summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-02-20 11:44:41 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-02-20 17:58:07 +1100
commita9d9447d5a448e13d4373c3c4b48f0edd49dc38a (patch)
tree3b7b54d9bae10efa5481672b081660e3f7c0ef0a /source4/dsdb/samdb
parentda1970c0ff4cd3556102e9357b2e0cf65728c8d6 (diff)
downloadsamba-a9d9447d5a448e13d4373c3c4b48f0edd49dc38a.tar.gz
samba-a9d9447d5a448e13d4373c3c4b48f0edd49dc38a.tar.bz2
samba-a9d9447d5a448e13d4373c3c4b48f0edd49dc38a.zip
s4:credentials Add hooks to extract a named Kerberos credentials cache
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/update_keytab.c3
-rw-r--r--source4/dsdb/samdb/samdb.c4
2 files changed, 5 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c
index f08600ea32..620c047cd1 100644
--- a/source4/dsdb/samdb/ldb_modules/update_keytab.c
+++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c
@@ -81,6 +81,7 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool do_de
struct update_kt_private *data = talloc_get_type(ldb_module_get_private(module), struct update_kt_private);
struct dn_list *item;
char *filter;
+ char *errstring;
struct ldb_result *res;
const char *attrs[] = { NULL };
int ret;
@@ -124,7 +125,7 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool do_de
}
cli_credentials_set_conf(item->creds, ldb_get_opaque(ldb, "loadparm"));
- status = cli_credentials_set_secrets(item->creds, ldb_get_event_context(ldb), ldb_get_opaque(ldb, "loadparm"), ldb, NULL, filter);
+ status = cli_credentials_set_secrets(item->creds, ldb_get_event_context(ldb), ldb_get_opaque(ldb, "loadparm"), ldb, NULL, filter, &errstring);
talloc_free(filter);
if (NT_STATUS_IS_OK(status)) {
if (do_delete) {
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 0ccceddf6b..2232e436d2 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -86,6 +86,7 @@ struct cli_credentials *samdb_credentials(struct tevent_context *event_ctx,
{
static struct cli_credentials *static_credentials;
struct cli_credentials *cred;
+ char *error_string;
if (static_credentials) {
return static_credentials;
@@ -103,7 +104,8 @@ struct cli_credentials *samdb_credentials(struct tevent_context *event_ctx,
cli_credentials_set_kerberos_state(cred, CRED_DONT_USE_KERBEROS);
if (!NT_STATUS_IS_OK(cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL, NULL,
- SECRETS_LDAP_FILTER))) {
+ SECRETS_LDAP_FILTER, &error_string))) {
+ DEBUG(5, ("(normal if no LDAP backend) %s", error_string));
/* Perfectly OK - if not against an LDAP backend */
talloc_free(cred);
return NULL;