summaryrefslogtreecommitdiff
path: root/source4/passdb/secrets.c
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-05-23 00:30:17 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:53:53 -0500
commitf11cc69df34c39f545669eb83b0dbf23227db558 (patch)
tree5ff0a84ff0a0f73480e333fa95002d78ba5c509e /source4/passdb/secrets.c
parentbf52e242f53aeaac33eea69fbdfb3477634b90fb (diff)
downloadsamba-f11cc69df34c39f545669eb83b0dbf23227db558.tar.gz
samba-f11cc69df34c39f545669eb83b0dbf23227db558.tar.bz2
samba-f11cc69df34c39f545669eb83b0dbf23227db558.zip
r826: removed a pile of old code, in preparation for a new ACL handling system. I'd like to get rid of DOM_SID completely soon
(This used to be commit e306e27cf333e176195a47b19e3de591b4a59650)
Diffstat (limited to 'source4/passdb/secrets.c')
-rw-r--r--source4/passdb/secrets.c369
1 files changed, 1 insertions, 368 deletions
diff --git a/source4/passdb/secrets.c b/source4/passdb/secrets.c
index c400caaaa4..8d66572acd 100644
--- a/source4/passdb/secrets.c
+++ b/source4/passdb/secrets.c
@@ -52,7 +52,7 @@ BOOL secrets_init(void)
/* read a entry from the secrets database - the caller must free the result
if size is non-null then the size of the entry is put in there
*/
-void *secrets_fetch(const char *key, size_t *size)
+static void *secrets_fetch(const char *key, size_t *size)
{
TDB_DATA kbuf, dbuf;
secrets_init();
@@ -67,338 +67,6 @@ void *secrets_fetch(const char *key, size_t *size)
return dbuf.dptr;
}
-/* store a secrets entry
- */
-BOOL secrets_store(const char *key, const void *data, size_t size)
-{
- TDB_DATA kbuf, dbuf;
- int ret;
-
- secrets_init();
- if (!tdb)
- return False;
- kbuf.dptr = strdup(key);
- kbuf.dsize = strlen(key);
- dbuf.dptr = memdup(data, size);
- dbuf.dsize = size;
-
- ret = tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
-
- free(kbuf.dptr);
- free(dbuf.dptr);
-
- return ret == 0;
-}
-
-
-/* delete a secets database entry
- */
-BOOL secrets_delete(const char *key)
-{
- TDB_DATA kbuf;
- int ret;
-
- secrets_init();
- if (!tdb)
- return False;
- kbuf.dptr = strdup(key);
- kbuf.dsize = strlen(key);
- ret = tdb_delete(tdb, kbuf);
- free(kbuf.dptr);
- return ret == 0;
-}
-
-BOOL secrets_store_domain_sid(const char *domain, const DOM_SID *sid)
-{
- fstring key;
-
- slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_SID, domain);
- strupper(key);
- return secrets_store(key, sid, sizeof(DOM_SID));
-}
-
-BOOL secrets_fetch_domain_sid(const char *domain, DOM_SID *sid)
-{
- DOM_SID *dyn_sid;
- fstring key;
- size_t size;
-
- slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_SID, domain);
- strupper(key);
- dyn_sid = (DOM_SID *)secrets_fetch(key, &size);
-
- if (dyn_sid == NULL)
- return False;
-
- if (size != sizeof(DOM_SID))
- {
- SAFE_FREE(dyn_sid);
- return False;
- }
-
- *sid = *dyn_sid;
- SAFE_FREE(dyn_sid);
- return True;
-}
-
-BOOL secrets_store_domain_guid(const char *domain, struct GUID *guid)
-{
- const char *s;
- fstring key;
- TALLOC_CTX *mem_ctx;
- BOOL ret;
-
- mem_ctx = talloc_init("secrets_store_domain_guid");
- if (!mem_ctx) {
- return False;
- }
-
- s = GUID_string(mem_ctx, guid);
- if (!s) {
- talloc_destroy(mem_ctx);
- return False;
- }
-
-
- slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain);
- strupper(key);
- ret = secrets_store(key, s, strlen(s)+1);
-
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-BOOL secrets_fetch_domain_guid(const char *domain, struct GUID *guid)
-{
- char *dyn_guid;
- fstring key;
- size_t size;
- struct GUID new_guid;
- NTSTATUS status;
-
- slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain);
- strupper(key);
- dyn_guid = secrets_fetch(key, &size);
-
- DEBUG(6,("key is %s, size is %d\n", key, (int)size));
-
- if ((NULL == dyn_guid) && (ROLE_DOMAIN_PDC == lp_server_role())) {
- uuid_generate_random(&new_guid);
- if (!secrets_store_domain_guid(domain, &new_guid))
- return False;
- dyn_guid = secrets_fetch(key, &size);
- if (dyn_guid == NULL)
- return False;
- }
-
- status = GUID_from_string(dyn_guid, guid);
- SAFE_FREE(dyn_guid);
-
- if (!NT_STATUS_IS_OK(status)) {
- return False;
- }
-
- return True;
-}
-
-/**
- * Form a key for fetching the machine trust account password
- *
- * @param domain domain name
- *
- * @return stored password's key
- **/
-const char *trust_keystr(const char *domain)
-{
- static fstring keystr;
-
- slprintf(keystr,sizeof(keystr)-1,"%s/%s",
- SECRETS_MACHINE_ACCT_PASS, domain);
- strupper(keystr);
-
- return keystr;
-}
-
-/**
- * Form a key for fetching a trusted domain password
- *
- * @param domain trusted domain name
- *
- * @return stored password's key
- **/
-char *trustdom_keystr(const char *domain)
-{
- static char* keystr;
-
- asprintf(&keystr, "%s/%s", SECRETS_DOMTRUST_ACCT_PASS, domain);
- strupper(keystr);
-
- return keystr;
-}
-
-/************************************************************************
- Lock the trust password entry.
