Use secrets.ldb to store credentials to contact LDAP backend.
authorAndrew Bartlett <abartlet@samba.org>
Tue, 15 Jul 2008 05:07:13 +0000 (15:07 +1000)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 15 Jul 2008 05:07:13 +0000 (15:07 +1000)
This makes Samba4 behave much like Samba3 did, and use a single set of
administrative credentials for it's connection to LDAP.

Andrew Bartlett
(This used to be commit e396a59788d77aa2fbf3b523c3773fe0e5c976c0)

source4/dsdb/samdb/samdb.c
source4/ldap_server/ldap_backend.c
source4/libnet/libnet_samsync_ldb.c

index acc2c2a9a15925e7171bda134c275fd5eca08a8c..b5b7ddfdc6d749fc2dfc3f4e2b38d36a32bc93c6 100644 (file)
@@ -39,6 +39,8 @@
 #include "dsdb/common/flags.h"
 #include "param/param.h"
 #include "lib/events/events.h"
+#include "auth/credentials/credentials.h"
+#include "param/secrets.h"
 
 char *samdb_relative_path(struct ldb_context *ldb,
                                 TALLOC_CTX *mem_ctx, 
@@ -67,6 +69,28 @@ char *samdb_relative_path(struct ldb_context *ldb,
        return full_name;
 }
 
+struct cli_credentials *samdb_credentials(TALLOC_CTX *mem_ctx, 
+                                         struct event_context *event_ctx, 
+                                         struct loadparm_context *lp_ctx) 
+{
+       struct cli_credentials *cred = cli_credentials_init(mem_ctx);
+       if (!cred) {
+               return NULL;
+       }
+       cli_credentials_set_conf(cred, lp_ctx);
+
+       /* We don't want to use krb5 to talk to our samdb - recursion
+        * here would be bad, and this account isn't in the KDC
+        * anyway */
+       cli_credentials_set_kerberos_state(cred, CRED_DONT_USE_KERBEROS);
+
+       if (!NT_STATUS_IS_OK(cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL, NULL,
+                                                        SECRETS_LDAP_FILTER))) {
+               /* Perfectly OK - if not against an LDAP backend */
+               return NULL;
+       }
+       return cred;
+}
 
 /*
   connect to the SAM database
@@ -80,7 +104,8 @@ struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx,
        struct ldb_context *ldb;
        ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, 
                               lp_sam_url(lp_ctx), session_info,
-                              NULL, 0, NULL);
+                              samdb_credentials(mem_ctx, ev_ctx, lp_ctx), 
+                              0, NULL);
        if (!ldb) {
                return NULL;
        }
index 2193c989cf356baa5d34e349d4cb0801e3f6eb4a..504dcf1c0f13550ba22196b908438a62cb7e88e5 100644 (file)
 #include "ldap_server/ldap_server.h"
 #include "lib/util/dlinklist.h"
 #include "libcli/ldap/ldap.h"
-#include "lib/ldb/include/ldb.h"
-#include "lib/ldb/include/ldb_errors.h"
-#include "lib/ldb_wrap.h"
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
 #include "smbd/service_stream.h"
+#include "dsdb/samdb/samdb.h"
+#include "lib/ldb/include/ldb_errors.h"
+#include "lib/ldb_wrap.h"
 
 #define VALID_DN_SYNTAX(dn,i) do {\
        if (!(dn)) {\
@@ -61,7 +61,8 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
                                     conn->lp_ctx,
                                     lp_sam_url(conn->lp_ctx), 
                                     conn->session_info,
-                                    NULL, conn->global_catalog ? LDB_FLG_RDONLY : 0, NULL);
+                                    samdb_credentials(conn, conn->connection->event.ctx, conn->lp_ctx), 
+                                    conn->global_catalog ? LDB_FLG_RDONLY : 0, NULL);
        if (conn->ldb == NULL) {
                return NT_STATUS_INTERNAL_DB_CORRUPTION;
        }
index a79bf043a5157d8470aa5b7fd34b022f5a14497d..b223a74a31ed4debb20bdcce0183f35bb8eb0ccc 100644 (file)
@@ -1222,12 +1222,10 @@ NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, str
        state->secrets         = NULL;
        state->trusted_domains = NULL;
 
-       state->sam_ldb         = ldb_wrap_connect(mem_ctx, 
-                                                 ctx->event_ctx,
-                                                 ctx->lp_ctx, 
-                                                 lp_sam_url(ctx->lp_ctx), 
-                                                 r->in.session_info,
-                                                 ctx->cred, 0, NULL);
+       state->sam_ldb         = samdb_connect(mem_ctx, 
+                                              ctx->event_ctx,
+                                              ctx->lp_ctx, 
+                                              r->in.session_info);
 
        r2.out.error_string    = NULL;
        r2.in.binding_string   = r->in.binding_string;