mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
r11522: Add support for delegated credentials and machine account credentials
to ldb, based on the sessionInfo we now pass around.
Andrew Bartlett
(This used to be commit 84e16e4ea7
)
This commit is contained in:
parent
72820aaf92
commit
df9af34876
@ -553,6 +553,14 @@ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
|
||||
|
||||
NT_STATUS_NOT_OK_RETURN(nt_status);
|
||||
|
||||
session_info->credentials = cli_credentials_init(session_info);
|
||||
if (!session_info->credentials) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
cli_credentials_set_conf(session_info->credentials);
|
||||
cli_credentials_set_anonymous(session_info->credentials);
|
||||
|
||||
*_session_info = session_info;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
@ -590,6 +598,18 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
|
||||
|
||||
NT_STATUS_NOT_OK_RETURN(nt_status);
|
||||
|
||||
session_info->credentials = cli_credentials_init(session_info);
|
||||
if (!session_info->credentials) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
cli_credentials_set_conf(session_info->credentials);
|
||||
if (!NT_STATUS_IS_OK(cli_credentials_set_machine_account(session_info->credentials))) {
|
||||
/* perhaps no credentials, we might not be joined to a domain */
|
||||
talloc_free(session_info->credentials);
|
||||
session_info->credentials = NULL;
|
||||
}
|
||||
|
||||
*_session_info = session_info;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
|
@ -36,6 +36,7 @@
|
||||
#include "libcli/ldap/ldap.h"
|
||||
#include "libcli/ldap/ldap_client.h"
|
||||
#include "lib/cmdline/popt_common.h"
|
||||
#include "auth/auth.h"
|
||||
|
||||
struct ildb_private {
|
||||
struct ldap_connection *ldap;
|
||||
@ -459,10 +460,15 @@ int ildb_connect(struct ldb_context *ldb, const char *url,
|
||||
ldb->modules->ops = &ildb_ops;
|
||||
|
||||
/* caller can optionally setup credentials using the opaque token 'credentials' */
|
||||
creds = ldb_get_opaque(ldb, "credentials");
|
||||
creds = talloc_get_type(ldb_get_opaque(ldb, "credentials"), struct cli_credentials);
|
||||
if (creds == NULL) {
|
||||
struct auth_session_info *session_info = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), struct auth_session_info);
|
||||
if (session_info && session_info->credentials) {
|
||||
creds = session_info->credentials;
|
||||
} else {
|
||||
creds = cmdline_credentials;
|
||||
}
|
||||
}
|
||||
|
||||
if (creds != NULL && cli_credentials_authentication_requested(creds)) {
|
||||
status = ldap_bind_sasl(ildb->ldap, creds);
|
||||
|
Loading…
Reference in New Issue
Block a user