diff options
author | Günther Deschner <gd@samba.org> | 2011-10-17 22:00:45 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2012-01-18 14:46:18 +0100 |
commit | e75c436fe6a9ee44f6adc744b6269e99f4920431 (patch) | |
tree | 24c76f5195d9c7b2b615534cbe47d898924ddc2f | |
parent | a325e7b560502ce43c78a7c6c8d692e872f262ae (diff) | |
download | samba-e75c436fe6a9ee44f6adc744b6269e99f4920431.tar.gz samba-e75c436fe6a9ee44f6adc744b6269e99f4920431.tar.bz2 samba-e75c436fe6a9ee44f6adc744b6269e99f4920431.zip |
s3-passdb: trying to decouple passdb and secrets a little.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
-rw-r--r-- | source3/Makefile.in | 3 | ||||
-rw-r--r-- | source3/include/secrets.h | 3 | ||||
-rw-r--r-- | source3/passdb/machine_sid.c | 2 | ||||
-rw-r--r-- | source3/passdb/pdb_interface.c | 1 | ||||
-rw-r--r-- | source3/passdb/pdb_secrets.c | 137 | ||||
-rw-r--r-- | source3/passdb/pdb_secrets.h | 30 | ||||
-rw-r--r-- | source3/passdb/secrets.c | 99 | ||||
-rwxr-xr-x | source3/wscript_build | 3 |
8 files changed, 173 insertions, 105 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 810fdaf019..f2d8942753 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -808,7 +808,8 @@ PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \ passdb/login_cache.o @PDB_STATIC@ \ passdb/account_pol.o $(PRIVILEGES_OBJ) \ lib/util_nscd.o lib/winbind_util.o $(SERVER_MUTEX_OBJ) \ - passdb/pdb_util.o passdb/pdb_ldap_schema.o + passdb/pdb_util.o passdb/pdb_ldap_schema.o \ + passdb/pdb_secrets.o DEVEL_HELP_WEIRD_OBJ = ../lib/util/charset/weird.o CHARSET_MACOSXFS_OBJ = ../lib/util/charset/charset_macosxfs.o diff --git a/source3/include/secrets.h b/source3/include/secrets.h index 3e36f2e899..705a3296dc 100644 --- a/source3/include/secrets.h +++ b/source3/include/secrets.h @@ -116,9 +116,6 @@ char *secrets_fetch_machine_password(const char *domain, bool trusted_domain_password_delete(const char *domain); bool secrets_store_ldap_pw(const char* dn, char* pw); bool fetch_ldap_pw(char **dn, char** pw); -struct trustdom_info; -NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, - struct trustdom_info ***domains); bool secrets_store_afs_keyfile(const char *cell, const struct afs_keyfile *keyfile); bool secrets_fetch_afs_key(const char *cell, struct afs_key *result); void secrets_fetch_ipc_userpass(char **username, char **domain, char **password); diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c index b242cff6e6..bc663f0b26 100644 --- a/source3/passdb/machine_sid.c +++ b/source3/passdb/machine_sid.c @@ -21,7 +21,7 @@ */ #include "includes.h" -#include "passdb.h" +#include "passdb/machine_sid.h" #include "secrets.h" #include "dbwrap/dbwrap.h" #include "../libcli/security/security.h" diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index b202d43a5b..410ea77037 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -32,6 +32,7 @@ #include "nsswitch/winbind_client.h" #include "../libcli/security/security.h" #include "../lib/util/util_pw.h" +#include "passdb/pdb_secrets.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB diff --git a/source3/passdb/pdb_secrets.c b/source3/passdb/pdb_secrets.c new file mode 100644 index 0000000000..30262c999f --- /dev/null +++ b/source3/passdb/pdb_secrets.c @@ -0,0 +1,137 @@ +/* + Unix SMB/CIFS implementation. + Copyright (C) Andrew Tridgell 1992-2001 + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Rafal Szczesniak 2002 + Copyright (C) Tim Potter 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* the Samba secrets database stores any generated, private information + such as the local SID and machine trust password */ + +#include "includes.h" +#include "passdb.h" +#include "passdb/pdb_secrets.h" +#include "librpc/gen_ndr/ndr_secrets.h" +#include "secrets.h" +#include "dbwrap/dbwrap.h" +#include "dbwrap/dbwrap_open.h" +#include "../libcli/security/security.h" +#include "util_tdb.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + +/** + * Get trusted domains info from secrets.tdb. + **/ + +struct list_trusted_domains_state { + uint32 num_domains; + struct trustdom_info **domains; +}; + +static int list_trusted_domain(struct db_record *rec, void *private_data) +{ + const size_t prefix_len = strlen(SECRETS_DOMTRUST_ACCT_PASS); + struct TRUSTED_DOM_PASS pass; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + struct trustdom_info *dom_info; + TDB_DATA key; + TDB_DATA value; + + struct list_trusted_domains_state *state = + (struct list_trusted_domains_state *)private_data; + + key = dbwrap_record_get_key(rec); + value = dbwrap_record_get_value(rec); + + if ((key.dsize < prefix_len) + || (strncmp((char *)key.dptr, SECRETS_DOMTRUST_ACCT_PASS, + prefix_len) != 0)) { + return 0; + } + + blob = data_blob_const(value.dptr, value.dsize); + + ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass, + (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + if (pass.domain_sid.num_auths != 4) { + DEBUG(0, ("SID %s is not a domain sid, has %d " + "auths instead of 4\n", + sid_string_dbg(&pass.domain_sid), + pass.domain_sid.num_auths)); + return 0; + } + + if (!