diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-10-07 11:31:45 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:39:32 -0500 |
| commit | 1377cca5f4beb43cf67fcc65eed79f14178d6349 (patch) | |
| tree | 79a693899d0c1377e4009e4088018bc561ea9af4 /source4/ldap_server/ldap_server.c | |
| parent | 5158636aff545de3115e747b53ce68f753151bd7 (diff) | |
| download | samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.tar.gz samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.tar.bz2 samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.zip | |
r10810: This adds the hooks required to communicate the current user from the
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
Diffstat (limited to 'source4/ldap_server/ldap_server.c')
| -rw-r--r-- | source4/ldap_server/ldap_server.c | 62 |
1 files changed, 38 insertions, 24 deletions
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 83ce059756..dac7feecfb 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -356,6 +356,8 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) */ static void ldapsrv_accept(struct stream_connection *c) { + struct ldapsrv_partition *rootDSE_part; + struct ldapsrv_partition *part; struct ldapsrv_service *ldapsrv_service = talloc_get_type(c->private, struct ldapsrv_service); struct ldapsrv_connection *conn; @@ -386,6 +388,42 @@ static void ldapsrv_accept(struct stream_connection *c) return; } + /* Connections start out anonymous */ + if (!NT_STATUS_IS_OK(auth_anonymous_session_info(conn, &conn->session_info))) { + ldapsrv_terminate_connection(conn, "failed to setup anonymous session info"); + return; + } + + rootDSE_part = talloc(conn, struct ldapsrv_partition); + if (rootDSE_part == NULL) { + ldapsrv_terminate_connection(conn, "talloc failed"); + return; + } + + rootDSE_part->base_dn = ""; /* RootDSE */ + rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops(); + if (!NT_STATUS_IS_OK(rootDSE_part->ops->Init(rootDSE_part, conn))) { + ldapsrv_terminate_connection(conn, "rootDSE Init failed"); + } + + conn->rootDSE = rootDSE_part; + DLIST_ADD_END(conn->partitions, rootDSE_part, struct ldapsrv_partition *); + + part = talloc(conn, struct ldapsrv_partition); + if (part == NULL) { + ldapsrv_terminate_connection(conn, "talloc failed"); + return; + } + + part->base_dn = "*"; /* default partition */ + part->ops = ldapsrv_get_sldb_partition_ops(); + if (!NT_STATUS_IS_OK(part->ops->Init(part, conn))) { + ldapsrv_terminate_connection(conn, "default partition Init failed"); + } + + conn->default_partition = part; + DLIST_ADD_END(conn->partitions, part, struct ldapsrv_partition *); + irpc_add_name(c->msg_ctx, "ldap_server"); } @@ -433,8 +471,6 @@ static NTSTATUS add_socket(struct event_context *event_context, static void ldapsrv_task_init(struct task_server *task) { struct ldapsrv_service *ldap_service; - struct ldapsrv_partition *rootDSE_part; - struct ldapsrv_partition *part; NTSTATUS status; ldap_service = talloc_zero(task, struct ldapsrv_service); @@ -443,28 +479,6 @@ static void ldapsrv_task_init(struct task_server *task) ldap_service->tls_params = tls_initialise(ldap_service); if (ldap_service->tls_params == NULL) goto failed; - rootDSE_part = talloc(ldap_service, struct ldapsrv_partition); - if (rootDSE_part == NULL) goto failed; - - rootDSE_part->base_dn = ""; /* RootDSE */ - rootDSE_part->ops = ldapsrv_get_rootdse_partition_ops(); - - ldap_service->rootDSE = rootDSE_part; - DLIST_ADD_END(ldap_service->partitions, rootDSE_part, struct ldapsrv_partition *); - - part = talloc(ldap_service, struct ldapsrv_partition); - if (part == NULL) goto failed; - - part->base_dn = "*"; /* default partition */ - if (lp_parm_bool(-1, "ldapsrv", "hacked", False)) { - part->ops = ldapsrv_get_hldb_partition_ops(); - } else { - part->ops = ldapsrv_get_sldb_partition_ops(); - } - - ldap_service->default_partition = part; - DLIST_ADD_END(ldap_service->partitions, part, struct ldapsrv_partition *); - if (lp_interfaces() && lp_bind_interfaces_only()) { int num_interfaces = iface_count(); int i; |