summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-11-01 03:21:04 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:24:44 -0500
commit899ae849e87bf4c294f8e30d0de9a17917526321 (patch)
treeea6ed1e2d44337727e31dadfdd436c59e1b49e82 /source4
parent74adb98b657a09c7d729fbf90d201cf9715140ba (diff)
downloadsamba-899ae849e87bf4c294f8e30d0de9a17917526321.tar.gz
samba-899ae849e87bf4c294f8e30d0de9a17917526321.tar.bz2
samba-899ae849e87bf4c294f8e30d0de9a17917526321.zip
r19522: Remove gensec and credentials dependency from the rootdse module (less
dependency loops). This moves the evaluation of the SASL mechansim list to display in the rootDSE to the ldap server. Andrew Bartlett (This used to be commit 379da475e224d93c05d91b37902c121eb4007d97)
Diffstat (limited to 'source4')
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c32
-rw-r--r--source4/ldap_server/config.mk1
-rw-r--r--source4/ldap_server/ldap_backend.c32
3 files changed, 44 insertions, 21 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index a8bc3fbdc2..88f5eba2b4 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -25,7 +25,6 @@
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb/include/ldb_private.h"
-#include "auth/gensec/gensec.h"
#include "system/time.h"
struct private_data {
@@ -52,7 +51,7 @@ static int do_attribute(const char * const *attrs, const char *name)
static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, const char * const *attrs)
{
struct private_data *priv = talloc_get_type(module->private_data, struct private_data);
- struct cli_credentials *server_creds;
+ char **server_sasl;
msg->dn = ldb_dn_explode(msg, "");
@@ -93,25 +92,18 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
- server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"),
- struct cli_credentials);
- if (server_creds && do_attribute(attrs, "supportedSASLMechanisms")) {
- struct gensec_security_ops **backends = gensec_security_all();
- enum credentials_use_kerberos use_kerberos
- = cli_credentials_get_kerberos_state(server_creds);
- struct gensec_security_ops **ops
- = gensec_use_kerberos_mechs(msg, backends, use_kerberos);
+ server_sasl = talloc_get_type(ldb_get_opaque(module->ldb, "supportedSASLMechanims"),
+ char *);
+ if (server_sasl && do_attribute(attrs, "supportedSASLMechanisms")) {
int i;
- for (i = 0; ops && ops[i]; i++) {
- if (ops[i]->sasl_name && ops[i]->server_start) {
- char *sasl_name = talloc_strdup(msg, ops[i]->sasl_name);
- if (!sasl_name) {
- goto failed;
- }
- if (ldb_msg_add_steal_string(msg, "supportedSASLMechanisms",
- sasl_name) != 0) {
- goto failed;
- }
+ for (i = 0; server_sasl && server_sasl[i]; i++) {
+ char *sasl_name = talloc_strdup(msg, server_sasl[i]);
+ if (!sasl_name) {
+ goto failed;
+ }
+ if (ldb_msg_add_steal_string(msg, "supportedSASLMechanisms",
+ sasl_name) != 0) {
+ goto failed;
}
}
}
diff --git a/source4/ldap_server/config.mk b/source4/ldap_server/config.mk
index f5e6636879..013be57396 100644
--- a/source4/ldap_server/config.mk
+++ b/source4/ldap_server/config.mk
@@ -11,6 +11,7 @@ OBJ_FILES = \
ldap_backend.o \
ldap_bind.o \
ldap_extended.o
+PRIVATE_DEPENDENCIES = CREDENTIALS
PUBLIC_DEPENDENCIES = \
LIBCLI_LDAP SAMDB process_model auth GENSEC_SOCKET
# End SUBSYSTEM SMB
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 3cd1f1c58a..9e26f1c6eb 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -25,6 +25,8 @@
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/db_wrap.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
#define VALID_DN_SYNTAX(dn,i) do {\
if (!(dn)) {\
@@ -54,7 +56,35 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
if (conn->ldb == NULL) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- ldb_set_opaque(conn->ldb, "server_credentials", conn->server_credentials);
+
+ if (conn->server_credentials) {
+ char **sasl_mechs = NULL;
+ struct gensec_security_ops **backends = gensec_security_all();
+ enum credentials_use_kerberos use_kerberos
+ = cli_credentials_get_kerberos_state(conn->server_credentials);
+ struct gensec_security_ops **ops
+ = gensec_use_kerberos_mechs(conn, backends, use_kerberos);
+ int i, j = 0;
+ for (i = 0; ops && ops[i]; i++) {
+ if (ops[i]->sasl_name && ops[i]->server_start) {
+ char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name);
+
+ if (!sasl_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ sasl_mechs = talloc_realloc(conn, sasl_mechs, char *, j + 2);
+ if (!sasl_mechs) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ sasl_mechs[j] = sasl_name;
+ talloc_steal(sasl_mechs, sasl_name);
+ sasl_mechs[j+1] = NULL;
+ j++;
+ }
+ }
+ talloc_free(ops);
+ ldb_set_opaque(conn->ldb, "supportedSASLMechanims", sasl_mechs);
+ }
if (conn->global_catalog) {
ldb_set_opaque(conn->ldb, "global_catalog", (void *)(-1));