diff options
-rw-r--r-- | source3/passdb/pdb_tdb.c | 202 |
1 files changed, 202 insertions, 0 deletions
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 966682563c..1d8fb9b7ec 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -643,6 +643,203 @@ static void free_private_data(void **vp) /* No need to free any further, as it is talloc()ed */ } +/** + * Start enumerating through trust passwords (machine and + * interdomain nt/ads) + * + * @param methods methods belonging in pdb context (module) + * @param trust trust password structure + * + * @return nt status of performed operation + **/ + +static NTSTATUS tdbsam_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust) +{ + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct trust_passwd_data t; + TALLOC_CTX *mem_ctx; + + TRUSTDOM **trustdom; + static int enum_ctx; + int num_domains = 0; + unsigned int max_domains = 1; + char *dom_name, *dom_pass; + + smb_ucs2_t *uni_dom_name; + uint8 mach_pass[16]; + uint32 sec_chan; + + if (!methods) return NT_STATUS_UNSUCCESSFUL; + + /* + * NT domain trust passwords + */ + + /* rewind enumeration when passed NULL pointer as a trust */ + if (!trust) { + enum_ctx = 0; + return NT_STATUS_OK; + } + + mem_ctx = talloc_init("tdbsam_gettrustpwent: trust password enumeration"); + + /* fetch next trusted domain (one at a time) and its full information */ + nt_status = secrets_get_trusted_domains(mem_ctx, &enum_ctx, max_domains, &num_domains, + &trustdom); + if (num_domains) { + pull_ucs2_talloc(mem_ctx, &dom_name, trustdom[0]->name); + if (secrets_fetch_trusted_domain_password(dom_name, &dom_pass, &t.domain_sid, + &t.mod_time)) { + + t.uni_name_len = strnlen_w(trustdom[0]->name, 32); + strncpy_w(t.uni_name, trustdom[0]->name, t.uni_name_len); + safe_strcpy(t.pass, dom_pass, FSTRING_LEN - 1); + t.flags = PASS_DOMAIN_TRUST_NT; + + SAFE_FREE(dom_pass); + talloc_destroy(mem_ctx); + trust->private = t; + return nt_status; + } else { + talloc_destroy(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + } + + /* + * NT machine trust password + */ + + if (secrets_lock_trust_account_password(lp_workgroup(), True)) { + sec_chan = get_default_sec_channel(); + if (secrets_fetch_trust_account_password(lp_workgroup(), mach_pass, &t.mod_time, + &sec_chan)) { + + t.uni_name_len = strlen(lp_workgroup()); + push_ucs2_talloc(mem_ctx, &uni_dom_name, lp_workgroup()); + strncpy_w(t.uni_name, uni_dom_name, t.uni_name_len); + safe_strcpy(t.pass, mach_pass, FSTRING_LEN - 1); + t.flags = PASS_MACHINE_TRUST_NT; + if (!secrets_fetch_domain_sid(lp_workgroup(), &t.domain_sid)) { + talloc_destroy(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + + talloc_destroy(mem_ctx); + trust->private = t; + return NT_STATUS_OK; + } + secrets_lock_trust_account_password(lp_workgroup(), False); + } else { + talloc_destroy(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + + /* + * ADS machine trust password (TODO) + */ + + talloc_destroy(mem_ctx); + return nt_status; +} + +/** + * Get trust password by trusted party sid + * + * @param methods methods belonging to pdb context (module) + * @param trust trust password structure + * @param sid trusted party sid + * + * @return nt status of performed operation + **/ + +static NTSTATUS tdbsam_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, + const DOM_SID *sid) +{ + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + return nt_status; +} + + +/** + * Add new trust password. + * + * @param methods methods belonging in pdb context (module) + * @param trust trust password structure + * + * @return nt status of performed operation + **/ + +static NTSTATUS tdbsam_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD *trust) +{ + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + BOOL status = False; + TALLOC_CTX *mem_ctx; + + char* domain = NULL; + struct trust_passwd_data t = trust->private; + uint32 sec_chan; + + mem_ctx = talloc_init("tdbsam_add_trust_passwd: storing new trust password"); + + /* convert unicode name to char* (used to form the key) */ + pull_ucs2_talloc(mem_ctx, &domain, t.uni_name); + + /* add nt machine trust password */ + if (t.flags & (PASS_MACHINE_TRUST_NT | PASS_SERVER_TRUST_NT)) { + sec_chan = (t.flags & PASS_MACHINE_TRUST_NT) ? SEC_CHAN_WKSTA : SEC_CHAN_BDC; + status = secrets_store_machine_password(t.pass, domain, sec_chan); + if (status) + status = secrets_store_domain_sid(domain, &t.domain_sid); + + nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + + /* add nt domain trust password */ + } else if (t.flags & PASS_DOMAIN_TRUST_NT) { + status = secrets_store_trusted_domain_password(domain, t.uni_name, t.uni_name_len, + t.pass, t.domain_sid); + nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + + /* add ads machine trust password (TODO) */ + } else if (t.flags & PASS_MACHINE_TRUST_ADS) { + } + + talloc_destroy(mem_ctx); + return nt_status; +} + + +/** + * Update trust password. + * + * @param methods methods belonging in pdb context (module) + * @param trust trust password structure + * + * @return nt status of performed operation + **/ + +static NTSTATUS tdbsam_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) +{ + NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; + return nt_status; +} + + +/** + * Delete trust password. + * + * @param methods methods belonging in pdb context (module) + * @param trust trust password structure + * + * @return nt status of performed operation + **/ + +static NTSTATUS tdbsam_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) +{ + NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; + return nt_status; +} + static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { @@ -663,6 +860,11 @@ static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_meth (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; + (*pdb_method)->gettrustpwent = tdbsam_gettrustpwent; + (*pdb_method)->gettrustpwsid = tdbsam_gettrustpwsid; + (*pdb_method)->add_trust_passwd = tdbsam_add_trust_passwd; + (*pdb_method)->update_trust_passwd = tdbsam_update_trust_passwd; + (*pdb_method)->delete_trust_passwd = tdbsam_delete_trust_passwd; tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates)); |