summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2011-10-17 22:00:45 +0200
committerGünther Deschner <gd@samba.org>2012-01-18 14:46:18 +0100
commite75c436fe6a9ee44f6adc744b6269e99f4920431 (patch)
tree24c76f5195d9c7b2b615534cbe47d898924ddc2f
parenta325e7b560502ce43c78a7c6c8d692e872f262ae (diff)
downloadsamba-e75c436fe6a9ee44f6adc744b6269e99f4920431.tar.gz
samba-e75c436fe6a9ee44f6adc744b6269e99f4920431.tar.bz2
samba-e75c436fe6a9ee44f6adc744b6269e99f4920431.zip
s3-passdb: trying to decouple passdb and secrets a little.
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
-rw-r--r--source3/Makefile.in3
-rw-r--r--source3/include/secrets.h3
-rw-r--r--source3/passdb/machine_sid.c2
-rw-r--r--source3/passdb/pdb_interface.c1
-rw-r--r--source3/passdb/pdb_secrets.c137
-rw-r--r--source3/passdb/pdb_secrets.h30
-rw-r--r--source3/passdb/secrets.c99
-rwxr-xr-xsource3/wscript_build3
8 files changed, 173 insertions, 105 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 810fdaf019..f2d8942753 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -808,7 +808,8 @@ PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
passdb/login_cache.o @PDB_STATIC@ \
passdb/account_pol.o $(PRIVILEGES_OBJ) \
lib/util_nscd.o lib/winbind_util.o $(SERVER_MUTEX_OBJ) \
- passdb/pdb_util.o passdb/pdb_ldap_schema.o
+ passdb/pdb_util.o passdb/pdb_ldap_schema.o \
+ passdb/pdb_secrets.o
DEVEL_HELP_WEIRD_OBJ = ../lib/util/charset/weird.o
CHARSET_MACOSXFS_OBJ = ../lib/util/charset/charset_macosxfs.o
diff --git a/source3/include/secrets.h b/source3/include/secrets.h
index 3e36f2e899..705a3296dc 100644
--- a/source3/include/secrets.h
+++ b/source3/include/secrets.h
@@ -116,9 +116,6 @@ char *secrets_fetch_machine_password(const char *domain,
bool trusted_domain_password_delete(const char *domain);
bool secrets_store_ldap_pw(const char* dn, char* pw);
bool fetch_ldap_pw(char **dn, char** pw);
-struct trustdom_info;
-NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
- struct trustdom_info ***domains);
bool secrets_store_afs_keyfile(const char *cell, const struct afs_keyfile *keyfile);
bool secrets_fetch_afs_key(const char *cell, struct afs_key *result);
void secrets_fetch_ipc_userpass(char **username, char **domain, char **password);
diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c
index b242cff6e6..bc663f0b26 100644
--- a/source3/passdb/machine_sid.c
+++ b/source3/passdb/machine_sid.c
@@ -21,7 +21,7 @@
*/
#include "includes.h"
-#include "passdb.h"
+#include "passdb/machine_sid.h"
#include "secrets.h"
#include "dbwrap/dbwrap.h"
#include "../libcli/security/security.h"
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index b202d43a5b..410ea77037 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -32,6 +32,7 @@
#include "nsswitch/winbind_client.h"
#include "../libcli/security/security.h"
#include "../lib/util/util_pw.h"
+#include "passdb/pdb_secrets.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
diff --git a/source3/passdb/pdb_secrets.c b/source3/passdb/pdb_secrets.c
new file mode 100644
index 0000000000..30262c999f
--- /dev/null
+++ b/source3/passdb/pdb_secrets.c
@@ -0,0 +1,137 @@
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) Andrew Tridgell 1992-2001
+ Copyright (C) Andrew Bartlett 2002
+ Copyright (C) Rafal Szczesniak 2002
+ Copyright (C) Tim Potter 2001
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* the Samba secrets database stores any generated, private information
+ such as the local SID and machine trust password */
+
+#include "includes.h"
+#include "passdb.h"
+#include "passdb/pdb_secrets.h"
+#include "librpc/gen_ndr/ndr_secrets.h"
+#include "secrets.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_open.h"
+#include "../libcli/security/security.h"
+#include "util_tdb.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_PASSDB
+
+/**
+ * Get trusted domains info from secrets.tdb.
+ **/
+
+struct list_trusted_domains_state {
+ uint32 num_domains;
+ struct trustdom_info **domains;
+};
+
+static int list_trusted_domain(struct db_record *rec, void *private_data)
+{
+ const size_t prefix_len = strlen(SECRETS_DOMTRUST_ACCT_PASS);
+ struct TRUSTED_DOM_PASS pass;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ struct trustdom_info *dom_info;
+ TDB_DATA key;
+ TDB_DATA value;
+
+ struct list_trusted_domains_state *state =
+ (struct list_trusted_domains_state *)private_data;
+
+ key = dbwrap_record_get_key(rec);
+ value = dbwrap_record_get_value(rec);
+
+ if ((key.dsize < prefix_len)
+ || (strncmp((char *)key.dptr, SECRETS_DOMTRUST_ACCT_PASS,
+ prefix_len) != 0)) {
+ return 0;
+ }
+
+ blob = data_blob_const(value.dptr, value.dsize);
+
+ ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass,
+ (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+
+ if (pass.domain_sid.num_auths != 4) {
+ DEBUG(0, ("SID %s is not a domain sid, has %d "
+ "auths instead of 4\n",
+ sid_string_dbg(&pass.domain_sid),
+ pass.domain_sid.num_auths));
+ return 0;
+ }
+
+ if (!(dom_info = talloc(state->domains, struct trustdom_info))) {
+ DEBUG(0, ("talloc failed\n"));
+ return 0;
+ }
+
+ dom_info->name = talloc_strdup(dom_info, pass.uni_name);
+ if (!dom_info->name) {
+ TALLOC_FREE(dom_info);
+ return 0;
+ }
+
+ sid_copy(&dom_info->sid, &pass.domain_sid);
+
+ ADD_TO_ARRAY(state->domains, struct trustdom_info *, dom_info,
+ &state->domains, &state->num_domains);
+
+ if (state->domains == NULL) {
+ state->num_domains = 0;
+ return -1;
+ }
+ return 0;
+}
+
+NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
+ struct trustdom_info ***domains)
+{
+ struct list_trusted_domains_state state;
+ struct db_context *db_ctx;
+
+ if (!secrets_init()) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ db_ctx = secrets_db_ctx();
+
+ state.num_domains = 0;
+
+ /*
+ * Make sure that a talloc context for the trustdom_info structs
+ * exists
+ */
+
+ if (!(state.domains = talloc_array(
+ mem_ctx, struct trustdom_info *, 1))) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ dbwrap_traverse_read(db_ctx, list_trusted_domain, (void *)&state, NULL);
+
+ *num_domains = state.num_domains;
+ *domains = state.domains;
+ return NT_STATUS_OK;
+}
diff --git a/source3/passdb/pdb_secrets.h b/source3/passdb/pdb_secrets.h
new file mode 100644
index 0000000000..2498b20d71
--- /dev/null
+++ b/source3/passdb/pdb_secrets.h
@@ -0,0 +1,30 @@
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) Andrew Tridgell 1992-2001
+ Copyright (C) Andrew Bartlett 2002
+ Copyright (C) Rafal Szczesniak 2002
+ Copyright (C) Tim Potter 2001
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _PASSDB_PDB_SECRETS_H_
+#define _PASSDB_PDB_SECRETS_H_
+
+/* The following definitions come from passdb/pdb_secrets.c */
+
+NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
+ struct trustdom_info ***domains);
+
+#endif /* _PASSDB_PDB_SECRETS_H_ */
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 273765e2b3..e40095d2af 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -24,7 +24,6 @@
#include "includes.h"
#include "system/filesys.h"
-#include "passdb.h"
#include "../libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/ndr_secrets.h"
#include "secrets.h"
@@ -391,104 +390,6 @@ bool fetch_ldap_pw(char **dn, char** pw)
return True;
}
-/**
- * Get trusted domains info from secrets.tdb.
