svn commit: samba r19522 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules ldap_server

Wed Nov 1 03:21:05 GMT 2006

Author: abartlet
Date: 2006-11-01 03:21:04 +0000 (Wed, 01 Nov 2006)
New Revision: 19522

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19522

Log:
Remove gensec and credentials dependency from the rootdse module (less
dependency loops).

This moves the evaluation of the SASL mechansim list to display in the
rootDSE to the ldap server.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c
   branches/SAMBA_4_0/source/ldap_server/config.mk
   branches/SAMBA_4_0/source/ldap_server/ldap_backend.c


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c
===================================================================

--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c	2006-11-01 03:17:42 UTC (rev 19521)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c	2006-11-01 03:21:04 UTC (rev 19522)
@@ -25,7 +25,6 @@
 #include "lib/ldb/include/ldb.h"
 #include "lib/ldb/include/ldb_errors.h"
 #include "lib/ldb/include/ldb_private.h"
-#include "auth/gensec/gensec.h"
 #include "system/time.h"
 
 struct private_data {
@@ -52,7 +51,7 @@
 static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *msg, const char * const *attrs)
 {
 	struct private_data *priv = talloc_get_type(module->private_data, struct private_data);
-	struct cli_credentials *server_creds;
+	char **server_sasl;
 
 	msg->dn = ldb_dn_explode(msg, "");
 
@@ -93,26 +92,19 @@
  		}
 	}
 
-	server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"), 
-				       struct cli_credentials);
-	if (server_creds && do_attribute(attrs, "supportedSASLMechanisms")) {
-		struct gensec_security_ops **backends = gensec_security_all();
-		enum credentials_use_kerberos use_kerberos
-			= cli_credentials_get_kerberos_state(server_creds);
-		struct gensec_security_ops **ops
-			= gensec_use_kerberos_mechs(msg, backends, use_kerberos);
+	server_sasl = talloc_get_type(ldb_get_opaque(module->ldb, "supportedSASLMechanims"), 
+				       char *);
+	if (server_sasl && do_attribute(attrs, "supportedSASLMechanisms")) {
 		int i;
-		for (i = 0; ops && ops[i]; i++) {
-			if (ops[i]->sasl_name && ops[i]->server_start) {
-				char *sasl_name = talloc_strdup(msg, ops[i]->sasl_name);
-				if (!sasl_name) {
-					goto failed;
-				}
-				if (ldb_msg_add_steal_string(msg, "supportedSASLMechanisms",
-							     sasl_name) != 0) {
-					goto failed;
-				}
+		for (i = 0; server_sasl && server_sasl[i]; i++) {
+			char *sasl_name = talloc_strdup(msg, server_sasl[i]);
+			if (!sasl_name) {
+				goto failed;
 			}
+			if (ldb_msg_add_steal_string(msg, "supportedSASLMechanisms",
+						     sasl_name) != 0) {
+				goto failed;
+			}
 		}
 	}
 

Modified: branches/SAMBA_4_0/source/ldap_server/config.mk
===================================================================
--- branches/SAMBA_4_0/source/ldap_server/config.mk	2006-11-01 03:17:42 UTC (rev 19521)
+++ branches/SAMBA_4_0/source/ldap_server/config.mk	2006-11-01 03:21:04 UTC (rev 19522)
@@ -11,6 +11,7 @@
 		ldap_backend.o \
 		ldap_bind.o \
 		ldap_extended.o
+PRIVATE_DEPENDENCIES = CREDENTIALS
 PUBLIC_DEPENDENCIES = \
 		LIBCLI_LDAP SAMDB process_model auth GENSEC_SOCKET
 # End SUBSYSTEM SMB

Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c
===================================================================
--- branches/SAMBA_4_0/source/ldap_server/ldap_backend.c	2006-11-01 03:17:42 UTC (rev 19521)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_backend.c	2006-11-01 03:21:04 UTC (rev 19522)
@@ -25,6 +25,8 @@
 #include "lib/ldb/include/ldb.h"
 #include "lib/ldb/include/ldb_errors.h"
 #include "lib/db_wrap.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
 
 #define VALID_DN_SYNTAX(dn,i) do {\
 	if (!(dn)) {\
@@ -54,8 +56,36 @@
 	if (conn->ldb == NULL) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
-	ldb_set_opaque(conn->ldb, "server_credentials", conn->server_credentials);
 
+	if (conn->server_credentials) {
+		char **sasl_mechs = NULL;
+		struct gensec_security_ops **backends = gensec_security_all();
+		enum credentials_use_kerberos use_kerberos
+			= cli_credentials_get_kerberos_state(conn->server_credentials);
+		struct gensec_security_ops **ops
+			= gensec_use_kerberos_mechs(conn, backends, use_kerberos);
+		int i, j = 0;
+		for (i = 0; ops && ops[i]; i++) {
+			if (ops[i]->sasl_name && ops[i]->server_start) {
+				char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name);
+
+				if (!sasl_name) {
+					return NT_STATUS_NO_MEMORY;
+				}
+				sasl_mechs = talloc_realloc(conn, sasl_mechs, char *, j + 2);
+				if (!sasl_mechs) {
+					return NT_STATUS_NO_MEMORY;
+				}
+				sasl_mechs[j] = sasl_name;
+				talloc_steal(sasl_mechs, sasl_name);
+				sasl_mechs[j+1] = NULL;
+				j++;
+			}
+		}
+		talloc_free(ops);
+		ldb_set_opaque(conn->ldb, "supportedSASLMechanims", sasl_mechs);
+	}
+
 	if (conn->global_catalog) {
 		ldb_set_opaque(conn->ldb, "global_catalog", (void *)(-1));
 	}

