summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-08-26 00:31:27 +0200
committerGünther Deschner <gd@samba.org>2009-08-27 15:55:19 +0200
commita09b627ecc446e78aa293e9e8b79c12f75a6b74e (patch)
treedfcfe41f8e165532d4b6a4b917e65608a213c96b
parent7c972d83d268a277501626122ab1c7cdddc0f4a3 (diff)
downloadsamba-a09b627ecc446e78aa293e9e8b79c12f75a6b74e.tar.gz
samba-a09b627ecc446e78aa293e9e8b79c12f75a6b74e.tar.bz2
samba-a09b627ecc446e78aa293e9e8b79c12f75a6b74e.zip
s3-schannel: add simple wrappers to fetch and store schannel auth info.
Guenther
-rw-r--r--source3/Makefile.in3
-rw-r--r--source3/include/proto.h8
-rw-r--r--source3/passdb/secrets.c1
-rw-r--r--source3/passdb/secrets_schannel.c68
4 files changed, 79 insertions, 1 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 765250595d..3af97db967 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -492,7 +492,8 @@ TLDAP_OBJ = lib/tldap.o lib/tldap_util.o lib/util_tsock.o
SCHANNEL_OBJ = libsmb/credentials.o \
../libcli/auth/credentials.o \
../libcli/auth/schannel_state_tdb.o \
- ../librpc/gen_ndr/ndr_schannel.o
+ ../librpc/gen_ndr/ndr_schannel.o \
+ passdb/secrets_schannel.o
LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
libsmb/clikrb5.o libsmb/clispnego.o ../lib/util/asn1.o \
diff --git a/source3/include/proto.h b/source3/include/proto.h
index d6ee5ed65f..bed592c6cb 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4744,6 +4744,14 @@ char *secrets_fetch_generic(const char *owner, const char *key);
bool secrets_store_local_schannel_key(uint8_t schannel_key[16]);
bool secrets_fetch_local_schannel_key(uint8_t schannel_key[16]);
+/* The following definitions come from passdb/secrets_schannel.c */
+
+NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
+ const char *computer_name,
+ struct netlogon_creds_CredentialState **pcreds);
+NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_CredentialState *creds);
+
/* The following definitions come from passdb/util_builtin.c */
bool lookup_builtin_rid(TALLOC_CTX *mem_ctx, uint32 rid, const char **name);
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index ee0dcaf42c..0a3871e620 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
diff --git a/source3/passdb/secrets_schannel.c b/source3/passdb/secrets_schannel.c
new file mode 100644
index 0000000000..84a860ee6a
--- /dev/null
+++ b/source3/passdb/secrets_schannel.c
@@ -0,0 +1,68 @@
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) Guenther Deschner 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
+#include "../libcli/auth/schannel_state.h"
+
+/******************************************************************************
+ Wrapper around schannel_fetch_session_key_tdb()
+ Note we must be root here.
+*******************************************************************************/
+
+NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
+ const char *computer_name,
+ struct netlogon_creds_CredentialState **pcreds)
+{
+ struct tdb_context *tdb;
+ NTSTATUS status;
+
+ tdb = open_schannel_session_store(mem_ctx);
+ if (!tdb) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ status = schannel_fetch_session_key_tdb(tdb, mem_ctx, computer_name, pcreds);
+
+ tdb_close(tdb);
+
+ return status;
+}
+
+/******************************************************************************
+ Wrapper around schannel_store_session_key_tdb()
+ Note we must be root here.
+*******************************************************************************/
+
+NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_CredentialState *creds)
+{
+ struct tdb_context *tdb;
+ NTSTATUS status;
+
+ tdb = open_schannel_session_store(mem_ctx);
+ if (!tdb) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ status = schannel_store_session_key_tdb(tdb, mem_ctx, creds);
+
+ tdb_close(tdb);
+
+ return status;
+}