sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-01 04:58:35 +03:00
Code

r11522: Add support for delegated credentials and machine account credentials

Browse Source 
to ldb, based on the sessionInfo we now pass around.

Andrew Bartlett
(This used to be commit 84e16e4ea7240409f15efd9f64344f9e0cec8111)
This commit is contained in:
Andrew Bartlett 2005-11-05 11:13:22 +00:00 committed by Gerald (Jerry) Carter
parent 72820aaf92
commit df9af34876
2 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
source4/auth/auth_util.c
View File

@ -553,6 +553,14 @@ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
NT_STATUS_NOT_OK_RETURN(nt_status);
session_info->credentials = cli_credentials_init(session_info);
if (!session_info->credentials) {
return NT_STATUS_NO_MEMORY;
}
cli_credentials_set_conf(session_info->credentials);
cli_credentials_set_anonymous(session_info->credentials);
*_session_info = session_info;
return NT_STATUS_OK;
@ -590,6 +598,18 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
NT_STATUS_NOT_OK_RETURN(nt_status);
session_info->credentials = cli_credentials_init(session_info);
if (!session_info->credentials) {
return NT_STATUS_NO_MEMORY;
}
cli_credentials_set_conf(session_info->credentials);
if (!NT_STATUS_IS_OK(cli_credentials_set_machine_account(session_info->credentials))) {
/* perhaps no credentials, we might not be joined to a domain */
talloc_free(session_info->credentials);
session_info->credentials = NULL;
}
*_session_info = session_info;
return NT_STATUS_OK;

10
source4/lib/ldb/ldb_ildap/ldb_ildap.c
View File

@ -36,6 +36,7 @@
#include "libcli/ldap/ldap.h"
#include "libcli/ldap/ldap_client.h"
#include "lib/cmdline/popt_common.h"
#include "auth/auth.h"
struct ildb_private {
struct ldap_connection *ldap;
@ -459,9 +460,14 @@ int ildb_connect(struct ldb_context *ldb, const char *url,
ldb->modules->ops = &ildb_ops;
/* caller can optionally setup credentials using the opaque token 'credentials' */
creds = ldb_get_opaque(ldb, "credentials");
creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials);
if (creds == NULL) {
creds = cmdline_credentials;
struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
if (session_info && session_info->credentials) {
creds = session_info->credentials;
} else {
creds = cmdline_credentials;
}
}
if (creds != NULL && cli_credentials_authentication_requested(creds)) {