From a1827a1deba04e0b4b2a508dc4e4e66603a46d16 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 14 Dec 2005 07:22:25 +0000 Subject: r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b) --- source4/lib/db_wrap.c | 13 +++++++++++++ source4/lib/ldb/ldb_ildap/ldb_ildap.c | 6 ++---- source4/lib/registry/reg_backend_ldb.c | 3 ++- 3 files changed, 17 insertions(+), 5 deletions(-) (limited to 'source4/lib') diff --git a/source4/lib/db_wrap.c b/source4/lib/db_wrap.c index 974490f8b2..e070d4eb14 100644 --- a/source4/lib/db_wrap.c +++ b/source4/lib/db_wrap.c @@ -61,6 +61,8 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level, */ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, const char *url, + struct auth_session_info *session_info, + struct cli_credentials *credentials, unsigned int flags, const char *options[]) { @@ -80,6 +82,17 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, ev = event_context_find(ldb); if (ldb_set_opaque(ldb, "EventContext", ev)) { + talloc_free(ldb); + return NULL; + } + + if (ldb_set_opaque(ldb, "sessionInfo", session_info)) { + talloc_free(ldb); + return NULL; + } + + if (ldb_set_opaque(ldb, "credentials", credentials)) { + talloc_free(ldb); return NULL; } diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index e195ec24aa..582513df6f 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -224,7 +224,7 @@ static int ildb_search_bytree(struct ldb_module *module, const struct ldb_dn *ba msg = ldapres[i]; search = &msg->r.SearchResultEntry; - (*res)->msgs[i] = talloc(*res, struct ldb_message); + (*res)->msgs[i] = talloc((*res)->msgs, struct ldb_message); if (!(*res)->msgs[i]) { goto failed; } @@ -504,10 +504,8 @@ int ildb_connect(struct ldb_context *ldb, const char *url, creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials); if (creds == NULL) { struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info); - if (session_info && session_info->credentials) { + if (session_info) { creds = session_info->credentials; - } else { - creds = cmdline_credentials; } } diff --git a/source4/lib/registry/reg_backend_ldb.c b/source4/lib/registry/reg_backend_ldb.c index f1c3187aa5..6c668d7b48 100644 --- a/source4/lib/registry/reg_backend_ldb.c +++ b/source4/lib/registry/reg_backend_ldb.c @@ -262,7 +262,8 @@ static WERROR ldb_open_hive(struct registry_hive *hive, struct registry_key **k) struct ldb_context *wrap; if (!hive->location) return WERR_INVALID_PARAM; - wrap = ldb_wrap_connect(hive, hive->location, 0, NULL); + /* TODO: Support remoting with credentials and ACLs with session tokens */ + wrap = ldb_wrap_connect(hive, hive->location, NULL, NULL, 0, NULL); if(!wrap) { DEBUG(1, ("ldb_open_hive: unable to connect\n")); -- cgit