diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-01-03 00:10:15 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:49:38 -0500 |
| commit | bedfb063268f70e66f16fdd0e9bdd29d176a0634 (patch) | |
| tree | e0c95df8e681ed6b579c5f2fdd8ae470a656f1f8 /source4 | |
| parent | d26d130aa4d7907327cded4d6914fb1a0dbdbd1d (diff) | |
| download | samba-bedfb063268f70e66f16fdd0e9bdd29d176a0634.tar.gz samba-bedfb063268f70e66f16fdd0e9bdd29d176a0634.tar.xz samba-bedfb063268f70e66f16fdd0e9bdd29d176a0634.zip | |
r12686: Push the real SASL list into the rootdse.
Get this out of the server credentials, and push it down to ldb via an
opaque pointer.
Andrew Bartlett
(This used to be commit 61700252e05e0be6b4ffa72ffc24a95c665597e3)
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/ldap_server/ldap_bind.c | 17 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_server.c | 20 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_server.h | 1 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_simple_ldb.c | 3 | ||||
| -rw-r--r-- | source4/setup/provision_init.ldif | 1 |
5 files changed, 25 insertions, 17 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index beaf3da46cb..feb36135a88 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -115,22 +115,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) gensec_set_target_service(call->conn->gensec, "ldap"); - server_credentials - = cli_credentials_init(call); - if (!server_credentials) { - DEBUG(1, ("Failed to init server credentials\n")); - return NT_STATUS_NO_MEMORY; - } - - cli_credentials_set_conf(server_credentials); - status = cli_credentials_set_machine_account(server_credentials); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); - talloc_free(server_credentials); - server_credentials = NULL; - } - - gensec_set_credentials(call->conn->gensec, server_credentials); + gensec_set_credentials(call->conn->gensec, call->conn->server_credentials); gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SIGN); gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SEAL); diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index ba723260842..26bb2402e8d 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -267,6 +267,8 @@ static void ldapsrv_accept(struct stream_connection *c) struct ldapsrv_service *ldapsrv_service = talloc_get_type(c->private, struct ldapsrv_service); struct ldapsrv_connection *conn; + struct cli_credentials *server_credentials; + NTSTATUS status; int port; conn = talloc_zero(c, struct ldapsrv_connection); @@ -279,6 +281,24 @@ static void ldapsrv_accept(struct stream_connection *c) conn->packet = NULL; conn->connection = c; conn->service = ldapsrv_service; + + server_credentials + = cli_credentials_init(conn); + if (!server_credentials) { + stream_terminate_connection(c, "Failed to init server credentials\n"); + talloc_free(conn); + return; + } + + cli_credentials_set_conf(server_credentials); + status = cli_credentials_set_machine_account(server_credentials); + if (!NT_STATUS_IS_OK(status)) { + stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); + talloc_free(conn); + return; + } + conn->server_credentials = server_credentials; + c->private = conn; port = socket_get_my_port(c->socket); diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h index a2039fe7f1f..d25f52bf4e9 100644 --- a/source4/ldap_server/ldap_server.h +++ b/source4/ldap_server/ldap_server.h @@ -29,6 +29,7 @@ struct ldapsrv_connection { struct tls_context *tls; struct ldapsrv_partition *default_partition; struct ldapsrv_partition *partitions; + struct cli_credentials *server_credentials; /* are we using gensec wrapping? */ BOOL enable_wrap; diff --git a/source4/ldap_server/ldap_simple_ldb.c b/source4/ldap_server/ldap_simple_ldb.c index 6fd60209889..0421bb42abf 100644 --- a/source4/ldap_server/ldap_simple_ldb.c +++ b/source4/ldap_server/ldap_simple_ldb.c @@ -64,6 +64,9 @@ NTSTATUS sldb_Init(struct ldapsrv_partition *partition, struct ldapsrv_connectio talloc_steal(partition, ldb); partition->private = ldb; talloc_free(mem_ctx); + + ldb_set_opaque(ldb, "server_credentials", conn->server_credentials); + return NT_STATUS_OK; } diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index ff6b1def19b..99bbc01acf9 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -58,7 +58,6 @@ rootDomainNamingContext: ${BASEDN} configurationNamingContext: CN=Configuration,${BASEDN} schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} supportedLDAPVersion: 3 -supportedSASLMechanisms: GSS-SPNEGO dnsHostName: ${DNSNAME} ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} |