From df9af348761989a8a1f257a29e9209aed4bfb373 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 5 Nov 2005 11:13:22 +0000
Subject: r11522: Add support for delegated credentials and machine account
 credentials to ldb, based on the sessionInfo we now pass around.

Andrew Bartlett
(This used to be commit 84e16e4ea7240409f15efd9f64344f9e0cec8111)
---
 source4/auth/auth_util.c              | 20 ++++++++++++++++++++
 source4/lib/ldb/ldb_ildap/ldb_ildap.c | 10 ++++++++--
 2 files changed, 28 insertions(+), 2 deletions(-)

(limited to 'source4')

diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index df4e510c2f..95d1ddb2fc 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -553,6 +553,14 @@ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
 
 	NT_STATUS_NOT_OK_RETURN(nt_status);
 
+	session_info->credentials = cli_credentials_init(session_info);
+	if (!session_info->credentials) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	cli_credentials_set_conf(session_info->credentials);
+	cli_credentials_set_anonymous(session_info->credentials);
+	
 	*_session_info = session_info;
 
 	return NT_STATUS_OK;
@@ -590,6 +598,18 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
 
 	NT_STATUS_NOT_OK_RETURN(nt_status);
 
+	session_info->credentials = cli_credentials_init(session_info);
+	if (!session_info->credentials) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	cli_credentials_set_conf(session_info->credentials);
+	if (!NT_STATUS_IS_OK(cli_credentials_set_machine_account(session_info->credentials))) {
+		/* perhaps no credentials, we might not be joined to a domain */
+		talloc_free(session_info->credentials);
+		session_info->credentials = NULL;
+	}
+	
 	*_session_info = session_info;
 
 	return NT_STATUS_OK;
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index 5fc326b425..06ff79b9a0 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -36,6 +36,7 @@
 #include "libcli/ldap/ldap.h"
 #include "libcli/ldap/ldap_client.h"
 #include "lib/cmdline/popt_common.h"
+#include "auth/auth.h"
 
 struct ildb_private {
 	struct ldap_connection *ldap;
@@ -459,9 +460,14 @@ int ildb_connect(struct ldb_context *ldb, const char *url,
 	ldb->modules->ops = &ildb_ops;
 
 	/* caller can optionally setup credentials using the opaque token 'credentials' */
-	creds = ldb_get_opaque(ldb, "credentials");
+	creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials);
 	if (creds == NULL) {
-		creds = cmdline_credentials;
+		struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
+		if (session_info && session_info->credentials) {
+			creds = session_info->credentials;
+		} else {
+			creds = cmdline_credentials;
+		}
 	}
 
 	if (creds != NULL && cli_credentials_authentication_requested(creds)) {
-- 
cgit