diff options
Diffstat (limited to 'source/lib/smbldap.c')
-rw-r--r-- | source/lib/smbldap.c | 75 |
1 files changed, 50 insertions, 25 deletions
diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c index 85dd5fa3d67..aa039294d2e 100644 --- a/source/lib/smbldap.c +++ b/source/lib/smbldap.c @@ -803,20 +803,27 @@ static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, if (freeit) { SAFE_FREE(*whop); - memset(*credp, '\0', strlen(*credp)); + if (*credp) { + memset(*credp, '\0', strlen(*credp)); + } SAFE_FREE(*credp); } else { DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n", - ldap_state->bind_dn)); + ldap_state->bind_dn?ldap_state->bind_dn:"[Anonymous bind]")); - *whop = SMB_STRDUP(ldap_state->bind_dn); - if (!*whop) { - return LDAP_NO_MEMORY; - } - *credp = SMB_STRDUP(ldap_state->bind_secret); - if (!*credp) { - SAFE_FREE(*whop); - return LDAP_NO_MEMORY; + if (ldap_state->anonymous) { + *whop = NULL; + *credp = NULL; + } else { + *whop = SMB_STRDUP(ldap_state->bind_dn); + if (!*whop) { + return LDAP_NO_MEMORY; + } + *credp = SMB_STRDUP(ldap_state->bind_secret); + if (!*credp) { + SAFE_FREE(*whop); + return LDAP_NO_MEMORY; + } } *methodp = LDAP_AUTH_SIMPLE; } @@ -844,7 +851,7 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct, int version; DEBUG(5,("rebindproc_connect_with_state: Rebinding to %s as \"%s\"\n", - url, ldap_state->bind_dn)); + url, ldap_state->bind_dn?ldap_state->bind_dn:"[Anonymous bind]")); /* call START_TLS again (ldaps:// is handled by the OpenLDAP library * itself) before rebinding to another LDAP server to avoid to expose @@ -925,24 +932,22 @@ static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request, static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_struct) { int rc; - char *ldap_dn; - char *ldap_secret; int version; - /* get the password */ - if (!fetch_ldap_pw(&ldap_dn, &ldap_secret)) { - DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); - return LDAP_INVALID_CREDENTIALS; - } + if (!ldap_state->anonymous && !ldap_state->bind_dn) { - ldap_state->bind_dn = ldap_dn; - ldap_state->bind_secret = ldap_secret; + /* get the default dn and password only if they are not set already */ + if (!fetch_ldap_pw(&ldap_state->bind_dn, &ldap_state->bind_secret)) { + DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); + return LDAP_INVALID_CREDENTIALS; + } + } /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite (OpenLDAP) doesnt' seem to support it */ DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n", - ldap_state->uri, ldap_dn)); + ldap_state->uri, ldap_state->bind_dn)); #ifdef HAVE_LDAP_SET_REBIND_PROC #if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) @@ -962,7 +967,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ #endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ #endif - rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); + rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret); if (rc != LDAP_SUCCESS) { char *ld_error = NULL; @@ -971,7 +976,8 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ DEBUG(ldap_state->num_failures ? 2 : 0, ("failed to bind to server %s with dn=\"%s\" Error: %s\n\t%s\n", ldap_state->uri, - ldap_dn ? ldap_dn : "(unknown)", ldap_err2string(rc), + ldap_state->bind_dn ? ldap_state->bind_dn : "[Anonymous bind]", + ldap_err2string(rc), ld_error ? ld_error : "(unknown)")); SAFE_FREE(ld_error); ldap_state->num_failures++; @@ -1078,8 +1084,6 @@ static NTSTATUS smbldap_close(struct smbldap_state *ldap_state) DEBUG(5,("The connection to the LDAP server was closed\n")); /* maybe free the results here --metze */ - - return NT_STATUS_OK; } @@ -1701,3 +1705,24 @@ BOOL smbldap_has_naming_context(LDAP *ld, const char *naming_context) const char *attrs[] = { "namingContexts", NULL }; return smbldap_check_root_dse(ld, attrs, naming_context); } + +BOOL smbldap_set_creds(struct smbldap_state *ldap_state, BOOL anon, const char *dn, const char *secret) +{ + ldap_state->anonymous = anon; + + /* free any previously set credential */ + + SAFE_FREE(ldap_state->bind_dn); + if (ldap_state->bind_secret) { + /* make sure secrets are zeroed out of memory */ + memset(ldap_state->bind_secret, '\0', strlen(ldap_state->bind_secret)); + SAFE_FREE(ldap_state->bind_secret); + } + + if ( ! anon) { + ldap_state->bind_dn = SMB_STRDUP(dn); + ldap_state->bind_secret = SMB_STRDUP(secret); + } + + return True; +} |