s3-passdb: trying to decouple passdb and secrets a little.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104

8 files changed, 173 insertions, 105 deletions

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 810fdaf0192..f2d89427532 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -808,7 +808,8 @@ PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
 		passdb/login_cache.o @PDB_STATIC@ \
 		passdb/account_pol.o $(PRIVILEGES_OBJ) \
 		lib/util_nscd.o lib/winbind_util.o $(SERVER_MUTEX_OBJ) \
-		passdb/pdb_util.o passdb/pdb_ldap_schema.o
+		passdb/pdb_util.o passdb/pdb_ldap_schema.o \
+		passdb/pdb_secrets.o
 
 DEVEL_HELP_WEIRD_OBJ = ../lib/util/charset/weird.o
 CHARSET_MACOSXFS_OBJ = ../lib/util/charset/charset_macosxfs.o
diff --git a/source3/include/secrets.h b/source3/include/secrets.h
index 3e36f2e8998..705a3296dc9 100644
--- a/source3/include/secrets.h
+++ b/source3/include/secrets.h
@@ -116,9 +116,6 @@ char *secrets_fetch_machine_password(const char *domain,
 bool trusted_domain_password_delete(const char *domain);
 bool secrets_store_ldap_pw(const char* dn, char* pw);
 bool fetch_ldap_pw(char **dn, char** pw);
-struct trustdom_info;
-NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
-				 struct trustdom_info ***domains);
 bool secrets_store_afs_keyfile(const char *cell, const struct afs_keyfile *keyfile);
 bool secrets_fetch_afs_key(const char *cell, struct afs_key *result);
 void secrets_fetch_ipc_userpass(char **username, char **domain, char **password);
diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c
index b242cff6e61..bc663f0b268 100644
--- a/source3/passdb/machine_sid.c
+++ b/source3/passdb/machine_sid.c
@@ -21,7 +21,7 @@
 */
 
 #include "includes.h"
-#include "passdb.h"
+#include "passdb/machine_sid.h"
 #include "secrets.h"
 #include "dbwrap/dbwrap.h"
 #include "../libcli/security/security.h"
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index b202d43a5be..410ea77037c 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -32,6 +32,7 @@
 #include "nsswitch/winbind_client.h"
 #include "../libcli/security/security.h"
 #include "../lib/util/util_pw.h"
+#include "passdb/pdb_secrets.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_PASSDB
diff --git a/source3/passdb/pdb_secrets.c b/source3/passdb/pdb_secrets.c
new file mode 100644
index 00000000000..30262c999f2
--- /dev/null
+++ b/source3/passdb/pdb_secrets.c
@@ -0,0 +1,137 @@
+/*
+   Unix SMB/CIFS implementation.
+   Copyright (C) Andrew Tridgell 1992-2001
+   Copyright (C) Andrew Bartlett      2002
+   Copyright (C) Rafal Szczesniak     2002
+   Copyright (C) Tim Potter           2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* the Samba secrets database stores any generated, private information
+   such as the local SID and machine trust password */
+
+#include "includes.h"
+#include "passdb.h"
+#include "passdb/pdb_secrets.h"
+#include "librpc/gen_ndr/ndr_secrets.h"
+#include "secrets.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_open.h"
+#include "../libcli/security/security.h"
+#include "util_tdb.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_PASSDB
+
+/**
+ * Get trusted domains info from secrets.tdb.
+ **/
+
+struct list_trusted_domains_state {
+	uint32 num_domains;
+	struct trustdom_info **domains;
+};
+
+static int list_trusted_domain(struct db_record *rec, void *private_data)
+{
+	const size_t prefix_len = strlen(SECRETS_DOMTRUST_ACCT_PASS);
+	struct TRUSTED_DOM_PASS pass;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct trustdom_info *dom_info;
+	TDB_DATA key;
+	TDB_DATA value;
+
+	struct list_trusted_domains_state *state =
+		(struct list_trusted_domains_state *)private_data;
+
+	key = dbwrap_record_get_key(rec);
+	value = dbwrap_record_get_value(rec);
+
+	if ((key.dsize < prefix_len)
+	    || (strncmp((char *)key.dptr, SECRETS_DOMTRUST_ACCT_PASS,
+			prefix_len) != 0)) {
+		return 0;
+	}
+
+	blob = data_blob_const(value.dptr, value.dsize);
+
+	ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass,
+			(ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return false;
+	}
+
+	if (pass.domain_sid.num_auths != 4) {
+		DEBUG(0, ("SID %s is not a domain sid, has %d "
+			  "auths instead of 4\n",
+			  sid_string_dbg(&pass.domain_sid),
+			  pass.domain_sid.num_auths));
+		return 0;
+	}
+
+	if (!(dom_info = talloc(state->domains, struct trustdom_info))) {
+		DEBUG(0, ("talloc failed\n"));
+		return 0;
+	}
+
+	dom_info->name = talloc_strdup(dom_info, pass.uni_name);
+	if (!dom_info->name) {
+		TALLOC_FREE(dom_info);
+		return 0;
+	}
+
+	sid_copy(&dom_info->sid, &pass.domain_sid);
+
+	ADD_TO_ARRAY(state->domains, struct trustdom_info *, dom_info,
+		     &state->domains, &state->num_domains);
+
+	if (state->domains == NULL) {
+		state->num_domains = 0;
+		return -1;
+	}
+	return 0;
+}
+
+NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
+				 struct trustdom_info ***domains)
+{
+	struct list_trusted_domains_state state;
+	struct db_context *db_ctx;
+
+	if (!secrets_init()) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	db_ctx = secrets_db_ctx();
+
+	state.num_domains = 0;
+
+	/*
+	 * Make sure that a talloc context for the trustdom_info structs
+	 * exists
+	 */
+
+	if (!(state.domains = talloc_array(
+		      mem_ctx, struct trustdom_info *, 1))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	dbwrap_traverse_read(db_ctx, list_trusted_domain, (void *)&state, NULL);
+
+	*num_domains = state.num_domains;
+	*domains = state.domains;
+	return NT_STATUS_OK;
+}
diff --git a/source3/passdb/pdb_secrets.h b/source3/passdb/pdb_secrets.h
new file mode 100644
index 00000000000..2498b20d71a
--- /dev/null
+++ b/source3/passdb/pdb_secrets.h
@@ -0,0 +1,30 @@
+/*
+   Unix SMB/CIFS implementation.
+   Copyright (C) Andrew Tridgell 1992-2001
+   Copyright (C) Andrew Bartlett      2002
+   Copyright (C) Rafal Szczesniak     2002
+   Copyright (C) Tim Potter           2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _PASSDB_PDB_SECRETS_H_
+#define _PASSDB_PDB_SECRETS_H_
+
+/* The following definitions come from passdb/pdb_secrets.c  */
+
+NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
+				 struct trustdom_info ***domains);
+
+#endif /* _PASSDB_PDB_SECRETS_H_ */
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 273765e2b37..e40095d2af3 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -24,7 +24,6 @@
 