-************************************************************************/
-
-BOOL secrets_lock_trust_account_password(const char *domain, BOOL dolock)
-{
- if (!tdb)
- return False;
-
- if (dolock)
- return (tdb_lock_bystring(tdb, trust_keystr(domain),0) == 0);
- else
- tdb_unlock_bystring(tdb, trust_keystr(domain));
- return True;
-}
-
-/************************************************************************
- Routine to get the trust account password for a domain.
- The user of this function must have locked the trust password file using
- the above call.
-************************************************************************/
-
-BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
- time_t *pass_last_set_time)
-{
- struct machine_acct_pass *pass;
- char *plaintext;
- size_t size;
-
- plaintext = secrets_fetch_machine_password();
- if (plaintext) {
- /* we have an ADS password - use that */
- DEBUG(4,("Using ADS machine password\n"));
- E_md4hash(plaintext, ret_pwd);
- SAFE_FREE(plaintext);
- pass_last_set_time = 0;
- return True;
- }
-
- if (!(pass = secrets_fetch(trust_keystr(domain), &size))) {
- DEBUG(5, ("secrets_fetch failed!\n"));
- return False;
- }
-
- if (size != sizeof(*pass)) {
- DEBUG(0, ("secrets were of incorrect size!\n"));
- return False;
- }
-
- if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
- memcpy(ret_pwd, pass->hash, 16);
- SAFE_FREE(pass);
- return True;
-}
-
-/************************************************************************
- Routine to get account password to trusted domain
-************************************************************************/
-
-BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
- DOM_SID *sid, time_t *pass_last_set_time)
-{
- struct trusted_dom_pass *pass;
- size_t size;
-
- /* fetching trusted domain password structure */
- if (!(pass = secrets_fetch(trustdom_keystr(domain), &size))) {
- DEBUG(5, ("secrets_fetch failed!\n"));
- return False;
- }
-
- if (size != sizeof(*pass)) {
- DEBUG(0, ("secrets were of incorrect size!\n"));
- return False;
- }
-
- /* the trust's password */
- if (pwd) {
- *pwd = strdup(pass->pass);
- if (!*pwd) {
- return False;
- }
- }
-
- /* last change time */
- if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
-
- /* domain sid */
- memcpy(&sid, &(pass->domain_sid), sizeof(sid));
-
- SAFE_FREE(pass);
-
- return True;
-}
-
-/************************************************************************
- Routine to set the trust account password for a domain.
-************************************************************************/
-
-BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16])
-{
- struct machine_acct_pass pass;
-
- pass.mod_time = time(NULL);
- memcpy(pass.hash, new_pwd, 16);
-
- return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
-}
-
-/**
- * Routine to set the password for trusted domain
- *
- * @param domain remote domain name
- * @param pwd plain text password of trust relationship
- * @param sid remote domain sid
- *
- * @return true if succeeded
- **/
-
-BOOL secrets_store_trusted_domain_password(const char* domain, smb_ucs2_t *uni_dom_name,
- size_t uni_name_len, const char* pwd,
- DOM_SID sid)
-{
- struct trusted_dom_pass pass;
- ZERO_STRUCT(pass);
-
- /* unicode domain name and its length */
- if (!uni_dom_name)
- return False;
-
- strncpy_w(pass.uni_name, uni_dom_name, sizeof(pass.uni_name) - 1);
- pass.uni_name_len = uni_name_len;
-
- /* last change time */
- pass.mod_time = time(NULL);
-
- /* password of the trust */
- pass.pass_len = strlen(pwd);
- fstrcpy(pass.pass, pwd);
-
- /* domain sid */
- memcpy(&(pass.domain_sid), &sid, sizeof(sid));
-
- return secrets_store(trustdom_keystr(domain), (void *)&pass, sizeof(pass));
-}
-
-/************************************************************************
- Routine to set the plaintext machine account password for a realm
-the password is assumed to be a null terminated ascii string
-************************************************************************/
-
-BOOL secrets_store_machine_password(const char *pass)
-{
- char *key;
- BOOL ret;
- asprintf(&key, "%s/%s", SECRETS_MACHINE_PASSWORD, lp_workgroup());
- strupper(key);
- ret = secrets_store(key, pass, strlen(pass)+1);
- free(key);
- return ret;
-}
-
-
/************************************************************************
Routine to fetch the plaintext machine account password for a realm
the password is assumed to be a null terminated ascii string
@@ -416,41 +84,6 @@ char *secrets_fetch_machine_password(void)
-/************************************************************************
- Routine to delete the machine trust account password file for a domain.
-************************************************************************/
-
-BOOL trust_password_delete(const char *domain)
-{
- return secrets_delete(trust_keystr(domain));
-}
-
-/************************************************************************
- Routine to delete the password for trusted domain
-************************************************************************/
-
-BOOL trusted_domain_password_delete(const char *domain)
-{
- return secrets_delete(trustdom_keystr(domain));
-}
-
-
-BOOL secrets_store_ldap_pw(const char* dn, char* pw)
-{
- char *key = NULL;
- BOOL ret;
-
- if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, dn) < 0) {
- DEBUG(0, ("secrets_store_ldap_pw: asprintf failed!\n"));
- return False;
- }
-
- ret = secrets_store(key, pw, strlen(pw)+1);
-
- SAFE_FREE(key);
- return ret;
-}
-
/*******************************************************************************
Lock the secrets tdb based on a string - this is used as a primitive form of mutex
between smbd instances.