diff options
author | Andrew Tridgell <tridge@samba.org> | 2002-07-15 10:35:28 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2002-07-15 10:35:28 +0000 |
commit | e90b65284812aaa5ff9e9935ce9bbad7791cbbcd (patch) | |
tree | 9e744d1dc2f93934a4b49166a37383d3cb2b2139 /source3/passdb/secrets.c | |
parent | ec167dc9cc0ec2ee461837c25a371d2981744208 (diff) | |
download | samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.tar.gz samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.tar.xz samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.zip |
updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
Diffstat (limited to 'source3/passdb/secrets.c')
-rw-r--r-- | source3/passdb/secrets.c | 192 |
1 files changed, 169 insertions, 23 deletions
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index b3507a1392..3ecaf52e58 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -1,6 +1,8 @@ /* Unix SMB/CIFS implementation. Copyright (C) Andrew Tridgell 1992-2001 + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Rafal Szczesniak 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + static TDB_CONTEXT *tdb; /* open up the secrets database */ @@ -47,7 +52,7 @@ BOOL secrets_init(void) /* read a entry from the secrets database - the caller must free the result if size is non-null then the size of the entry is put in there */ -void *secrets_fetch(char *key, size_t *size) +void *secrets_fetch(const char *key, size_t *size) { TDB_DATA kbuf, dbuf; secrets_init(); @@ -63,7 +68,7 @@ void *secrets_fetch(char *key, size_t *size) /* store a secrets entry */ -BOOL secrets_store(char *key, void *data, size_t size) +BOOL secrets_store(const char *key, void *data, size_t size) { TDB_DATA kbuf, dbuf; secrets_init(); @@ -79,7 +84,7 @@ BOOL secrets_store(char *key, void *data, size_t size) /* delete a secets database entry */ -BOOL secrets_delete(char *key) +BOOL secrets_delete(const char *key) { TDB_DATA kbuf; secrets_init(); @@ -124,10 +129,14 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid) } -/************************************************************************ -form a key for fetching the machine trust account password -************************************************************************/ -char *trust_keystr(char *domain) +/** + * Form a key for fetching the machine trust account password + * + * @param domain domain name + * + * @return stored password's key + **/ +const char *trust_keystr(const char *domain) { static fstring keystr; @@ -141,11 +150,11 @@ char *trust_keystr(char *domain) /** * Form a key for fetching a trusted domain password * - * @param domain domain name + * @param domain trusted domain name * * @return stored password's key **/ -char *trustdom_keystr(char *domain) +char *trustdom_keystr(const char *domain) { static char* keystr; @@ -194,21 +203,23 @@ BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16], Routine to get account password to trusted domain ************************************************************************/ BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, - DOM_SID *sid, time_t *pass_last_set_time) + DOM_SID *sid, time_t *pass_last_set_time) { struct trusted_dom_pass *pass; size_t size; + /* fetching trusted domain password structure */ if (!(pass = secrets_fetch(trustdom_keystr(domain), &size))) { DEBUG(5, ("secrets_fetch failed!\n")); return False; } - + if (size != sizeof(*pass)) { DEBUG(0, ("secrets were of incorrect size!\n")); return False; } - + + /* the trust's password */ if (pwd) { *pwd = strdup(pass->pass); if (!*pwd) { @@ -216,9 +227,12 @@ BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, } } + /* last change time */ if (pass_last_set_time) *pass_last_set_time = pass->mod_time; + /* domain sid */ memcpy(&sid, &(pass->domain_sid), sizeof(sid)); + SAFE_FREE(pass); return True; @@ -247,19 +261,30 @@ BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16]) * @return true if succeeded **/ -BOOL secrets_store_trusted_domain_password(char* domain, char* pwd, +BOOL secrets_store_trusted_domain_password(char* domain, smb_ucs2_t *uni_dom_name, + size_t uni_name_len, char* pwd, DOM_SID sid) { struct trusted_dom_pass pass; ZERO_STRUCT(pass); + /* unicode domain name and its length */ + if (!uni_dom_name) + return False; + + strncpy_w(pass.uni_name, uni_dom_name, sizeof(pass.uni_name) - 1); + pass.uni_name_len = uni_name_len; + + /* last change time */ pass.mod_time = time(NULL); + /* password of the trust */ pass.pass_len = strlen(pwd); fstrcpy(pass.pass, pwd); + /* domain sid */ memcpy(&(pass.domain_sid), &sid, sizeof(sid)); - + return