2007-09-07 09:14:44 +00:00
/*
2002-01-30 06:08:46 +00:00
Unix SMB / CIFS implementation .
2001-11-24 14:16:41 +00:00
Copyright ( C ) Andrew Tridgell 1992 - 2001
2002-07-15 10:35:28 +00:00
Copyright ( C ) Andrew Bartlett 2002
Copyright ( C ) Rafal Szczesniak 2002
2004-01-07 10:11:24 +00:00
Copyright ( C ) Tim Potter 2001
2000-05-08 18:14:25 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
2000-05-08 18:14:25 +00:00
( at your option ) any later version .
2007-09-07 09:14:44 +00:00
2000-05-08 18:14:25 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2007-09-07 09:14:44 +00:00
2000-05-08 18:14:25 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2000-05-08 18:14:25 +00:00
*/
2000-05-15 17:13:50 +00:00
/* the Samba secrets database stores any generated, private information
2000-05-08 18:14:25 +00:00
such as the local SID and machine trust password */
# include "includes.h"
2011-02-25 23:20:06 +01:00
# include "system/filesys.h"
2009-03-16 21:27:58 +11:00
# include "../libcli/auth/libcli_auth.h"
2009-10-28 16:42:44 +01:00
# include "librpc/gen_ndr/ndr_secrets.h"
2010-08-05 02:25:37 +02:00
# include "secrets.h"
2011-07-07 17:42:08 +02:00
# include "dbwrap/dbwrap.h"
2011-07-06 16:40:21 +02:00
# include "dbwrap/dbwrap_open.h"
2010-10-12 15:27:50 +11:00
# include "../libcli/security/security.h"
2011-05-05 11:25:29 +02:00
# include "util_tdb.h"
2021-03-24 10:06:18 +01:00
# include "auth/credentials/credentials.h"
2009-08-26 00:31:27 +02:00
2002-07-15 10:35:28 +00:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_PASSDB
2008-03-11 12:30:46 +01:00
static struct db_context * db_ctx ;
2000-05-08 18:14:25 +00:00
2011-08-10 13:50:26 +10:00
/* open up the secrets database with specified private_dir path */
2015-03-12 12:45:12 +00:00
bool secrets_init_path ( const char * private_dir )
2000-05-08 18:14:25 +00:00
{
2007-11-20 17:18:16 -08:00
char * fname = NULL ;
2012-08-27 19:42:44 +10:00
TALLOC_CTX * frame ;
2000-05-08 18:14:25 +00:00
2011-08-10 13:50:26 +10:00
if ( db_ctx ! = NULL ) {
2001-11-17 03:19:17 +00:00
return True ;
2011-08-10 13:50:26 +10:00
}
if ( private_dir = = NULL ) {
return False ;
}
2000-05-08 18:14:25 +00:00
2012-08-27 19:42:44 +10:00
frame = talloc_stackframe ( ) ;
2015-03-12 12:45:12 +00:00
fname = talloc_asprintf ( frame , " %s/secrets.tdb " , private_dir ) ;
2008-03-09 11:17:48 +01:00
if ( fname = = NULL ) {
2012-08-27 19:42:44 +10:00
TALLOC_FREE ( frame ) ;
2011-08-10 13:50:26 +10:00
return False ;
2007-11-20 17:18:16 -08:00
}
2000-05-08 18:14:25 +00:00
2008-08-07 16:20:05 +10:00
db_ctx = db_open ( NULL , fname , 0 ,
2012-01-06 17:19:54 +01:00
TDB_DEFAULT , O_RDWR | O_CREAT , 0600 ,
2014-01-27 14:49:12 +01:00
DBWRAP_LOCK_ORDER_1 , DBWRAP_FLAG_NONE ) ;
2000-05-08 18:14:25 +00:00
2008-03-11 12:30:46 +01:00
if ( db_ctx = = NULL ) {
2000-05-08 18:14:25 +00:00
DEBUG ( 0 , ( " Failed to open %s \n " , fname ) ) ;
2012-08-27 19:42:44 +10:00
TALLOC_FREE ( frame ) ;
