svn commit: samba r21315 - in
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
metze at samba.org
metze at samba.org
Tue Feb 13 13:43:23 GMT 2007
Author: metze
Date: 2007-02-13 13:43:23 +0000 (Tue, 13 Feb 2007)
New Revision: 21315
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21315
Log:
ldb now supports filters like (&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again
we can use such a filter:-)
we should only update the keytab for records matching this filter,
that means we need to do a search before calling cli_credentials_set_secrets()
metze
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/update_keytab.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/update_keytab.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/update_keytab.c 2007-02-13 13:14:14 UTC (rev 21314)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/update_keytab.c 2007-02-13 13:43:23 UTC (rev 21315)
@@ -45,10 +45,38 @@
static int add_modified(struct ldb_module *module, struct ldb_dn *dn, BOOL delete) {
struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private);
- struct dn_list *item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list);
+ struct dn_list *item;
char *filter;
+ struct ldb_result *res;
+ const char *attrs[] = { NULL };
+ int ret;
NTSTATUS status;
+
+ filter = talloc_asprintf(data, "(&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*)))",
+ ldb_dn_get_linearized(dn));
+ if (!filter) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = ldb_search(module->ldb, dn, LDB_SCOPE_BASE,
+ filter, attrs, &res);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(filter);
+ return ret;
+ }
+
+ if (res->count != 1) {
+ /* if it's not a kerberosSecret then we don't have anything to update */
+ talloc_free(res);
+ talloc_free(filter);
+ return LDB_SUCCESS;
+ }
+ talloc_free(res);
+
+ item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list);
if (!item) {
+ talloc_free(filter);
ldb_oom(module->ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -56,14 +84,12 @@
item->creds = cli_credentials_init(item);
if (!item->creds) {
DEBUG(1, ("cli_credentials_init failed!"));
+ talloc_free(filter);
ldb_oom(module->ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
cli_credentials_set_conf(item->creds);
-/* filter = talloc_asprintf(item, "(&(&(&(objectClass=kerberosSecret)(privateKeytab=*))(|(secret=*)(ntPwdHash=*)))(distinguishedName=%s))", */
- filter = talloc_asprintf(item, "dn=%s",
- ldb_dn_get_linearized(dn));
status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter);
talloc_free(filter);
if (NT_STATUS_IS_OK(status)) {
More information about the samba-cvs
mailing list