/* connect to the sam database */ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) { conn->ldb = ldb_wrap_connect(conn, lp_sam_url(), conn->session_info, NULL, conn->global_catalog ? LDB_FLG_RDONLY : 0, NULL); if (conn->ldb == NULL) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } if (conn->server_credentials) { char **sasl_mechs = NULL; struct gensec_security_ops **backends = gensec_security_all(); enum credentials_use_kerberos use_kerberos = cli_credentials_get_kerberos_state(conn->server_credentials); struct gensec_security_ops **ops = gensec_use_kerberos_mechs(conn, backends, use_kerberos); int i, j = 0; for (i = 0; ops && ops[i]; i++) { if (ops[i]->sasl_name && ops[i]->server_start) { char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name); if (!sasl_name) { return NT_STATUS_NO_MEMORY; } sasl_mechs = talloc_realloc(conn, sasl_mechs, char *, j + 2); if (!sasl_mechs) { return NT_STATUS_NO_MEMORY; } sasl_mechs[j] = sasl_name; talloc_steal(sasl_mechs, sasl_name); sasl_mechs[j+1] = NULL; j++; } }
/* wrapped connection to a ldb database to close just talloc_free() the returned ldb_context TODO: We need an error_string parameter */ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct loadparm_context *lp_ctx, const char *url, struct auth_session_info *session_info, struct cli_credentials *credentials, unsigned int flags) { struct ldb_context *ldb; int ret; char *real_url = NULL; struct ldb_wrap *w; struct ldb_wrap_context c; c.url = url; c.ev = ev; c.lp_ctx = lp_ctx; c.session_info = session_info; c.credentials = credentials; c.flags = flags; /* see if we can re-use an existing ldb */ for (w=ldb_wrap_list; w; w=w->next) { if (ldb_wrap_same_context(&c, &w->context)) { return talloc_reference(mem_ctx, w->ldb); } } /* we want to use the existing event context if possible. This relies on the fact that in smbd, everything is a child of the main event_context */ if (ev == NULL) { return NULL; } ldb = ldb_init(mem_ctx, ev); if (ldb == NULL) { return NULL; } ldb_set_modules_dir(ldb, talloc_asprintf(ldb, "%s/ldb", lp_modulesdir(lp_ctx))); if (ldb_set_opaque(ldb, "sessionInfo", session_info)) { talloc_free(ldb); return NULL; } if (ldb_set_opaque(ldb, "credentials", credentials)) { talloc_free(ldb); return NULL; } if (ldb_set_opaque(ldb, "loadparm", lp_ctx)) { talloc_free(ldb); return NULL; } /* This must be done before we load the schema, as these * handlers for objectSid and objectGUID etc must take * precedence over the 'binary attribute' declaration in the * schema */ ret = ldb_register_samba_handlers(ldb); if (ret == -1) { talloc_free(ldb); return NULL; } if (lp_ctx != NULL && strcmp(lp_sam_url(lp_ctx), url) == 0) { dsdb_set_global_schema(ldb); } ldb_set_debug(ldb, ldb_wrap_debug, NULL); ldb_set_utf8_fns(ldb, NULL, wrap_casefold); real_url = private_path(ldb, lp_ctx, url); if (real_url == NULL) { talloc_free(ldb); return NULL; } /* allow admins to force non-sync ldb for all databases */ if (lp_parm_bool(lp_ctx, NULL, "ldb", "nosync", false)) { flags |= LDB_FLG_NOSYNC; } if (DEBUGLVL(10)) { flags |= LDB_FLG_ENABLE_TRACING; } /* we usually want Samba databases to be private. If we later find we need one public, we will need to add a parameter to ldb_wrap_connect() */ ldb_set_create_perms(ldb, 0600); ret = ldb_connect(ldb, real_url, flags, NULL); if (ret != LDB_SUCCESS) { talloc_free(ldb); return NULL; } /* setup for leak detection */ ldb_set_opaque(ldb, "wrap_url", real_url); /* add to the list of open ldb contexts */ w = talloc(ldb, struct ldb_wrap); if (w == NULL) { talloc_free(ldb); return NULL; } w->context = c; w->context.url = talloc_strdup(w, url); if (w->context.url == NULL) { talloc_free(ldb); return NULL; } w->ldb = ldb; DLIST_ADD(ldb_wrap_list, w); /* make the resulting schema global */ if (lp_ctx != NULL && strcmp(lp_sam_url(lp_ctx), url) == 0) { dsdb_make_schema_global(ldb); } DEBUG(3,("ldb_wrap open of %s\n", url)); talloc_set_destructor(w, ldb_wrap_destructor); return ldb; }