Store a local schannel key in secrets.tdb

source3/include/proto.h

@@ -6421,6 +6421,8 @@ bool secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx,
 				struct dcinfo **ppdc);
 bool secrets_store_generic(const char *owner, const char *key, const char *secret);
 char *secrets_fetch_generic(const char *owner, const char *key);
+bool secrets_store_local_schannel_key(uint8_t schannel_key[16]);
+bool secrets_fetch_local_schannel_key(uint8_t schannel_key[16]);
 
 /* The following definitions come from passdb/util_builtin.c  */
 

source3/include/secrets.h

@@ -45,6 +45,8 @@
 
 #define SECRETS_LDAP_BIND_PW "SECRETS/LDAP_BIND_PW"
 
+#define SECRETS_LOCAL_SCHANNEL_KEY "SECRETS/LOCAL_SCHANNEL_KEY"
+
 /* Authenticated user info is stored in secrets.tdb under these keys */
 
 #define SECRETS_AUTH_USER      "SECRETS/AUTH_USER"

source3/passdb/secrets.c

@@ -259,6 +259,31 @@ bool secrets_fetch_domain_guid(const char *domain, struct GUID *guid)
 	return True;
 }
 
+bool secrets_store_local_schannel_key(uint8_t schannel_key[16])
+{
+	return secrets_store(SECRETS_LOCAL_SCHANNEL_KEY, schannel_key, 16);
+}
+
+bool secrets_fetch_local_schannel_key(uint8_t schannel_key[16])
+{
+	size_t size = 0;
+	uint8_t *key;
+
+	key = (uint8_t *)secrets_fetch(SECRETS_LOCAL_SCHANNEL_KEY, &size);
+	if (key == NULL) {
+		return false;
+	}
+
+	if (size != 16) {
+		SAFE_FREE(key);
+		return false;
+	}
+
+	memcpy(schannel_key, key, 16);
+	SAFE_FREE(key);
+	return true;
+}
+
 /**
  * Form a key for fetching the machine trust account sec channel type
  *