r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need

to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
author: Jeremy Allison <jra@samba.org> 2006-07-11 18:01:26 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 11:19:14 -0500
commit: fbdcf2663b56007a438ac4f0d8d82436b1bfe688 (patch)
tree: 4e42c1f061391cea3d640152fd240682cbf4fd9a /source3/passdb/secrets.c
parent: 5bf62a0c3cc95abe918f3e772bb10e0a90fdce22 (diff)
download: samba-fbdcf2663b56007a438ac4f0d8d82436b1bfe688.tar.gz
samba-fbdcf2663b56007a438ac4f0d8d82436b1bfe688.tar.bz2
samba-fbdcf2663b56007a438ac4f0d8d82436b1bfe688.zip
1 files changed, 172 insertions, 21 deletions
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 04d6da2814..f72a7cb8d5 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -104,8 +104,9 @@ BOOL secrets_store(const char *key, const void *data, size_t size)
 	secrets_init();
 	if (!tdb)
 		return False;
-	return tdb_store(tdb, string_tdb_data(key), make_tdb_data(data, size),
-			 TDB_REPLACE) == 0;
+	return tdb_trans_store(tdb, string_tdb_data(key),
+			       make_tdb_data((const char *)data, size),
+			       TDB_REPLACE) == 0;
 }
 
 
@@ -288,7 +289,8 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
 		return True;
 	}
 
-	if (!(pass = secrets_fetch(trust_keystr(domain), &size))) {
+	if (!(pass = (struct machine_acct_pass *)secrets_fetch(
+		      trust_keystr(domain), &size))) {
 		DEBUG(5, ("secrets_fetch failed!\n"));
 		return False;
 	}
@@ -319,6 +321,136 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
 	return True;
 }
 
+/**
+ * Pack SID passed by pointer
+ *
+ * @param pack_buf pointer to buffer which is to be filled with packed data
+ * @param bufsize size of packing buffer
+ * @param sid pointer to sid to be packed
+ *
+ * @return length of the packed representation of the whole structure
+ **/
+static size_t tdb_sid_pack(char* pack_buf, int bufsize, DOM_SID* sid)
+{
+	int idx;
+	size_t len = 0;
+	
+	if (!sid || !pack_buf) return -1;
+	
+	len += tdb_pack(pack_buf + len, bufsize - len, "bb", sid->sid_rev_num,
+	                sid->num_auths);
+	
+	for (idx = 0; idx < 6; idx++) {
+		len += tdb_pack(pack_buf + len, bufsize - len, "b",
+				sid->id_auth[idx]);
+	}
+	
+	for (idx = 0; idx < MAXSUBAUTHS; idx++) {
+		len += tdb_pack(pack_buf + len, bufsize - len, "d",
+				sid->sub_auths[idx]);
+	}
+	
+	return len;
+}
+
+/**
+ * Unpack SID into a pointer
+ *
+ * @param pack_buf pointer to buffer with packed representation
+ * @param bufsize size of the buffer
+ * @param sid pointer to sid structure to be filled with unpacked data
+ *
+ * @return size of structure unpacked from buffer
+ **/
+static size_t tdb_sid_unpack(char* pack_buf, int bufsize, DOM_SID* sid)
+{
+	int idx, len = 0;
+	
+	if (!sid || !pack_buf) return -1;
+
+	len += tdb_unpack(pack_buf + len, bufsize - len, "bb",
+	                  &sid->sid_rev_num, &sid->num_auths);
+			  
+	for (idx = 0; idx < 6; idx++) {
+		len += tdb_unpack(pack_buf + len, bufsize - len, "b",
+				  &sid->id_auth[idx]);
+	}
+	
+	for (idx = 0; idx < MAXSUBAUTHS; idx++) {
+		len += tdb_unpack(pack_buf + len, bufsize - len, "d",
+				  &sid->sub_auths[idx]);
+	}
+	
+	return len;
+}
+
+/**
+ * Pack TRUSTED_DOM_PASS passed by pointer
+ *
+ * @param pack_buf pointer to buffer which is to be filled with packed data
+ * @param bufsize size of the buffer
+ * @param pass pointer to trusted domain password to be packed
+ *
+ * @return length of the packed representation of the whole structure
+ **/
+static size_t tdb_trusted_dom_pass_pack(char* pack_buf, int bufsize,
+					TRUSTED_DOM_PASS* pass)
+{
+	int idx, len = 0;
+	
+	if (!pack_buf || !pass) return -1;
+	
+	/* packing unicode domain name and password */
+	len += tdb_pack(pack_buf + len, bufsize - len, "d",
+			pass->uni_name_len);
+	
+	for (idx = 0; idx < 32; idx++)
+		len +=  tdb_pack(pack_buf + len, bufsize - len, "w",
+				 pass->uni_name[idx]);
+	
+	len += tdb_pack(pack_buf + len, bufsize - len, "dPd", pass->pass_len,
+	                     pass->pass, pass->mod_time);
+
+	/* packing SID structure */
+	len += tdb_sid_pack(pack_buf + len, bufsize - len, &pass->domain_sid);
+
+	return len;
+}
+
+
+/**
+ * Unpack TRUSTED_DOM_PASS passed by pointer
+ *
+ * @param pack_buf pointer to buffer with packed representation
+ * @param bufsize size of the buffer
+ * @param pass pointer to trusted domain password to be filled with unpacked data
+ *
+ * @return size of structure unpacked from buffer
+ **/
+size_t tdb_trusted_dom_pass_unpack(char* pack_buf, int bufsize,
+				   TRUSTED_DOM_PASS* pass)
+{
+	int idx, len = 0;
+	
+	if (!pack_buf || !pass) return -1;
+
+	/* unpack unicode domain name and plaintext password */
+	len += tdb_unpack(pack_buf, bufsize - len, "d", &pass->uni_name_len);
+	
+	for (idx = 0; idx < 32; idx++)
+		len +=  tdb_unpack(pack_buf + len, bufsize - len, "w",
+				   &pass->uni_name[idx]);
+
+	len += tdb_unpack(pack_buf + len, bufsize - len, "dPd",
+			  &pass->pass_len, &pass->pass, &pass->mod_time);
+	
+	/* unpack domain sid */
+	len += tdb_sid_unpack(pack_buf + len, bufsize - len,
+			      &pass->domain_sid);
+	
+	return len;	
+}
+
 /************************************************************************
  Routine to get account password to trusted domain
 ************************************************************************/
@@ -336,7 +468,8 @@ BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
 	ZERO_STRUCT(pass);
 
