Author: metze Date: 2007-07-18 07:45:16 +0000 (Wed, 18 Jul 2007) New Revision: 23945
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23945 Log: add infrastructure to select plain, sign or seal LDAP connection metze Modified: branches/SAMBA_3_2/source/include/ads.h branches/SAMBA_3_2/source/libads/ldap.c branches/SAMBA_3_2/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2/source/include/ads.h =================================================================== --- branches/SAMBA_3_2/source/include/ads.h 2007-07-18 07:35:50 UTC (rev 23944) +++ branches/SAMBA_3_2/source/include/ads.h 2007-07-18 07:45:16 UTC (rev 23945) @@ -39,6 +39,12 @@ ADS_STATUS (*disconnect)(struct ads_struct *); }; +enum ads_saslwrap_type { + ADS_SASLWRAP_TYPE_PLAIN = 1, + ADS_SASLWRAP_TYPE_SIGN = 2, + ADS_SASLWRAP_TYPE_SEAL = 4 +} wrap_type; + typedef struct ads_struct { int is_mine; /* do I own this structure's memory? */ @@ -85,8 +91,11 @@ time_t last_attempt; /* last attempt to reconnect */ int port; + enum ads_saslwrap_type wrap_type; + #ifdef HAVE_LDAP_SASL_WRAPPING Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */ +#endif /* HAVE_LDAP_SASL_WRAPPING */ TALLOC_CTX *mem_ctx; const struct ads_saslwrap_ops *wrap_ops; void *wrap_private_data; @@ -108,7 +117,6 @@ uint32 size; uint8 *buf; } out; -#endif /* HAVE_LDAP_SASL_WRAPPING */ } ldap; #endif /* HAVE_LDAP */ } ADS_STRUCT; @@ -321,6 +329,9 @@ #define ADS_AUTH_ANON_BIND 0x04 #define ADS_AUTH_SIMPLE_BIND 0x08 #define ADS_AUTH_ALLOW_NTLMSSP 0x10 +#define ADS_AUTH_SASL_SIGN 0x20 +#define ADS_AUTH_SASL_SEAL 0x40 +#define ADS_AUTH_SASL_FORCE 0x80 /* Kerberos environment variable names */ #define KRB5_ENV_CCNAME "KRB5CCNAME" Modified: branches/SAMBA_3_2/source/libads/ldap.c =================================================================== --- branches/SAMBA_3_2/source/libads/ldap.c 2007-07-18 07:35:50 UTC (rev 23944) +++ branches/SAMBA_3_2/source/libads/ldap.c 2007-07-18 07:45:16 UTC (rev 23945) @@ -372,8 +372,9 @@ ADS_STATUS status; NTSTATUS ntstatus; - ads->ldap.last_attempt = time(NULL); - ads->ldap.ld = NULL; + ZERO_STRUCT(ads->ldap); + ads->ldap.last_attempt = time(NULL); + ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_PLAIN; /* try with a user specified server */ @@ -423,6 +424,11 @@ if (ads->auth.flags & ADS_AUTH_NO_BIND) { return ADS_SUCCESS; } + + ads->ldap.mem_ctx = talloc_new("ads LDAP connection memory"); + if (!ads->ldap.mem_ctx) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } /* Otherwise setup the TCP LDAP session */ @@ -475,6 +481,13 @@ ldap_unbind(ads->ldap.ld); ads->ldap.ld = NULL; } + if (ads->ldap.wrap_ops && ads->ldap.wrap_ops->disconnect) { + ads->ldap.wrap_ops->disconnect(ads); + } + if (ads->ldap.mem_ctx) { + talloc_free(ads->ldap.mem_ctx); + } + ZERO_STRUCT(ads->ldap); } /* Modified: branches/SAMBA_3_2/source/libads/sasl.c =================================================================== --- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-18 07:35:50 UTC (rev 23944) +++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-18 07:45:16 UTC (rev 23945) @@ -517,6 +517,14 @@ values = ldap_get_values(ads->ldap.ld, res, "supportedSASLMechanisms"); + if (ads->auth.flags & ADS_AUTH_SASL_SEAL) { + ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SEAL; + } else if (ads->auth.flags & ADS_AUTH_SASL_SIGN) { + ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SIGN; + } else { + ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_PLAIN; + } + /* try our supported mechanisms in order */ for (i=0;sasl_mechanisms[i].name;i++) { /* see if the server supports it */