2000-05-08 18:14:25 +00:00
return False ;
}
2004-07-14 04:36:01 +00:00
2012-08-27 19:42:44 +10:00
TALLOC_FREE ( frame ) ;
2000-05-08 18:14:25 +00:00
return True ;
}
2011-08-10 13:50:26 +10:00
/* open up the secrets database */
bool secrets_init ( void )
{
2015-03-12 12:45:12 +00:00
return secrets_init_path ( lp_private_dir ( ) ) ;
2011-08-10 13:50:26 +10:00
}
2008-04-01 11:00:59 +02:00
struct db_context * secrets_db_ctx ( void )
{
if ( ! secrets_init ( ) ) {
return NULL ;
}
return db_ctx ;
}
2008-01-07 12:42:16 +01:00
/*
* close secrets . tdb
*/
void secrets_shutdown ( void )
{
2008-03-11 12:30:46 +01:00
TALLOC_FREE ( db_ctx ) ;
2008-01-07 12:42:16 +01:00
}
2000-05-08 18:14:25 +00:00
/* read a entry from the secrets database - the caller must free the result
if size is non - null then the size of the entry is put in there
*/
2002-07-15 10:35:28 +00:00
void * secrets_fetch ( const char * key , size_t * size )
2000-05-08 18:14:25 +00:00
{
2005-03-12 09:49:23 +00:00
TDB_DATA dbuf ;
2008-03-11 12:30:46 +01:00
void * result ;
2011-08-25 00:30:15 +02:00
NTSTATUS status ;
2008-02-08 23:12:53 +01:00
if ( ! secrets_init ( ) ) {
2001-11-24 14:16:41 +00:00
return NULL ;
2008-02-08 23:12:53 +01:00
}
2011-08-25 00:30:15 +02:00
status = dbwrap_fetch ( db_ctx , talloc_tos ( ) , string_tdb_data ( key ) ,
& dbuf ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-03-11 12:30:46 +01:00
return NULL ;
}
2014-04-14 14:37:29 +02:00
result = smb_memdup ( dbuf . dptr , dbuf . dsize ) ;
2008-03-11 12:30:46 +01:00
if ( result = = NULL ) {
return NULL ;
}
TALLOC_FREE ( dbuf . dptr ) ;
2008-02-08 23:12:53 +01:00
if ( size ) {
2001-11-17 03:19:17 +00:00
* size = dbuf . dsize ;
2008-02-08 23:12:53 +01:00
}
2008-03-11 12:30:46 +01:00
return result ;
2000-05-08 18:14:25 +00:00
}
2007-09-07 09:14:44 +00:00
/* store a secrets entry
2000-05-08 18:14:25 +00:00
*/
2007-10-18 17:40:25 -07:00
bool secrets_store ( const char * key , const void * data , size_t size )
2000-05-08 18:14:25 +00:00
{
2008-03-28 11:53:00 +01:00
NTSTATUS status ;
2008-02-08 23:12:53 +01:00
if ( ! secrets_init ( ) ) {
return false ;
}
2008-03-28 11:53:00 +01:00
status = dbwrap_trans_store ( db_ctx , string_tdb_data ( key ) ,
2015-05-09 13:34:31 -07:00
make_tdb_data ( ( const uint8_t * ) data , size ) ,
2008-03-28 11:53:00 +01:00
TDB_REPLACE ) ;
return NT_STATUS_IS_OK ( status ) ;
2000-05-08 18:14:25 +00:00
}
2021-03-24 10:06:18 +01:00
bool secrets_store_creds ( struct cli_credentials * creds )
{
const char * p = NULL ;
bool ok ;
p = cli_credentials_get_username ( creds ) ;
if ( p = = NULL ) {
return false ;
}
ok = secrets_store ( SECRETS_AUTH_USER , p , strlen ( p ) + 1 ) ;
if ( ! ok ) {
DBG_ERR ( " Failed storing auth user name \n " ) ;
return false ;
}
p = cli_credentials_get_domain ( creds ) ;
if ( p = = NULL ) {
return false ;
}
ok = secrets_store ( SECRETS_AUTH_DOMAIN , p , strlen ( p ) + 1 ) ;
if ( ! ok ) {
