2007-09-07 13:14:44 +04:00
/*
2002-01-30 09:08:46 +03:00
Unix SMB / CIFS implementation .
2001-11-24 17:16:41 +03:00
Copyright ( C ) Andrew Tridgell 1992 - 2001
2002-07-15 14:35:28 +04:00
Copyright ( C ) Andrew Bartlett 2002
Copyright ( C ) Rafal Szczesniak 2002
2004-01-07 13:11:24 +03:00
Copyright ( C ) Tim Potter 2001
2000-05-08 22:14:25 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2000-05-08 22:14:25 +04:00
( at your option ) any later version .
2007-09-07 13:14:44 +04:00
2000-05-08 22:14:25 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2007-09-07 13:14:44 +04:00
2000-05-08 22:14:25 +04:00
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2000-05-08 22:14:25 +04:00
*/
2000-05-15 21:13:50 +04:00
/* the Samba secrets database stores any generated, private information
2000-05-08 22:14:25 +04:00
such as the local SID and machine trust password */
# include "includes.h"
2011-02-26 01:20:06 +03:00
# include "system/filesys.h"
2011-03-18 20:58:37 +03:00
# include "passdb.h"
2009-03-16 13:27:58 +03:00
# include "../libcli/auth/libcli_auth.h"
2009-10-28 18:42:44 +03:00
# include "librpc/gen_ndr/ndr_secrets.h"
2010-08-05 04:25:37 +04:00
# include "secrets.h"
2011-07-07 19:42:08 +04:00
# include "dbwrap/dbwrap.h"
2011-07-06 18:40:21 +04:00
# include "dbwrap/dbwrap_open.h"
2010-10-12 08:27:50 +04:00
# include "../libcli/security/security.h"
2011-05-05 13:25:29 +04:00
# include "util_tdb.h"
2009-08-26 02:31:27 +04:00
2002-07-15 14:35:28 +04:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_PASSDB
2008-03-11 14:30:46 +03:00
static struct db_context * db_ctx ;
2000-05-08 22:14:25 +04:00
2004-07-14 08:36:01 +04:00
/**
* Use a TDB to store an incrementing random seed .
*
* Initialised to the current pid , the very first time Samba starts ,
2007-09-07 13:14:44 +04:00
* and incremented by one each time it is needed .
*
2004-07-14 08:36:01 +04:00
* @ note Not called by systems with a working / dev / urandom .
*/
2008-10-23 20:46:35 +04:00
static void get_rand_seed ( void * userdata , int * new_seed )
2004-07-14 08:36:01 +04:00
{
* new_seed = sys_getpid ( ) ;
2008-03-11 14:30:46 +03:00
if ( db_ctx ) {
2009-07-29 17:15:54 +04:00
dbwrap_trans_change_int32_atomic ( db_ctx , " INFO/random_seed " ,
new_seed , 1 ) ;
2004-07-14 08:36:01 +04:00
}
}
2011-08-10 07:50:26 +04:00
/* open up the secrets database with specified private_dir path */
bool secrets_init_path ( const char * private_dir )
2000-05-08 22:14:25 +04:00
{
2007-11-21 04:18:16 +03:00
char * fname = NULL ;
2004-11-25 03:25:53 +03:00
unsigned char dummy ;
2000-05-08 22:14:25 +04:00
2011-08-10 07:50:26 +04:00
if ( db_ctx ! = NULL ) {
2001-11-17 06:19:17 +03:00
return True ;
2011-08-10 07:50:26 +04:00
}
if ( private_dir = = NULL ) {
return False ;
}
2000-05-08 22:14:25 +04:00
2008-03-09 13:17:48 +03:00
fname = talloc_asprintf ( talloc_tos ( ) , " %s/secrets.tdb " ,
2011-08-10 07:50:26 +04:00
private_dir ) ;
2008-03-09 13:17:48 +03:00
if ( fname = = NULL ) {
2011-08-10 07:50:26 +04:00
return False ;
