diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-12-14 07:22:25 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:47:22 -0500 |
| commit | a1827a1deba04e0b4b2a508dc4e4e66603a46d16 (patch) | |
| tree | 47e9a16077efa868d1e4368990dc158d32e8ffe0 /source4/scripting | |
| parent | 470ba9434a3f10f8a53bacaac89204700adb89c4 (diff) | |
| download | samba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.tar.gz samba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.tar.bz2 samba-a1827a1deba04e0b4b2a508dc4e4e66603a46d16.zip | |
r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
backend.
The idea is that every time we open an LDB, we can provide a
session_info and/or credentials. This would allow any ldb to be remote
to LDAP. We should also support provisioning to a authenticated ldap
server.
(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).
Andrew Bartlett
(This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
Diffstat (limited to 'source4/scripting')
| -rw-r--r-- | source4/scripting/ejs/smbcalls_auth.c | 20 | ||||
| -rw-r--r-- | source4/scripting/ejs/smbcalls_ldb.c | 14 | ||||
| -rw-r--r-- | source4/scripting/libjs/provision.js | 18 |
3 files changed, 38 insertions, 14 deletions
diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index ba20332aaa..80089f75a7 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -26,12 +26,14 @@ #include "auth/auth.h" #include "scripting/ejs/smbcalls.h" -static int ejs_doauth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, +static int ejs_doauth(MprVarHandle eid, + TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, const char *password, const char *domain, const char *remote_host, const char *authtype) { struct auth_usersupplied_info *user_info = NULL; struct auth_serversupplied_info *server_info = NULL; + struct auth_session_info *session_info = NULL; struct auth_context *auth_context; const char *auth_types[] = { authtype, NULL }; NTSTATUS nt_status; @@ -76,11 +78,21 @@ static int ejs_doauth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *user nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { - mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); mprSetPropertyValue(auth, "report", mprString("Login Failed")); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + goto done; + } + + nt_status = auth_generate_session_info(tmp_ctx, server_info, &session_info); + if (!NT_STATUS_IS_OK(nt_status)) { + mprSetPropertyValue(auth, "report", mprString("Session Info generation failed")); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); goto done; } + talloc_steal(mprMemCtx(), session_info); + mprSetThisPtr(eid, "session_info", session_info); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(server_info->authenticated)); mprSetPropertyValue(auth, "username", mprString(server_info->account_name)); mprSetPropertyValue(auth, "domain", mprString(server_info->domain_name)); @@ -138,9 +150,9 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) auth = mprObject("auth"); if (domain && (strcmp("System User", domain) == 0)) { - ejs_doauth(tmp_ctx, &auth, username, password, domain, remote_host, "unix"); + ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, remote_host, "unix"); } else { - ejs_doauth(tmp_ctx, &auth, username, password, domain, remote_host, "sam"); + ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, remote_host, "sam"); } mpr_Return(eid, auth); diff --git a/source4/scripting/ejs/smbcalls_ldb.c b/source4/scripting/ejs/smbcalls_ldb.c index d3db85db86..709ed27e5e 100644 --- a/source4/scripting/ejs/smbcalls_ldb.c +++ b/source4/scripting/ejs/smbcalls_ldb.c @@ -350,10 +350,16 @@ static int ejs_ldbModify(MprVarHandle eid, int argc, struct MprVar **argv) usage: ok = ldb.connect(dbfile); ok = ldb.connect(dbfile, "modules:modlist"); + + ldb.credentials or ldb.session_info may be setup first + */ static int ejs_ldbConnect(MprVarHandle eid, int argc, char **argv) { struct ldb_context *ldb; + struct auth_session_info *session_info; + struct cli_credentials *creds; + const char *dbfile; if (argc < 1) { @@ -361,9 +367,15 @@ static int ejs_ldbConnect(MprVarHandle eid, int argc, char **argv) return -1; } + session_info = mprGetThisPtr(eid, "session_info"); + + creds = mprGetThisPtr(eid, "credentials"); + dbfile = argv[0]; - ldb = ldb_wrap_connect(mprMemCtx(), dbfile, 0, (const char **)(argv+1)); + ldb = ldb_wrap_connect(mprMemCtx(), dbfile, + session_info, creds, + 0, (const char **)(argv+1)); if (ldb == NULL) { ejsSetErrorMsg(eid, "ldb.connect failed to open %s", dbfile); } diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 0b6a31ae4f..aa4ea5bff8 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -280,6 +280,15 @@ function provision(subobj, message, blank, paths) setup_file("provision.smb.conf", paths.smbconf, subobj); lp.reload(); } + message("Setting up secrets.ldb\n"); + setup_ldb("secrets.ldif", paths.secrets, subobj); + message("Setting up DNS zone file\n"); + setup_file("provision.zone", + paths.dns, + subobj); + message("Setting up keytabs\n"); + var keytab_ok = credentials_update_all_keytabs(); + assert(keytab_ok); message("Setting up hklm.ldb\n"); setup_ldb("hklm.ldif", paths.hklm, subobj); message("Setting up sam.ldb attributes\n"); @@ -296,15 +305,6 @@ function provision(subobj, message, blank, paths) message("Setting up sam.ldb users and groups\n"); setup_ldb("provision_users.ldif", paths.samdb, subobj, data, false); } - message("Setting up secrets.ldb\n"); - setup_ldb("secrets.ldif", paths.secrets, subobj); - message("Setting up DNS zone file\n"); - setup_file("provision.zone", - paths.dns, - subobj); - message("Setting up keytabs\n"); - var keytab_ok = credentials_update_all_keytabs(); - assert(keytab_ok); } /* |