However, do not plumb it to the client-seen error string, as it could contain server paths.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
/*
connect to the sam database
*/
-NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
+int ldapsrv_backend_Init(struct ldapsrv_connection *conn,
+ char **errstring)
{
- conn->ldb = samdb_connect(conn,
- conn->connection->event.ctx,
- conn->lp_ctx,
- conn->session_info,
- conn->global_catalog ? LDB_FLG_RDONLY : 0);
- if (conn->ldb == NULL) {
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ int ret = samdb_connect_url(conn,
+ conn->connection->event.ctx,
+ conn->lp_ctx,
+ conn->session_info,
+ conn->global_catalog ? LDB_FLG_RDONLY : 0,
+ "sam.ldb", &conn->ldb, errstring);
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
if (conn->server_credentials) {
char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name);
if (!sasl_name) {
- return NT_STATUS_NO_MEMORY;
+ return LDB_ERR_OPERATIONS_ERROR;
}
sasl_mechs = talloc_realloc(conn, sasl_mechs, char *, j + 2);
if (!sasl_mechs) {
- return NT_STATUS_NO_MEMORY;
+ return LDB_ERR_OPERATIONS_ERROR;
}
sasl_mechs[j] = sasl_name;
talloc_steal(sasl_mechs, sasl_name);
ldb_set_opaque(conn->ldb, "remoteAddress",
conn->connection->remote_address);
- return NT_STATUS_OK;
+ return LDB_SUCCESS;
}
struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type)
call,
&session_info);
if (NT_STATUS_IS_OK(status)) {
+ char *ldb_errstring = NULL;
result = LDAP_SUCCESS;
errstr = NULL;
/* don't leak the old LDB */
talloc_unlink(call->conn, call->conn->ldb);
- status = ldapsrv_backend_Init(call->conn);
-
- if (!NT_STATUS_IS_OK(status)) {
- result = LDAP_OPERATIONS_ERROR;
- errstr = talloc_asprintf(reply, "Simple Bind: Failed to advise ldb new credentials: %s", nt_errstr(status));
+ result = ldapsrv_backend_Init(call->conn, &ldb_errstring);
+
+ if (result != LDB_SUCCESS) {
+ /* Only put the detailed error in DEBUG() */
+ DBG_ERR("ldapsrv_backend_Init failed: %s: %s",
+ ldb_errstring, ldb_strerror(result));
+ errstr = talloc_strdup(reply,
+ "Simple Bind: Failed to advise "
+ "ldb new credentials");
+ result = LDB_ERR_OPERATIONS_ERROR;
}
} else {
status = nt_status_squash(status);
NTSTATUS status;
int result;
const char *errstr = NULL;
+ char *ldb_errstring = NULL;
DATA_BLOB output = data_blob_null;
status = gensec_update_recv(subreq, call, &output);
call->conn->authz_logged = true;
- status = ldapsrv_backend_Init(conn);
+ result = ldapsrv_backend_Init(call->conn, &ldb_errstring);
- if (!NT_STATUS_IS_OK(status)) {
- result = LDAP_OPERATIONS_ERROR;
- errstr = talloc_asprintf(reply,
- "SASL:[%s]: Failed to advise samdb of new credentials: %s",
- req->creds.SASL.mechanism,
- nt_errstr(status));
- goto do_reply;
+ if (result != LDB_SUCCESS) {
+ /* Only put the detailed error in DEBUG() */
+ DBG_ERR("ldapsrv_backend_Init failed: %s: %s",
+ ldb_errstring, ldb_strerror(result));
+ errstr = talloc_strdup(reply,
+ "SASL Bind: Failed to advise "
+ "ldb new credentials");
+ result = LDB_ERR_OPERATIONS_ERROR;
}
if (context != NULL) {
int ret;
struct tevent_req *subreq;
struct timeval endtime;
+ char *errstring = NULL;
conn = talloc_zero(c, struct ldapsrv_connection);
if (!conn) {
conn->require_strong_auth = lpcfg_ldap_server_require_strong_auth(conn->lp_ctx);
}
- if (!NT_STATUS_IS_OK(ldapsrv_backend_Init(conn))) {
- ldapsrv_terminate_connection(conn, "backend Init failed");
+ ret = ldapsrv_backend_Init(conn, &errstring);
+ if (ret != LDB_SUCCESS) {
+ char *reason = talloc_asprintf(conn,
+ "LDB backend for LDAP Init "
+ "failed: %s: %s",
+ errstring, ldb_strerror(ret));
+ ldapsrv_terminate_connection(conn, reason);
return;
}
git.samba.org / sfrench / samba-autobuild / .git / commitdiff