2007-11-21 04:18:16 +03:00
}
2000-05-08 22:14:25 +04:00
2008-08-07 10:20:05 +04:00
db_ctx = db_open ( NULL , fname , 0 ,
TDB_DEFAULT , O_RDWR | O_CREAT , 0600 ) ;
2000-05-08 22:14:25 +04:00
2008-03-11 14:30:46 +03:00
if ( db_ctx = = NULL ) {
2000-05-08 22:14:25 +04:00
DEBUG ( 0 , ( " Failed to open %s \n " , fname ) ) ;
return False ;
}
2004-07-14 08:36:01 +04:00
2008-03-09 13:17:48 +03:00
TALLOC_FREE ( fname ) ;
2007-11-21 04:18:16 +03:00
2004-07-14 08:36:01 +04:00
/**
2007-09-07 13:14:44 +04:00
* Set a reseed function for the crypto random generator
*
2004-07-14 08:36:01 +04:00
* This avoids a problem where systems without / dev / urandom
* could send the same challenge to multiple clients
*/
2008-10-23 20:46:35 +04:00
set_rand_reseed_callback ( get_rand_seed , NULL ) ;
2004-07-14 08:36:01 +04:00
/* Ensure that the reseed is done now, while we are root, etc */
generate_random_buffer ( & dummy , sizeof ( dummy ) ) ;
2000-05-08 22:14:25 +04:00
return True ;
}
2011-08-10 07:50:26 +04:00
/* open up the secrets database */
bool secrets_init ( void )
{
return secrets_init_path ( lp_private_dir ( ) ) ;
}
2008-04-01 13:00:59 +04:00
struct db_context * secrets_db_ctx ( void )
{
if ( ! secrets_init ( ) ) {
return NULL ;
}
return db_ctx ;
}
2008-01-07 14:42:16 +03:00
/*
* close secrets . tdb
*/
void secrets_shutdown ( void )
{
2008-03-11 14:30:46 +03:00
TALLOC_FREE ( db_ctx ) ;
2008-01-07 14:42:16 +03:00
}
2000-05-08 22:14:25 +04:00
/* read a entry from the secrets database - the caller must free the result
if size is non - null then the size of the entry is put in there
*/
2002-07-15 14:35:28 +04:00
void * secrets_fetch ( const char * key , size_t * size )
2000-05-08 22:14:25 +04:00
{
2005-03-12 12:49:23 +03:00
TDB_DATA dbuf ;
2008-03-11 14:30:46 +03:00
void * result ;
2008-02-09 01:12:53 +03:00
if ( ! secrets_init ( ) ) {
2001-11-24 17:16:41 +03:00
return NULL ;
2008-02-09 01:12:53 +03:00
}
2008-03-11 14:30:46 +03:00
if ( db_ctx - > fetch ( db_ctx , talloc_tos ( ) , string_tdb_data ( key ) ,
& dbuf ) ! = 0 ) {
return NULL ;
}
result = memdup ( dbuf . dptr , dbuf . dsize ) ;
if ( result = = NULL ) {
return NULL ;
}
TALLOC_FREE ( dbuf . dptr ) ;
2008-02-09 01:12:53 +03:00
if ( size ) {
2001-11-17 06:19:17 +03:00
* size = dbuf . dsize ;
2008-02-09 01:12:53 +03:00
}
2008-03-11 14:30:46 +03:00
return result ;
2000-05-08 22:14:25 +04:00
}
2007-09-07 13:14:44 +04:00
/* store a secrets entry
2000-05-08 22:14:25 +04:00
*/
2007-10-19 04:40:25 +04:00
bool secrets_store ( const char * key , const void * data , size_t size )
2000-05-08 22:14:25 +04:00
{
2008-03-28 13:53:00 +03:00
NTSTATUS status ;
2008-02-09 01:12:53 +03:00
if ( ! secrets_init ( ) ) {
return false ;
}
2008-03-28 13:53:00 +03:00
status = dbwrap_trans_store ( db_ctx , string_tdb_data ( key ) ,
make_tdb_data ( ( const uint8 * ) data , size ) ,
TDB_REPLACE ) ;
return NT_STATUS_IS_OK ( status ) ;
2000-05-08 22:14:25 +04:00
}
/* delete a secets database entry
*/
2007-10-19 04:40:25 +04:00
bool secrets_delete ( const char * key )
2000-05-08 22:14:25 +04:00
{
2008-03-28 13:57:54 +03:00
NTSTATUS status ;
2008-02-09 01:12:53 +03:00
if ( ! secrets_init ( ) ) {
return false ;
}
2008-03-28 13:57:54 +03:00
status = dbwrap_trans_delete ( db_ctx , string_tdb_data ( key ) ) ;
return NT_STATUS_IS_OK ( status ) ;
2000-05-08 22:14:25 +04:00
}
2000-05-29 05:23:48 +04:00
2002-03-01 05:56:35 +03:00
/**
* Form a key for fetching a trusted domain password
*
2002-07-15 14:35:28 +04:00
* @ param domain trusted domain name
2002-03-01 05:56:35 +03:00
*
* @ return stored password ' s key
* */
2003-07-19 15:28:15 +04:00
static char * trustdom_keystr ( const char * domain )
2002-03-01 05:56:35 +03:00
{
2007-11-04 20:15:37 +03:00
char * keystr ;
2002-03-01 05:56:35 +03:00
2008-03-09 13:26:50 +03:00
keystr = talloc_asprintf_strupper_m ( talloc_tos ( ) , " %s/%s " ,
SECRETS_DOMTRUST_ACCT_PASS ,
domain ) ;
2007-11-04 20:15:37 +03:00
SMB_ASSERT ( keystr ! = NULL ) ;
2002-03-01 05:56:35 +03:00
return keystr ;
}
/************************************************************************
Routine to get account password to trusted domain
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-09-25 19:19:00 +04:00
2007-10-19 04:40:25 +04:00
bool secrets_fetch_trusted_domain_password ( const char * domain , char * * pwd ,
2010-05-21 05:25:01 +04:00
struct dom_sid * sid , time_t * pass_last_set_time )
2002-03-01 05:56:35 +03:00
{
2009-10-28 18:42:44 +03:00
struct TRUSTED_DOM_PASS pass ;
enum ndr_err_code ndr_err ;
2007-09-07 13:14:44 +04:00
2003-04-22 17:10:02 +04:00
/* unpacking structures */
2009-10-28 18:42:44 +03:00
DATA_BLOB blob ;
2002-03-01 05:56:35 +03:00
2002-07-15 14:35:28 +04:00
/* fetching trusted domain password structure */
2009-10-28 18:42:44 +03:00
if ( ! ( blob . data = ( uint8_t * ) secrets_fetch ( trustdom_keystr ( domain ) ,
& blob . length ) ) ) {
2002-03-01 05:56:35 +03:00
DEBUG ( 5 , ( " secrets_fetch failed! \n " ) ) ;
return False ;
}
2002-07-15 14:35:28 +04:00
2003-04-22 17:10:02 +04:00
/* unpack trusted domain password */
2010-05-10 02:42:06 +04:00
ndr_err = ndr_pull_struct_blob ( & blob , talloc_tos ( ) , & pass ,
2009-10-28 18:42:44 +03:00
( ndr_pull_flags_fn_t ) ndr_pull_TRUSTED_DOM_PASS ) ;
2011-02-06 17:33:26 +03:00
SAFE_FREE ( blob . data ) ;
2009-10-28 18:42:44 +03:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return false ;
2002-03-01 05:56:35 +03:00
}
2007-09-07 13:14:44 +04:00
2009-10-28 18:42:44 +03:00
2007-09-07 13:14:44 +04:00
/* the trust's password */
2002-03-02 07:45:29 +03:00
if ( pwd ) {
2004-12-07 21:25:53 +03:00
* pwd = SMB_STRDUP ( pass . pass ) ;
2002-03-02 07:45:29 +03:00
if ( ! * pwd ) {
return False ;
}
}
2002-03-01 05:56:35 +03:00
2002-07-15 14:35:28 +04:00
/* last change time */
2003-04-22 17:10:02 +04:00
if ( pass_last_set_time ) * pass_last_set_time = pass . mod_time ;
2002-03-01 05:56:35 +03:00
2002-07-15 14:35:28 +04:00
/* domain sid */
2005-12-03 21:34:13 +03:00
if ( sid ! = NULL ) sid_copy ( sid , & pass . domain_sid ) ;
2007-09-07 13:14:44 +04:00
2002-03-01 05:56:35 +03:00
return True ;
}
2000-06-03 10:16:11 +04:00
2002-03-01 05:56:35 +03:00
/**
2003-04-22 17:10:02 +04:00
* Routine to store the password for trusted domain
2002-03-01 05:56:35 +03:00
*
* @ param domain remote domain name
* @ param pwd plain text password of trust relationship
* @ param sid remote domain sid
*
* @ return true if succeeded
* */
2007-10-19 04:40:25 +04:00
bool secrets_store_trusted_domain_password ( const char * domain , const char * pwd ,
2010-05-21 05:25:01 +04:00
const struct dom_sid * sid )
2006-02-04 01:19:41 +03:00
{
2007-11-21 04:18:16 +03:00
bool ret ;
2006-02-04 01:19:41 +03:00
2003-04-22 17:10:02 +04:00
/* packing structures */
2009-10-28 18:42:44 +03:00
DATA_BLOB blob ;
enum ndr_err_code ndr_err ;
struct TRUSTED_DOM_PASS pass ;
2002-03-02 07:45:29 +03:00
ZERO_STRUCT ( pass ) ;
2006-02-04 01:19:41 +03:00
2009-10-28 18:42:44 +03:00
pass . uni_name = domain ;
pass . uni_name_len = strlen ( domain ) + 1 ;
2002-07-15 14:35:28 +04:00
/* last change time */
2002-03-01 05:56:35 +03:00
pass . mod_time = time ( NULL ) ;
2002-07-15 14:35:28 +04:00
/* password of the trust */
2002-03-01 05:56:35 +03:00
pass . pass_len = strlen ( pwd ) ;
2009-10-28 18:42:44 +03:00
pass . pass = pwd ;
2002-03-01 05:56:35 +03:00
2002-07-15 14:35:28 +04:00
/* domain sid */
2006-02-04 01:19:41 +03:00
sid_copy ( & pass . domain_sid , sid ) ;
2007-09-07 13:14:44 +04:00
2010-05-10 02:42:06 +04:00
ndr_err = ndr_push_struct_blob ( & blob , talloc_tos ( ) , & pass ,
2009-10-28 18:42:44 +03:00
( ndr_push_flags_fn_t ) ndr_push_TRUSTED_DOM_PASS ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2007-11-21 04:18:16 +03:00
return false ;
}
2009-10-28 18:42:44 +03:00
ret = secrets_store ( trustdom_keystr ( domain ) , blob . data , blob . length ) ;
data_blob_free ( & blob ) ;
2002-02-22 06:18:37 +03:00
return ret ;
2001-11-24 17:16:41 +03:00
}
2002-03-01 05:56:35 +03:00
/************************************************************************
Routine to delete the password for trusted domain
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-11-09 02:08:59 +03:00
2007-10-19 04:40:25 +04:00
bool trusted_domain_password_delete ( const char * domain )
2002-03-01 05:56:35 +03:00
{
return secrets_delete ( trustdom_keystr ( domain ) ) ;
}
2007-10-19 04:40:25 +04:00
bool secrets_store_ldap_pw ( const char * dn , char * pw )
2001-12-13 21:09:29 +03:00
{
2002-07-15 14:35:28 +04:00
char * key = NULL ;
2007-10-19 04:40:25 +04:00
bool ret ;
2007-09-07 13:14:44 +04:00
2002-07-15 14:35:28 +04:00
if ( asprintf ( & key , " %s/%s " , SECRETS_LDAP_BIND_PW , dn ) < 0 ) {
DEBUG ( 0 , ( " secrets_store_ldap_pw: asprintf failed! \n " ) ) ;
return False ;
}
2007-09-07 13:14:44 +04:00
2002-07-15 14:35:28 +04:00
ret = secrets_store ( key , pw , strlen ( pw ) + 1 ) ;
2007-09-07 13:14:44 +04:00
2002-07-15 14:35:28 +04:00
SAFE_FREE ( key ) ;
return ret ;
}
2005-05-31 17:46:45 +04:00
/*******************************************************************
2005-09-30 21:13:37 +04:00
Find the ldap password .
2005-05-31 17:46:45 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
2007-10-19 04:40:25 +04:00
bool fetch_ldap_pw ( char * * dn , char * * pw )
2005-05-31 17:46:45 +04:00
{
char * key = NULL ;
2005-12-03 09:46:46 +03:00
size_t size = 0 ;
2007-09-07 13:14:44 +04:00
2005-05-31 17:46:45 +04:00
* dn = smb_xstrdup ( lp_ldap_admin_dn ( ) ) ;
2007-09-07 13:14:44 +04:00
2005-05-31 17:46:45 +04:00
if ( asprintf ( & key , " %s/%s " , SECRETS_LDAP_BIND_PW , * dn ) < 0 ) {
SAFE_FREE ( * dn ) ;
DEBUG ( 0 , ( " fetch_ldap_pw: asprintf failed! \n " ) ) ;
2009-10-16 03:55:40 +04:00
return false ;
2005-05-31 17:46:45 +04:00
}
2007-09-07 13:14:44 +04:00
2006-07-11 22:01:26 +04:00
* pw = ( char * ) secrets_fetch ( key , & size ) ;
2005-05-31 17:46:45 +04:00
SAFE_FREE ( key ) ;
if ( ! size ) {
/* Upgrade 2.2 style entry */
char * p ;
char * old_style_key = SMB_STRDUP ( * dn ) ;
char * data ;
fstring old_style_pw ;
2007-09-07 13:14:44 +04:00
2005-05-31 17:46:45 +04:00
if ( ! old_style_key ) {
DEBUG ( 0 , ( " fetch_ldap_pw: strdup failed! \n " ) ) ;
return False ;
}
for ( p = old_style_key ; * p ; p + + )
if ( * p = = ' , ' ) * p = ' / ' ;
2007-09-07 13:14:44 +04:00
2006-07-11 22:01:26 +04:00
data = ( char * ) secrets_fetch ( old_style_key , & size ) ;
2008-06-07 10:48:13 +04:00
if ( ( data = = NULL ) | | ( size < sizeof ( old_style_pw ) ) ) {
2005-05-31 17:46:45 +04:00
DEBUG ( 0 , ( " fetch_ldap_pw: neither ldap secret retrieved! \n " ) ) ;
SAFE_FREE ( old_style_key ) ;
SAFE_FREE ( * dn ) ;
2008-06-07 10:48:13 +04:00
SAFE_FREE ( data ) ;
2005-05-31 17:46:45 +04:00
return False ;
}
size = MIN ( size , sizeof ( fstring ) - 1 ) ;
strncpy ( old_style_pw , data , size ) ;
old_style_pw [ size ] = 0 ;
SAFE_FREE ( data ) ;
if ( ! secrets_store_ldap_pw ( * dn , old_style_pw ) ) {
DEBUG ( 0 , ( " fetch_ldap_pw: ldap secret could not be upgraded! \n " ) ) ;
SAFE_FREE ( old_style_key ) ;
SAFE_FREE ( * dn ) ;
2007-09-07 13:14:44 +04:00
return False ;
2005-05-31 17:46:45 +04:00
}
if ( ! secrets_delete ( old_style_key ) ) {
DEBUG ( 0 , ( " fetch_ldap_pw: old ldap secret could not be deleted! \n " ) ) ;
}
SAFE_FREE ( old_style_key ) ;
2007-09-07 13:14:44 +04:00
* pw = smb_xstrdup ( old_style_pw ) ;
2005-05-31 17:46:45 +04:00
}
2007-09-07 13:14:44 +04:00
2005-05-31 17:46:45 +04:00
return True ;
}
2002-07-15 14:35:28 +04:00
/**
2002-08-17 21:00:51 +04:00
* Get trusted domains info from secrets . tdb .
2007-09-07 13:14:44 +04:00
* */
2002-07-15 14:35:28 +04:00
2008-03-11 14:30:46 +03:00
struct list_trusted_domains_state {
uint32 num_domains ;
struct trustdom_info * * domains ;
} ;
static int list_trusted_domain ( struct db_record * rec , void * private_data )
2002-07-15 14:35:28 +04:00
{
2008-03-11 14:30:46 +03:00
const size_t prefix_len = strlen ( SECRETS_DOMTRUST_ACCT_PASS ) ;
2009-10-28 18:42:44 +03:00
struct TRUSTED_DOM_PASS pass ;
enum ndr_err_code ndr_err ;
DATA_BLOB blob ;
2008-03-11 14:30:46 +03:00
struct trustdom_info * dom_info ;
2006-07-11 22:01:26 +04:00
2008-03-11 14:30:46 +03:00
struct list_trusted_domains_state * state =
( struct list_trusted_domains_state * ) private_data ;
2002-07-15 14:35:28 +04:00
2008-03-11 14:30:46 +03:00
if ( ( rec - > key . dsize < prefix_len )
| | ( strncmp ( ( char * ) rec - > key . dptr , SECRETS_DOMTRUST_ACCT_PASS ,
prefix_len ) ! = 0 ) ) {
return 0 ;
2008-02-09 01:12:53 +03:00
}
2007-09-07 13:14:44 +04:00
2009-10-28 18:42:44 +03:00
blob = data_blob_const ( rec - > value . dptr , rec - > value . dsize ) ;
2008-03-11 14:30:46 +03:00
2010-05-10 02:42:06 +04:00
ndr_err = ndr_pull_struct_blob ( & blob , talloc_tos ( ) , & pass ,
2009-10-28 18:42:44 +03:00
( ndr_pull_flags_fn_t ) ndr_pull_TRUSTED_DOM_PASS ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return false ;
2002-07-15 14:35:28 +04:00
}
2008-03-11 14:30:46 +03:00
if ( pass . domain_sid . num_auths ! = 4 ) {
DEBUG ( 0 , ( " SID %s is not a domain sid, has %d "
" auths instead of 4 \n " ,
sid_string_dbg ( & pass . domain_sid ) ,
pass . domain_sid . num_auths ) ) ;
return 0 ;
}
2002-07-15 14:35:28 +04:00
2011-06-07 05:38:41 +04:00
if ( ! ( dom_info = talloc ( state - > domains , struct trustdom_info ) ) ) {
2008-03-11 14:30:46 +03:00
DEBUG ( 0 , ( " talloc failed \n " ) ) ;
return 0 ;
}
2006-07-11 22:01:26 +04:00
2009-10-28 18:42:44 +03:00
dom_info - > name = talloc_strdup ( dom_info , pass . uni_name ) ;
if ( ! dom_info - > name ) {
2008-03-11 14:30:46 +03:00
TALLOC_FREE ( dom_info ) ;
return 0 ;
2006-07-11 22:01:26 +04:00
}
2008-03-11 14:30:46 +03:00
sid_copy ( & dom_info - > sid , & pass . domain_sid ) ;
2003-07-01 16:40:52 +04:00
2008-03-11 14:30:46 +03:00
ADD_TO_ARRAY ( state - > domains , struct trustdom_info * , dom_info ,
& state - > domains , & state - > num_domains ) ;
2007-09-07 13:14:44 +04:00
2008-03-11 14:30:46 +03:00
if ( state - > domains = = NULL ) {
state - > num_domains = 0 ;
return - 1 ;
}
return 0 ;
}
2002-07-15 14:35:28 +04:00
2008-03-11 14:30:46 +03:00
NTSTATUS secrets_trusted_domains ( TALLOC_CTX * mem_ctx , uint32 * num_domains ,
struct trustdom_info * * * domains )
{
struct list_trusted_domains_state state ;
2006-02-04 01:19:41 +03:00
2011-03-16 20:42:48 +03:00
if ( ! secrets_init ( ) ) {
2008-03-11 14:30:46 +03:00
return NT_STATUS_ACCESS_DENIED ;
}
2006-02-04 01:19:41 +03:00
2008-03-11 14:30:46 +03:00
state . num_domains = 0 ;
2006-02-04 01:19:41 +03:00
2008-03-11 14:30:46 +03:00
/*
* Make sure that a talloc context for the trustdom_info structs
* exists
*/
2006-02-04 01:19:41 +03:00
2011-06-07 05:30:12 +04:00
if ( ! ( state . domains = talloc_array (
2008-03-11 14:30:46 +03:00
mem_ctx , struct trustdom_info * , 1 ) ) ) {
return NT_STATUS_NO_MEMORY ;
2002-07-15 14:35:28 +04:00
}
2007-09-07 13:14:44 +04:00
2008-03-20 16:26:46 +03:00
db_ctx - > traverse_read ( db_ctx , list_trusted_domain , ( void * ) & state ) ;
2002-07-15 14:35:28 +04:00
2008-03-11 14:30:46 +03:00
* num_domains = state . num_domains ;
* domains = state . domains ;
2006-02-04 01:19:41 +03:00
return NT_STATUS_OK ;
2001-12-13 21:09:29 +03:00
}
2003-09-07 20:36:13 +04:00
/*******************************************************************************
Store a complete AFS keyfile into secrets . tdb .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-19 04:40:25 +04:00
bool secrets_store_afs_keyfile ( const char * cell , const struct afs_keyfile * keyfile )
2003-09-07 20:36:13 +04:00
{
fstring key ;
if ( ( cell = = NULL ) | | ( keyfile = = NULL ) )
return False ;
if ( ntohl ( keyfile - > nkeys ) > SECRETS_AFS_MAXKEYS )
return False ;
slprintf ( key , sizeof ( key ) - 1 , " %s/%s " , SECRETS_AFS_KEYFILE , cell ) ;
return secrets_store ( key , keyfile , sizeof ( struct afs_keyfile ) ) ;
}
/*******************************************************************************
Fetch the current ( highest ) AFS key from secrets . tdb
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-19 04:40:25 +04:00
bool secrets_fetch_afs_key ( const char * cell , struct afs_key * result )
2003-09-07 20:36:13 +04:00
{
fstring key ;
struct afs_keyfile * keyfile ;
2005-12-03 09:46:46 +03:00
size_t size = 0 ;
2003-09-07 20:36:13 +04:00
uint32 i ;
slprintf ( key , sizeof ( key ) - 1 , " %s/%s " , SECRETS_AFS_KEYFILE , cell ) ;
keyfile = ( struct afs_keyfile * ) secrets_fetch ( key , & size ) ;
if ( keyfile = = NULL )
return False ;
if ( size ! = sizeof ( struct afs_keyfile ) ) {
SAFE_FREE ( keyfile ) ;
return False ;
}
i = ntohl ( keyfile - > nkeys ) ;
if ( i > SECRETS_AFS_MAXKEYS ) {
SAFE_FREE ( keyfile ) ;
return False ;
}
* result = keyfile - > entry [ i - 1 ] ;
result - > kvno = ntohl ( result - > kvno ) ;
2008-06-07 10:51:35 +04:00
SAFE_FREE ( keyfile ) ;
2003-09-07 20:36:13 +04:00
return True ;
}
2004-01-07 13:11:24 +03:00
/******************************************************************************
When kerberos is not available , choose between anonymous or
2007-09-07 13:14:44 +04:00
authenticated connections .