DBG_ERR ( " Failed storing auth domain name \n " ) ;
2021-04-16 14:24:15 +02:00
return false ;
2021-03-24 10:06:18 +01:00
}
p = cli_credentials_get_password ( creds ) ;
if ( p = = NULL ) {
return false ;
}
ok = secrets_store ( SECRETS_AUTH_PASSWORD , p , strlen ( p ) + 1 ) ;
if ( ! ok ) {
DBG_ERR ( " Failed storing auth password \n " ) ;
return false ;
}
return true ;
}
2000-05-08 18:14:25 +00:00
/* delete a secets database entry
*/
2017-06-20 13:07:15 +02:00
bool secrets_delete_entry ( const char * key )
2000-05-08 18:14:25 +00:00
{
2008-03-28 11:57:54 +01:00
NTSTATUS status ;
2008-02-08 23:12:53 +01:00
if ( ! secrets_init ( ) ) {
return false ;
}
2008-03-28 11:57:54 +01:00
status = dbwrap_trans_delete ( db_ctx , string_tdb_data ( key ) ) ;
return NT_STATUS_IS_OK ( status ) ;
2000-05-08 18:14:25 +00:00
}
2000-05-29 01:23:48 +00:00
2017-05-22 12:21:37 +02:00
/*
* Deletes the key if it exists .
*/
bool secrets_delete ( const char * key )
{
bool exists ;
if ( ! secrets_init ( ) ) {
return false ;
}
exists = dbwrap_exists ( db_ctx , string_tdb_data ( key ) ) ;
if ( ! exists ) {
return true ;
}
return secrets_delete_entry ( key ) ;
}
2002-03-01 02:56:35 +00:00
/**
* Form a key for fetching a trusted domain password
*
2002-07-15 10:35:28 +00:00
* @ param domain trusted domain name
2002-03-01 02:56:35 +00:00
*
* @ return stored password ' s key
* */
2003-07-19 11:28:15 +00:00
static char * trustdom_keystr ( const char * domain )
2002-03-01 02:56:35 +00:00
{
2007-11-04 18:15:37 +01:00
char * keystr ;
2002-03-01 02:56:35 +00:00
2008-03-09 11:26:50 +01:00
keystr = talloc_asprintf_strupper_m ( talloc_tos ( ) , " %s/%s " ,
SECRETS_DOMTRUST_ACCT_PASS ,
domain ) ;
2007-11-04 18:15:37 +01:00
SMB_ASSERT ( keystr ! = NULL ) ;
2002-03-01 02:56:35 +00:00
return keystr ;
}
/************************************************************************
Routine to get account password to trusted domain
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-09-25 15:19:00 +00:00
2007-10-18 17:40:25 -07:00
bool secrets_fetch_trusted_domain_password ( const char * domain , char * * pwd ,
2010-05-21 11:25:01 +10:00
struct dom_sid * sid , time_t * pass_last_set_time )
2002-03-01 02:56:35 +00:00
{
2009-10-28 16:42:44 +01:00
struct TRUSTED_DOM_PASS pass ;
enum ndr_err_code ndr_err ;
2007-09-07 09:14:44 +00:00
2003-04-22 13:10:02 +00:00
/* unpacking structures */
2009-10-28 16:42:44 +01:00
DATA_BLOB blob ;
2002-03-01 02:56:35 +00:00
2002-07-15 10:35:28 +00:00
/* fetching trusted domain password structure */
2009-10-28 16:42:44 +01:00
if ( ! ( blob . data = ( uint8_t * ) secrets_fetch ( trustdom_keystr ( domain ) ,
& blob . length ) ) ) {
2002-03-01 02:56:35 +00:00
DEBUG ( 5 , ( " secrets_fetch failed! \n " ) ) ;
return False ;
}
2002-07-15 10:35:28 +00:00
2003-04-22 13:10:02 +00:00
/* unpack trusted domain password */
2010-05-10 00:42:06 +02:00
ndr_err = ndr_pull_struct_blob ( & blob , talloc_tos ( ) , & pass ,
