diff options
| author | Isaac Boukris <iboukris@gmail.com> | 2020-06-24 15:28:45 +0300 |
|---|---|---|
| committer | Isaac Boukris <iboukris@sn-devel-184> | 2020-07-13 10:41:37 +0000 |
| commit | 9ec83caeb51e85ef9a217d5017d5844389d48513 (patch) | |
| tree | 38a78d46fef5eee53433af50a7d91e6efa8ca56a | |
| parent | 10f61cd39b9e03e7bb781edf04022ea6ae1f1cac (diff) | |
| download | samba-9ec83caeb51e85ef9a217d5017d5844389d48513.tar.gz | |
Decouple ldap-ssl-ads from ldap-ssl option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
| -rw-r--r-- | WHATSNEW.txt | 6 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/ldap/ldapsslads.xml | 7 | ||||
| -rw-r--r-- | source3/include/smbldap.h | 1 | ||||
| -rw-r--r-- | source3/lib/ABI/smbldap-2.1.0.sigs | 33 | ||||
| -rw-r--r-- | source3/lib/smbldap.c | 19 | ||||
| -rwxr-xr-x | source3/libads/ldap.c | 2 | ||||
| -rw-r--r-- | source3/wscript_build | 2 |
7 files changed, 57 insertions, 13 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cd75f6741c0..219afb712c8 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -17,6 +17,12 @@ NEW FEATURES/CHANGES ==================== +The "ldap ssl ads" option no longer depends on "ldap ssl" option: +----------------------------------------------------------------- +With this release, the "ldap ssl ads" can be set to "yes" even if "ldap ssl" +is off. + + REMOVED FEATURES ================ diff --git a/docs-xml/smbdotconf/ldap/ldapsslads.xml b/docs-xml/smbdotconf/ldap/ldapsslads.xml index 98c39651f1e..f99afe5bbad 100644 --- a/docs-xml/smbdotconf/ldap/ldapsslads.xml +++ b/docs-xml/smbdotconf/ldap/ldapsslads.xml @@ -7,13 +7,10 @@ <para>This option is used to define whether or not Samba should use SSL when connecting to the ldap server using <emphasis>ads</emphasis> methods. - Rpc methods are not affected by this parameter. Please note, that - this parameter won't have any effect if <smbconfoption name="ldap ssl"/> - is set to <parameter>no</parameter>. + Rpc methods are not affected by this parameter. </para> - <para>See <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - for more information on <smbconfoption name="ldap ssl"/>. + <para>See also <smbconfoption name="ldap ssl"/>. </para> </description> diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 878268aebd6..d063f44afbc 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -72,6 +72,7 @@ int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[]); int smbldap_start_tls(LDAP *ldap_struct, int version); +int smbldap_start_tls_start(LDAP *ldap_struct, int version); int smbldap_setup_full_conn(LDAP **ldap_struct, const char *uri); int smbldap_search(struct smbldap_state *ldap_state, const char *base, int scope, const char *filter, diff --git a/source3/lib/ABI/smbldap-2.1.0.sigs b/source3/lib/ABI/smbldap-2.1.0.sigs new file mode 100644 index 00000000000..67dcc9a8a78 --- /dev/null +++ b/source3/lib/ABI/smbldap-2.1.0.sigs @@ -0,0 +1,33 @@ +smbldap_add: int (struct smbldap_state *, const char *, LDAPMod **) +smbldap_delete: int (struct smbldap_state *, const char *) +smbldap_extended_operation: int (struct smbldap_state *, const char *, struct berval *, LDAPControl **, LDAPControl **, char **, struct berval **) +smbldap_free_struct: void (struct smbldap_state **) +smbldap_get_ldap: LDAP *(struct smbldap_state *) +smbldap_get_paged_results: bool (struct smbldap_state *) +smbldap_get_single_attribute: bool (LDAP *, LDAPMessage *, const char *, char *, int) +smbldap_has_control: bool (LDAP *, const char *) +smbldap_has_extension: bool (LDAP *, const char *) +smbldap_has_naming_context: bool (LDAP *, const char *) +smbldap_init: NTSTATUS (TALLOC_CTX *, struct tevent_context *, const char *, bool, const char *, const char *, struct smbldap_state **) +smbldap_make_mod: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const char *) +smbldap_make_mod_blob: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const DATA_BLOB *) +smbldap_modify: int (struct smbldap_state *, const char *, LDAPMod **) +smbldap_pull_sid: bool (LDAP *, LDAPMessage *, const char *, struct dom_sid *) +smbldap_search: int (struct smbldap_state *, const char *, int, const char *, const char **, int, LDAPMessage **) +smbldap_search_paged: int (struct smbldap_state *, const char *, int, const char *, const char **, int, int, LDAPMessage **, void **) +smbldap_search_suffix: int (struct smbldap_state *, const char *, const char **, LDAPMessage **) +smbldap_set_bind_callback: void (struct smbldap_state *, smbldap_bind_callback_fn, void *) +smbldap_set_creds: bool (struct smbldap_state *, bool, const char *, const char *) +smbldap_set_mod: void (LDAPMod ***, int, const char *, const char *) +smbldap_set_mod_blob: void (LDAPMod ***, int, const char *, const DATA_BLOB *) +smbldap_set_paged_results: void (struct smbldap_state *, bool) +smbldap_setup_full_conn: int (LDAP **, const char *) +smbldap_start_tls: int (LDAP *, int) +smbldap_start_tls_start: int (LDAP *, int) +smbldap_talloc_autofree_ldapmod: void (TALLOC_CTX *, LDAPMod **) +smbldap_talloc_autofree_ldapmsg: void (TALLOC_CTX *, LDAPMessage *) +smbldap_talloc_dn: char *(TALLOC_CTX *, LDAP *, LDAPMessage *) +smbldap_talloc_first_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *) +smbldap_talloc_single_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *) +smbldap_talloc_single_blob: bool (TALLOC_CTX *, LDAP *, LDAPMessage *, const char *, DATA_BLOB *) +smbldap_talloc_smallest_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *) diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 34c841f9243..4815dd81fc3 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -598,20 +598,27 @@ static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state) } /******************************************************************** - start TLS on an existing LDAP connection + start TLS on an existing LDAP connection per config *******************************************************************/ int smbldap_start_tls(LDAP *ldap_struct, int version) -{ -#ifdef LDAP_OPT_X_TLS - int rc,tls; -#endif - +{ if (lp_ldap_ssl() != LDAP_SSL_START_TLS) { return LDAP_SUCCESS; } + return smbldap_start_tls_start(ldap_struct, version); +} + +/******************************************************************** + start TLS on an existing LDAP connection unconditionally +*******************************************************************/ + +int smbldap_start_tls_start(LDAP *ldap_struct, int version) +{ #ifdef LDAP_OPT_X_TLS + int rc,tls; + /* check if we use ldaps already */ ldap_get_option(ldap_struct, LDAP_OPT_X_TLS, &tls); if (tls == LDAP_OPT_X_TLS_HARD) { diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 55c9668089d..099a6a2ee1d 100755 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -703,7 +703,7 @@ got_connection: ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version); if ( lp_ldap_ssl_ads() ) { - status = ADS_ERROR(smbldap_start_tls(ads->ldap.ld, version)); + status = ADS_ERROR(smbldap_start_tls_start(ads->ldap.ld, version)); if (!ADS_ERR_OK(status)) { goto out; } diff --git a/source3/wscript_build b/source3/wscript_build index 5a07eddac44..ec8135c302f 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -501,7 +501,7 @@ bld.SAMBA3_LIBRARY('smbldap', abi_directory='lib/ABI', abi_match='smbldap_*', pc_files=[], - vnum='2', + vnum='2.1.0', public_headers='include/smbldap.h include/smb_ldap.h') bld.SAMBA3_LIBRARY('ads', |