diff options
author | Volker Lendecke <vl@samba.org> | 2021-11-03 16:35:00 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2023-04-26 06:27:31 +0000 |
commit | a00af01e656af291a3abf01f05dcc4db51db77d0 (patch) | |
tree | 9fde3e169139b4b19567fdd3ba8611ab59f03857 /source4/ldap_server | |
parent | e88332cbe41e817d74a411332c66f19aee6071e5 (diff) | |
download | samba-a00af01e656af291a3abf01f05dcc4db51db77d0.tar.gz |
ldap_server: Implement the rfc4532 whoami exop
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/ldap_server')
-rw-r--r-- | source4/ldap_server/ldap_extended.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/source4/ldap_server/ldap_extended.c b/source4/ldap_server/ldap_extended.c index ee617ee9b1a..c37c9a9d89a 100644 --- a/source4/ldap_server/ldap_extended.c +++ b/source4/ldap_server/ldap_extended.c @@ -23,6 +23,8 @@ #include "lib/tls/tls.h" #include "samba/service_stream.h" #include "../lib/util/tevent_ntstatus.h" +#include "librpc/gen_ndr/auth.h" +#include "libcli/security/security_token.h" struct ldapsrv_starttls_postprocess_context { struct ldapsrv_connection *conn; @@ -151,11 +153,57 @@ struct ldapsrv_extended_operation { NTSTATUS (*fn)(struct ldapsrv_call *call, struct ldapsrv_reply *reply, const char **errorstr); }; +static NTSTATUS ldapsrv_whoami(struct ldapsrv_call *call, + struct ldapsrv_reply *reply, + const char **errstr) +{ + struct ldapsrv_connection *conn = call->conn; + struct auth_session_info *session_info = conn->session_info; + struct ldap_ExtendedResponse *ext_resp = + &reply->msg->r.ExtendedResponse; + + *errstr = NULL; + + if (!security_token_is_anonymous(session_info->security_token)) { + struct auth_user_info *uinfo = session_info->info; + DATA_BLOB *value = talloc_zero(call, DATA_BLOB); + + if (value == NULL) { + goto nomem; + } + + value->data = (uint8_t *)talloc_asprintf(value, + "u:%s\\%s", + uinfo->domain_name, + uinfo->account_name); + if (value->data == NULL) { + goto nomem; + } + value->length = talloc_get_size(value->data) - 1; + + ext_resp->value = value; + } + + ext_resp->response.resultcode = LDAP_SUCCESS; + ext_resp->response.errormessage = NULL; + + ldapsrv_queue_reply(call, reply); + + return NT_STATUS_OK; +nomem: + return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR); +} + + static struct ldapsrv_extended_operation extended_ops[] = { { .oid = LDB_EXTENDED_START_TLS_OID, .fn = ldapsrv_StartTLS, },{ + .oid = LDB_EXTENDED_WHOAMI_OID, + .fn = ldapsrv_whoami, + }, + { .oid = NULL, .fn = NULL, } |