2025-01-21 18:04:06 +03:00 · 2020-09-04 10:48:27 +02:00 · 2020-09-04 10:48:27 +02:00 · 5e3363e0b8
commit 5e3363e0b8
parent b34e8dc898
2 changed files with 24 additions and 27 deletions
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@ -232,7 +232,7 @@ static int rootdse_add_dynamic(struct rootdse_context *ac, struct ldb_message *m
 	struct ldb_context *ldb;
 	struct rootdse_private_data *priv = talloc_get_type(ldb_module_get_private(ac->module), struct rootdse_private_data);
 	const char * const *attrs = ac->req->op.search.attrs;
-	char **server_sasl;
+	const char **server_sasl = NULL;
 	const struct dsdb_schema *schema;
 	int *val;
 	struct ldb_control *edn_control;
@ -343,7 +343,7 @@ static int rootdse_add_dynamic(struct rootdse_context *ac, struct ldb_message *m
 	}

 	server_sasl = talloc_get_type(ldb_get_opaque(ldb, "supportedSASLMechanisms"),
-				       char *);
+				       const char *);
 	if (server_sasl && do_attribute(attrs, "supportedSASLMechanisms")) {
 		for (i = 0; server_sasl && server_sasl[i]; i++) {
 			char *sasl_name = talloc_strdup(msg, server_sasl[i]);
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@ -33,6 +33,7 @@
 #include "ldb_wrap.h"
 #include "lib/tsocket/tsocket.h"
 #include "libcli/ldap/ldap_proto.h"
+#include "source4/auth/auth.h"

 static int map_ldb_error(TALLOC_CTX *mem_ctx, int ldb_err,
 	const char *add_err_string, const char **errstring)
@ -199,37 +200,33 @@ int ldapsrv_backend_Init(struct ldapsrv_connection *conn,
 	}

 	if (conn->server_credentials) {
-		char **sasl_mechs = NULL;
-		const struct gensec_security_ops * const *backends = gensec_security_all();
-		const struct gensec_security_ops **ops
-			= gensec_use_kerberos_mechs(conn, backends, conn->server_credentials);
-		unsigned int i, j = 0;
-		for (i = 0; ops && ops[i]; i++) {
-			if (!lpcfg_parm_bool(conn->lp_ctx,  NULL, "gensec", ops[i]->name, ops[i]->enabled))
-				continue;
+		struct gensec_security *gensec_security = NULL;
+		const char **sasl_mechs = NULL;
+		NTSTATUS status;

-			if (ops[i]->sasl_name && ops[i]->server_start) {
-				char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name);
-
-				if (!sasl_name) {
-					return LDB_ERR_OPERATIONS_ERROR;
-				}
-				sasl_mechs = talloc_realloc(conn, sasl_mechs, char *, j + 2);
-				if (!sasl_mechs) {
-					return LDB_ERR_OPERATIONS_ERROR;
-				}
-				sasl_mechs[j] = sasl_name;
-				talloc_steal(sasl_mechs, sasl_name);
-				sasl_mechs[j+1] = NULL;
-				j++;
-			}
+		status = samba_server_gensec_start(conn,
+						   conn->connection->event.ctx,
+						   conn->connection->msg_ctx,
+						   conn->lp_ctx,
+						   conn->server_credentials,
+						   "ldap",
+						   &gensec_security);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("samba_server_gensec_start failed: %s\n",
+				nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
 		}
-		talloc_unlink(conn, ops);

 		/* ldb can have a different lifetime to conn, so we
 		   need to ensure that sasl_mechs lives as long as the
 		   ldb does */
-		talloc_steal(conn->ldb, sasl_mechs);
+		sasl_mechs = gensec_security_sasl_names(gensec_security,
+							conn->ldb);
+		TALLOC_FREE(gensec_security);
+		if (sasl_mechs == NULL) {
+			DBG_ERR("Failed to get sasl mechs!\n");
+			return LDB_ERR_OPERATIONS_ERROR;
+		}

 		ldb_set_opaque(conn->ldb, "supportedSASLMechanisms", sasl_mechs);
 	}