The branch, master has been updated via 53a368c58d0 idmap_ad: Honor "client ldap sasl wrapping" config setting from 21de9077a52 s3: libsmb: Fix bug in get_dc_list() introduced by ip-service cleanup.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 53a368c58d006e50309127dd1e1c5adde47368bb Author: Christof Schmitt <c...@samba.org> Date: Wed Jul 22 11:18:20 2020 -0700 idmap_ad: Honor "client ldap sasl wrapping" config setting Instead of hard-coding SIGN and SEAL for the connections from this idmap module, query the desired wrapping from "client ldap sasl wrapping". Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Thu Sep 10 23:19:56 UTC 2020 on sn-devel-184 ----------------------------------------------------------------------- Summary of changes: source3/winbindd/idmap_ad.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index bd5add9aca2..0595a7b270a 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -290,6 +290,30 @@ static void PRINTF_ATTRIBUTE(3, 0) idmap_ad_tldap_debug( } } +static uint32_t gensec_features_from_ldap_sasl_wrapping(void) +{ + int wrap_flags; + uint32_t gensec_features = 0; + + wrap_flags = lp_client_ldap_sasl_wrapping(); + if (wrap_flags == -1) { + wrap_flags = 0; + } + + if (wrap_flags & ADS_AUTH_SASL_SEAL) { + gensec_features |= GENSEC_FEATURE_SEAL; + } + if (wrap_flags & ADS_AUTH_SASL_SIGN) { + gensec_features |= GENSEC_FEATURE_SIGN; + } + + if (gensec_features != 0) { + gensec_features |= GENSEC_FEATURE_LDAP_STYLE; + } + + return gensec_features; +} + static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx, const char *domname, struct tldap_context **pld) @@ -299,6 +323,7 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx, struct cli_credentials *creds; struct loadparm_context *lp_ctx; struct tldap_context *ld; + uint32_t gensec_features = gensec_features_from_ldap_sasl_wrapping(); int fd; NTSTATUS status; bool ok; @@ -368,7 +393,7 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx, } rc = tldap_gensec_bind(ld, creds, "ldap", dcinfo->dc_unc, NULL, lp_ctx, - GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL); + gensec_features); if (!TLDAP_RC_IS_SUCCESS(rc)) { DBG_DEBUG("tldap_gensec_bind failed: %s\n", tldap_errstr(dcinfo, ld, rc)); -- Samba Shared Repository