diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-02-20 11:44:41 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-02-20 17:58:07 +1100 |
| commit | a9d9447d5a448e13d4373c3c4b48f0edd49dc38a (patch) | |
| tree | 3b7b54d9bae10efa5481672b081660e3f7c0ef0a /source4/dsdb | |
| parent | da1970c0ff4cd3556102e9357b2e0cf65728c8d6 (diff) | |
| download | samba-a9d9447d5a448e13d4373c3c4b48f0edd49dc38a.tar.gz samba-a9d9447d5a448e13d4373c3c4b48f0edd49dc38a.tar.bz2 samba-a9d9447d5a448e13d4373c3c4b48f0edd49dc38a.zip | |
s4:credentials Add hooks to extract a named Kerberos credentials cache
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.
The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.
Andrew Bartlett
Diffstat (limited to 'source4/dsdb')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/update_keytab.c | 3 | ||||
| -rw-r--r-- | source4/dsdb/samdb/samdb.c | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index f08600ea32..620c047cd1 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -81,6 +81,7 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool do_de struct update_kt_private *data = talloc_get_type(ldb_module_get_private(module), struct update_kt_private); struct dn_list *item; char *filter; + char *errstring; struct ldb_result *res; const char *attrs[] = { NULL }; int ret; @@ -124,7 +125,7 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool do_de } cli_credentials_set_conf(item->creds, ldb_get_opaque(ldb, "loadparm")); - status = cli_credentials_set_secrets(item->creds, ldb_get_event_context(ldb), ldb_get_opaque(ldb, "loadparm"), ldb, NULL, filter); + status = cli_credentials_set_secrets(item->creds, ldb_get_event_context(ldb), ldb_get_opaque(ldb, "loadparm"), ldb, NULL, filter, &errstring); talloc_free(filter); if (NT_STATUS_IS_OK(status)) { if (do_delete) { diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 0ccceddf6b..2232e436d2 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -86,6 +86,7 @@ struct cli_credentials *samdb_credentials(struct tevent_context *event_ctx, { static struct cli_credentials *static_credentials; struct cli_credentials *cred; + char *error_string; if (static_credentials) { return static_credentials; @@ -103,7 +104,8 @@ struct cli_credentials *samdb_credentials(struct tevent_context *event_ctx, cli_credentials_set_kerberos_state(cred, CRED_DONT_USE_KERBEROS); if (!NT_STATUS_IS_OK(cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL, NULL, - SECRETS_LDAP_FILTER))) { + SECRETS_LDAP_FILTER, &error_string))) { + DEBUG(5, ("(normal if no LDAP backend) %s", error_string)); /* Perfectly OK - if not against an LDAP backend */ talloc_free(cred); return NULL; |