s3-smbldap: extend smbldap_init() with binddn/bindsecret arguments.

Guenther

diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index f7f0de19c8fc069210238c51fc71274e9e96b7f9..d8f12bc373ce011d9c068e94a186b495cc382f52 100644 (file)
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -32,8 +32,11 @@ struct smbldap_state;
 
 NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx,
                      struct tevent_context *tevent_ctx,
-                      const char *location,
-                      struct smbldap_state **smbldap_state);
+                     const char *location,
+                     bool anon,
+                     const char *bind_dn,
+                     const char *bind_secret,
+                     struct smbldap_state **smbldap_state);
 
 void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value);
 void smbldap_set_mod_blob(LDAPMod *** modlist, int modop, const char *attribute, const DATA_BLOB *newblob);

diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index ea21ed6b4b83ca30a3c439fc27bb56c5001f64ed..5a1ba09ff13afd57664eae6d420033910dfb5646 100644 (file)
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -1703,6 +1703,9 @@ static int smbldap_state_destructor(struct smbldap_state *state)
 
 NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct tevent_context *tevent_ctx,
                      const char *location,
+                     bool anon,
+                     const char *bind_dn,
+                     const char *bind_secret,
                      struct smbldap_state **smbldap_state)
 {
        *smbldap_state = talloc_zero(mem_ctx, struct smbldap_state);

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 701b74609b5ee899da9f754d45207c57fee7bb53..49eb3e12fa3b544dc6e6e0617d8fe7f6175f328b 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -6447,6 +6447,8 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c
 {
        NTSTATUS nt_status;
        struct ldapsam_privates *ldap_state;
+       char *bind_dn = NULL;
+       char *bind_secret = NULL;
 
        if (!NT_STATUS_IS_OK(nt_status = make_pdb_method( pdb_method ))) {
                return nt_status;
@@ -6489,9 +6491,17 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c
                return NT_STATUS_NO_MEMORY;
        }
 
-       nt_status = smbldap_init(*pdb_method, pdb_get_tevent_context(),
-                                location, &ldap_state->smbldap_state);
+       if (!fetch_ldap_pw(&bind_dn, &bind_secret)) {
+               DEBUG(0, ("pdb_init_ldapsam_common: Failed to retrieve LDAP password from secrets.tdb\n"));
+               return NT_STATUS_NO_MEMORY;
+       }
 
+       nt_status = smbldap_init(*pdb_method, pdb_get_tevent_context(),
+                                location, false, bind_dn, bind_secret,
+                                &ldap_state->smbldap_state);
+       memset(bind_secret, '\0', strlen(bind_secret));
+       SAFE_FREE(bind_secret);
+       SAFE_FREE(bind_dn);
        if ( !NT_STATUS_IS_OK(nt_status) ) {
                return nt_status;
        }

diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 7798fbb9080492eba65ff54fc48b7aae6a46d835..7163e663f87e0294baeae53408ef38df300d7940 100644 (file)
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -29,6 +29,7 @@
 #include "passdb/pdb_ldap_util.h"
 #include "passdb/pdb_ldap_schema.h"
 #include "lib/privileges.h"
+#include "secrets.h"
 
 /*
  * Set a user's data
@@ -1591,6 +1592,9 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
        struct samu *samuser;
        struct passwd *pwd;
        bool is_ipa = false;
+       char *bind_dn = NULL;
+       char *bind_secret = NULL;
+       NTSTATUS status;
 
        if (c->display_usage) {
                d_printf(  "%s\n"
@@ -1645,7 +1649,18 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
                goto failed;
        }
 
-       if (!NT_STATUS_IS_OK(smbldap_init(tc, NULL, ldap_uri, &state))) {
+       if (!fetch_ldap_pw(&bind_dn, &bind_secret)) {
+               d_fprintf(stderr, _("Failed to retrieve LDAP password from secrets.tdb\n"));
+               goto failed;
+       }
+
+       status = smbldap_init(tc, NULL, ldap_uri, false, bind_dn, bind_secret, &state);
+
+       memset(bind_secret, '\0', strlen(bind_secret));
+       SAFE_FREE(bind_secret);
+       SAFE_FREE(bind_dn);
+
+       if (!NT_STATUS_IS_OK(status)) {
                d_fprintf(stderr, _("Unable to connect to the LDAP server.\n"));
                goto failed;
        }

diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 5246cd35955f694541e356fd9b5b88afd3a62cee..4f1dc8c7f4e9fde4258001f593ddac7a43b0f805 100644 (file)
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -488,8 +488,10 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom)
        ctx->rw_ops->get_new_id = idmap_ldap_allocate_id_internal;
        ctx->rw_ops->set_mapping = idmap_ldap_set_mapping;
 
+       /* get_credentials deals with setting up creds */
+
        ret = smbldap_init(ctx, winbind_event_context(), ctx->url,
-                          &ctx->smbldap_state);
+                          false, NULL, NULL, &ctx->smbldap_state);
        if (!NT_STATUS_IS_OK(ret)) {
                DEBUG(1, ("ERROR: smbldap_init (%s) failed!\n", ctx->url));
                goto done;