[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Sep 10 23:20:03 UTC 2020
The branch, master has been updated
via 53a368c58d0 idmap_ad: Honor "client ldap sasl wrapping" config setting
from 21de9077a52 s3: libsmb: Fix bug in get_dc_list() introduced by ip-service cleanup.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 53a368c58d006e50309127dd1e1c5adde47368bb
Author: Christof Schmitt <cs at samba.org>
Date: Wed Jul 22 11:18:20 2020 -0700
idmap_ad: Honor "client ldap sasl wrapping" config setting
Instead of hard-coding SIGN and SEAL for the connections from this idmap
module, query the desired wrapping from "client ldap sasl wrapping".
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 10 23:19:56 UTC 2020 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/idmap_ad.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index bd5add9aca2..0595a7b270a 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -290,6 +290,30 @@ static void PRINTF_ATTRIBUTE(3, 0) idmap_ad_tldap_debug(
}
}
+static uint32_t gensec_features_from_ldap_sasl_wrapping(void)
+{
+ int wrap_flags;
+ uint32_t gensec_features = 0;
+
+ wrap_flags = lp_client_ldap_sasl_wrapping();
+ if (wrap_flags == -1) {
+ wrap_flags = 0;
+ }
+
+ if (wrap_flags & ADS_AUTH_SASL_SEAL) {
+ gensec_features |= GENSEC_FEATURE_SEAL;
+ }
+ if (wrap_flags & ADS_AUTH_SASL_SIGN) {
+ gensec_features |= GENSEC_FEATURE_SIGN;
+ }
+
+ if (gensec_features != 0) {
+ gensec_features |= GENSEC_FEATURE_LDAP_STYLE;
+ }
+
+ return gensec_features;
+}
+
static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
const char *domname,
struct tldap_context **pld)
@@ -299,6 +323,7 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
struct cli_credentials *creds;
struct loadparm_context *lp_ctx;
struct tldap_context *ld;
+ uint32_t gensec_features = gensec_features_from_ldap_sasl_wrapping();
int fd;
NTSTATUS status;
bool ok;
@@ -368,7 +393,7 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
}
rc = tldap_gensec_bind(ld, creds, "ldap", dcinfo->dc_unc, NULL, lp_ctx,
- GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
+ gensec_features);
if (!TLDAP_RC_IS_SUCCESS(rc)) {
DBG_DEBUG("tldap_gensec_bind failed: %s\n",
tldap_errstr(dcinfo, ld, rc));
--
Samba Shared Repository
More information about the samba-cvs
mailing list