1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source4/param/secrets.c
Simo Sorce 4889eb9f7a r19831: Big ldb_dn optimization and interfaces enhancement patch
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.

The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.

The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.

Simo.
(This used to be commit a580c871d3)
2007-10-10 14:28:22 -05:00

178 lines
4.3 KiB
C

/*
Unix SMB/CIFS implementation.
Copyright (C) Andrew Tridgell 1992-2001
Copyright (C) Andrew Bartlett 2002
Copyright (C) Rafal Szczesniak 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
/* the Samba secrets database stores any generated, private information
such as the local SID and machine trust password */
#include "includes.h"
#include "secrets.h"
#include "param/param.h"
#include "system/filesys.h"
#include "db_wrap.h"
#include "lib/ldb/include/ldb.h"
#include "lib/tdb/include/tdb.h"
#include "lib/util/util_tdb.h"
#include "dsdb/samdb/samdb.h"
static struct tdb_wrap *tdb;
/**
* Use a TDB to store an incrementing random seed.
*
* Initialised to the current pid, the very first time Samba starts,
* and incremented by one each time it is needed.
*
* @note Not called by systems with a working /dev/urandom.
*/
static void get_rand_seed(int *new_seed)
{
*new_seed = getpid();
if (tdb) {
tdb_change_int32_atomic(tdb->tdb, "INFO/random_seed", new_seed, 1);
}
}
/* close the secrets database */
void secrets_shutdown(void)
{
talloc_free(tdb);
}
/* open up the secrets database */
BOOL secrets_init(void)
{
char *fname;
uint8_t dummy;
if (tdb)
return True;
asprintf(&fname, "%s/secrets.tdb", lp_private_dir());
tdb = tdb_wrap_open(talloc_autofree_context(), fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
if (!tdb) {
DEBUG(0,("Failed to open %s\n", fname));
SAFE_FREE(fname);
return False;
}
SAFE_FREE(fname);
/**
* Set a reseed function for the crypto random generator
*
* This avoids a problem where systems without /dev/urandom
* could send the same challenge to multiple clients
*/
set_rand_reseed_callback(get_rand_seed);
/* Ensure that the reseed is done now, while we are root, etc */
generate_random_buffer(&dummy, sizeof(dummy));
return True;
}
/*
connect to the schannel ldb
*/
struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx)
{
char *path;
struct ldb_context *ldb;
BOOL existed;
const char *init_ldif =
"dn: @ATTRIBUTES\n" \
"computerName: CASE_INSENSITIVE\n" \
"flatname: CASE_INSENSITIVE\n";
path = private_path(mem_ctx, "secrets.ldb");
if (!path) {
return NULL;
}
existed = file_exist(path);
/* Secrets.ldb *must* always be local. If we call for a
* system_session() we will recurse */
ldb = ldb_wrap_connect(mem_ctx, path, NULL, NULL, 0, NULL);
talloc_free(path);
if (!ldb) {
return NULL;
}
if (!existed) {
gendb_add_ldif(ldb, init_ldif);
}
return ldb;
}
struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
const char *domain)
{
struct ldb_context *ldb;
struct ldb_message **msgs;
int ldb_ret;
const char *attrs[] = { "objectSid", NULL };
struct dom_sid *result = NULL;
ldb = secrets_db_connect(mem_ctx);
if (ldb == NULL) {
DEBUG(5, ("secrets_db_connect failed\n"));
return NULL;
}
ldb_ret = gendb_search(ldb, ldb,
ldb_dn_new(mem_ctx, ldb, SECRETS_PRIMARY_DOMAIN_DN),
&msgs, attrs,
SECRETS_PRIMARY_DOMAIN_FILTER, domain);
if (ldb_ret == -1) {
DEBUG(5, ("Error searching for domain SID for %s: %s",
domain, ldb_errstring(ldb)));
talloc_free(ldb);
return NULL;
}
if (ldb_ret == 0) {
DEBUG(5, ("Did not find domain record for %s\n", domain));
talloc_free(ldb);
return NULL;
}
if (ldb_ret > 1) {
DEBUG(5, ("Found more than one (%d) domain records for %s\n",
ldb_ret, domain));
talloc_free(ldb);
return NULL;
}
result = samdb_result_dom_sid(mem_ctx, msgs[0], "objectSid");
if (result == NULL) {
DEBUG(0, ("Domain object for %s does not contain a SID!\n",
domain));
talloc_free(ldb);
return NULL;
}
return result;
}