@ -123,7 +128,7 @@ reply: return status; } -/* ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, conn->out_buffer.data, conn->out_buffer.length); + ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, conn->out_buffer.data, conn->out_buffer.length); if (!ret) { return NT_STATUS_NO_MEMORY; } @@ -131,7 +136,7 @@ reply: if (NT_STATUS_IS_OK(status)) { status = gensec_session_info(conn->gensec, &conn->session_info); } -*/ + return status; } -- cgit