summaryrefslogtreecommitdiff
path: root/source4/lib/ldb
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-09-30 23:46:41 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:39:16 -0500
commita788d01b871a7e5813ac3934bcb0ba33fe711aa2 (patch)
tree3bc9080afbf1878800d327234e8283f12fdc0824 /source4/lib/ldb
parentb1ee0c2fa4c4e0a044694a03002dbe320ec8977e (diff)
downloadsamba-a788d01b871a7e5813ac3934bcb0ba33fe711aa2.tar.gz
samba-a788d01b871a7e5813ac3934bcb0ba33fe711aa2.tar.bz2
samba-a788d01b871a7e5813ac3934bcb0ba33fe711aa2.zip
r10666: - reverse the ildap ldb backend so tree based searches go through
directly, and expression based searches are converted to trees. This makes for less conversions. - allow the caller to supply a set of credentials via the ldb opaque name 'credentials'. I will be using this in my ldb proxy module. (This used to be commit af24f3d7faac6ef74feef73a23345d8c484da07c)
Diffstat (limited to 'source4/lib/ldb')
-rw-r--r--source4/lib/ldb/ldb_ildap/ldb_ildap.c50
1 files changed, 28 insertions, 22 deletions
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index 499ce054d0..5ea49a8216 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -125,11 +125,11 @@ static int ildb_delete(struct ldb_module *module, const struct ldb_dn *dn)
static void ildb_rootdse(struct ldb_module *module);
/*
- search for matching records
+ search for matching records using a ldb_parse_tree
*/
-static int ildb_search(struct ldb_module *module, const struct ldb_dn *base,
- enum ldb_scope scope, const char *expression,
- const char * const *attrs, struct ldb_message ***res)
+static int ildb_search_bytree(struct ldb_module *module, const struct ldb_dn *base,
+ enum ldb_scope scope, struct ldb_parse_tree *tree,
+ const char * const *attrs, struct ldb_message ***res)
{
struct ildb_private *ildb = module->private_data;
int count, i;
@@ -158,12 +158,8 @@ static int ildb_search(struct ldb_module *module, const struct ldb_dn *base,
return -1;
}
- if (expression == NULL || expression[0] == '\0') {
- expression = "objectClass=*";
- }
-
- ildb->last_rc = ildap_search(ildb->ldap, search_base, scope, expression, attrs,
- 0, &ldapres);
+ ildb->last_rc = ildap_search_bytree(ildb->ldap, search_base, scope, tree, attrs,
+ 0, &ldapres);
talloc_free(search_base);
if (!NT_STATUS_IS_OK(ildb->last_rc)) {
ldb_set_errstring(module, talloc_strdup(module, ldap_errstr(ildb->ldap, ildb->last_rc)));
@@ -217,22 +213,25 @@ failed:
/*
- search for matching records using a ldb_parse_tree
+ search for matching records
*/
-static int ildb_search_bytree(struct ldb_module *module, const struct ldb_dn *base,
- enum ldb_scope scope, struct ldb_parse_tree *tree,
- const char * const *attrs, struct ldb_message ***res)
+static int ildb_search(struct ldb_module *module, const struct ldb_dn *base,
+ enum ldb_scope scope, const char *expression,
+ const char * const *attrs, struct ldb_message ***res)
{
struct ildb_private *ildb = module->private_data;
- char *expression;
int ret;
+ struct ldb_parse_tree *tree;
- expression = ldb_filter_from_tree(ildb, tree);
- if (expression == NULL) {
- return -1;
+ if (expression == NULL || expression[0] == '\0') {
+ expression = "objectClass=*";
}
- ret = ildb_search(module, base, scope, expression, attrs, res);
- talloc_free(expression);
+
+ tree = ldb_parse_tree(ildb, expression);
+
+ ret = ildb_search_bytree(module, base, scope, tree, attrs, res);
+
+ talloc_free(tree);
return ret;
}
@@ -428,6 +427,7 @@ int ildb_connect(struct ldb_context *ldb, const char *url,
{
struct ildb_private *ildb = NULL;
NTSTATUS status;
+ struct cli_credentials *creds;
ildb = talloc(ldb, struct ildb_private);
if (!ildb) {
@@ -460,8 +460,14 @@ int ildb_connect(struct ldb_context *ldb, const char *url,
ldb->modules->private_data = ildb;
ldb->modules->ops = &ildb_ops;
- if (cmdline_credentials != NULL && cli_credentials_authentication_requested(cmdline_credentials)) {
- status = ldap_bind_sasl(ildb->ldap, cmdline_credentials);
+ /* caller can optionally setup credentials using the opaque token 'credentials' */
+ creds = ldb_get_opaque(ldb, "credentials");
+ if (creds == NULL) {
+ creds = cmdline_credentials;
+ }
+
+ if (creds != NULL && cli_credentials_authentication_requested(creds)) {
+ status = ldap_bind_sasl(ildb->ldap, creds);
if (!NT_STATUS_IS_OK(status)) {
ldb_debug(ldb, LDB_DEBUG_ERROR, "Failed to bind - %s\n",
ldap_errstr(ildb->ldap, status));