[SCM] Samba Shared Repository - branch master updated

Jeremy Allison Thu, 10 Sep 2020 16:20:32 -0700

The branch, master has been updated
       via  53a368c58d0 idmap_ad: Honor "client ldap sasl wrapping" config 
setting
      from  21de9077a52 s3: libsmb: Fix bug in get_dc_list() introduced by 
ip-service cleanup.


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 53a368c58d006e50309127dd1e1c5adde47368bb
Author: Christof Schmitt <c...@samba.org>
Date:   Wed Jul 22 11:18:20 2020 -0700

    idmap_ad: Honor "client ldap sasl wrapping" config setting
    
    Instead of hard-coding SIGN and SEAL for the connections from this idmap
    module, query the desired wrapping from "client ldap sasl wrapping".
    
    Signed-off-by: Christof Schmitt <c...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Thu Sep 10 23:19:56 UTC 2020 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/idmap_ad.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index bd5add9aca2..0595a7b270a 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -290,6 +290,30 @@ static void PRINTF_ATTRIBUTE(3, 0) idmap_ad_tldap_debug(
        }
 }
 
+static uint32_t gensec_features_from_ldap_sasl_wrapping(void)
+{
+       int wrap_flags;
+       uint32_t gensec_features = 0;
+
+       wrap_flags = lp_client_ldap_sasl_wrapping();
+       if (wrap_flags == -1) {
+               wrap_flags = 0;
+       }
+
+       if (wrap_flags & ADS_AUTH_SASL_SEAL) {
+               gensec_features |= GENSEC_FEATURE_SEAL;
+       }
+       if (wrap_flags & ADS_AUTH_SASL_SIGN) {
+               gensec_features |= GENSEC_FEATURE_SIGN;
+       }
+
+       if (gensec_features != 0) {
+               gensec_features |= GENSEC_FEATURE_LDAP_STYLE;
+       }
+
+       return gensec_features;
+}
+
 static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
                                       const char *domname,
                                       struct tldap_context **pld)
@@ -299,6 +323,7 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
        struct cli_credentials *creds;
        struct loadparm_context *lp_ctx;
        struct tldap_context *ld;
+       uint32_t gensec_features = gensec_features_from_ldap_sasl_wrapping();
        int fd;
        NTSTATUS status;
        bool ok;
@@ -368,7 +393,7 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
        }
 
        rc = tldap_gensec_bind(ld, creds, "ldap", dcinfo->dc_unc, NULL, lp_ctx,
-                              GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
+                              gensec_features);
        if (!TLDAP_RC_IS_SUCCESS(rc)) {
                DBG_DEBUG("tldap_gensec_bind failed: %s\n",
                          tldap_errstr(dcinfo, ld, rc));


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to