svn commit: samba r23944 - in branches/SAMBA_3_2_0/source: include libads

metze at samba.org metze at samba.org
Wed Jul 18 07:35:52 GMT 2007 

Author: metze
Date: 2007-07-18 07:35:50 +0000 (Wed, 18 Jul 2007)
New Revision: 23944

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23944

Log:
merge from SAMBA_3_2:
- always provide ads_setup_sasl_wrapping() function
- read/write returning 0 means EOF and we need to return direct

metze
Modified:
   branches/SAMBA_3_2_0/source/include/ads.h
   branches/SAMBA_3_2_0/source/libads/ldap.c
   branches/SAMBA_3_2_0/source/libads/sasl.c
   branches/SAMBA_3_2_0/source/libads/sasl_wrapping.c


Changeset:
Modified: branches/SAMBA_3_2_0/source/include/ads.h
===================================================================
--- branches/SAMBA_3_2_0/source/include/ads.h	2007-07-18 07:30:41 UTC (rev 23943)
+++ branches/SAMBA_3_2_0/source/include/ads.h	2007-07-18 07:35:50 UTC (rev 23944)
@@ -39,6 +39,12 @@
 	ADS_STATUS (*disconnect)(struct ads_struct *);
 };
 
+enum ads_saslwrap_type {
+	ADS_SASLWRAP_TYPE_PLAIN = 1,
+	ADS_SASLWRAP_TYPE_SIGN = 2,
+	ADS_SASLWRAP_TYPE_SEAL = 4
+} wrap_type;
+
 typedef struct ads_struct {
 	int is_mine;	/* do I own this structure's memory? */
 	
@@ -85,8 +91,11 @@
 		time_t last_attempt; /* last attempt to reconnect */
 		int port;
 
+		enum ads_saslwrap_type wrap_type;
+
 #ifdef HAVE_LDAP_SASL_WRAPPING
 		Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */
+#endif /* HAVE_LDAP_SASL_WRAPPING */
 		TALLOC_CTX *mem_ctx;
 		const struct ads_saslwrap_ops *wrap_ops;
 		void *wrap_private_data;
@@ -108,7 +117,6 @@
 			uint32 size;
 			uint8 *buf;
 		} out;
-#endif /* HAVE_LDAP_SASL_WRAPPING */
 	} ldap;
 #endif /* HAVE_LDAP */
 } ADS_STRUCT;
@@ -321,6 +329,9 @@
 #define ADS_AUTH_ANON_BIND        0x04
 #define ADS_AUTH_SIMPLE_BIND      0x08
 #define ADS_AUTH_ALLOW_NTLMSSP    0x10
+#define ADS_AUTH_SASL_SIGN        0x20
+#define ADS_AUTH_SASL_SEAL        0x40
+#define ADS_AUTH_SASL_FORCE       0x80
 
 /* Kerberos environment variable names */
 #define KRB5_ENV_CCNAME "KRB5CCNAME"

Modified: branches/SAMBA_3_2_0/source/libads/ldap.c
===================================================================
--- branches/SAMBA_3_2_0/source/libads/ldap.c	2007-07-18 07:30:41 UTC (rev 23943)
+++ branches/SAMBA_3_2_0/source/libads/ldap.c	2007-07-18 07:35:50 UTC (rev 23944)
@@ -372,8 +372,9 @@
 	ADS_STATUS status;
 	NTSTATUS ntstatus;
 
-	ads->ldap.last_attempt = time(NULL);
-	ads->ldap.ld = NULL;
+	ZERO_STRUCT(ads->ldap);
+	ads->ldap.last_attempt	= time(NULL);
+	ads->ldap.wrap_type	= ADS_SASLWRAP_TYPE_PLAIN;
 
 	/* try with a user specified server */
 
@@ -423,6 +424,11 @@
 	if (ads->auth.flags & ADS_AUTH_NO_BIND) {
 		return ADS_SUCCESS;
 	}
+
+	ads->ldap.mem_ctx = talloc_new("ads LDAP connection memory");
+	if (!ads->ldap.mem_ctx) {
+		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+	}
 	
 	/* Otherwise setup the TCP LDAP session */
 
@@ -475,6 +481,13 @@
 		ldap_unbind(ads->ldap.ld);
 		ads->ldap.ld = NULL;
 	}
+	if (ads->ldap.wrap_ops && ads->ldap.wrap_ops->disconnect) {
+		ads->ldap.wrap_ops->disconnect(ads);
+	}
+	if (ads->ldap.mem_ctx) {
+		talloc_free(ads->ldap.mem_ctx);
+	}
+	ZERO_STRUCT(ads->ldap);
 }
 
 /*

Modified: branches/SAMBA_3_2_0/source/libads/sasl.c
===================================================================
--- branches/SAMBA_3_2_0/source/libads/sasl.c	2007-07-18 07:30:41 UTC (rev 23943)
+++ branches/SAMBA_3_2_0/source/libads/sasl.c	2007-07-18 07:35:50 UTC (rev 23944)
@@ -517,6 +517,14 @@
 
 	values = ldap_get_values(ads->ldap.ld, res, "supportedSASLMechanisms");
 
+	if (ads->auth.flags & ADS_AUTH_SASL_SEAL) {
+		ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SEAL;
+	} else if (ads->auth.flags & ADS_AUTH_SASL_SIGN) {
+		ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SIGN;
+	} else {
+		ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_PLAIN;
+	}
+
 	/* try our supported mechanisms in order */
 	for (i=0;sasl_mechanisms[i].name;i++) {
 		/* see if the server supports it */

Modified: branches/SAMBA_3_2_0/source/libads/sasl_wrapping.c
===================================================================
--- branches/SAMBA_3_2_0/source/libads/sasl_wrapping.c	2007-07-18 07:30:41 UTC (rev 23943)
+++ branches/SAMBA_3_2_0/source/libads/sasl_wrapping.c	2007-07-18 07:35:50 UTC (rev 23944)
@@ -93,7 +93,7 @@
 		ret = LBER_SBIOD_READ_NEXT(sbiod,
 					   ads->ldap.in.buf + ads->ldap.in.ofs,
 					   4 - ads->ldap.in.ofs);
-		if (ret < 0) return ret;
+		if (ret <= 0) return ret;
 		ads->ldap.in.ofs += ret;
 
 		if (ads->ldap.in.ofs < 4) goto eagain;
@@ -120,7 +120,7 @@
 		ret = LBER_SBIOD_READ_NEXT(sbiod,
 					   ads->ldap.in.buf + ads->ldap.in.ofs,
 					   ads->ldap.in.needed);
-		if (ret < 0) return ret;
+		if (ret <= 0) return ret;
 		ads->ldap.in.ofs += ret;
 		ads->ldap.in.needed -= ret;
 
@@ -227,7 +227,7 @@
 	ret = LBER_SBIOD_WRITE_NEXT(sbiod,
 				    ads->ldap.out.buf + ads->ldap.out.ofs,
 				    ads->ldap.out.left);
-	if (ret < 0) return ret;
+	if (ret <= 0) return ret;
 	ads->ldap.out.ofs += ret;
 	ads->ldap.out.left -= ret;
 
@@ -302,5 +302,11 @@
 
 	return ADS_SUCCESS;
 }
-
+#else
+ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
+				   const struct ads_saslwrap_ops *ops,
+				   void *private_data)
+{
+	return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
+}
 #endif /* HAVE_LDAP_SASL_WRAPPING */

More information about the samba-cvs mailing list