 #include "includes.h"
 #include "system/filesys.h"
-#include "passdb.h"
 #include "../libcli/auth/libcli_auth.h"
 #include "librpc/gen_ndr/ndr_secrets.h"
 #include "secrets.h"
@@ -391,104 +390,6 @@ bool fetch_ldap_pw(char **dn, char** pw)
 	return True;
 }
 
-/**
- * Get trusted domains info from secrets.tdb.
- **/
-
-struct list_trusted_domains_state {
-	uint32 num_domains;
-	struct trustdom_info **domains;
-};
-
-static int list_trusted_domain(struct db_record *rec, void *private_data)
-{
-	const size_t prefix_len = strlen(SECRETS_DOMTRUST_ACCT_PASS);
-	struct TRUSTED_DOM_PASS pass;
-	enum ndr_err_code ndr_err;
-	DATA_BLOB blob;
-	struct trustdom_info *dom_info;
-	TDB_DATA key;
-	TDB_DATA value;
-
-	struct list_trusted_domains_state *state =
-		(struct list_trusted_domains_state *)private_data;
-
-	key = dbwrap_record_get_key(rec);
-	value = dbwrap_record_get_value(rec);
-
-	if ((key.dsize < prefix_len)
-	    || (strncmp((char *)key.dptr, SECRETS_DOMTRUST_ACCT_PASS,
-			prefix_len) != 0)) {
-		return 0;
-	}
-
-	blob = data_blob_const(value.dptr, value.dsize);
-
-	ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass,
-			(ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		return false;
-	}
-
-	if (pass.domain_sid.num_auths != 4) {
-		DEBUG(0, ("SID %s is not a domain sid, has %d "
-			  "auths instead of 4\n",
-			  sid_string_dbg(&pass.domain_sid),
-			  pass.domain_sid.num_auths));
-		return 0;
-	}
-
-	if (!(dom_info = talloc(state->domains, struct trustdom_info))) {
-		DEBUG(0, ("talloc failed\n"));
-		return 0;
-	}
-
-	dom_info->name = talloc_strdup(dom_info, pass.uni_name);
-	if (!dom_info->name) {
-		TALLOC_FREE(dom_info);
-		return 0;
-	}
-
-	sid_copy(&dom_info->sid, &pass.domain_sid);
-
-	ADD_TO_ARRAY(state->domains, struct trustdom_info *, dom_info,
-		     &state->domains, &state->num_domains);
-
-	if (state->domains == NULL) {
-		state->num_domains = 0;
-		return -1;
-	}
-	return 0;
-}
-
-NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
-				 struct trustdom_info ***domains)
-{
-	struct list_trusted_domains_state state;
-
-	if (!secrets_init()) {
-		return NT_STATUS_ACCESS_DENIED;
-	}
-
-	state.num_domains = 0;
-
-	/*
-	 * Make sure that a talloc context for the trustdom_info structs
-	 * exists
-	 */
-
-	if (!(state.domains = talloc_array(
-		      mem_ctx, struct trustdom_info *, 1))) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	dbwrap_traverse_read(db_ctx, list_trusted_domain, (void *)&state, NULL);
-
-	*num_domains = state.num_domains;
-	*domains = state.domains;
-	return NT_STATUS_OK;
-}
-
 /*******************************************************************************
  Store a complete AFS keyfile into secrets.tdb.
 *******************************************************************************/
diff --git a/source3/wscript_build b/source3/wscript_build
index f1787ab20a3..5a13ccf5629 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -231,7 +231,8 @@ PASSDB_SRC = '''${PASSDB_GET_SET_SRC} passdb/passdb.c
                 passdb/account_pol.c ${PRIVILEGES_SRC}
                 lib/util_nscd.c lib/winbind_util.c ${SERVER_MUTEX_SRC}
                 passdb/pdb_util.c passdb/pdb_interface.c
-                passdb/pdb_ldap_schema.c'''
+                passdb/pdb_ldap_schema.c
+                passdb/pdb_secrets.c'''
 #FIXME: lib/winbind_util.c probably is not part of PASSDB_SRC
 
 GROUPDB_SRC = '''groupdb/mapping.c groupdb/mapping_tdb.c'''