svn commit: samba r7568 - in branches/SAMBA_4_0/source/ldap_server: .

tridge at samba.org tridge at samba.org
Tue Jun 14 03:55:27 GMT 2005 

Author: tridge
Date: 2005-06-14 03:55:27 +0000 (Tue, 14 Jun 2005)
New Revision: 7568

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=7568

Log:
enable the NTLMSSP bulk data sign/seal code for out ldap server. This
now works with windows clients, as I fixed the zero length bind ack packet.

Andrew, note that this has the strncmp("NTLMSSP", data, 7) hack. Please
replace with a more correct fix as we discussed.

Modified:
   branches/SAMBA_4_0/source/ldap_server/ldap_bind.c


Changeset:
Modified: branches/SAMBA_4_0/source/ldap_server/ldap_bind.c
===================================================================
--- branches/SAMBA_4_0/source/ldap_server/ldap_bind.c	2005-06-14 03:53:35 UTC (rev 7567)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_bind.c	2005-06-14 03:55:27 UTC (rev 7568)
@@ -56,8 +56,8 @@
 	const char *errstr;
 	NTSTATUS status = NT_STATUS_OK;
 	NTSTATUS sasl_status;
-/*	BOOL ret;
-*/
+	BOOL ret;
+
 	DEBUG(10, ("BindSASL dn: %s\n",req->dn));
 
 	if (!call->conn->gensec) {
@@ -71,10 +71,15 @@
 		
 		gensec_set_target_service(call->conn->gensec, "ldap");
 
-		/*gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SIGN);
+		gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SIGN);
 		gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SEAL);
-		*/
-		status = gensec_start_mech_by_sasl_name(call->conn->gensec, req->creds.SASL.mechanism);
+		
+		if (req->creds.SASL.secblob.length >= 7 &&
+		    strncmp(req->creds.SASL.secblob.data, "NTLMSSP", 7) == 0) {
+			status = gensec_start_mech_by_sasl_name(call->conn->gensec, "NTLM");
+		} else {
+			status = gensec_start_mech_by_sasl_name(call->conn->gensec, req->creds.SASL.mechanism);
+		}
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(1, ("Failed to start GENSEC SASL[%s] server code: %s\n", 
 				req->creds.SASL.mechanism, nt_errstr(status)));
@@ -93,7 +98,7 @@
 
 	if (NT_STATUS_IS_OK(status)) {
 		status = gensec_update(call->conn->gensec, reply,
-					req->creds.SASL.secblob, &resp->SASL.secblob);
+				       req->creds.SASL.secblob, &resp->SASL.secblob);
 	}
 
 	if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
@@ -123,7 +128,7 @@
 		return status;
 	}
 
-/*	ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, conn->out_buffer.data, conn->out_buffer.length);
+	ret = ldapsrv_append_to_buf(&conn->sasl_out_buffer, conn->out_buffer.data, conn->out_buffer.length);
 	if (!ret) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -131,7 +136,7 @@
 	if (NT_STATUS_IS_OK(status)) {
 		status = gensec_session_info(conn->gensec, &conn->session_info);
 	}
-*/
+
 	return status;
 }

More information about the samba-cvs mailing list