summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/param/secrets.c33
-rw-r--r--source4/param/secrets.h3
-rw-r--r--source4/smbd/process_standard.c3
-rw-r--r--source4/smbd/server.c2
4 files changed, 12 insertions, 29 deletions
diff --git a/source4/param/secrets.c b/source4/param/secrets.c
index bc4327188a..06dc850c8e 100644
--- a/source4/param/secrets.c
+++ b/source4/param/secrets.c
@@ -32,8 +32,6 @@
#include "lib/util/util_ldb.h"
#include "librpc/gen_ndr/ndr_security.h"
-static struct tdb_wrap *tdb;
-
/**
* Use a TDB to store an incrementing random seed.
*
@@ -42,42 +40,31 @@ static struct tdb_wrap *tdb;
*
* @note Not called by systems with a working /dev/urandom.
*/
-static void get_rand_seed(int *new_seed)
+static void get_rand_seed(struct tdb_wrap *secretsdb, int *new_seed)
{
*new_seed = getpid();
- if (tdb != NULL) {
- tdb_change_int32_atomic(tdb->tdb, "INFO/random_seed", new_seed, 1);
+ if (secretsdb != NULL) {
+ tdb_change_int32_atomic(secretsdb->tdb, "INFO/random_seed", new_seed, 1);
}
}
/**
- * close the secrets database
- */
-void secrets_shutdown(void)
-{
- talloc_free(tdb);
-}
-
-/**
* open up the secrets database
*/
-bool secrets_init(struct loadparm_context *lp_ctx)
+struct tdb_wrap *secrets_init(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
{
char *fname;
uint8_t dummy;
+ struct tdb_wrap *tdb;
- if (tdb != NULL)
- return true;
+ fname = private_path(mem_ctx, lp_ctx, "secrets.tdb");
- fname = private_path(NULL, lp_ctx, "secrets.tdb");
-
- tdb = tdb_wrap_open(talloc_autofree_context(), fname, 0, TDB_DEFAULT,
- O_RDWR|O_CREAT, 0600);
+ tdb = tdb_wrap_open(mem_ctx, fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
if (!tdb) {
DEBUG(0,("Failed to open %s\n", fname));
talloc_free(fname);
- return false;
+ return NULL;
}
talloc_free(fname);
@@ -87,12 +74,12 @@ bool secrets_init(struct loadparm_context *lp_ctx)
* This avoids a problem where systems without /dev/urandom
* could send the same challenge to multiple clients
*/
- set_rand_reseed_callback(get_rand_seed);
+ set_rand_reseed_callback((void (*) (void *, int *))get_rand_seed, tdb);
/* Ensure that the reseed is done now, while we are root, etc */
generate_random_buffer(&dummy, sizeof(dummy));
- return true;
+ return tdb;
}
/**
diff --git a/source4/param/secrets.h b/source4/param/secrets.h
index 4a9eb25e7e..bd6ff4a401 100644
--- a/source4/param/secrets.h
+++ b/source4/param/secrets.h
@@ -43,8 +43,7 @@ struct machine_acct_pass {
* @note Not called by systems with a working /dev/urandom.
*/
struct loadparm_context;
-void secrets_shutdown(void);
-bool secrets_init(struct loadparm_context *lp_ctx);
+struct tdb_wrap *secrets_init(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, const char *domain);
diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c
index deb44c0a68..820859400e 100644
--- a/source4/smbd/process_standard.c
+++ b/source4/smbd/process_standard.c
@@ -204,9 +204,6 @@ _NORETURN_ static void standard_terminate(struct event_context *ev, const char *
which makes leak checking easier */
reload_charcnv(global_loadparm);
- /* the secrets db should really hang off the connection structure */
- secrets_shutdown();
-
talloc_free(ev);
/* terminate this process */
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index fe38a4e5ab..d6e2fb19e4 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -278,7 +278,7 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
/* Do *not* remove this, until you have removed
* passdb/secrets.c, and proved that Samba still builds... */
/* Setup the SECRETS subsystem */
- if (!secrets_init(cmdline_lp_ctx)) {
+ if (secrets_init(talloc_autofree_context(), cmdline_lp_ctx) == NULL) {
exit(1);
}