summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2012-01-26 15:33:02 -0500
committerAndreas Schneider <asn@cryptomilk.org>2012-01-27 19:42:17 +0100
commit0027cd2409492a250fb825927596a2dd9b08d75d (patch)
tree5a11292d9cd4b29c08c30b4657cbee0f8e2b2552
parente6c39a292c7aa17792f09222d17733ecc9207849 (diff)
downloadsamba-0027cd2409492a250fb825927596a2dd9b08d75d.tar.gz
samba-0027cd2409492a250fb825927596a2dd9b08d75d.tar.bz2
samba-0027cd2409492a250fb825927596a2dd9b08d75d.zip
s3-pdb: Make ADS-type backends updates secrets.tdb.
Make the backends that have ADS capability the only ones that can change the SID and GUID in secrets.tdb at initialization time. Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Fri Jan 27 19:42:17 CET 2012 on sn-devel-104
-rw-r--r--source3/passdb/pdb_ads.c42
-rw-r--r--source3/passdb/pdb_ipa.c42
-rw-r--r--source3/passdb/pdb_samba4.c43
3 files changed, 127 insertions, 0 deletions
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 8dc9585b40..cd7781a1af 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -2594,6 +2594,42 @@ done:
return status;
}
+static NTSTATUS pdb_ads_init_secrets(struct pdb_methods *m)
+{
+#if _SAMBA_BUILD_ == 4
+ struct pdb_domain_info *dom_info;
+ bool ret;
+
+ dom_info = pdb_ads_get_domain_info(m, m);
+ if (!dom_info) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ secrets_clear_domain_protection(dom_info->name);
+ ret = secrets_store_domain_sid(dom_info->name,
+ &dom_info->sid);
+ if (!ret) {
+ goto done;
+ }
+ ret = secrets_store_domain_guid(dom_info->name,
+ &dom_info->guid);
+ if (!ret) {
+ goto done;
+ }
+ ret = secrets_mark_domain_protected(dom_info->name);
+ if (!ret) {
+ goto done;
+ }
+
+done:
+ TALLOC_FREE(dom_info);
+ if (!ret) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+#endif
+ return NT_STATUS_OK;
+}
+
static NTSTATUS pdb_init_ads(struct pdb_methods **pdb_method,
const char *location)
{
@@ -2629,6 +2665,12 @@ static NTSTATUS pdb_init_ads(struct pdb_methods **pdb_method,
goto fail;
}
+ status = pdb_ads_init_secrets(m);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("pdb_ads_init_secrets failed!\n"));
+ goto fail;
+ }
+
*pdb_method = m;
return NT_STATUS_OK;
nomem:
diff --git a/source3/passdb/pdb_ipa.c b/source3/passdb/pdb_ipa.c
index 00185d4961..74ac6774a4 100644
--- a/source3/passdb/pdb_ipa.c
+++ b/source3/passdb/pdb_ipa.c
@@ -1407,6 +1407,42 @@ static NTSTATUS ipasam_create_user(struct pdb_methods *pdb_methods,
return NT_STATUS_OK;
}
+static NTSTATUS pdb_ipa_init_secrets(struct pdb_methods *m)
+{
+#if _SAMBA_BUILD_ == 4
+ struct pdb_domain_info *dom_info;
+ bool ret;
+
+ dom_info = pdb_ipasam_get_domain_info(m, m);
+ if (!dom_info) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ secrets_clear_domain_protection(dom_info->name);
+ ret = secrets_store_domain_sid(dom_info->name,
+ &dom_info->sid);
+ if (!ret) {
+ goto done;
+ }
+ ret = secrets_store_domain_guid(dom_info->name,
+ &dom_info->guid);
+ if (!ret) {
+ goto done;
+ }
+ ret = secrets_mark_domain_protected(dom_info->name);
+ if (!ret) {
+ goto done;
+ }
+
+done:
+ TALLOC_FREE(dom_info);
+ if (!ret) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+#endif
+ return NT_STATUS_OK;
+}
+
static NTSTATUS pdb_init_IPA_ldapsam(struct pdb_methods **pdb_method, const char *location)
{
struct ldapsam_privates *ldap_state;
@@ -1458,6 +1494,12 @@ static NTSTATUS pdb_init_IPA_ldapsam(struct pdb_methods **pdb_method, const char
(*pdb_method)->del_trusted_domain = ipasam_del_trusted_domain;
(*pdb_method)->enum_trusted_domains = ipasam_enum_trusted_domains;
+ status = pdb_ipa_init_secrets(*pdb_method);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("pdb_ipa_init_secrets failed!\n"));
+ return status;
+ }
+
return NT_STATUS_OK;
}
diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c
index bc3b1238c1..9db9a9bb1d 100644
--- a/source3/passdb/pdb_samba4.c
+++ b/source3/passdb/pdb_samba4.c
@@ -34,6 +34,7 @@
#include "source4/auth/system_session_proto.h"
#include "lib/param/param.h"
#include "source4/dsdb/common/util.h"
+#include "source3/include/secrets.h"
struct pdb_samba4_state {
struct tevent_context *ev;
@@ -2195,6 +2196,42 @@ static void free_private_data(void **vp)
return;
}
+static NTSTATUS pdb_samba4_init_secrets(struct pdb_methods *m)
+{
+#if _SAMBA_BUILD_ == 4
+ struct pdb_domain_info *dom_info;
+ bool ret;
+
+ dom_info = pdb_samba4_get_domain_info(m, m);
+ if (!dom_info) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ secrets_clear_domain_protection(dom_info->name);
+ ret = secrets_store_domain_sid(dom_info->name,
+ &dom_info->sid);
+ if (!ret) {
+ goto done;
+ }
+ ret = secrets_store_domain_guid(dom_info->name,
+ &dom_info->guid);
+ if (!ret) {
+ goto done;
+ }
+ ret = secrets_mark_domain_protected(dom_info->name);
+ if (!ret) {
+ goto done;
+ }
+
+done:
+ TALLOC_FREE(dom_info);
+ if (!ret) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+#endif
+ return NT_STATUS_OK;
+}
+
static NTSTATUS pdb_init_samba4(struct pdb_methods **pdb_method,
const char *location)
{
@@ -2253,6 +2290,12 @@ static NTSTATUS pdb_init_samba4(struct pdb_methods **pdb_method,
goto fail;
}
+ status = pdb_samba4_init_secrets(m);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("pdb_samba4_init_secrets failed!\n"));
+ goto fail;
+ }
+
*pdb_method = m;
return NT_STATUS_OK;
nomem: