summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorRafal Szczesniak <mimir@samba.org>2004-01-14 22:02:16 +0000
committerRafal Szczesniak <mimir@samba.org>2004-01-14 22:02:16 +0000
commit742fbfcaba5c0ffe53ece547982b361f7c9d7b8a (patch)
treee763da19b66009dd2d772e905d4dcc34f4fd3ae7 /source3
parentf0145a2a75fe19dadd019ffc76b2251855e450d7 (diff)
downloadsamba-742fbfcaba5c0ffe53ece547982b361f7c9d7b8a.tar.gz
samba-742fbfcaba5c0ffe53ece547982b361f7c9d7b8a.tar.bz2
samba-742fbfcaba5c0ffe53ece547982b361f7c9d7b8a.zip
Initial design of some of the functions to operate on trust passwords
from passdb backend level (tdbsam, in this case). It is written as wrapper for secrets_ calls that use secrets.tdb file and is not treated as eventual solution. Trust passwords are being handled uniformly, SAM_TRUST_PASSWD structure, and so they should be stored as well. Note, this code is disabled ie. not used anywhere yet. I'm working on next routines in line. rafal (This used to be commit 02ac9332ab1d34f47667b40ce23b2b5d04c4dff1)
Diffstat (limited to 'source3')
-rw-r--r--source3/passdb/pdb_tdb.c202
1 files changed, 202 insertions, 0 deletions
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index 966682563c..1d8fb9b7ec 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -643,6 +643,203 @@ static void free_private_data(void **vp)
/* No need to free any further, as it is talloc()ed */
}
+/**
+ * Start enumerating through trust passwords (machine and
+ * interdomain nt/ads)
+ *
+ * @param methods methods belonging in pdb context (module)
+ * @param trust trust password structure
+ *
+ * @return nt status of performed operation
+ **/
+
+static NTSTATUS tdbsam_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust)
+{
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+ struct trust_passwd_data t;
+ TALLOC_CTX *mem_ctx;
+
+ TRUSTDOM **trustdom;
+ static int enum_ctx;
+ int num_domains = 0;
+ unsigned int max_domains = 1;
+ char *dom_name, *dom_pass;
+
+ smb_ucs2_t *uni_dom_name;
+ uint8 mach_pass[16];
+ uint32 sec_chan;
+
+ if (!methods) return NT_STATUS_UNSUCCESSFUL;
+
+ /*
+ * NT domain trust passwords
+ */
+
+ /* rewind enumeration when passed NULL pointer as a trust */
+ if (!trust) {
+ enum_ctx = 0;
+ return NT_STATUS_OK;
+ }
+
+ mem_ctx = talloc_init("tdbsam_gettrustpwent: trust password enumeration");
+
+ /* fetch next trusted domain (one at a time) and its full information */
+ nt_status = secrets_get_trusted_domains(mem_ctx, &enum_ctx, max_domains, &num_domains,
+ &trustdom);
+ if (num_domains) {
+ pull_ucs2_talloc(mem_ctx, &dom_name, trustdom[0]->name);
+ if (secrets_fetch_trusted_domain_password(dom_name, &dom_pass, &t.domain_sid,
+ &t.mod_time)) {
+
+ t.uni_name_len = strnlen_w(trustdom[0]->name, 32);
+ strncpy_w(t.uni_name, trustdom[0]->name, t.uni_name_len);
+ safe_strcpy(t.pass, dom_pass, FSTRING_LEN - 1);
+ t.flags = PASS_DOMAIN_TRUST_NT;
+
+ SAFE_FREE(dom_pass);
+ talloc_destroy(mem_ctx);
+ trust->private = t;
+ return nt_status;
+ } else {
+ talloc_destroy(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+
+ /*
+ * NT machine trust password
+ */
+
+ if (secrets_lock_trust_account_password(lp_workgroup(), True)) {
+ sec_chan = get_default_sec_channel();
+ if (secrets_fetch_trust_account_password(lp_workgroup(), mach_pass, &t.mod_time,
+ &sec_chan)) {
+
+ t.uni_name_len = strlen(lp_workgroup());
+ push_ucs2_talloc(mem_ctx, &uni_dom_name, lp_workgroup());
+ strncpy_w(t.uni_name, uni_dom_name, t.uni_name_len);
+ safe_strcpy(t.pass, mach_pass, FSTRING_LEN - 1);
+ t.flags = PASS_MACHINE_TRUST_NT;
+ if (!secrets_fetch_domain_sid(lp_workgroup(), &t.domain_sid)) {
+ talloc_destroy(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ talloc_destroy(mem_ctx);
+ trust->private = t;
+ return NT_STATUS_OK;
+ }
+ secrets_lock_trust_account_password(lp_workgroup(), False);
+ } else {
+ talloc_destroy(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ /*
+ * ADS machine trust password (TODO)
+ */
+
+ talloc_destroy(mem_ctx);
+ return nt_status;
+}
+
+/**
+ * Get trust password by trusted party sid
+ *
+ * @param methods methods belonging to pdb context (module)
+ * @param trust trust password structure
+ * @param sid trusted party sid
+ *
+ * @return nt status of performed operation
+ **/
+
+static NTSTATUS tdbsam_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust,
+ const DOM_SID *sid)
+{
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+ return nt_status;
+}
+
+
+/**
+ * Add new trust password.
+ *
+ * @param methods methods belonging in pdb context (module)
+ * @param trust trust password structure
+ *
+ * @return nt status of performed operation
+ **/
+
+static NTSTATUS tdbsam_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD *trust)
+{
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+ BOOL status = False;
+ TALLOC_CTX *mem_ctx;
+
+ char* domain = NULL;
+ struct trust_passwd_data t = trust->private;
+ uint32 sec_chan;
+
+ mem_ctx = talloc_init("tdbsam_add_trust_passwd: storing new trust password");
+
+ /* convert unicode name to char* (used to form the key) */
+ pull_ucs2_talloc(mem_ctx, &domain, t.uni_name);
+
+ /* add nt machine trust password */
+ if (t.flags & (PASS_MACHINE_TRUST_NT | PASS_SERVER_TRUST_NT)) {
+ sec_chan = (t.flags & PASS_MACHINE_TRUST_NT) ? SEC_CHAN_WKSTA : SEC_CHAN_BDC;
+ status = secrets_store_machine_password(t.pass, domain, sec_chan);
+ if (status)
+ status = secrets_store_domain_sid(domain, &t.domain_sid);
+
+ nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+
+ /* add nt domain trust password */
+ } else if (t.flags & PASS_DOMAIN_TRUST_NT) {
+ status = secrets_store_trusted_domain_password(domain, t.uni_name, t.uni_name_len,
+ t.pass, t.domain_sid);
+ nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+
+ /* add ads machine trust password (TODO) */
+ } else if (t.flags & PASS_MACHINE_TRUST_ADS) {
+ }
+
+ talloc_destroy(mem_ctx);
+ return nt_status;
+}
+
+
+/**
+ * Update trust password.
+ *
+ * @param methods methods belonging in pdb context (module)
+ * @param trust trust password structure
+ *
+ * @return nt status of performed operation
+ **/
+
+static NTSTATUS tdbsam_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
+{
+ NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
+ return nt_status;
+}
+
+
+/**
+ * Delete trust password.
+ *
+ * @param methods methods belonging in pdb context (module)
+ * @param trust trust password structure
+ *
+ * @return nt status of performed operation
+ **/
+
+static NTSTATUS tdbsam_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
+{
+ NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
+ return nt_status;
+}
+
static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
@@ -663,6 +860,11 @@ static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_meth
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
+ (*pdb_method)->gettrustpwent = tdbsam_gettrustpwent;
+ (*pdb_method)->gettrustpwsid = tdbsam_gettrustpwsid;
+ (*pdb_method)->add_trust_passwd = tdbsam_add_trust_passwd;
+ (*pdb_method)->update_trust_passwd = tdbsam_update_trust_passwd;
+ (*pdb_method)->delete_trust_passwd = tdbsam_delete_trust_passwd;
tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));