2009-10-28 16:42:44 +01:00
( ndr_pull_flags_fn_t ) ndr_pull_TRUSTED_DOM_PASS ) ;
2011-02-06 15:33:26 +01:00
SAFE_FREE ( blob . data ) ;
2009-10-28 16:42:44 +01:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return false ;
2002-03-01 02:56:35 +00:00
}
2007-09-07 09:14:44 +00:00
2009-10-28 16:42:44 +01:00
2007-09-07 09:14:44 +00:00
/* the trust's password */
2002-03-02 04:45:29 +00:00
if ( pwd ) {
2004-12-07 18:25:53 +00:00
* pwd = SMB_STRDUP ( pass . pass ) ;
2002-03-02 04:45:29 +00:00
if ( ! * pwd ) {
return False ;
}
}
2002-03-01 02:56:35 +00:00
2002-07-15 10:35:28 +00:00
/* last change time */
2003-04-22 13:10:02 +00:00
if ( pass_last_set_time ) * pass_last_set_time = pass . mod_time ;
2002-03-01 02:56:35 +00:00
2002-07-15 10:35:28 +00:00
/* domain sid */
2005-12-03 18:34:13 +00:00
if ( sid ! = NULL ) sid_copy ( sid , & pass . domain_sid ) ;
2007-09-07 09:14:44 +00:00
2002-03-01 02:56:35 +00:00
return True ;
}
2000-06-03 06:16:11 +00:00
2002-03-01 02:56:35 +00:00
/**
2003-04-22 13:10:02 +00:00
* Routine to store the password for trusted domain
2002-03-01 02:56:35 +00:00
*
* @ param domain remote domain name
* @ param pwd plain text password of trust relationship
* @ param sid remote domain sid
*
* @ return true if succeeded
* */
2007-10-18 17:40:25 -07:00
bool secrets_store_trusted_domain_password ( const char * domain , const char * pwd ,
2010-05-21 11:25:01 +10:00
const struct dom_sid * sid )
2006-02-03 22:19:41 +00:00
{
2007-11-20 17:18:16 -08:00
bool ret ;
2006-02-03 22:19:41 +00:00
2003-04-22 13:10:02 +00:00
/* packing structures */
2009-10-28 16:42:44 +01:00
DATA_BLOB blob ;
enum ndr_err_code ndr_err ;
struct TRUSTED_DOM_PASS pass ;
2002-03-02 04:45:29 +00:00
ZERO_STRUCT ( pass ) ;
2006-02-03 22:19:41 +00:00
2009-10-28 16:42:44 +01:00
pass . uni_name = domain ;
pass . uni_name_len = strlen ( domain ) + 1 ;
2002-07-15 10:35:28 +00:00
/* last change time */
2002-03-01 02:56:35 +00:00
pass . mod_time = time ( NULL ) ;
2002-07-15 10:35:28 +00:00
/* password of the trust */
2002-03-01 02:56:35 +00:00
pass . pass_len = strlen ( pwd ) ;
2009-10-28 16:42:44 +01:00
pass . pass = pwd ;
2002-03-01 02:56:35 +00:00
2002-07-15 10:35:28 +00:00
/* domain sid */
2006-02-03 22:19:41 +00:00
sid_copy ( & pass . domain_sid , sid ) ;
2007-09-07 09:14:44 +00:00
2010-05-10 00:42:06 +02:00
ndr_err = ndr_push_struct_blob ( & blob , talloc_tos ( ) , & pass ,
2009-10-28 16:42:44 +01:00
( ndr_push_flags_fn_t ) ndr_push_TRUSTED_DOM_PASS ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2007-11-20 17:18:16 -08:00
return false ;
}
2009-10-28 16:42:44 +01:00
ret = secrets_store ( trustdom_keystr ( domain ) , blob . data , blob . length ) ;
data_blob_free ( & blob ) ;
2002-02-22 03:18:37 +00:00
return ret ;
2001-11-24 14:16:41 +00:00
}
2002-03-01 02:56:35 +00:00
/************************************************************************
Routine to delete the password for trusted domain
