diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-12-14 07:22:25 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:47:22 -0500 |
| commit | a1827a1deba04e0b4b2a508dc4e4e66603a46d16 (patch) | |
| tree | 47e9a16077efa868d1e4368990dc158d32e8ffe0 /source4/lib | |
| parent | 470ba9434a3f10f8a53bacaac89204700adb89c4 (diff) | |
| download | samba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.tar.gz samba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.tar.bz2 samba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.zip | |
r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
backend.
The idea is that every time we open an LDB, we can provide a
session_info and/or credentials. This would allow any ldb to be remote
to LDAP. We should also support provisioning to a authenticated ldap
server.
(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).
Andrew Bartlett
(This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
Diffstat (limited to 'source4/lib')
| -rw-r--r-- | source4/lib/db_wrap.c | 13 | ||||
| -rw-r--r-- | source4/lib/ldb/ldb_ildap/ldb_ildap.c | 6 | ||||
| -rw-r--r-- | source4/lib/registry/reg_backend_ldb.c | 3 |
3 files changed, 17 insertions, 5 deletions
diff --git a/source4/lib/db_wrap.c b/source4/lib/db_wrap.c index 974490f8b2..e070d4eb14 100644 --- a/source4/lib/db_wrap.c +++ b/source4/lib/db_wrap.c @@ -61,6 +61,8 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level, */ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, const char *url, + struct auth_session_info *session_info, + struct cli_credentials *credentials, unsigned int flags, const char *options[]) { @@ -80,6 +82,17 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, ev = event_context_find(ldb); if (ldb_set_opaque(ldb, "EventContext", ev)) { + talloc_free(ldb); + return NULL; + } + + if (ldb_set_opaque(ldb, "sessionInfo", session_info)) { + talloc_free(ldb); + return NULL; + } + + if (ldb_set_opaque(ldb, "credentials", credentials)) { + talloc_free(ldb); return NULL; } diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index e195ec24aa..582513df6f 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -224,7 +224,7 @@ static int ildb_search_bytree(struct ldb_module *module, const struct ldb_dn *ba msg = ldapres[i]; search = &msg->r.SearchResultEntry; - (*res)->msgs[i] = talloc(*res, struct ldb_message); + (*res)->msgs[i] = talloc((*res)->msgs, struct ldb_message); if (!(*res)->msgs[i]) { goto failed; } @@ -504,10 +504,8 @@ int ildb_connect(struct ldb_context *ldb, const char *url, creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials); if (creds == NULL) { struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info); - if (session_info && session_info->credentials) { + if (session_info) { creds = session_info->credentials; - } else { - creds = cmdline_credentials; } } diff --git a/source4/lib/registry/reg_backend_ldb.c b/source4/lib/registry/reg_backend_ldb.c index f1c3187aa5..6c668d7b48 100644 --- a/source4/lib/registry/reg_backend_ldb.c +++ b/source4/lib/registry/reg_backend_ldb.c @@ -262,7 +262,8 @@ static WERROR ldb_open_hive(struct registry_hive *hive, struct registry_key **k) struct ldb_context *wrap; if (!hive->location) return WERR_INVALID_PARAM; - wrap = ldb_wrap_connect(hive, hive->location, 0, NULL); + /* TODO: Support remoting with credentials and ACLs with session tokens */ + wrap = ldb_wrap_connect(hive, hive->location, NULL, NULL, 0, NULL); if(!wrap) { DEBUG(1, ("ldb_open_hive: unable to connect\n")); |