Decouple ldap-ssl-ads from ldap-ssl option

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index cd75f6741c0685437a188a7752753fba695593f5..219afb712c8b1d38592e4f3647e02b8b99d1d9eb 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -17,6 +17,12 @@ NEW FEATURES/CHANGES
 ====================
 
 
+The "ldap ssl ads" option no longer depends on "ldap ssl" option:
+-----------------------------------------------------------------
+With this release, the "ldap ssl ads" can be set to "yes" even if "ldap ssl"
+is off.
+
+
 REMOVED FEATURES
 ================
 

diff --git a/docs-xml/smbdotconf/ldap/ldapsslads.xml b/docs-xml/smbdotconf/ldap/ldapsslads.xml
index 98c39651f1e02c067eeef9234e2c9f7d14f5f054..f99afe5bbadeae67cacc1a1d63cdb9ee2f2adb93 100644 (file)
--- a/docs-xml/smbdotconf/ldap/ldapsslads.xml
+++ b/docs-xml/smbdotconf/ldap/ldapsslads.xml
@@ -7,13 +7,10 @@
        <para>This option is used to define whether or not Samba should
        use SSL when connecting to the ldap server using
        <emphasis>ads</emphasis> methods.
-       Rpc methods are not affected by this parameter. Please note, that
-       this parameter won't have any effect if <smbconfoption name="ldap ssl"/>
-       is set to <parameter>no</parameter>.
+       Rpc methods are not affected by this parameter.
        </para>
 
-       <para>See <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
-       for more information on <smbconfoption name="ldap ssl"/>.
+       <para>See also <smbconfoption name="ldap ssl"/>.
        </para>
 
 </description>

diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index 878268aebd61f0e70e26af6f30f9510244172fdb..d063f44afbca811d89d7eb2bf1c406c8c8aa4977 100644 (file)
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -72,6 +72,7 @@ int smbldap_modify(struct smbldap_state *ldap_state,
                    const char *dn,
                    LDAPMod *attrs[]);
 int smbldap_start_tls(LDAP *ldap_struct, int version);
+int smbldap_start_tls_start(LDAP *ldap_struct, int version);
 int smbldap_setup_full_conn(LDAP **ldap_struct, const char *uri);
 int smbldap_search(struct smbldap_state *ldap_state,
                   const char *base, int scope, const char *filter,

diff --git a/source3/lib/ABI/smbldap-2.1.0.sigs b/source3/lib/ABI/smbldap-2.1.0.sigs
new file mode 100644 (file)
index 0000000..67dcc9a
--- /dev/null
+++ b/source3/lib/ABI/smbldap-2.1.0.sigs
@@ -0,0 +1,33 @@
+smbldap_add: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_delete: int (struct smbldap_state *, const char *)
+smbldap_extended_operation: int (struct smbldap_state *, const char *, struct berval *, LDAPControl **, LDAPControl **, char **, struct berval **)
+smbldap_free_struct: void (struct smbldap_state **)
+smbldap_get_ldap: LDAP *(struct smbldap_state *)
+smbldap_get_paged_results: bool (struct smbldap_state *)
+smbldap_get_single_attribute: bool (LDAP *, LDAPMessage *, const char *, char *, int)
+smbldap_has_control: bool (LDAP *, const char *)
+smbldap_has_extension: bool (LDAP *, const char *)
+smbldap_has_naming_context: bool (LDAP *, const char *)
+smbldap_init: NTSTATUS (TALLOC_CTX *, struct tevent_context *, const char *, bool, const char *, const char *, struct smbldap_state **)
+smbldap_make_mod: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const char *)
+smbldap_make_mod_blob: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const DATA_BLOB *)
+smbldap_modify: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_pull_sid: bool (LDAP *, LDAPMessage *, const char *, struct dom_sid *)
+smbldap_search: int (struct smbldap_state *, const char *, int, const char *, const char **, int, LDAPMessage **)
+smbldap_search_paged: int (struct smbldap_state *, const char *, int, const char *, const char **, int, int, LDAPMessage **, void **)
+smbldap_search_suffix: int (struct smbldap_state *, const char *, const char **, LDAPMessage **)
+smbldap_set_bind_callback: void (struct smbldap_state *, smbldap_bind_callback_fn, void *)
+smbldap_set_creds: bool (struct smbldap_state *, bool, const char *, const char *)
+smbldap_set_mod: void (LDAPMod ***, int, const char *, const char *)
+smbldap_set_mod_blob: void (LDAPMod ***, int, const char *, const DATA_BLOB *)
+smbldap_set_paged_results: void (struct smbldap_state *, bool)
+smbldap_setup_full_conn: int (LDAP **, const char *)
+smbldap_start_tls: int (LDAP *, int)
+smbldap_start_tls_start: int (LDAP *, int)
+smbldap_talloc_autofree_ldapmod: void (TALLOC_CTX *, LDAPMod **)
+smbldap_talloc_autofree_ldapmsg: void (TALLOC_CTX *, LDAPMessage *)
+smbldap_talloc_dn: char *(TALLOC_CTX *, LDAP *, LDAPMessage *)
+smbldap_talloc_first_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_blob: bool (TALLOC_CTX *, LDAP *, LDAPMessage *, const char *, DATA_BLOB *)
+smbldap_talloc_smallest_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)

diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 34c841f92434753096747cbd0488b598ca0f10b3..4815dd81fc38d852a4c21f167a8f2545f075bc8c 100644 (file)
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -598,20 +598,27 @@ static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state)
 }
 
 /********************************************************************
- start TLS on an existing LDAP connection
+ start TLS on an existing LDAP connection per config
 *******************************************************************/
 
 int smbldap_start_tls(LDAP *ldap_struct, int version)
-{ 
-#ifdef LDAP_OPT_X_TLS
-       int rc,tls;
-#endif
-
+{
        if (lp_ldap_ssl() != LDAP_SSL_START_TLS) {
                return LDAP_SUCCESS;
        }
 
+       return smbldap_start_tls_start(ldap_struct, version);
+}
+
+/********************************************************************
+ start TLS on an existing LDAP connection unconditionally
+*******************************************************************/
+
+int smbldap_start_tls_start(LDAP *ldap_struct, int version)
+{
 #ifdef LDAP_OPT_X_TLS
+       int rc,tls;
+
        /* check if we use ldaps already */
        ldap_get_option(ldap_struct, LDAP_OPT_X_TLS, &tls);
        if (tls == LDAP_OPT_X_TLS_HARD) {

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 55c9668089da0be6f6589c3fc1da07b6dfd0488a..099a6a2ee1d07df4d016ef4ac6ff0fd43b4e268b 100755 (executable)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -703,7 +703,7 @@ got_connection:
        ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
 
        if ( lp_ldap_ssl_ads() ) {
-               status = ADS_ERROR(smbldap_start_tls(ads->ldap.ld, version));
+               status = ADS_ERROR(smbldap_start_tls_start(ads->ldap.ld, version));
                if (!ADS_ERR_OK(status)) {
                        goto out;
                }

diff --git a/source3/wscript_build b/source3/wscript_build
index 5a07eddac44e454bd6cec4980f8022815e76a99c..ec8135c302ff27e49b2649ddff9a8d401008ed79 100644 (file)
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -501,7 +501,7 @@ bld.SAMBA3_LIBRARY('smbldap',
                     abi_directory='lib/ABI',
                     abi_match='smbldap_*',
                     pc_files=[],
-                    vnum='2',
+                    vnum='2.1.0',
                     public_headers='include/smbldap.h include/smb_ldap.h')
 
 bld.SAMBA3_LIBRARY('ads',