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-11-08 23:08:59 +00:00
2007-10-18 17:40:25 -07:00
bool trusted_domain_password_delete ( const char * domain )
2002-03-01 02:56:35 +00:00
{
2017-06-20 13:07:15 +02:00
return secrets_delete_entry ( trustdom_keystr ( domain ) ) ;
2002-03-01 02:56:35 +00:00
}
2007-10-18 17:40:25 -07:00
bool secrets_store_ldap_pw ( const char * dn , char * pw )
2001-12-13 18:09:29 +00:00
{
2002-07-15 10:35:28 +00:00
char * key = NULL ;
2007-10-18 17:40:25 -07:00
bool ret ;
2007-09-07 09:14:44 +00:00
2002-07-15 10:35:28 +00:00
if ( asprintf ( & key , " %s/%s " , SECRETS_LDAP_BIND_PW , dn ) < 0 ) {
DEBUG ( 0 , ( " secrets_store_ldap_pw: asprintf failed! \n " ) ) ;
return False ;
}
2007-09-07 09:14:44 +00:00
2002-07-15 10:35:28 +00:00
ret = secrets_store ( key , pw , strlen ( pw ) + 1 ) ;
2007-09-07 09:14:44 +00:00
2002-07-15 10:35:28 +00:00
SAFE_FREE ( key ) ;
return ret ;
}
2005-05-31 13:46:45 +00:00
/*******************************************************************
2005-09-30 17:13:37 +00:00
Find the ldap password .
2005-05-31 13:46:45 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 17:13:37 +00:00
2007-10-18 17:40:25 -07:00
bool fetch_ldap_pw ( char * * dn , char * * pw )
2005-05-31 13:46:45 +00:00
{
char * key = NULL ;
2005-12-03 06:46:46 +00:00
size_t size = 0 ;
2007-09-07 09:14:44 +00:00
2019-11-04 17:54:23 +01:00
* dn = smb_xstrdup ( lp_ldap_admin_dn ( ) ) ;
2007-09-07 09:14:44 +00:00
2005-05-31 13:46:45 +00:00
if ( asprintf ( & key , " %s/%s " , SECRETS_LDAP_BIND_PW , * dn ) < 0 ) {
SAFE_FREE ( * dn ) ;
DEBUG ( 0 , ( " fetch_ldap_pw: asprintf failed! \n " ) ) ;
2009-10-15 16:55:40 -07:00
return false ;
2005-05-31 13:46:45 +00:00
}
2007-09-07 09:14:44 +00:00
2006-07-11 18:01:26 +00:00
* pw = ( char * ) secrets_fetch ( key , & size ) ;
2005-05-31 13:46:45 +00:00
SAFE_FREE ( key ) ;
2017-04-21 13:05:12 +02:00
if ( ( size ! = 0 ) & & ( ( * pw ) [ size - 1 ] ! = ' \0 ' ) ) {
DBG_ERR ( " Non 0-terminated password for dn %s \n " , * dn ) ;
SAFE_FREE ( * pw ) ;
SAFE_FREE ( * dn ) ;
return false ;
}
2005-05-31 13:46:45 +00:00
if ( ! size ) {
/* Upgrade 2.2 style entry */
char * p ;
char * old_style_key = SMB_STRDUP ( * dn ) ;
char * data ;
fstring old_style_pw ;
2007-09-07 09:14:44 +00:00
2005-05-31 13:46:45 +00:00
if ( ! old_style_key ) {
DEBUG ( 0 , ( " fetch_ldap_pw: strdup failed! \n " ) ) ;
2018-08-09 16:05:41 +02:00
SAFE_FREE ( * pw ) ;
SAFE_FREE ( * dn ) ;
2005-05-31 13:46:45 +00:00
return False ;
}
for ( p = old_style_key ; * p ; p + + )
if ( * p = = ' , ' ) * p = ' / ' ;
2007-09-07 09:14:44 +00:00
2006-07-11 18:01:26 +00:00
data = ( char * ) secrets_fetch ( old_style_key , & size ) ;
2008-06-07 08:48:13 +02:00
if ( ( data = = NULL ) | | ( size < sizeof ( old_style_pw ) ) ) {
2005-05-31 13:46:45 +00:00
DEBUG ( 0 , ( " fetch_ldap_pw: neither ldap secret retrieved! \n " ) ) ;
SAFE_FREE ( old_style_key ) ;
2018-08-09 16:05:41 +02:00
