diff options
author | Simo Sorce <idra@samba.org> | 2012-01-26 15:33:02 -0500 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2012-01-27 19:42:17 +0100 |
commit | 0027cd2409492a250fb825927596a2dd9b08d75d (patch) | |
tree | 5a11292d9cd4b29c08c30b4657cbee0f8e2b2552 | |
parent | e6c39a292c7aa17792f09222d17733ecc9207849 (diff) | |
download | samba-0027cd2409492a250fb825927596a2dd9b08d75d.tar.gz samba-0027cd2409492a250fb825927596a2dd9b08d75d.tar.bz2 samba-0027cd2409492a250fb825927596a2dd9b08d75d.zip |
s3-pdb: Make ADS-type backends updates secrets.tdb.
Make the backends that have ADS capability the only ones that can change the
SID and GUID in secrets.tdb at initialization time.
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Jan 27 19:42:17 CET 2012 on sn-devel-104
-rw-r--r-- | source3/passdb/pdb_ads.c | 42 | ||||
-rw-r--r-- | source3/passdb/pdb_ipa.c | 42 | ||||
-rw-r--r-- | source3/passdb/pdb_samba4.c | 43 |
3 files changed, 127 insertions, 0 deletions
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c index 8dc9585b40..cd7781a1af 100644 --- a/source3/passdb/pdb_ads.c +++ b/source3/passdb/pdb_ads.c @@ -2594,6 +2594,42 @@ done: return status; } +static NTSTATUS pdb_ads_init_secrets(struct pdb_methods *m) +{ +#if _SAMBA_BUILD_ == 4 + struct pdb_domain_info *dom_info; + bool ret; + + dom_info = pdb_ads_get_domain_info(m, m); + if (!dom_info) { + return NT_STATUS_UNSUCCESSFUL; + } + + secrets_clear_domain_protection(dom_info->name); + ret = secrets_store_domain_sid(dom_info->name, + &dom_info->sid); + if (!ret) { + goto done; + } + ret = secrets_store_domain_guid(dom_info->name, + &dom_info->guid); + if (!ret) { + goto done; + } + ret = secrets_mark_domain_protected(dom_info->name); + if (!ret) { + goto done; + } + +done: + TALLOC_FREE(dom_info); + if (!ret) { + return NT_STATUS_UNSUCCESSFUL; + } +#endif + return NT_STATUS_OK; +} + static NTSTATUS pdb_init_ads(struct pdb_methods **pdb_method, const char *location) { @@ -2629,6 +2665,12 @@ static NTSTATUS pdb_init_ads(struct pdb_methods **pdb_method, goto fail; } + status = pdb_ads_init_secrets(m); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("pdb_ads_init_secrets failed!\n")); + goto fail; + } + *pdb_method = m; return NT_STATUS_OK; nomem: diff --git a/source3/passdb/pdb_ipa.c b/source3/passdb/pdb_ipa.c index 00185d4961..74ac6774a4 100644 --- a/source3/passdb/pdb_ipa.c +++ b/source3/passdb/pdb_ipa.c @@ -1407,6 +1407,42 @@ static NTSTATUS ipasam_create_user(struct pdb_methods *pdb_methods, return NT_STATUS_OK; } +static NTSTATUS pdb_ipa_init_secrets(struct pdb_methods *m) +{ +#if _SAMBA_BUILD_ == 4 + struct pdb_domain_info *dom_info; + bool ret; + + dom_info = pdb_ipasam_get_domain_info(m, m); + if (!dom_info) { + return NT_STATUS_UNSUCCESSFUL; + } + + secrets_clear_domain_protection(dom_info->name); + ret = secrets_store_domain_sid(dom_info->name, + &dom_info->sid); + if (!ret) { + goto done; + } + ret = secrets_store_domain_guid(dom_info->name, + &dom_info->guid); + if (!ret) { + goto done; + } + ret = secrets_mark_domain_protected(dom_info->name); + if (!ret) { + goto done; + } + +done: + TALLOC_FREE(dom_info); + if (!ret) { + return NT_STATUS_UNSUCCESSFUL; + } +#endif + return NT_STATUS_OK; +} + static NTSTATUS pdb_init_IPA_ldapsam(struct pdb_methods **pdb_method, const char *location) { struct ldapsam_privates *ldap_state; @@ -1458,6 +1494,12 @@ static NTSTATUS pdb_init_IPA_ldapsam(struct pdb_methods **pdb_method, const char (*pdb_method)->del_trusted_domain = ipasam_del_trusted_domain; (*pdb_method)->enum_trusted_domains = ipasam_enum_trusted_domains; + status = pdb_ipa_init_secrets(*pdb_method); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("pdb_ipa_init_secrets failed!\n")); + return status; + } + return NT_STATUS_OK; } diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c index bc3b1238c1..9db9a9bb1d 100644 --- a/source3/passdb/pdb_samba4.c +++ b/source3/passdb/pdb_samba4.c @@ -34,6 +34,7 @@ #include "source4/auth/system_session_proto.h" #include "lib/param/param.h" #include "source4/dsdb/common/util.h" +#include "source3/include/secrets.h" struct pdb_samba4_state { struct tevent_context *ev; @@ -2195,6 +2196,42 @@ static void free_private_data(void **vp) return; } +static NTSTATUS pdb_samba4_init_secrets(struct pdb_methods *m) +{ +#if _SAMBA_BUILD_ == 4 + struct pdb_domain_info *dom_info; + bool ret; + + dom_info = pdb_samba4_get_domain_info(m, m); + if (!dom_info) { + return NT_STATUS_UNSUCCESSFUL; + } + + secrets_clear_domain_protection(dom_info->name); + ret = secrets_store_domain_sid(dom_info->name, + &dom_info->sid); + if (!ret) { + goto done; + } + ret = secrets_store_domain_guid(dom_info->name, + &dom_info->guid); + if (!ret) { + goto done; + } + ret = secrets_mark_domain_protected(dom_info->name); + if (!ret) { + goto done; + } + +done: + TALLOC_FREE(dom_info); + if (!ret) { + return NT_STATUS_UNSUCCESSFUL; + } +#endif + return NT_STATUS_OK; +} + static NTSTATUS pdb_init_samba4(struct pdb_methods **pdb_method, const char *location) { @@ -2253,6 +2290,12 @@ static NTSTATUS pdb_init_samba4(struct pdb_methods **pdb_method, goto fail; } + status = pdb_samba4_init_secrets(m); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("pdb_samba4_init_secrets failed!\n")); + goto fail; + } + *pdb_method = m; return NT_STATUS_OK; nomem: |