summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/passdb/secrets.c221
1 files changed, 93 insertions, 128 deletions
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 8448f795b4..1e90f61558 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -27,7 +27,7 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
-static TDB_CONTEXT *tdb;
+static struct db_context *db_ctx;
/* Urrrg. global.... */
bool global_machine_password_needs_changing;
@@ -43,8 +43,9 @@ bool global_machine_password_needs_changing;
static void get_rand_seed(int *new_seed)
{
*new_seed = sys_getpid();
- if (tdb) {
- tdb_change_int32_atomic(tdb, "INFO/random_seed", new_seed, 1);
+ if (db_ctx) {
+ dbwrap_change_int32_atomic(db_ctx, "INFO/random_seed",
+ new_seed, 1);
}
}
@@ -54,7 +55,7 @@ bool secrets_init(void)
char *fname = NULL;
unsigned char dummy;
- if (tdb)
+ if (db_ctx != NULL)
return True;
fname = talloc_asprintf(talloc_tos(), "%s/secrets.tdb",
@@ -63,9 +64,9 @@ bool secrets_init(void)
return false;
}
- tdb = tdb_open_log(fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+ db_ctx = db_open(NULL, fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
- if (!tdb) {
+ if (db_ctx == NULL) {
DEBUG(0,("Failed to open %s\n", fname));
TALLOC_FREE(fname);
return False;
@@ -92,12 +93,7 @@ bool secrets_init(void)
*/
void secrets_shutdown(void)
{
- if (!tdb) {
- return;
- }
-
- tdb_close(tdb);
- tdb = NULL;
+ TALLOC_FREE(db_ctx);
}
/* read a entry from the secrets database - the caller must free the result
@@ -106,17 +102,28 @@ void secrets_shutdown(void)
void *secrets_fetch(const char *key, size_t *size)
{
TDB_DATA dbuf;
+ void *result;
if (!secrets_init()) {
return NULL;
}
- dbuf = tdb_fetch(tdb, string_tdb_data(key));
+ if (db_ctx->fetch(db_ctx, talloc_tos(), string_tdb_data(key),
+ &dbuf) != 0) {
+ return NULL;
+ }
+
+ result = memdup(dbuf.dptr, dbuf.dsize);
+ if (result == NULL) {
+ return NULL;
+ }
+ TALLOC_FREE(dbuf.dptr);
+
if (size) {
*size = dbuf.dsize;
}
- return dbuf.dptr;
+ return result;
}
/* store a secrets entry
@@ -127,9 +134,9 @@ bool secrets_store(const char *key, const void *data, size_t size)
return false;
}
- return tdb_trans_store(tdb, string_tdb_data(key),
- make_tdb_data((const uint8 *)data, size),
- TDB_REPLACE) == 0;
+ return dbwrap_trans_store(db_ctx, string_tdb_data(key),
+ make_tdb_data((const uint8 *)data, size),
+ TDB_REPLACE) == 0;
}
@@ -141,7 +148,7 @@ bool secrets_delete(const char *key)
return false;
}
- return tdb_trans_delete(tdb, string_tdb_data(key)) == 0;
+ return dbwrap_trans_delete(db_ctx, string_tdb_data(key)) == 0;
}
/**
@@ -325,36 +332,18 @@ static char *trustdom_keystr(const char *domain)
return keystr;
}
-static int unlock_trust_account(char *domain)
-{
- tdb_unlock_bystring(tdb, trust_keystr(domain));
- return 0;
-}
-
/************************************************************************
Lock the trust password entry.
************************************************************************/
void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain)
{
- char *result;
-
if (!secrets_init()) {
return NULL;
}
- result = talloc_strdup(mem_ctx, domain);
- if (result == NULL) {
- return NULL;
- }
-
- if (tdb_lock_bystring(tdb, trust_keystr(domain)) != 0) {
- TALLOC_FREE(result);
- return NULL;
- }
-
- talloc_set_destructor(result, unlock_trust_account);
- return result;
+ return db_ctx->fetch_locked(
+ db_ctx, mem_ctx, string_term_tdb_data(trust_keystr(domain)));
}
/************************************************************************
@@ -913,118 +902,94 @@ bool fetch_ldap_pw(char **dn, char** pw)
* Get trusted domains info from secrets.tdb.
