diff options
author | Christof Schmitt <cs@samba.org> | 2020-07-22 11:18:20 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2020-09-10 23:19:56 +0000 |
commit | 53a368c58d006e50309127dd1e1c5adde47368bb (patch) | |
tree | 6daada3703209bd2232edb658f33481e0ffb66f8 /source3/winbindd/idmap_ad.c | |
parent | 21de9077a52d4f0ff6e85710d26e971e2d3866d4 (diff) | |
download | samba-53a368c58d006e50309127dd1e1c5adde47368bb.tar.gz |
idmap_ad: Honor "client ldap sasl wrapping" config setting
Instead of hard-coding SIGN and SEAL for the connections from this idmap
module, query the desired wrapping from "client ldap sasl wrapping".
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 10 23:19:56 UTC 2020 on sn-devel-184
Diffstat (limited to 'source3/winbindd/idmap_ad.c')
-rw-r--r-- | source3/winbindd/idmap_ad.c | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index bd5add9aca2..0595a7b270a 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -290,6 +290,30 @@ static void PRINTF_ATTRIBUTE(3, 0) idmap_ad_tldap_debug( } } +static uint32_t gensec_features_from_ldap_sasl_wrapping(void) +{ + int wrap_flags; + uint32_t gensec_features = 0; + + wrap_flags = lp_client_ldap_sasl_wrapping(); + if (wrap_flags == -1) { + wrap_flags = 0; + } + + if (wrap_flags & ADS_AUTH_SASL_SEAL) { + gensec_features |= GENSEC_FEATURE_SEAL; + } + if (wrap_flags & ADS_AUTH_SASL_SIGN) { + gensec_features |= GENSEC_FEATURE_SIGN; + } + + if (gensec_features != 0) { + gensec_features |= GENSEC_FEATURE_LDAP_STYLE; + } + + return gensec_features; +} + static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx, const char *domname, struct tldap_context **pld) @@ -299,6 +323,7 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx, struct cli_credentials *creds; struct loadparm_context *lp_ctx; struct tldap_context *ld; + uint32_t gensec_features = gensec_features_from_ldap_sasl_wrapping(); int fd; NTSTATUS status; bool ok; @@ -368,7 +393,7 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx, } rc = tldap_gensec_bind(ld, creds, "ldap", dcinfo->dc_unc, NULL, lp_ctx, - GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL); + gensec_features); if (!TLDAP_RC_IS_SUCCESS(rc)) { DBG_DEBUG("tldap_gensec_bind failed: %s\n", tldap_errstr(dcinfo, ld, rc)); |