summaryrefslogtreecommitdiff
path: root/source4/scripting/ejs
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-12-14 07:22:25 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:47:22 -0500
commita1827a1deba04e0b4b2a508dc4e4e66603a46d16 (patch)
tree47e9a16077efa868d1e4368990dc158d32e8ffe0 /source4/scripting/ejs
parent470ba9434a3f10f8a53bacaac89204700adb89c4 (diff)
downloadsamba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.tar.gz
samba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.tar.bz2
samba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.zip
r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
Diffstat (limited to 'source4/scripting/ejs')
-rw-r--r--source4/scripting/ejs/smbcalls_auth.c20
-rw-r--r--source4/scripting/ejs/smbcalls_ldb.c14
2 files changed, 29 insertions, 5 deletions
diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c
index ba20332aaa..80089f75a7 100644
--- a/source4/scripting/ejs/smbcalls_auth.c
+++ b/source4/scripting/ejs/smbcalls_auth.c
@@ -26,12 +26,14 @@
#include "auth/auth.h"
#include "scripting/ejs/smbcalls.h"
-static int ejs_doauth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username,
+static int ejs_doauth(MprVarHandle eid,
+ TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username,
const char *password, const char *domain, const char *remote_host,
const char *authtype)
{
struct auth_usersupplied_info *user_info = NULL;
struct auth_serversupplied_info *server_info = NULL;
+ struct auth_session_info *session_info = NULL;
struct auth_context *auth_context;
const char *auth_types[] = { authtype, NULL };
NTSTATUS nt_status;
@@ -76,11 +78,21 @@ static int ejs_doauth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *user
nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
- mprSetPropertyValue(auth, "result", mprCreateBoolVar(False));
mprSetPropertyValue(auth, "report", mprString("Login Failed"));
+ mprSetPropertyValue(auth, "result", mprCreateBoolVar(False));
+ goto done;
+ }
+
+ nt_status = auth_generate_session_info(tmp_ctx, server_info, &session_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ mprSetPropertyValue(auth, "report", mprString("Session Info generation failed"));
+ mprSetPropertyValue(auth, "result", mprCreateBoolVar(False));
goto done;
}
+ talloc_steal(mprMemCtx(), session_info);
+ mprSetThisPtr(eid, "session_info", session_info);
+
mprSetPropertyValue(auth, "result", mprCreateBoolVar(server_info->authenticated));
mprSetPropertyValue(auth, "username", mprString(server_info->account_name));
mprSetPropertyValue(auth, "domain", mprString(server_info->domain_name));
@@ -138,9 +150,9 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv)
auth = mprObject("auth");
if (domain && (strcmp("System User", domain) == 0)) {
- ejs_doauth(tmp_ctx, &auth, username, password, domain, remote_host, "unix");
+ ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, remote_host, "unix");
} else {
- ejs_doauth(tmp_ctx, &auth, username, password, domain, remote_host, "sam");
+ ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, remote_host, "sam");
}
mpr_Return(eid, auth);
diff --git a/source4/scripting/ejs/smbcalls_ldb.c b/source4/scripting/ejs/smbcalls_ldb.c
index d3db85db86..709ed27e5e 100644
--- a/source4/scripting/ejs/smbcalls_ldb.c
+++ b/source4/scripting/ejs/smbcalls_ldb.c
@@ -350,10 +350,16 @@ static int ejs_ldbModify(MprVarHandle eid, int argc, struct MprVar **argv)
usage:
ok = ldb.connect(dbfile);
ok = ldb.connect(dbfile, "modules:modlist");
+
+ ldb.credentials or ldb.session_info may be setup first
+
*/
static int ejs_ldbConnect(MprVarHandle eid, int argc, char **argv)
{
struct ldb_context *ldb;
+ struct auth_session_info *session_info;
+ struct cli_credentials *creds;
+
const char *dbfile;
if (argc < 1) {
@@ -361,9 +367,15 @@ static int ejs_ldbConnect(MprVarHandle eid, int argc, char **argv)
return -1;
}
+ session_info = mprGetThisPtr(eid, "session_info");
+
+ creds = mprGetThisPtr(eid, "credentials");
+
dbfile = argv[0];
- ldb = ldb_wrap_connect(mprMemCtx(), dbfile, 0, (const char **)(argv+1));
+ ldb = ldb_wrap_connect(mprMemCtx(), dbfile,
+ session_info, creds,
+ 0, (const char **)(argv+1));
if (ldb == NULL) {
ejsSetErrorMsg(eid, "ldb.connect failed to open %s", dbfile);
}