s3-pdb: Make ADS-type backends updates secrets.tdb.

Make the backends that have ADS capability the only ones that can change the
SID and GUID in secrets.tdb at initialization time.

Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Jan 27 19:42:17 CET 2012 on sn-devel-104

1 files changed, 42 insertions, 0 deletions

diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 8dc9585b40..cd7781a1af 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -2594,6 +2594,42 @@ done:
 	return status;
 }
 
+static NTSTATUS pdb_ads_init_secrets(struct pdb_methods *m)
+{
+#if _SAMBA_BUILD_ == 4
+	struct pdb_domain_info *dom_info;
+	bool ret;
+
+	dom_info = pdb_ads_get_domain_info(m, m);
+	if (!dom_info) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	secrets_clear_domain_protection(dom_info->name);
+	ret = secrets_store_domain_sid(dom_info->name,
+				       &dom_info->sid);
+	if (!ret) {
+		goto done;
+	}
+	ret = secrets_store_domain_guid(dom_info->name,
+				        &dom_info->guid);
+	if (!ret) {
+		goto done;
+	}
+	ret = secrets_mark_domain_protected(dom_info->name);
+	if (!ret) {
+		goto done;
+	}
+
+done:
+	TALLOC_FREE(dom_info);
+	if (!ret) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+#endif
+	return NT_STATUS_OK;
+}
+
 static NTSTATUS pdb_init_ads(struct pdb_methods **pdb_method,
 			     const char *location)
 {
@@ -2629,6 +2665,12 @@ static NTSTATUS pdb_init_ads(struct pdb_methods **pdb_method,
 		goto fail;
 	}
 
+	status = pdb_ads_init_secrets(m);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("pdb_ads_init_secrets failed!\n"));
+		goto fail;
+	}
+
 	*pdb_method = m;
 	return NT_STATUS_OK;
 nomem: