2025-01-11 05:18:09 +03:00 · 2008-03-28 12:09:56 +01:00 · 2008-03-28 12:09:56 +01:00 · 0b36871a0d
commit 0b36871a0d
parent d70a8e9c41
2 changed files with 87 additions and 38 deletions
--- a/source/lib/account_pol.c
+++ b/source/lib/account_pol.c
@ -20,7 +20,7 @@
 */

 #include "includes.h"
-static TDB_CONTEXT *tdb; 
+static struct db_context *db;

 /* cache all entries for 60 seconds for to save ldap-queries (cache is updated
 * after this period if admins do not use pdbedit or usermanager but manipulate
@ -208,36 +208,62 @@ bool init_account_policy(void)
 	uint32 version;
 	int i;

-	if (tdb) {
+	if (db != NULL) {
 		return True;
 	}

-	tdb = tdb_open_log(state_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR, 0600);
-	if (!tdb) { /* the account policies files does not exist or open failed, try to create a new one */
-		tdb = tdb_open_log(state_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
-		if (!tdb) {
+	db = db_open(NULL, state_path("account_policy.tdb"), 0, TDB_DEFAULT,
+		     O_RDWR, 0600);
+
+	if (db == NULL) { /* the account policies files does not exist or open
+			   * failed, try to create a new one */
+		db = db_open(NULL, state_path("account_policy.tdb"), 0,
+			     TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+		if (db == NULL) {
 			DEBUG(0,("Failed to open account policy database\n"));
 			return False;
 		}
 	}

-	/* handle a Samba upgrade */
-	tdb_lock_bystring(tdb, vstring);
-	if (!tdb_fetch_uint32(tdb, vstring, &version) || version != DATABASE_VERSION) {
+	version = dbwrap_fetch_int32(db, vstring);
+	if (version == DATABASE_VERSION) {
+		return true;
+	}

-		tdb_store_uint32(tdb, vstring, DATABASE_VERSION);
+	/* handle a Samba upgrade */
+
+	if (db->transaction_start(db) != 0) {
+		DEBUG(0, ("transaction_start failed\n"));
+		TALLOC_FREE(db);
+		return false;
+	}
+
+	version = dbwrap_fetch_int32(db, vstring);
+	if (version == DATABASE_VERSION) {
+		/*
+		 * Race condition
+		 */
+		if (db->transaction_cancel(db)) {
+			smb_panic("transaction_cancel failed");
+		}
+		return true;
+	}
+
+	if (version != DATABASE_VERSION) {
+		if (dbwrap_store_uint32(db, vstring, DATABASE_VERSION) != 0) {
+			DEBUG(0, ("dbwrap_store_uint32 failed\n"));
+			goto cancel;
+		}

 		for (i=0; account_policy_names[i].field; i++) {

 			if (!account_policy_set_default_on_empty(account_policy_names[i].field)) {
 				DEBUG(0,("failed to set default value in account policy tdb\n"));
-				return False;
+				goto cancel;
 			}
 		}
 	}

-	tdb_unlock_bystring(tdb, vstring);
-
 	/* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */

 	privilege_create_account( &global_sid_World );
@ -255,7 +281,20 @@ bool init_account_policy(void)
 		}
 	}

+	if (db->transaction_commit(db) != 0) {
+		DEBUG(0, ("transaction_commit failed\n"));
+		goto cancel;
+	}
+
 	return True;
+
+ cancel:
+	if (db->transaction_cancel(db)) {
+		smb_panic("transaction_cancel failed");
+	}
+	TALLOC_FREE(db);
+
+	return false;
 }

 /*****************************************************************************
@ -281,7 +320,7 @@ bool account_policy_get(int field, uint32 *value)
 		return False;
 	}
 	
-	if (!tdb_fetch_uint32(tdb, name, &regval)) {
+	if (!dbwrap_fetch_uint32(db, name, &regval)) {
 		DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for field %d (%s), returning 0\n", field, name));
 		return False;
 	}
@ -302,6 +341,8 @@ Set an account policy (in tdb)
 bool account_policy_set(int field, uint32 value)
 {
 	const char *name;
+	uint32_t v_store;
+	NTSTATUS status;

 	if (!init_account_policy()) {
 		return False;
@ -313,8 +354,15 @@ bool account_policy_set(int field, uint32 value)
 		return False;
 	}

-	if (!tdb_store_uint32(tdb, name, value)) {
-		DEBUG(1, ("tdb_store_uint32 failed for field %d (%s) on value %u\n", field, name, value));
+	SIVAL(&v_store, 0, value);
+
+	status = dbwrap_trans_store_bystring(
+		db, name,
+		make_tdb_data((const uint8 *)&v_store, sizeof(v_store)),
+		TDB_REPLACE);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("store_uint32 failed for field %d (%s) on value "
+			  "%u: %s\n", field, name, value, nt_errstr(status)));
 		return False;
 	}

@ -397,15 +445,15 @@ bool cache_account_policy_get(int field, uint32 *value)
 /****************************************************************************
 ****************************************************************************/

-TDB_CONTEXT *get_account_pol_tdb( void )
+struct db_context *get_account_pol_db( void )
 {

-	if ( !tdb ) {
+	if ( db != NULL ) {
 		if ( !init_account_policy() ) {
 			return NULL;
 		}
 	}

-	return tdb;
+	return db;
 }

--- a/source/lib/privileges.c
+++ b/source/lib/privileges.c
@ -39,7 +39,7 @@ typedef struct {

 static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask )
 {
-	TDB_CONTEXT *tdb = get_account_pol_tdb();
+	struct db_context *db = get_account_pol_db();
 	fstring tmp, keystr;
 	TDB_DATA data;