SAFE_FREE ( * pw ) ;
2005-05-31 13:46:45 +00:00
SAFE_FREE ( * dn ) ;
2008-06-07 08:48:13 +02:00
SAFE_FREE ( data ) ;
2005-05-31 13:46:45 +00:00
return False ;
}
size = MIN ( size , sizeof ( fstring ) - 1 ) ;
strncpy ( old_style_pw , data , size ) ;
old_style_pw [ size ] = 0 ;
SAFE_FREE ( data ) ;
if ( ! secrets_store_ldap_pw ( * dn , old_style_pw ) ) {
DEBUG ( 0 , ( " fetch_ldap_pw: ldap secret could not be upgraded! \n " ) ) ;
SAFE_FREE ( old_style_key ) ;
2018-08-09 16:05:41 +02:00
SAFE_FREE ( * pw ) ;
2005-05-31 13:46:45 +00:00
SAFE_FREE ( * dn ) ;
2007-09-07 09:14:44 +00:00
return False ;
2005-05-31 13:46:45 +00:00
}
2017-06-20 13:07:15 +02:00
if ( ! secrets_delete_entry ( old_style_key ) ) {
2005-05-31 13:46:45 +00:00
DEBUG ( 0 , ( " fetch_ldap_pw: old ldap secret could not be deleted! \n " ) ) ;
}
SAFE_FREE ( old_style_key ) ;
2007-09-07 09:14:44 +00:00
* pw = smb_xstrdup ( old_style_pw ) ;
2005-05-31 13:46:45 +00:00
}
2007-09-07 09:14:44 +00:00
2005-05-31 13:46:45 +00:00
return True ;
}
2003-09-07 16:36:13 +00:00
/*******************************************************************************
Store a complete AFS keyfile into secrets . tdb .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-18 17:40:25 -07:00
bool secrets_store_afs_keyfile ( const char * cell , const struct afs_keyfile * keyfile )
2003-09-07 16:36:13 +00:00
{
fstring key ;
if ( ( cell = = NULL ) | | ( keyfile = = NULL ) )
return False ;
if ( ntohl ( keyfile - > nkeys ) > SECRETS_AFS_MAXKEYS )
return False ;
slprintf ( key , sizeof ( key ) - 1 , " %s/%s " , SECRETS_AFS_KEYFILE , cell ) ;
return secrets_store ( key , keyfile , sizeof ( struct afs_keyfile ) ) ;
}
/*******************************************************************************
Fetch the current ( highest ) AFS key from secrets . tdb
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-18 17:40:25 -07:00
bool secrets_fetch_afs_key ( const char * cell , struct afs_key * result )
2003-09-07 16:36:13 +00:00
{
fstring key ;
struct afs_keyfile * keyfile ;
2005-12-03 06:46:46 +00:00
size_t size = 0 ;
2015-05-09 13:34:31 -07:00
uint32_t i ;
2003-09-07 16:36:13 +00:00
slprintf ( key , sizeof ( key ) - 1 , " %s/%s " , SECRETS_AFS_KEYFILE , cell ) ;
keyfile = ( struct afs_keyfile * ) secrets_fetch ( key , & size ) ;
if ( keyfile = = NULL )
return False ;
if ( size ! = sizeof ( struct afs_keyfile ) ) {
SAFE_FREE ( keyfile ) ;
return False ;
}
i = ntohl ( keyfile - > nkeys ) ;
if ( i > SECRETS_AFS_MAXKEYS ) {
SAFE_FREE ( keyfile ) ;
return False ;
}
* result = keyfile - > entry [ i - 1 ] ;
result - > kvno = ntohl ( result - > kvno ) ;
2008-06-07 08:51:35 +02:00
SAFE_FREE ( keyfile ) ;
2003-09-07 16:36:13 +00:00
return True ;
}
2004-01-07 10:11:24 +00:00
/******************************************************************************
When kerberos is not available , choose between anonymous or
2007-09-07 09:14:44 +00:00
authenticated connections .