secrets_store(trustdom_keystr(domain), (void *)&pass, sizeof(pass)); } @@ -300,7 +325,7 @@ char *secrets_fetch_machine_password(void) Routine to delete the machine trust account password file for a domain. ************************************************************************/ -BOOL trust_password_delete(char *domain) +BOOL trust_password_delete(const char *domain) { return secrets_delete(trust_keystr(domain)); } @@ -308,7 +333,7 @@ BOOL trust_password_delete(char *domain) /************************************************************************ Routine to delete the password for trusted domain ************************************************************************/ -BOOL trusted_domain_password_delete(char *domain) +BOOL trusted_domain_password_delete(const char *domain) { return secrets_delete(trustdom_keystr(domain)); } @@ -345,15 +370,136 @@ void reset_globals_after_fork(void) generate_random_buffer( &dummy, 1, True); } -BOOL secrets_store_ldap_pw(char* dn, char* pw) +BOOL secrets_store_ldap_pw(const char* dn, char* pw) { - fstring key; - char *p; + char *key = NULL; + BOOL ret; - pstrcpy(key, dn); - for (p=key; *p; p++) - if (*p == ',') *p = '/'; + if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, dn) < 0) { + DEBUG(0, ("secrets_store_ldap_pw: asprintf failed!\n")); + return False; + } + + ret = secrets_store(key, pw, strlen(pw)+1); + + SAFE_FREE(key); + return ret; +} + + +/** + * The linked list is allocated on the supplied talloc context, caller gets to destory + * when done. + * + * @param ctx Allocation context + * @param enum_ctx Starting index, eg. we can start fetching at third + * or sixth trusted domain entry. Zero is the first index. + * Value it is set to is the enum context for the next enumeration. + * @param num_domains Number of domain entries to fetch at one call + * @param domains Pointer to array of trusted domain structs to be filled up + * + * @return nt status code of rpc response + **/ + +NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, int max_num_domains, int *num_domains, TRUSTDOM ***domains) +{ + TDB_LIST_NODE *keys, *k; + TRUSTDOM *dom = NULL; + char *pattern; + int start_idx; + uint32 idx = 0; + size_t size; + struct trusted_dom_pass *pass; + NTSTATUS status; + + secrets_init(); + + *num_domains = 0; + start_idx = *enum_ctx; + + /* generate searching pattern */ + if (!(pattern = talloc_asprintf(ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS))) { + DEBUG(0, ("secrets_get_trusted_domains: talloc_asprintf() failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + DEBUG(5, ("secrets_get_trusted_domains: looking for %d domains, starting at index %d\n", + max_num_domains, *enum_ctx)); + + *domains = talloc_zero(ctx, sizeof(**domains)*max_num_domains); + + /* fetching trusted domains' data and collecting them in a list */ + keys = tdb_search_keys(tdb, pattern); + + /* + * if there's no keys returned ie. no trusted domain, + * return "no more entries" code + */ + status = NT_STATUS_NO_MORE_ENTRIES; + + /* searching for keys in sectrets db -- way to go ... */ + for (k = keys; k; k = k->next) { + char *secrets_key; + + /* important: ensure null-termination of the key string */ + secrets_key = strndup(k->node_key.dptr, k->node_key.dsize); + if (!secrets_key) { + DEBUG(0, ("strndup failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + pass = secrets_fetch(secrets_key, &size); + + if (size != sizeof(*pass)) { + DEBUG(2, ("Secrets record %s is invalid!\n", secrets_key)); + SAFE_FREE(pass); + continue; + } + + SAFE_FREE(secrets_key); + + if (idx >= start_idx && idx < start_idx + max_num_domains) { + dom = talloc_zero(ctx, sizeof(*dom)); + if (!dom) { + /* free returned tdb record */ + SAFE_FREE(pass); + + return NT_STATUS_NO_MEMORY; + } + + /* copy domain sid */ + SMB_ASSERT(sizeof(dom->sid) == sizeof(pass->domain_sid)); + memcpy(&(dom->sid), &(pass->domain_sid), sizeof(dom->sid)); + + /* copy unicode domain name */ + dom->name = talloc_strdup_w(ctx, pass->uni_name); + + (*domains)[idx - start_idx] = dom; + + *enum_ctx = idx + 1; + (*num_domains)++; + + /* set proper status code to return */ + if (k->next) { + /* there are yet some entries to enumerate */ + status = STATUS_MORE_ENTRIES; + } else { + /* this is the last entry in the whole enumeration */ + status = NT_STATUS_OK; + } + } + + idx++; + + /* free returned tdb record */ + SAFE_FREE(pass); + } - return secrets_store(key, pw, strlen(pw)); + DEBUG(5, ("secrets_get_trusted_domains: got %d domains\n", *num_domains)); + + /* free the results of searching the keys */ + tdb_search_list_free(keys); + + return status; } |