diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-10-07 11:31:45 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:39:32 -0500 |
commit | 1377cca5f4beb43cf67fcc65eed79f14178d6349 (patch) | |
tree | 79a693899d0c1377e4009e4088018bc561ea9af4 /source4/dsdb/samdb | |
parent | 5158636aff545de3115e747b53ce68f753151bd7 (diff) | |
download | samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.tar.gz samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.tar.bz2 samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.zip |
r10810: This adds the hooks required to communicate the current user from the
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r-- | source4/dsdb/samdb/samdb.c | 9 | ||||
-rw-r--r-- | source4/dsdb/samdb/samdb_privilege.c | 16 |
2 files changed, 21 insertions, 4 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 717b72ded2..93cf6f4b8d 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -32,9 +32,14 @@ connect to the SAM database return an opaque context pointer on success, or NULL on failure */ -struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx) +struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx, struct auth_session_info *session_info) { - return ldb_wrap_connect(mem_ctx, lp_sam_url(), 0, NULL); + struct ldb_context *ldb; + ldb = ldb_wrap_connect(mem_ctx, lp_sam_url(), 0, NULL); + if (ldb_set_opaque(ldb, "sessionInfo", session_info)) { + return NULL; + } + return ldb; } /* diff --git a/source4/dsdb/samdb/samdb_privilege.c b/source4/dsdb/samdb/samdb_privilege.c index 059d612225..55dfef04aa 100644 --- a/source4/dsdb/samdb/samdb_privilege.c +++ b/source4/dsdb/samdb/samdb_privilege.c @@ -75,11 +75,23 @@ static NTSTATUS samdb_privilege_setup_sid(void *samctx, TALLOC_CTX *mem_ctx, NTSTATUS samdb_privilege_setup(struct security_token *token) { void *samctx; - TALLOC_CTX *mem_ctx = talloc_new(token); + TALLOC_CTX *mem_ctx; int i; NTSTATUS status; - samctx = samdb_connect(mem_ctx); + /* Shortcuts to prevent recursion and avoid lookups */ + if (is_system_token(token)) { + token->privilege_mask = ~0; + return NT_STATUS_OK; + } + + if (is_anonymous_token(token)) { + token->privilege_mask = 0; + return NT_STATUS_OK; + } + + mem_ctx = talloc_new(token); + samctx = samdb_connect(mem_ctx, system_session(mem_ctx)); if (samctx == NULL) { talloc_free(mem_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; |