(dom_info = talloc(state->domains, struct trustdom_info))) { + DEBUG(0, ("talloc failed\n")); + return 0; + } + + dom_info->name = talloc_strdup(dom_info, pass.uni_name); + if (!dom_info->name) { + TALLOC_FREE(dom_info); + return 0; + } + + sid_copy(&dom_info->sid, &pass.domain_sid); + + ADD_TO_ARRAY(state->domains, struct trustdom_info *, dom_info, + &state->domains, &state->num_domains); + + if (state->domains == NULL) { + state->num_domains = 0; + return -1; + } + return 0; +} + +NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, + struct trustdom_info ***domains) +{ + struct list_trusted_domains_state state; + struct db_context *db_ctx; + + if (!secrets_init()) { + return NT_STATUS_ACCESS_DENIED; + } + + db_ctx = secrets_db_ctx(); + + state.num_domains = 0; + + /* + * Make sure that a talloc context for the trustdom_info structs + * exists + */ + + if (!(state.domains = talloc_array( + mem_ctx, struct trustdom_info *, 1))) { + return NT_STATUS_NO_MEMORY; + } + + dbwrap_traverse_read(db_ctx, list_trusted_domain, (void *)&state, NULL); + + *num_domains = state.num_domains; + *domains = state.domains; + return NT_STATUS_OK; +} diff --git a/source3/passdb/pdb_secrets.h b/source3/passdb/pdb_secrets.h new file mode 100644 index 0000000000..2498b20d71 --- /dev/null +++ b/source3/passdb/pdb_secrets.h @@ -0,0 +1,30 @@ +/* + Unix SMB/CIFS implementation. + Copyright (C) Andrew Tridgell 1992-2001 + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Rafal Szczesniak 2002 + Copyright (C) Tim Potter 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _PASSDB_PDB_SECRETS_H_ +#define _PASSDB_PDB_SECRETS_H_ + +/* The following definitions come from passdb/pdb_secrets.c */ + +NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, + struct trustdom_info ***domains); + +#endif /* _PASSDB_PDB_SECRETS_H_ */ diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 273765e2b3..e40095d2af 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -24,7 +24,6 @@ #include "includes.h" #include "system/filesys.h" -#include "passdb.h" #include "../libcli/auth/libcli_auth.h" #include "librpc/gen_ndr/ndr_secrets.h" #include "secrets.h" @@ -391,104 +390,6 @@ bool fetch_ldap_pw(char **dn, char** pw) return True; } -/** - * Get trusted domains info from secrets.tdb. - **/ - -struct list_trusted_domains_state { - uint32 num_domains; - struct trustdom_info **domains; -}; - -static int list_trusted_domain(struct db_record *rec, void *private_data) -{ - const size_t prefix_len = strlen(SECRETS_DOMTRUST_ACCT_PASS); - struct TRUSTED_DOM_PASS pass; - enum ndr_err_code ndr_err; - DATA_BLOB blob; - struct trustdom_info *dom_info; - TDB_DATA key; - TDB_DATA value; - - struct list_trusted_domains_state *state = - (struct list_trusted_domains_state *)private_data; - - key = dbwrap_record_get_key(rec); - value = dbwrap_record_get_value(rec); - - if ((key.dsize < prefix_len) - || (strncmp((char *)key.dptr, SECRETS_DOMTRUST_ACCT_PASS, - prefix_len) != 0)) { - return 0; - } - - blob = data_blob_const(value.dptr, value.dsize); - - ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass, - (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return false; - } - - if (pass.domain_sid.num_auths != 4) { - DEBUG(0, ("SID %s is not a domain sid, has %d " - "auths instead of 4\n", - sid_string_dbg(&pass.domain_sid), - pass.domain_sid.num_auths)); - return 0; - } - - if (!(dom_info = talloc(state->domains, struct trustdom_info))) { - DEBUG(0, ("talloc failed\n")); - return 0; - } - - dom_info->name = talloc_strdup(dom_info, pass.uni_name); - if (!dom_info->name) { - TALLOC_FREE(dom_info); - return 0; - } - - sid_copy(&dom_info->sid, &pass.domain_sid); - - ADD_TO_ARRAY(state->domains, struct trustdom_info *, dom_info, - &state->domains, &state->num_domains); - - if (state->domains == NULL) { - state->num_domains = 0; - return -1; - } - return 0; -} - -NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, - struct trustdom_info ***domains) -{ - struct list_trusted_domains_state state; - - if (!secrets_init()) { - return NT_STATUS_ACCESS_DENIED; - } - - state.num_domains = 0; - - /* - * Make sure that a talloc context for the trustdom_info structs - * exists - */ - - if (!(state.domains = talloc_array( - mem_ctx, struct trustdom_info *, 1))) { - return NT_STATUS_NO_MEMORY; - } - - dbwrap_traverse_read(db_ctx, list_trusted_domain, (void *)&state, NULL); - - *num_domains = state.num_domains; - *domains = state.domains; - return NT_STATUS_OK; -} - /******************************************************************************* Store a complete AFS keyfile into secrets.tdb. *******************************************************************************/ diff --git a/source3/wscript_build b/source3/wscript_build index f1787ab20a..5a13ccf562 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -231,7 +231,8 @@ PASSDB_SRC = '''${PASSDB_GET_SET_SRC} passdb/passdb.c passdb/account_pol.c ${PRIVILEGES_SRC} lib/util_nscd.c lib/winbind_util.c ${SERVER_MUTEX_SRC} passdb/pdb_util.c passdb/pdb_interface.c - passdb/pdb_ldap_schema.c''' + passdb/pdb_ldap_schema.c + passdb/pdb_secrets.c''' #FIXME: lib/winbind_util.c probably is not part of PASSDB_SRC GROUPDB_SRC = '''groupdb/mapping.c groupdb/mapping_tdb.c''' |