summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2007-02-13 13:43:23 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:48:09 -0500
commit43a0c615a3f2b8da0baa99090ed0049d13212085 (patch)
treedb32b7c4d60df28091765b8a88f7b59676a289f6 /source4/dsdb/samdb
parent41771deb299d23bb0aabb15d8f1e0858a6ea8d0b (diff)
downloadsamba-43a0c615a3f2b8da0baa99090ed0049d13212085.tar.gz
samba-43a0c615a3f2b8da0baa99090ed0049d13212085.tar.bz2
samba-43a0c615a3f2b8da0baa99090ed0049d13212085.zip
r21315: ldb now supports filters like (&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again
we can use such a filter:-) we should only update the keytab for records matching this filter, that means we need to do a search before calling cli_credentials_set_secrets() metze (This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/update_keytab.c34
1 files changed, 30 insertions, 4 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c
index fa61887bd5..21c9539e91 100644
--- a/source4/dsdb/samdb/ldb_modules/update_keytab.c
+++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c
@@ -45,10 +45,38 @@ struct update_kt_private {
static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delete) {
struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private);
- struct dn_list *item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list);
+ struct dn_list *item;
char *filter;
+ struct ldb_result *res;
+ const char *attrs[] = { NULL };
+ int ret;
NTSTATUS status;
+
+ filter = talloc_asprintf(data, "(&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*)))",
+ ldb_dn_get_linearized(dn));
+ if (!filter) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = ldb_search(module->ldb, dn, LDB_SCOPE_BASE,
+ filter, attrs, &res);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(filter);
+ return ret;
+ }
+
+ if (res->count != 1) {
+ /* if it's not a kerberosSecret then we don't have anything to update */
+ talloc_free(res);
+ talloc_free(filter);
+ return LDB_SUCCESS;
+ }
+ talloc_free(res);
+
+ item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list);
if (!item) {
+ talloc_free(filter);
ldb_oom(module->ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -56,14 +84,12 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delet
item->creds = cli_credentials_init(item);
if (!item->creds) {
DEBUG(1, ("cli_credentials_init failed!"));
+ talloc_free(filter);
ldb_oom(module->ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
cli_credentials_set_conf(item->creds);
-/* filter = talloc_asprintf(item, "(&(&(&(objectClass=kerberosSecret)(privateKeytab=*))(|(secret=*)(ntPwdHash=*)))(distinguishedName=%s))", */
- filter = talloc_asprintf(item, "dn=%s",
- ldb_dn_get_linearized(dn));
status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter);
talloc_free(filter);
if (NT_STATUS_IS_OK(status)) {