diff options
author | Stefan Metzmacher <metze@samba.org> | 2007-02-13 13:43:23 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:48:09 -0500 |
commit | 43a0c615a3f2b8da0baa99090ed0049d13212085 (patch) | |
tree | db32b7c4d60df28091765b8a88f7b59676a289f6 /source4/dsdb | |
parent | 41771deb299d23bb0aabb15d8f1e0858a6ea8d0b (diff) | |
download | samba-43a0c615a3f2b8da0baa99090ed0049d13212085.tar.gz samba-43a0c615a3f2b8da0baa99090ed0049d13212085.tar.bz2 samba-43a0c615a3f2b8da0baa99090ed0049d13212085.zip |
r21315: ldb now supports filters like (&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again
we can use such a filter:-)
we should only update the keytab for records matching this filter,
that means we need to do a search before calling cli_credentials_set_secrets()
metze
(This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/update_keytab.c | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index fa61887bd5..21c9539e91 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -45,10 +45,38 @@ struct update_kt_private { static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delete) { struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); - struct dn_list *item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list); + struct dn_list *item; char *filter; + struct ldb_result *res; + const char *attrs[] = { NULL }; + int ret; NTSTATUS status; + + filter = talloc_asprintf(data, "(&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*)))", + ldb_dn_get_linearized(dn)); + if (!filter) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_search(module->ldb, dn, LDB_SCOPE_BASE, + filter, attrs, &res); + if (ret != LDB_SUCCESS) { + talloc_free(filter); + return ret; + } + + if (res->count != 1) { + /* if it's not a kerberosSecret then we don't have anything to update */ + talloc_free(res); + talloc_free(filter); + return LDB_SUCCESS; + } + talloc_free(res); + + item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list); if (!item) { + talloc_free(filter); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -56,14 +84,12 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delet item->creds = cli_credentials_init(item); if (!item->creds) { DEBUG(1, ("cli_credentials_init failed!")); + talloc_free(filter); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } cli_credentials_set_conf(item->creds); -/* filter = talloc_asprintf(item, "(&(&(&(objectClass=kerberosSecret)(privateKeytab=*))(|(secret=*)(ntPwdHash=*)))(distinguishedName=%s))", */ - filter = talloc_asprintf(item, "dn=%s", - ldb_dn_get_linearized(dn)); status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter); talloc_free(filter); if (NT_STATUS_IS_OK(status)) { |