diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-01-03 00:10:15 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:49:38 -0500 |
commit | bedfb063268f70e66f16fdd0e9bdd29d176a0634 (patch) | |
tree | e0c95df8e681ed6b579c5f2fdd8ae470a656f1f8 | |
parent | d26d130aa4d7907327cded4d6914fb1a0dbdbd1d (diff) | |
download | samba-bedfb063268f70e66f16fdd0e9bdd29d176a0634.tar.gz samba-bedfb063268f70e66f16fdd0e9bdd29d176a0634.tar.bz2 samba-bedfb063268f70e66f16fdd0e9bdd29d176a0634.zip |
r12686: Push the real SASL list into the rootdse.
Get this out of the server credentials, and push it down to ldb via an
opaque pointer.
Andrew Bartlett
(This used to be commit 61700252e05e0be6b4ffa72ffc24a95c665597e3)
-rw-r--r-- | source4/ldap_server/ldap_bind.c | 17 | ||||
-rw-r--r-- | source4/ldap_server/ldap_server.c | 20 | ||||
-rw-r--r-- | source4/ldap_server/ldap_server.h | 1 | ||||
-rw-r--r-- | source4/ldap_server/ldap_simple_ldb.c | 3 | ||||
-rw-r--r-- | source4/setup/provision_init.ldif | 1 |
5 files changed, 25 insertions, 17 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index beaf3da46c..feb36135a8 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -115,22 +115,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) gensec_set_target_service(call->conn->gensec, "ldap"); - server_credentials - = cli_credentials_init(call); - if (!server_credentials) { - DEBUG(1, ("Failed to init server credentials\n")); - return NT_STATUS_NO_MEMORY; - } - - cli_credentials_set_conf(server_credentials); - status = cli_credentials_set_machine_account(server_credentials); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); - talloc_free(server_credentials); - server_credentials = NULL; - } - - gensec_set_credentials(call->conn->gensec, server_credentials); + gensec_set_credentials(call->conn->gensec, call->conn->server_credentials); gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SIGN); gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SEAL); diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index ba72326084..26bb2402e8 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -267,6 +267,8 @@ static void ldapsrv_accept(struct stream_connection *c) struct ldapsrv_service *ldapsrv_service = talloc_get_type(c->private, struct ldapsrv_service); struct ldapsrv_connection *conn; + struct cli_credentials *server_credentials; + NTSTATUS status; int port; conn = talloc_zero(c, struct ldapsrv_connection); @@ -279,6 +281,24 @@ static void ldapsrv_accept(struct stream_connection *c) conn->packet = NULL; conn->connection = c; conn->service = ldapsrv_service; + + server_credentials + = cli_credentials_init(conn); + if (!server_credentials) { + stream_terminate_connection(c, "Failed to init server credentials\n"); + talloc_free(conn); + return; + } + + cli_credentials_set_conf(server_credentials); + status = cli_credentials_set_machine_account(server_credentials); + if (!NT_STATUS_IS_OK(status)) { + stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); + talloc_free(conn); + return; + } + conn->server_credentials = server_credentials; + c->private = conn; port = socket_get_my_port(c->socket); diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h index a2039fe7f1..d25f52bf4e 100644 --- a/source4/ldap_server/ldap_server.h +++ b/source4/ldap_server/ldap_server.h @@ -29,6 +29,7 @@ struct ldapsrv_connection { struct tls_context *tls; struct ldapsrv_partition *default_partition; struct ldapsrv_partition *partitions; + struct cli_credentials *server_credentials; /* are we using gensec wrapping? */ BOOL enable_wrap; diff --git a/source4/ldap_server/ldap_simple_ldb.c b/source4/ldap_server/ldap_simple_ldb.c index 6fd6020988..0421bb42ab 100644 --- a/source4/ldap_server/ldap_simple_ldb.c +++ b/source4/ldap_server/ldap_simple_ldb.c @@ -64,6 +64,9 @@ NTSTATUS sldb_Init(struct ldapsrv_partition *partition, struct ldapsrv_connectio talloc_steal(partition, ldb); partition->private = ldb; talloc_free(mem_ctx); + + ldb_set_opaque(ldb, "server_credentials", conn->server_credentials); + return NT_STATUS_OK; } diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index ff6b1def19..99bbc01acf 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -58,7 +58,6 @@ rootDomainNamingContext: ${BASEDN} configurationNamingContext: CN=Configuration,${BASEDN} schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} supportedLDAPVersion: 3 -supportedSASLMechanisms: GSS-SPNEGO dnsHostName: ${DNSNAME} ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} |