**/
-NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
- struct trustdom_info ***domains)
+struct list_trusted_domains_state {
+ uint32 num_domains;
+ struct trustdom_info **domains;
+};
+
+static int list_trusted_domain(struct db_record *rec, void *private_data)
{
- TDB_LIST_NODE *keys, *k;
- char *pattern;
- TALLOC_CTX *tmp_ctx;
+ const size_t prefix_len = strlen(SECRETS_DOMTRUST_ACCT_PASS);
+ size_t packed_size = 0;
+ struct trusted_dom_pass pass;
+ struct trustdom_info *dom_info;
- if (!(tmp_ctx = talloc_new(mem_ctx))) {
- return NT_STATUS_NO_MEMORY;
- }
+ struct list_trusted_domains_state *state =
+ (struct list_trusted_domains_state *)private_data;
- if (!secrets_init()) {
- return NT_STATUS_ACCESS_DENIED;
+ if ((rec->key.dsize < prefix_len)
+ || (strncmp((char *)rec->key.dptr, SECRETS_DOMTRUST_ACCT_PASS,
+ prefix_len) != 0)) {
+ return 0;
}
- /* generate searching pattern */
- pattern = talloc_asprintf(tmp_ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS);
- if (pattern == NULL) {
- DEBUG(0, ("secrets_trusted_domains: talloc_asprintf() "
- "failed!\n"));
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
+ packed_size = tdb_trusted_dom_pass_unpack(
+ rec->value.dptr, rec->value.dsize, &pass);
+
+ if (rec->value.dsize != packed_size) {
+ DEBUG(2, ("Secrets record is invalid!\n"));
+ return 0;
}
- *num_domains = 0;
+ if (pass.domain_sid.num_auths != 4) {
+ DEBUG(0, ("SID %s is not a domain sid, has %d "
+ "auths instead of 4\n",
+ sid_string_dbg(&pass.domain_sid),
+ pass.domain_sid.num_auths));
+ return 0;
+ }
- /*
- * Make sure that a talloc context for the trustdom_info structs
- * exists
- */
+ if (!(dom_info = TALLOC_P(state->domains, struct trustdom_info))) {
+ DEBUG(0, ("talloc failed\n"));
+ return 0;
+ }
- if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *, 1))) {
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
+ if (pull_ucs2_talloc(dom_info, &dom_info->name,
+ pass.uni_name) == (size_t)-1) {
+ DEBUG(2, ("pull_ucs2_talloc failed\n"));
+ TALLOC_FREE(dom_info);
+ return 0;
}
- /* fetching trusted domains' data and collecting them in a list */
- keys = tdb_search_keys(tdb, pattern);
-
- /* searching for keys in secrets db -- way to go ... */
- for (k = keys; k; k = k->next) {
- uint8 *packed_pass;
- size_t size = 0, packed_size = 0;
- struct trusted_dom_pass pass;
- char *secrets_key;
- struct trustdom_info *dom_info;
-
- /* important: ensure null-termination of the key string */
- secrets_key = talloc_strndup(tmp_ctx,
- (const char *)k->node_key.dptr,
- k->node_key.dsize);
- if (!secrets_key) {
- DEBUG(0, ("strndup failed!\n"));
- tdb_search_list_free(keys);
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
+ sid_copy(&dom_info->sid, &pass.domain_sid);
- packed_pass = (uint8 *)secrets_fetch(secrets_key, &size);
- packed_size = tdb_trusted_dom_pass_unpack(packed_pass, size,
- &pass);
- /* packed representation isn't needed anymore */
- SAFE_FREE(packed_pass);
+ ADD_TO_ARRAY(state->domains, struct trustdom_info *, dom_info,
+ &state->domains, &state->num_domains);
- if (size != packed_size) {
- DEBUG(2, ("Secrets record %s is invalid!\n",
- secrets_key));
- continue;
- }
+ if (state->domains == NULL) {
+ state->num_domains = 0;
+ return -1;
+ }
+ return 0;
+}
- if (pass.domain_sid.num_auths != 4) {
- DEBUG(0, ("SID %s is not a domain sid, has %d "
- "auths instead of 4\n",
- sid_string_dbg(&pass.domain_sid),
- pass.domain_sid.num_auths));
- continue;
- }
+NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
+ struct trustdom_info ***domains)
+{
+ struct list_trusted_domains_state state;
- if (!(dom_info = TALLOC_P(*domains, struct trustdom_info))) {
- DEBUG(0, ("talloc failed\n"));
- tdb_search_list_free(keys);
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
+ secrets_init();
- if (pull_ucs2_talloc(dom_info, &dom_info->name,
- pass.uni_name) == (size_t)-1) {
- DEBUG(2, ("pull_ucs2_talloc failed\n"));
- tdb_search_list_free(keys);
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
+ if (db_ctx == NULL) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
- sid_copy(&dom_info->sid, &pass.domain_sid);
+ state.num_domains = 0;
- ADD_TO_ARRAY(*domains, struct trustdom_info *, dom_info,
- domains, num_domains);
+ /*
+ * Make sure that a talloc context for the trustdom_info structs
+ * exists
+ */
- if (*domains == NULL) {
- tdb_search_list_free(keys);
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
+ if (!(state.domains = TALLOC_ARRAY(
+ mem_ctx, struct trustdom_info *, 1))) {
+ return NT_STATUS_NO_MEMORY;
}
- DEBUG(5, ("secrets_get_trusted_domains: got %d domains\n",
- *num_domains));
-
- /* free the results of searching the keys */
- tdb_search_list_free(keys);
- TALLOC_FREE(tmp_ctx);
+ db_ctx->traverse(db_ctx, list_trusted_domain, (void *)&state);
+ *num_domains = state.num_domains;
+ *domains = state.domains;
return NT_STATUS_OK;
}