@ -49,14 +49,14 @@ static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask )
 		return False;
 	}
 	
-	if ( !tdb )
+	if ( db == NULL )
 		return False;

 	/* PRIV_<SID> (NULL terminated) as the key */
 	
 	fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid));

-	data = tdb_fetch_bystring( tdb, keystr );
+	data = dbwrap_fetch_bystring( db, talloc_tos(), keystr );
 	
 	if ( !data.dptr ) {
 		DEBUG(3, ("get_privileges: No privileges assigned to SID "
@ -67,7 +67,7 @@ static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask )
 	SMB_ASSERT( data.dsize == sizeof( SE_PRIV ) );
 	
 	se_priv_copy( mask, (SE_PRIV*)data.dptr );
-	SAFE_FREE(data.dptr);
+	TALLOC_FREE(data.dptr);

 	return True;
 }
@ -78,14 +78,14 @@ static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask )

 static bool set_privileges( const DOM_SID *sid, SE_PRIV *mask )
 {
-	TDB_CONTEXT *tdb = get_account_pol_tdb();
+	struct db_context *db = get_account_pol_db();
 	fstring tmp, keystr;
 	TDB_DATA data;
 	
 	if ( !lp_enable_privileges() )
 		return False;

-	if ( !tdb )
+	if ( db == NULL )
 		return False;

 	if ( !sid || (sid->num_auths == 0) ) {
@ -102,7 +102,8 @@ static bool set_privileges( const DOM_SID *sid, SE_PRIV *mask )
 	data.dptr  = (uint8 *)mask;
 	data.dsize = sizeof(SE_PRIV);

-	return ( tdb_store_bystring(tdb, keystr, data, TDB_REPLACE) != -1 );
+	return NT_STATUS_IS_OK(dbwrap_store_bystring(db, keystr, data,
+						     TDB_REPLACE));
 }

 /*********************************************************************
@ -136,10 +137,10 @@ bool get_privileges_for_sids(SE_PRIV *privileges, DOM_SID *slist, int scount)


 /*********************************************************************
- travseral functions for privilege_enumerate_accounts
+ traversal functions for privilege_enumerate_accounts
 *********************************************************************/

-static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state)
+static int priv_traverse_fn(struct db_record *rec, void *state)
 {
 	PRIV_SID_LIST *priv = (PRIV_SID_LIST *)state;
 	int  prefixlen = strlen(PRIVPREFIX);
@ -148,12 +149,12 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s
 	
 	/* easy check first */
 	
-	if ( data.dsize != sizeof(SE_PRIV) )
+	if (rec->value.dsize != sizeof(SE_PRIV) )
 		return 0;

 	/* check we have a PRIV_+SID entry */

-	if ( strncmp((const char *)key.dptr, PRIVPREFIX, prefixlen) != 0)
+	if ( strncmp((char *)rec->key.dptr, PRIVPREFIX, prefixlen) != 0)
 		return 0;
 		
 	/* check to see if we are looking for a particular privilege */
@ -161,7 +162,7 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s
 	if ( !se_priv_equal(&priv->privilege, &se_priv_none) ) {
 		SE_PRIV mask;
 		
-		se_priv_copy( &mask, (SE_PRIV*)data.dptr );
+		se_priv_copy( &mask, (SE_PRIV*)rec->value.dptr );
 		
 		/* if the SID does not have the specified privilege 
 		   then just return */
@ -170,7 +171,7 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s
 			return 0;
 	}
 		
-	fstrcpy( sid_string, (const char *)&key.dptr[strlen(PRIVPREFIX)] );
+	fstrcpy( sid_string, (char *)&(rec->key.dptr[strlen(PRIVPREFIX)]) );

 	/* this is a last ditch safety check to preventing returning
 	   and invalid SID (i've somehow run into this on development branches) */
@ -200,10 +201,10 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s

 NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids)
 {
-	TDB_CONTEXT *tdb = get_account_pol_tdb();
+	struct db_context *db = get_account_pol_db();
 	PRIV_SID_LIST priv;
 	
-	if (!tdb) {
+	if (db == NULL) {
 		return NT_STATUS_ACCESS_DENIED;
 	}

@ -211,7 +212,7 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids)

 	se_priv_copy( &priv.privilege, &se_priv_none );

-	tdb_traverse( tdb, priv_traverse_fn, &priv);
+	db->traverse_read(db, priv_traverse_fn, &priv);

 	/* give the memory away; caller will free */
 	
@ -228,10 +229,10 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids)
 NTSTATUS privilege_enum_sids(const SE_PRIV *mask, TALLOC_CTX *mem_ctx,
 			     DOM_SID **sids, int *num_sids)
 {
-	TDB_CONTEXT *tdb = get_account_pol_tdb();
+	struct db_context *db = get_account_pol_db();
 	PRIV_SID_LIST priv;

-	if (!tdb) {
+	if (db == NULL) {
 		return NT_STATUS_ACCESS_DENIED;
 	}

@ -240,7 +241,7 @@ NTSTATUS privilege_enum_sids(const SE_PRIV *mask, TALLOC_CTX *mem_ctx,
 	se_priv_copy(&priv.privilege, mask);
 	priv.mem_ctx = mem_ctx;

-	tdb_traverse( tdb, priv_traverse_fn, &priv);
+	db->traverse_read(db, priv_traverse_fn, &priv);

 	/* give the memory away; caller will free */