diff options
-rw-r--r-- | source4/param/secrets.c | 33 | ||||
-rw-r--r-- | source4/param/secrets.h | 3 | ||||
-rw-r--r-- | source4/smbd/process_standard.c | 3 | ||||
-rw-r--r-- | source4/smbd/server.c | 2 |
4 files changed, 12 insertions, 29 deletions
diff --git a/source4/param/secrets.c b/source4/param/secrets.c index bc4327188a..06dc850c8e 100644 --- a/source4/param/secrets.c +++ b/source4/param/secrets.c @@ -32,8 +32,6 @@ #include "lib/util/util_ldb.h" #include "librpc/gen_ndr/ndr_security.h" -static struct tdb_wrap *tdb; - /** * Use a TDB to store an incrementing random seed. * @@ -42,42 +40,31 @@ static struct tdb_wrap *tdb; * * @note Not called by systems with a working /dev/urandom. */ -static void get_rand_seed(int *new_seed) +static void get_rand_seed(struct tdb_wrap *secretsdb, int *new_seed) { *new_seed = getpid(); - if (tdb != NULL) { - tdb_change_int32_atomic(tdb->tdb, "INFO/random_seed", new_seed, 1); + if (secretsdb != NULL) { + tdb_change_int32_atomic(secretsdb->tdb, "INFO/random_seed", new_seed, 1); } } /** - * close the secrets database - */ -void secrets_shutdown(void) -{ - talloc_free(tdb); -} - -/** * open up the secrets database */ -bool secrets_init(struct loadparm_context *lp_ctx) +struct tdb_wrap *secrets_init(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) { char *fname; uint8_t dummy; + struct tdb_wrap *tdb; - if (tdb != NULL) - return true; + fname = private_path(mem_ctx, lp_ctx, "secrets.tdb"); - fname = private_path(NULL, lp_ctx, "secrets.tdb"); - - tdb = tdb_wrap_open(talloc_autofree_context(), fname, 0, TDB_DEFAULT, - O_RDWR|O_CREAT, 0600); + tdb = tdb_wrap_open(mem_ctx, fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { DEBUG(0,("Failed to open %s\n", fname)); talloc_free(fname); - return false; + return NULL; } talloc_free(fname); @@ -87,12 +74,12 @@ bool secrets_init(struct loadparm_context *lp_ctx) * This avoids a problem where systems without /dev/urandom * could send the same challenge to multiple clients */ - set_rand_reseed_callback(get_rand_seed); + set_rand_reseed_callback((void (*) (void *, int *))get_rand_seed, tdb); /* Ensure that the reseed is done now, while we are root, etc */ generate_random_buffer(&dummy, sizeof(dummy)); - return true; + return tdb; } /** diff --git a/source4/param/secrets.h b/source4/param/secrets.h index 4a9eb25e7e..bd6ff4a401 100644 --- a/source4/param/secrets.h +++ b/source4/param/secrets.h @@ -43,8 +43,7 @@ struct machine_acct_pass { * @note Not called by systems with a working /dev/urandom. */ struct loadparm_context; -void secrets_shutdown(void); -bool secrets_init(struct loadparm_context *lp_ctx); +struct tdb_wrap *secrets_init(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, const char *domain); diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c index deb44c0a68..820859400e 100644 --- a/source4/smbd/process_standard.c +++ b/source4/smbd/process_standard.c @@ -204,9 +204,6 @@ _NORETURN_ static void standard_terminate(struct event_context *ev, const char * which makes leak checking easier */ reload_charcnv(global_loadparm); - /* the secrets db should really hang off the connection structure */ - secrets_shutdown(); - talloc_free(ev); /* terminate this process */ diff --git a/source4/smbd/server.c b/source4/smbd/server.c index fe38a4e5ab..d6e2fb19e4 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -278,7 +278,7 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[ /* Do *not* remove this, until you have removed * passdb/secrets.c, and proved that Samba still builds... */ /* Setup the SECRETS subsystem */ - if (!secrets_init(cmdline_lp_ctx)) { + if (secrets_init(talloc_autofree_context(), cmdline_lp_ctx) == NULL) { exit(1); } |