summaryrefslogtreecommitdiff
path: root/source4/lib
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-12-14 07:22:25 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:47:22 -0500
commita1827a1deba04e0b4b2a508dc4e4e66603a46d16 (patch)
tree47e9a16077efa868d1e4368990dc158d32e8ffe0 /source4/lib
parent470ba9434a3f10f8a53bacaac89204700adb89c4 (diff)
downloadsamba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.tar.gz
samba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.tar.bz2
samba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.zip
r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
Diffstat (limited to 'source4/lib')
-rw-r--r--source4/lib/db_wrap.c13
-rw-r--r--source4/lib/ldb/ldb_ildap/ldb_ildap.c6
-rw-r--r--source4/lib/registry/reg_backend_ldb.c3
3 files changed, 17 insertions, 5 deletions
diff --git a/source4/lib/db_wrap.c b/source4/lib/db_wrap.c
index 974490f8b2..e070d4eb14 100644
--- a/source4/lib/db_wrap.c
+++ b/source4/lib/db_wrap.c
@@ -61,6 +61,8 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level,
*/
struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
const char *url,
+ struct auth_session_info *session_info,
+ struct cli_credentials *credentials,
unsigned int flags,
const char *options[])
{
@@ -80,6 +82,17 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
ev = event_context_find(ldb);
if (ldb_set_opaque(ldb, "EventContext", ev)) {
+ talloc_free(ldb);
+ return NULL;
+ }
+
+ if (ldb_set_opaque(ldb, "sessionInfo", session_info)) {
+ talloc_free(ldb);
+ return NULL;
+ }
+
+ if (ldb_set_opaque(ldb, "credentials", credentials)) {
+ talloc_free(ldb);
return NULL;
}
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index e195ec24aa..582513df6f 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -224,7 +224,7 @@ static int ildb_search_bytree(struct ldb_module *module, const struct ldb_dn *ba
msg = ldapres[i];
search = &msg->r.SearchResultEntry;
- (*res)->msgs[i] = talloc(*res, struct ldb_message);
+ (*res)->msgs[i] = talloc((*res)->msgs, struct ldb_message);
if (!(*res)->msgs[i]) {
goto failed;
}
@@ -504,10 +504,8 @@ int ildb_connect(struct ldb_context *ldb, const char *url,
creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials);
if (creds == NULL) {
struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
- if (session_info && session_info->credentials) {
+ if (session_info) {
creds = session_info->credentials;
- } else {
- creds = cmdline_credentials;
}
}
diff --git a/source4/lib/registry/reg_backend_ldb.c b/source4/lib/registry/reg_backend_ldb.c
index f1c3187aa5..6c668d7b48 100644
--- a/source4/lib/registry/reg_backend_ldb.c
+++ b/source4/lib/registry/reg_backend_ldb.c
@@ -262,7 +262,8 @@ static WERROR ldb_open_hive(struct registry_hive *hive, struct registry_key **k)
struct ldb_context *wrap;
if (!hive->location) return WERR_INVALID_PARAM;
- wrap = ldb_wrap_connect(hive, hive->location, 0, NULL);
+ /* TODO: Support remoting with credentials and ACLs with session tokens */
+ wrap = ldb_wrap_connect(hive, hive->location, NULL, NULL, 0, NULL);
if(!wrap) {
DEBUG(1, ("ldb_open_hive: unable to connect\n"));