From 43a0c615a3f2b8da0baa99090ed0049d13212085 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 13 Feb 2007 13:43:23 +0000 Subject: [PATCH] r21315: ldb now supports filters like (&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again we can use such a filter:-) we should only update the keytab for records matching this filter, that means we need to do a search before calling cli_credentials_set_secrets() metze (This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75) --- .../dsdb/samdb/ldb_modules/update_keytab.c | 34 ++++++++++++++++--- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index fa61887bd5b..21c9539e91d 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -45,10 +45,38 @@ struct update_kt_private { static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delete) { struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); - struct dn_list *item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list); + struct dn_list *item; char *filter; + struct ldb_result *res; + const char *attrs[] = { NULL }; + int ret; NTSTATUS status; + + filter = talloc_asprintf(data, "(&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*)))", + ldb_dn_get_linearized(dn)); + if (!filter) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_search(module->ldb, dn, LDB_SCOPE_BASE, + filter, attrs, &res); + if (ret != LDB_SUCCESS) { + talloc_free(filter); + return ret; + } + + if (res->count != 1) { + /* if it's not a kerberosSecret then we don't have anything to update */ + talloc_free(res); + talloc_free(filter); + return LDB_SUCCESS; + } + talloc_free(res); + + item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list); if (!item) { + talloc_free(filter); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -56,14 +84,12 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delet item->creds = cli_credentials_init(item); if (!item->creds) { DEBUG(1, ("cli_credentials_init failed!")); + talloc_free(filter); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } cli_credentials_set_conf(item->creds); -/* filter = talloc_asprintf(item, "(&(&(&(objectClass=kerberosSecret)(privateKeytab=*))(|(secret=*)(ntPwdHash=*)))(distinguishedName=%s))", */ - filter = talloc_asprintf(item, "dn=%s", - ldb_dn_get_linearized(dn)); status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter); talloc_free(filter); if (NT_STATUS_IS_OK(status)) { -- 2.34.1