s3-passdb: add dummy calls to control global (replicated) secrets.

Guenther

source3/include/passdb.h

@@ -316,9 +316,10 @@ enum pdb_policy_type {
  * Changed to 17, the sampwent interface is gone.
  * Changed to 18, pdb_rid_algorithm -> pdb_capabilities
  * Changed to 19, removed uid_to_rid
+ * Changed to 20, pdb_secret calls
  */
 
-#define PASSDB_INTERFACE_VERSION 19
+#define PASSDB_INTERFACE_VERSION 20
 
 struct pdb_methods 
 {
@@ -484,7 +485,6 @@ struct pdb_methods
 				     TALLOC_CTX *mem_ctx, uint32_t *num_domains,
 				     struct trustdom_info ***domains);
 
-
 	NTSTATUS (*get_trusted_domain)(struct pdb_methods *methods,
 				       TALLOC_CTX *mem_ctx,
 				       const char *domain,
@@ -503,6 +503,22 @@ struct pdb_methods
 					 uint32_t *num_domains,
 					 struct pdb_trusted_domain ***domains);
 
+	NTSTATUS (*get_secret)(struct pdb_methods *methods,
+			       TALLOC_CTX *mem_ctx,
+			       const char *secret_name,
+			       DATA_BLOB *secret_current,
+			       NTTIME *secret_current_lastchange,
+			       DATA_BLOB *secret_old,
+			       NTTIME *secret_old_lastchange,
+			       struct security_descriptor **sd);
+	NTSTATUS (*set_secret)(struct pdb_methods *methods,
+			       const char *secret_name,
+			       DATA_BLOB *secret_current,
+			       DATA_BLOB *secret_old,
+			       struct security_descriptor *sd);
+	NTSTATUS (*delete_secret)(struct pdb_methods *methods,
+				  const char *secret_name);
+
 	void *private_data;  /* Private data of some kind */
 
 	void (*free_private_data)(void **);

source3/passdb/pdb_interface.c

@@ -2282,6 +2282,70 @@ static struct pdb_domain_info *pdb_default_get_domain_info(
 	return NULL;
 }
 
+/*******************************************************************
+ secret methods
+ *******************************************************************/
+
+NTSTATUS pdb_get_secret(TALLOC_CTX *mem_ctx,
+			const char *secret_name,
+			DATA_BLOB *secret_current,
+			NTTIME *secret_current_lastchange,
+			DATA_BLOB *secret_old,
+			NTTIME *secret_old_lastchange,
+			struct security_descriptor **sd)
+{
+	struct pdb_methods *pdb = pdb_get_methods();
+	return pdb->get_secret(pdb, mem_ctx, secret_name,
+			       secret_current, secret_current_lastchange,
+			       secret_old, secret_old_lastchange,
+			       sd);
+}
+
+NTSTATUS pdb_set_secret(const char *secret_name,
+			DATA_BLOB *secret_current,
+			DATA_BLOB *secret_old,
+			struct security_descriptor *sd)
+{
+	struct pdb_methods *pdb = pdb_get_methods();
+	return pdb->set_secret(pdb, secret_name,
+			       secret_current,
+			       secret_old,
+			       sd);
+}
+
+NTSTATUS pdb_delete_secret(const char *secret_name)
+{
+	struct pdb_methods *pdb = pdb_get_methods();
+	return pdb->delete_secret(pdb, secret_name);
+}
+
+static NTSTATUS pdb_default_get_secret(struct pdb_methods *methods,
+				       TALLOC_CTX *mem_ctx,
+				       const char *secret_name,
+				       DATA_BLOB *secret_current,
+				       NTTIME *secret_current_lastchange,
+				       DATA_BLOB *secret_old,
+				       NTTIME *secret_old_lastchange,
+				       struct security_descriptor **sd)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+static NTSTATUS pdb_default_set_secret(struct pdb_methods *methods,
+				       const char *secret_name,
+				       DATA_BLOB *secret_current,
+				       DATA_BLOB *secret_old,
+				       struct security_descriptor *sd)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+static NTSTATUS pdb_default_delete_secret(struct pdb_methods *methods,
+					  const char *secret_name)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
 /*******************************************************************
  Create a pdb_methods structure and initialize it with the default
  operations.  In this way a passdb module can simply implement
@@ -2353,5 +2417,9 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods )
 	(*methods)->del_trusted_domain = pdb_default_del_trusted_domain;
 	(*methods)->enum_trusted_domains = pdb_default_enum_trusted_domains;
 
+	(*methods)->get_secret = pdb_default_get_secret;
+	(*methods)->set_secret = pdb_default_set_secret;
+	(*methods)->delete_secret = pdb_default_delete_secret;
+
 	return NT_STATUS_OK;
 }

source3/passdb/proto.h

@@ -295,6 +295,18 @@ NTSTATUS pdb_del_trusted_domain(const char *domain);
 NTSTATUS pdb_enum_trusted_domains(TALLOC_CTX *mem_ctx, uint32_t *num_domains,
 				  struct pdb_trusted_domain ***domains);
 NTSTATUS make_pdb_method( struct pdb_methods **methods ) ;
+NTSTATUS pdb_get_secret(TALLOC_CTX *mem_ctx,
+			const char *secret_name,
+			DATA_BLOB *secret_current,
+			NTTIME *secret_current_lastchange,
+			DATA_BLOB *secret_old,
+			NTTIME *secret_old_lastchange,
+			struct security_descriptor **sd);
+NTSTATUS pdb_set_secret(const char *secret_name,
+			DATA_BLOB *secret_current,
+			DATA_BLOB *secret_old,
+			struct security_descriptor *sd);
+NTSTATUS pdb_delete_secret(const char *secret_name);
 
 /* The following definitions come from passdb/pdb_ldap.c  */