2004-10-08 16:31:13 +04:00
/*
Unix SMB / CIFS implementation .
LDAP server
Copyright ( C ) Stefan Metzmacher 2004
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
2004-11-02 09:52:59 +03:00
# include "ldap_server/ldap_server.h"
2005-01-01 01:45:11 +03:00
# include "auth/auth.h"
2005-02-10 10:08:40 +03:00
# include "libcli/ldap/ldap.h"
2005-06-16 15:36:09 +04:00
# include "smbd/service_stream.h"
2004-10-08 16:31:13 +04:00
2004-10-10 02:00:00 +04:00
static NTSTATUS ldapsrv_BindSimple ( struct ldapsrv_call * call )
2004-10-08 16:31:13 +04:00
{
2005-06-15 04:27:51 +04:00
struct ldap_BindRequest * req = & call - > request - > r . BindRequest ;
2004-10-08 16:31:13 +04:00
struct ldapsrv_reply * reply ;
struct ldap_BindResponse * resp ;
2004-10-10 02:00:00 +04:00
DEBUG ( 10 , ( " BindSimple dn: %s \n " , req - > dn ) ) ;
2004-10-08 16:31:13 +04:00
reply = ldapsrv_init_reply ( call , LDAP_TAG_BindResponse ) ;
if ( ! reply ) {
return NT_STATUS_NO_MEMORY ;
}
2005-06-15 04:27:51 +04:00
resp = & reply - > msg - > r . BindResponse ;
2004-10-08 16:31:13 +04:00
resp - > response . resultcode = 0 ;
resp - > response . dn = NULL ;
resp - > response . errormessage = NULL ;
resp - > response . referral = NULL ;
resp - > SASL . secblob = data_blob ( NULL , 0 ) ;
2005-06-19 13:31:34 +04:00
ldapsrv_queue_reply ( call , reply ) ;
return NT_STATUS_OK ;
2004-10-08 16:31:13 +04:00
}
2004-10-10 02:00:00 +04:00
static NTSTATUS ldapsrv_BindSASL ( struct ldapsrv_call * call )
{
2005-06-15 04:27:51 +04:00
struct ldap_BindRequest * req = & call - > request - > r . BindRequest ;
2004-10-10 02:00:00 +04:00
struct ldapsrv_reply * reply ;
struct ldap_BindResponse * resp ;
2005-01-01 01:45:11 +03:00
struct ldapsrv_connection * conn ;
2004-10-10 02:00:00 +04:00
int result ;
const char * errstr ;
NTSTATUS status = NT_STATUS_OK ;
2005-06-14 07:55:27 +04:00
2004-10-10 02:00:00 +04:00
DEBUG ( 10 , ( " BindSASL dn: %s \n " , req - > dn ) ) ;
if ( ! call - > conn - > gensec ) {
call - > conn - > session_info = NULL ;
2005-06-16 15:36:09 +04:00
status = gensec_server_start ( call - > conn , & call - > conn - > gensec ,
call - > conn - > connection - > event . ctx ) ;
2004-10-10 02:00:00 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 1 , ( " Failed to start GENSEC server code: %s \n " , nt_errstr ( status ) ) ) ;
return status ;
}
2004-12-24 12:54:23 +03:00
gensec_set_target_service ( call - > conn - > gensec , " ldap " ) ;
2004-10-10 02:00:00 +04:00
2005-06-14 07:55:27 +04:00
gensec_want_feature ( call - > conn - > gensec , GENSEC_FEATURE_SIGN ) ;
2005-01-01 01:45:11 +03:00
gensec_want_feature ( call - > conn - > gensec , GENSEC_FEATURE_SEAL ) ;
2005-06-14 07:55:27 +04:00
2005-06-15 04:30:03 +04:00
status = gensec_start_mech_by_sasl_name ( call - > conn - > gensec , req - > creds . SASL . mechanism ) ;
2004-10-10 02:00:00 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 1 , ( " Failed to start GENSEC SASL[%s] server code: %s \n " ,
req - > creds . SASL . mechanism , nt_errstr ( status ) ) ) ;
goto reply ;
}
}
reply :
reply = ldapsrv_init_reply ( call , LDAP_TAG_BindResponse ) ;
if ( ! reply ) {
return NT_STATUS_NO_MEMORY ;
}
2005-06-15 04:27:51 +04:00
resp = & reply - > msg - > r . BindResponse ;
2005-01-01 01:45:11 +03:00
conn = call - > conn ;
2004-10-10 02:00:00 +04:00
if ( NT_STATUS_IS_OK ( status ) ) {
status = gensec_update ( call - > conn - > gensec , reply ,
2005-06-14 07:55:27 +04:00
req - > creds . SASL . secblob , & resp - > SASL . secblob ) ;
2004-10-10 02:00:00 +04:00
}
if ( NT_STATUS_EQUAL ( NT_STATUS_MORE_PROCESSING_REQUIRED , status ) ) {
result = LDAP_SASL_BIND_IN_PROGRESS ;
errstr = NULL ;
} else if ( NT_STATUS_IS_OK ( status ) ) {
result = LDAP_SUCCESS ;
errstr = NULL ;
2005-06-19 13:31:34 +04:00
call - > conn - > enable_wrap = True ;
2004-10-10 02:00:00 +04:00
} else {
result = 49 ;
errstr = talloc_asprintf ( reply , " SASL:[%s]: %s " , req - > creds . SASL . mechanism , nt_errstr ( status ) ) ;
}
resp - > response . resultcode = result ;
resp - > response . dn = NULL ;
resp - > response . errormessage = errstr ;
resp - > response . referral = NULL ;
2005-06-19 13:31:34 +04:00
ldapsrv_queue_reply ( call , reply ) ;
return NT_STATUS_OK ;
2004-10-10 02:00:00 +04:00
}
NTSTATUS ldapsrv_BindRequest ( struct ldapsrv_call * call )
{
2005-06-15 04:27:51 +04:00
struct ldap_BindRequest * req = & call - > request - > r . BindRequest ;
2004-10-10 02:00:00 +04:00
struct ldapsrv_reply * reply ;
struct ldap_BindResponse * resp ;
switch ( req - > mechanism ) {
case LDAP_AUTH_MECH_SIMPLE :
return ldapsrv_BindSimple ( call ) ;
case LDAP_AUTH_MECH_SASL :
return ldapsrv_BindSASL ( call ) ;
}
reply = ldapsrv_init_reply ( call , LDAP_TAG_BindResponse ) ;
if ( ! reply ) {
return NT_STATUS_NO_MEMORY ;
}
2005-06-15 04:27:51 +04:00
resp = & reply - > msg - > r . BindResponse ;
2004-10-10 02:00:00 +04:00
resp - > response . resultcode = 7 ;
resp - > response . dn = NULL ;
resp - > response . errormessage = talloc_asprintf ( reply , " Bad AuthenticationChoice [%d] " , req - > mechanism ) ;
resp - > response . referral = NULL ;
resp - > SASL . secblob = data_blob ( NULL , 0 ) ;
2005-06-19 13:31:34 +04:00
ldapsrv_queue_reply ( call , reply ) ;
return NT_STATUS_OK ;
2004-10-10 02:00:00 +04:00
}
2004-10-08 16:31:13 +04:00
NTSTATUS ldapsrv_UnbindRequest ( struct ldapsrv_call * call )
{
DEBUG ( 10 , ( " UnbindRequest \n " ) ) ;
return NT_STATUS_OK ;
}