 	/* fetching trusted domain password structure */
-	if (!(pass_buf = secrets_fetch(trustdom_keystr(domain), &size))) {
+	if (!(pass_buf = (char *)secrets_fetch(trustdom_keystr(domain),
+					       &size))) {
 		DEBUG(5, ("secrets_fetch failed!\n"));
 		return False;
 	}
@@ -494,7 +627,7 @@ char *secrets_fetch_machine_password(const char *domain,
 		uint32 *last_set_time;
 		asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME, domain);
 		strupper_m(key);
-		last_set_time = secrets_fetch(key, &size);
+		last_set_time = (unsigned int *)secrets_fetch(key, &size);
 		if (last_set_time) {
 			*pass_last_set_time = IVAL(last_set_time,0);
 			SAFE_FREE(last_set_time);
@@ -509,7 +642,7 @@ char *secrets_fetch_machine_password(const char *domain,
 		uint32 *channel_type;
 		asprintf(&key, "%s/%s", SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain);
 		strupper_m(key);
-		channel_type = secrets_fetch(key, &size);
+		channel_type = (unsigned int *)secrets_fetch(key, &size);
 		if (channel_type) {
 			*channel = IVAL(channel_type,0);
 			SAFE_FREE(channel_type);
@@ -613,7 +746,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw)
 		DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n"));
 	}
 	
-	*pw=secrets_fetch(key, &size);
+	*pw=(char *)secrets_fetch(key, &size);
 	SAFE_FREE(key);
 
 	if (!size) {
@@ -631,7 +764,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw)
 		for (p=old_style_key; *p; p++)
 			if (*p == ',') *p = '/';
 	
-		data=secrets_fetch(old_style_key, &size);
+		data=(char *)secrets_fetch(old_style_key, &size);
 		if (!size && size < sizeof(old_style_pw)) {
 			DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n"));
 			SAFE_FREE(old_style_key);
@@ -672,20 +805,35 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
 {
 	TDB_LIST_NODE *keys, *k;
 	char *pattern;
+	TALLOC_CTX *tmp_ctx;
+
+	if (!(tmp_ctx = talloc_new(mem_ctx))) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	if (!secrets_init()) return NT_STATUS_ACCESS_DENIED;
 	
 	/* generate searching pattern */
-	pattern = talloc_asprintf(mem_ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS);
+	pattern = talloc_asprintf(tmp_ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS);
 	if (pattern == NULL) {
 		DEBUG(0, ("secrets_trusted_domains: talloc_asprintf() "
 			  "failed!\n"));
+		TALLOC_FREE(tmp_ctx);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	*domains = NULL;
 	*num_domains = 0;
 
+	/*
+	 * Make sure that a talloc context for the trustdom_info structs
+	 * exists
+	 */
+
+	if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *, 1))) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
 	/* fetching trusted domains' data and collecting them in a list */
 	keys = tdb_search_keys(tdb, pattern);
 
@@ -698,16 +846,17 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
 		struct trustdom_info *dom_info;
 		
 		/* important: ensure null-termination of the key string */
-		secrets_key = talloc_strndup(mem_ctx,
+		secrets_key = talloc_strndup(tmp_ctx,
 					     k->node_key.dptr,
 					     k->node_key.dsize);
 		if (!secrets_key) {
 			DEBUG(0, ("strndup failed!\n"));
 			tdb_search_list_free(keys);
+			TALLOC_FREE(tmp_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		packed_pass = secrets_fetch(secrets_key, &size);
+		packed_pass = (char *)secrets_fetch(secrets_key, &size);
 		packed_size = tdb_trusted_dom_pass_unpack(packed_pass, size,
 							  &pass);
 		/* packed representation isn't needed anymore */
@@ -727,30 +876,31 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
 			continue;
 		}
 
-		dom_info = TALLOC_P(mem_ctx, struct trustdom_info);
-		if (dom_info == NULL) {
+		if (!(dom_info = TALLOC_P(*domains, struct trustdom_info))) {
 			DEBUG(0, ("talloc failed\n"));
 			tdb_search_list_free(keys);
+			TALLOC_FREE(tmp_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		if (pull_ucs2_talloc(mem_ctx, &dom_info->name,
+		if (pull_ucs2_talloc(dom_info, &dom_info->name,
 				     pass.uni_name) == (size_t)-1) {
 			DEBUG(2, ("pull_ucs2_talloc failed\n"));
 			tdb_search_list_free(keys);
+			TALLOC_FREE(tmp_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 
 		sid_copy(&dom_info->sid, &pass.domain_sid);
 
-		ADD_TO_ARRAY(mem_ctx, struct trustdom_info *, dom_info,
+		ADD_TO_ARRAY(*domains, struct trustdom_info *, dom_info,
 			     domains, num_domains);
 
 		if (*domains == NULL) {
 			tdb_search_list_free(keys);
+			TALLOC_FREE(tmp_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
-		talloc_steal(*domains, dom_info);
 	}
 	
 	DEBUG(5, ("secrets_get_trusted_domains: got %d domains\n",
@@ -758,6 +908,7 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
 
 	/* free the results of searching the keys */
 	tdb_search_list_free(keys);
+	TALLOC_FREE(tmp_ctx);
 
 	return NT_STATUS_OK;
 }
@@ -858,9 +1009,9 @@ BOOL secrets_fetch_afs_key(const char *cell, struct afs_key *result)
 *******************************************************************************/
 void secrets_fetch_ipc_userpass(char **username, char **domain, char **password)
 {
-	*username = secrets_fetch(SECRETS_AUTH_USER, NULL);
-	*domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
-	*password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
+	*username = (char *)secrets_fetch(SECRETS_AUTH_USER, NULL);
+	*domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
+	*password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
 	
 	if (*username && **username) {
 
@@ -965,7 +1116,7 @@ BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx,
 				pdc->remote_machine,
 				pdc->domain);
 
-	value.dptr = TALLOC(mem_ctx, value.dsize);
+	value.dptr = (char *)TALLOC(mem_ctx, value.dsize);
 	if (!value.dptr) {
 		TALLOC_FREE(keystr);
 		return False;
author	Jeremy Allison <jra@samba.org>	2006-07-11 18:01:26 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 11:19:14 -0500
commit	fbdcf2663b56007a438ac4f0d8d82436b1bfe688 (patch)
tree	4e42c1f061391cea3d640152fd240682cbf4fd9a /source3/passdb/secrets.c
parent	5bf62a0c3cc95abe918f3e772bb10e0a90fdce22 (diff)
download	samba-fbdcf2663b56007a438ac4f0d8d82436b1bfe688.tar.gz samba-fbdcf2663b56007a438ac4f0d8d82436b1bfe688.tar.bz2 samba-fbdcf2663b56007a438ac4f0d8d82436b1bfe688.zip