1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

r11522: Add support for delegated credentials and machine account credentials

to ldb, based on the sessionInfo we now pass around.

Andrew Bartlett
(This used to be commit 84e16e4ea7)
This commit is contained in:
Andrew Bartlett 2005-11-05 11:13:22 +00:00 committed by Gerald (Jerry) Carter
parent 72820aaf92
commit df9af34876
2 changed files with 28 additions and 2 deletions

View File

@ -553,6 +553,14 @@ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
NT_STATUS_NOT_OK_RETURN(nt_status);
session_info->credentials = cli_credentials_init(session_info);
if (!session_info->credentials) {
return NT_STATUS_NO_MEMORY;
}
cli_credentials_set_conf(session_info->credentials);
cli_credentials_set_anonymous(session_info->credentials);
*_session_info = session_info;
return NT_STATUS_OK;
@ -590,6 +598,18 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
NT_STATUS_NOT_OK_RETURN(nt_status);
session_info->credentials = cli_credentials_init(session_info);
if (!session_info->credentials) {
return NT_STATUS_NO_MEMORY;
}
cli_credentials_set_conf(session_info->credentials);
if (!NT_STATUS_IS_OK(cli_credentials_set_machine_account(session_info->credentials))) {
/* perhaps no credentials, we might not be joined to a domain */
talloc_free(session_info->credentials);
session_info->credentials = NULL;
}
*_session_info = session_info;
return NT_STATUS_OK;

View File

@ -36,6 +36,7 @@
#include "libcli/ldap/ldap.h"
#include "libcli/ldap/ldap_client.h"
#include "lib/cmdline/popt_common.h"
#include "auth/auth.h"
struct ildb_private {
struct ldap_connection *ldap;
@ -459,10 +460,15 @@ int ildb_connect(struct ldb_context *ldb, const char *url,
ldb->modules->ops = &ildb_ops;
/* caller can optionally setup credentials using the opaque token 'credentials' */
creds = ldb_get_opaque(ldb, "credentials");
creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials);
if (creds == NULL) {
struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
if (session_info && session_info->credentials) {
creds = session_info->credentials;
} else {
creds = cmdline_credentials;
}
}
if (creds != NULL && cli_credentials_authentication_requested(creds)) {
status = ldap_bind_sasl(ildb->ldap, creds);