Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184
(cherry picked from commit
1958cd8a7fb81ec51b81944ecf4dd0fb5c4208fa)
* attributes, not to be printed in trace messages */
#define LDB_SECRET_ATTRIBUTE_LIST_OPAQUE "LDB_SECRET_ATTRIBUTE_LIST"
+/*
+ * The scheme to be used for referral entries, i.e. ldap or ldaps
+ */
+#define LDAP_REFERRAL_SCHEME_OPAQUE "LDAP_REFERRAL_SCHEME"
+
/*
these function pointers define the operations that a ldb module can intercept
*/
+++ /dev/null
-^samba.ldap.referrals.samba.tests.ldap_referrals.LdapReferralTest.test_ldaps_search
data->partitions[i]->ctrl->dn) == 0) &&
(ldb_dn_compare(req->op.search.base,
data->partitions[i]->ctrl->dn) != 0)) {
- char *ref = talloc_asprintf(ac,
- "ldap://%s/%s%s",
- lpcfg_dnsdomain(lp_ctx),
- ldb_dn_get_linearized(data->partitions[i]->ctrl->dn),
- req->op.search.scope == LDB_SCOPE_ONELEVEL ? "??base" : "");
+ const char *scheme = ldb_get_opaque(
+ ldb, LDAP_REFERRAL_SCHEME_OPAQUE);
+ char *ref = talloc_asprintf(
+ ac,
+ "%s://%s/%s%s",
+ scheme == NULL ? "ldap" : scheme,
+ lpcfg_dnsdomain(lp_ctx),
+ ldb_dn_get_linearized(
+ data->partitions[i]->ctrl->dn),
+ req->op.search.scope ==
+ LDB_SCOPE_ONELEVEL ? "??base" : "");
if (ref == NULL) {
return ldb_oom(ldb);
call->notification.busy = true;
}
+ {
+ const char *scheme = NULL;
+ switch (call->conn->referral_scheme) {
+ case LDAP_REFERRAL_SCHEME_LDAPS:
+ scheme = "ldaps";
+ break;
+ default:
+ scheme = "ldap";
+ }
+ ldb_ret = ldb_set_opaque(
+ samdb,
+ LDAP_REFERRAL_SCHEME_OPAQUE,
+ discard_const_p(char *, scheme));
+ if (ldb_ret != LDB_SUCCESS) {
+ goto reply;
+ }
+ }
+
ldb_set_timeout(samdb, lreq, req->timelimit);
if (!call->conn->is_privileged) {
}
conn->sockets.active = conn->sockets.tls;
+ conn->referral_scheme = LDAP_REFERRAL_SCHEME_LDAPS;
ldapsrv_call_read_next(conn);
}
#include "system/network.h"
#include "lib/param/loadparm.h"
+enum ldap_server_referral_scheme {
+ LDAP_REFERRAL_SCHEME_LDAP,
+ LDAP_REFERRAL_SCHEME_LDAPS
+};
+
struct ldapsrv_connection {
struct ldapsrv_connection *next, *prev;
struct loadparm_context *lp_ctx;
bool is_privileged;
enum ldap_server_require_strong_auth require_strong_auth;
bool authz_logged;
+ enum ldap_server_referral_scheme referral_scheme;
struct {
int initial_timeout;
projects / thirdparty / samba.git / commitdiff
