From: Jo Sutton <josutton@catalyst.net.nz>
Date: Tue, 16 Apr 2024 02:27:41 +0000 (+1200)
Subject: s4:ldap_server: Add copy of non‐privileged ops specifically for ldapi connections
X-Git-Tag: samba-4.20.8~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=018bb7bbbc7caa4fbc1093d0e7fd6719c49de737;p=thirdparty%2Fsamba.git

s4:ldap_server: Add copy of non‐privileged ops specifically for ldapi connections

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c2378d0c6f3e2f6b10902dc40b4a28c1dc788042)
---

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index dfa4fa36736..1246f0e0776 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -1150,6 +1150,30 @@ static const struct stream_server_ops ldap_stream_nonpriv_ops = {
 	.send_handler		= ldapsrv_send,
 };
 
+static void ldapsrv_accept_nonpriv_ldapi(struct stream_connection *c)
+{
+	struct ldapsrv_service *ldapsrv_service = talloc_get_type_abort(
+		c->private_data, struct ldapsrv_service);
+	struct auth_session_info *session_info;
+	NTSTATUS status;
+
+	status = auth_anonymous_session_info(
+		c, ldapsrv_service->lp_ctx, &session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		stream_terminate_connection(c, "failed to setup anonymous "
+					    "session info");
+		return;
+	}
+	ldapsrv_accept(c, session_info, false);
+}
+
+static const struct stream_server_ops ldapi_stream_nonpriv_ops = {
+	.name			= "ldap",
+	.accept_connection	= ldapsrv_accept_nonpriv_ldapi,
+	.recv_handler		= ldapsrv_recv,
+	.send_handler		= ldapsrv_send,
+};
+
 /* The feature removed behind an #ifdef until we can do it properly
  * with an EXTERNAL bind. */
 
@@ -1490,7 +1514,7 @@ static NTSTATUS ldapsrv_task_init(struct task_server *task)
 	}
 
 	status = stream_setup_socket(task, task->event_ctx, task->lp_ctx,
-				     task->model_ops, &ldap_stream_nonpriv_ops,
+				     task->model_ops, &ldapi_stream_nonpriv_ops,
 				     "unix", ldapi_path, NULL,
 				     lpcfg_socket_options(task->lp_ctx),
 				     ldap_service, task->process_context);