2004-01-07 13:11:24 +03:00
We need to use an authenticated connection if DCs have the
RestrictAnonymous registry entry set > 0 , or the " Additional
restrictions for anonymous connections " set in the win2k Local
Security Policy .
Caller to free ( ) result in domain , username , password
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
void secrets_fetch_ipc_userpass ( char * * username , char * * domain , char * * password )
{
2006-07-11 22:01:26 +04:00
* username = ( char * ) secrets_fetch ( SECRETS_AUTH_USER , NULL ) ;
* domain = ( char * ) secrets_fetch ( SECRETS_AUTH_DOMAIN , NULL ) ;
* password = ( char * ) secrets_fetch ( SECRETS_AUTH_PASSWORD , NULL ) ;
2007-09-07 13:14:44 +04:00
2004-01-07 13:11:24 +03:00
if ( * username & & * * username ) {
if ( ! * domain | | ! * * domain )
* domain = smb_xstrdup ( lp_workgroup ( ) ) ;
2007-09-07 13:14:44 +04:00
2004-01-07 13:11:24 +03:00
if ( ! * password | | ! * * password )
* password = smb_xstrdup ( " " ) ;
2007-09-07 13:14:44 +04:00
DEBUG ( 3 , ( " IPC$ connections done by user %s \\ %s \n " ,
2004-01-07 13:11:24 +03:00
* domain , * username ) ) ;
} else {
DEBUG ( 3 , ( " IPC$ connections done anonymously \n " ) ) ;
* username = smb_xstrdup ( " " ) ;
* domain = smb_xstrdup ( " " ) ;
* password = smb_xstrdup ( " " ) ;
}
}
2007-10-19 04:40:25 +04:00
bool secrets_store_generic ( const char * owner , const char * key , const char * secret )
2006-12-12 17:52:13 +03:00
{
char * tdbkey = NULL ;
2007-10-19 04:40:25 +04:00
bool ret ;
2007-09-07 13:14:44 +04:00
2006-12-12 17:52:13 +03:00
if ( asprintf ( & tdbkey , " SECRETS/GENERIC/%s/%s " , owner , key ) < 0 ) {
DEBUG ( 0 , ( " asprintf failed! \n " ) ) ;
return False ;
}
2007-09-07 13:14:44 +04:00
2006-12-12 17:52:13 +03:00
ret = secrets_store ( tdbkey , secret , strlen ( secret ) + 1 ) ;
2007-09-07 13:14:44 +04:00
2006-12-12 17:52:13 +03:00
SAFE_FREE ( tdbkey ) ;
return ret ;
}
2009-10-27 16:59:25 +03:00
bool secrets_delete_generic ( const char * owner , const char * key )
{
char * tdbkey = NULL ;
bool ret ;
if ( asprintf ( & tdbkey , " SECRETS/GENERIC/%s/%s " , owner , key ) < 0 ) {
DEBUG ( 0 , ( " asprintf failed! \n " ) ) ;
return False ;
}
ret = secrets_delete ( tdbkey ) ;
SAFE_FREE ( tdbkey ) ;
return ret ;
}
2006-12-12 17:52:13 +03:00
/*******************************************************************
Find the ldap password .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
char * secrets_fetch_generic ( const char * owner , const char * key )
{
char * secret = NULL ;
char * tdbkey = NULL ;
if ( ( ! owner ) | | ( ! key ) ) {
2010-03-10 14:07:44 +03:00
DEBUG ( 1 , ( " Invalid Parameters " ) ) ;
2006-12-12 17:52:13 +03:00
return NULL ;
}
if ( asprintf ( & tdbkey , " SECRETS/GENERIC/%s/%s " , owner , key ) < 0 ) {
DEBUG ( 0 , ( " Out of memory! \n " ) ) ;
return NULL ;
}
2007-09-07 13:14:44 +04:00
2006-12-12 17:52:13 +03:00
secret = ( char * ) secrets_fetch ( tdbkey , NULL ) ;
SAFE_FREE ( tdbkey ) ;
return secret ;
}