2004-01-07 10:11:24 +00:00
We need to use an authenticated connection if DCs have the
RestrictAnonymous registry entry set > 0 , or the " Additional
restrictions for anonymous connections " set in the win2k Local
Security Policy .
Caller to free ( ) result in domain , username , password
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
void secrets_fetch_ipc_userpass ( char * * username , char * * domain , char * * password )
{
2006-07-11 18:01:26 +00:00
* username = ( char * ) secrets_fetch ( SECRETS_AUTH_USER , NULL ) ;
* domain = ( char * ) secrets_fetch ( SECRETS_AUTH_DOMAIN , NULL ) ;
* password = ( char * ) secrets_fetch ( SECRETS_AUTH_PASSWORD , NULL ) ;
2007-09-07 09:14:44 +00:00
2004-01-07 10:11:24 +00:00
if ( * username & & * * username ) {
if ( ! * domain | | ! * * domain )
* domain = smb_xstrdup ( lp_workgroup ( ) ) ;
2007-09-07 09:14:44 +00:00
2004-01-07 10:11:24 +00:00
if ( ! * password | | ! * * password )
* password = smb_xstrdup ( " " ) ;
2007-09-07 09:14:44 +00:00
DEBUG ( 3 , ( " IPC$ connections done by user %s \\ %s \n " ,
2004-01-07 10:11:24 +00:00
* domain , * username ) ) ;
} else {
DEBUG ( 3 , ( " IPC$ connections done anonymously \n " ) ) ;
* username = smb_xstrdup ( " " ) ;
* domain = smb_xstrdup ( " " ) ;
* password = smb_xstrdup ( " " ) ;
}
}
2007-10-18 17:40:25 -07:00
bool secrets_store_generic ( const char * owner , const char * key , const char * secret )
2006-12-12 14:52:13 +00:00
{
char * tdbkey = NULL ;
2007-10-18 17:40:25 -07:00
bool ret ;
2007-09-07 09:14:44 +00:00
2006-12-12 14:52:13 +00:00
if ( asprintf ( & tdbkey , " SECRETS/GENERIC/%s/%s " , owner , key ) < 0 ) {
DEBUG ( 0 , ( " asprintf failed! \n " ) ) ;
return False ;
}
2007-09-07 09:14:44 +00:00
2006-12-12 14:52:13 +00:00
ret = secrets_store ( tdbkey , secret , strlen ( secret ) + 1 ) ;
2007-09-07 09:14:44 +00:00
2006-12-12 14:52:13 +00:00
SAFE_FREE ( tdbkey ) ;
return ret ;
}
/*******************************************************************
Find the ldap password .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
char * secrets_fetch_generic ( const char * owner , const char * key )
{
char * secret = NULL ;
char * tdbkey = NULL ;
if ( ( ! owner ) | | ( ! key ) ) {
2010-03-10 12:07:44 +01:00
DEBUG ( 1 , ( " Invalid Parameters " ) ) ;
2006-12-12 14:52:13 +00:00
return NULL ;
}
if ( asprintf ( & tdbkey , " SECRETS/GENERIC/%s/%s " , owner , key ) < 0 ) {
DEBUG ( 0 , ( " Out of memory! \n " ) ) ;
return NULL ;
}
2007-09-07 09:14:44 +00:00
2006-12-12 14:52:13 +00:00
secret = ( char * ) secrets_fetch ( tdbkey , NULL ) ;
SAFE_FREE ( tdbkey ) ;
return secret ;
}