- **/
-
-struct list_trusted_domains_state {
- uint32 num_domains;
- struct trustdom_info **domains;
-};
-
-static int list_trusted_domain(struct db_record *rec, void *private_data)
-{
- const size_t prefix_len = strlen(SECRETS_DOMTRUST_ACCT_PASS);
- struct TRUSTED_DOM_PASS pass;
- enum ndr_err_code ndr_err;
- DATA_BLOB blob;
- struct trustdom_info *dom_info;
- TDB_DATA key;
- TDB_DATA value;
-
- struct list_trusted_domains_state *state =
- (struct list_trusted_domains_state *)private_data;
-
- key = dbwrap_record_get_key(rec);
- value = dbwrap_record_get_value(rec);
-
- if ((key.dsize < prefix_len)
- || (strncmp((char *)key.dptr, SECRETS_DOMTRUST_ACCT_PASS,
- prefix_len) != 0)) {
- return 0;
- }
-
- blob = data_blob_const(value.dptr, value.dsize);
-
- ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass,
- (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return false;
- }
-
- if (pass.domain_sid.num_auths != 4) {
- DEBUG(0, ("SID %s is not a domain sid, has %d "
- "auths instead of 4\n",
- sid_string_dbg(&pass.domain_sid),
- pass.domain_sid.num_auths));
- return 0;
- }
-
- if (!(dom_info = talloc(state->domains, struct trustdom_info))) {
- DEBUG(0, ("talloc failed\n"));
- return 0;
- }
-
- dom_info->name = talloc_strdup(dom_info, pass.uni_name);
- if (!dom_info->name) {
- TALLOC_FREE(dom_info);
- return 0;
- }
-
- sid_copy(&dom_info->sid, &pass.domain_sid);
-
- ADD_TO_ARRAY(state->domains, struct trustdom_info *, dom_info,
- &state->domains, &state->num_domains);
-
- if (state->domains == NULL) {
- state->num_domains = 0;
- return -1;
- }
- return 0;
-}
-
-NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
- struct trustdom_info ***domains)
-{
- struct list_trusted_domains_state state;
-
- if (!secrets_init()) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- state.num_domains = 0;
-
- /*
- * Make sure that a talloc context for the trustdom_info structs
- * exists
- */
-
- if (!(state.domains = talloc_array(
- mem_ctx, struct trustdom_info *, 1))) {
- return NT_STATUS_NO_MEMORY;
- }
-
- dbwrap_traverse_read(db_ctx, list_trusted_domain, (void *)&state, NULL);
-
- *num_domains = state.num_domains;
- *domains = state.domains;
- return NT_STATUS_OK;
-}
-
/*******************************************************************************
Store a complete AFS keyfile into secrets.tdb.
*******************************************************************************/
diff --git a/source3/wscript_build b/source3/wscript_build
index f1787ab20a..5a13ccf562 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -231,7 +231,8 @@ PASSDB_SRC = '''${PASSDB_GET_SET_SRC} passdb/passdb.c
passdb/account_pol.c ${PRIVILEGES_SRC}
lib/util_nscd.c lib/winbind_util.c ${SERVER_MUTEX_SRC}
passdb/pdb_util.c passdb/pdb_interface.c
- passdb/pdb_ldap_schema.c'''
+ passdb/pdb_ldap_schema.c
+ passdb/pdb_secrets.c'''
#FIXME: lib/winbind_util.c probably is not part of PASSDB_SRC
GROUPDB_SRC = '''groupdb/mapping.c groupdb/mapping_tdb.c'''