ldap_server remove ldapi privileged socket.

Access to LDAP should be via authenticated ldapi:// or direct access
to the ldb files for access without authentication.

Andrew Bartlett

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 67fe18330f47456cc54fe91d9d4ef45399c7f48d..0b6daa4249ed135fd57701936db50b456e242e9a 100644 (file)
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -768,37 +768,6 @@ static const struct stream_server_ops ldap_stream_nonpriv_ops = {
        .send_handler           = ldapsrv_send,
 };
 
-/* The feature removed behind an #ifdef until we can do it properly
- * with an EXTERNAL bind. */
-
-#define WITH_LDAPI_PRIV_SOCKET
-
-#ifdef WITH_LDAPI_PRIV_SOCKET
-static void ldapsrv_accept_priv(struct stream_connection *c)
-{
-       struct ldapsrv_service *ldapsrv_service = talloc_get_type_abort(
-               c->private_data, struct ldapsrv_service);
-       struct auth_session_info *session_info;
-
-       session_info = system_session(ldapsrv_service->task->lp_ctx);
-       if (!session_info) {
-               stream_terminate_connection(c, "failed to setup system "
-                                           "session info");
-               return;
-       }
-       ldapsrv_accept(c, session_info);
-}
-
-static const struct stream_server_ops ldap_stream_priv_ops = {
-       .name                   = "ldap",
-       .accept_connection      = ldapsrv_accept_priv,
-       .recv_handler           = ldapsrv_recv,
-       .send_handler           = ldapsrv_send,
-};
-
-#endif
-
-
 /*
   add a socket address to the list of events, one event per port
 */
@@ -873,9 +842,6 @@ static NTSTATUS add_socket(struct task_server *task,
 static void ldapsrv_task_init(struct task_server *task)
 {      
        char *ldapi_path;
-#ifdef WITH_LDAPI_PRIV_SOCKET
-       char *priv_dir;
-#endif
        const char *dns_host_name;
        struct ldapsrv_service *ldap_service;
        NTSTATUS status;
@@ -968,38 +934,6 @@ static void ldapsrv_task_init(struct task_server *task)
                         ldapi_path, nt_errstr(status)));
        }
 
-#ifdef WITH_LDAPI_PRIV_SOCKET
-       priv_dir = private_path(ldap_service, task->lp_ctx, "ldap_priv");
-       if (priv_dir == NULL) {
-               goto failed;
-       }
-       /*
-        * Make sure the directory for the privileged ldapi socket exists, and
-        * is of the correct permissions
-        */
-       if (!directory_create_or_exist(priv_dir, geteuid(), 0750)) {
-               task_server_terminate(task, "Cannot create ldap "
-                                     "privileged ldapi directory", true);
-               return;
-       }
-       ldapi_path = talloc_asprintf(ldap_service, "%s/ldapi", priv_dir);
-       talloc_free(priv_dir);
-       if (ldapi_path == NULL) {
-               goto failed;
-       }
-
-       status = stream_setup_socket(task, task->event_ctx, task->lp_ctx,
-                                    model_ops, &ldap_stream_priv_ops,
-                                    "unix", ldapi_path, NULL,
-                                    lpcfg_socket_options(task->lp_ctx),
-                                    ldap_service);
-       talloc_free(ldapi_path);
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0,("ldapsrv failed to bind to %s - %s\n",
-                        ldapi_path, nt_errstr(status)));
-       }
-
-#endif
        return;
 
 failed: