summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/lookup_sid.c211
-rw-r--r--source3/passdb/passdb.c4
-rw-r--r--source3/passdb/pdb_interface.c179
-rw-r--r--source3/passdb/pdb_ldap.c126
-rw-r--r--source3/passdb/pdb_smbpasswd.c190
-rw-r--r--source3/passdb/pdb_tdb.c286
-rw-r--r--source3/passdb/secrets.c180
7 files changed, 512 insertions, 664 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index f5b03ffff0..9f66eb934e 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -464,6 +464,9 @@ static bool lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
{
int i;
+ DEBUG(10, ("lookup_rids called for domain sid '%s'\n",
+ sid_string_dbg(domain_sid)));
+
if (num_rids) {
*names = TALLOC_ARRAY(mem_ctx, const char *, num_rids);
*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids);
@@ -596,6 +599,16 @@ static bool lookup_as_domain(const DOM_SID *sid, TALLOC_CTX *mem_ctx,
return true;
}
+ if (sid_check_is_unix_users(sid)) {
+ *name = talloc_strdup(mem_ctx, unix_users_domain_name());
+ return true;
+ }
+
+ if (sid_check_is_unix_groups(sid)) {
+ *name = talloc_strdup(mem_ctx, unix_groups_domain_name());
+ return true;
+ }
+
if (sid->num_auths != 4) {
/* This can't be a domain */
return false;
@@ -922,6 +935,8 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
TALLOC_CTX *tmp_ctx;
bool ret = false;
+ DEBUG(10, ("lookup_sid called for SID '%s'\n", sid_string_dbg(sid)));
+
if (!(tmp_ctx = talloc_new(mem_ctx))) {
DEBUG(0, ("talloc_new failed\n"));
return false;
@@ -971,184 +986,112 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
modified to use linked lists by jra.
*****************************************************************/
-#define MAX_UID_SID_CACHE_SIZE 100
-#define TURNOVER_UID_SID_CACHE_SIZE 10
-#define MAX_GID_SID_CACHE_SIZE 100
-#define TURNOVER_GID_SID_CACHE_SIZE 10
-
-static size_t n_uid_sid_cache = 0;
-static size_t n_gid_sid_cache = 0;
-
-static struct uid_sid_cache {
- struct uid_sid_cache *next, *prev;
- uid_t uid;
- DOM_SID sid;
- enum lsa_SidType sidtype;
-} *uid_sid_cache_head;
-
-static struct gid_sid_cache {
- struct gid_sid_cache *next, *prev;
- gid_t gid;
- DOM_SID sid;
- enum lsa_SidType sidtype;
-} *gid_sid_cache_head;
-
/*****************************************************************
Find a SID given a uid.
-*****************************************************************/
+*****************************************************************/
static bool fetch_sid_from_uid_cache(DOM_SID *psid, uid_t uid)
{
- struct uid_sid_cache *pc;
-
- for (pc = uid_sid_cache_head; pc; pc = pc->next) {
- if (pc->uid == uid) {
- *psid = pc->sid;
- DEBUG(3,("fetch sid from uid cache %u -> %s\n",
- (unsigned int)uid, sid_string_dbg(psid)));
- DLIST_PROMOTE(uid_sid_cache_head, pc);
- return true;
- }
+ DATA_BLOB cache_value;
+
+ if (!memcache_lookup(NULL, UID_SID_CACHE,
+ data_blob_const(&uid, sizeof(uid)),
+ &cache_value)) {
+ return false;
}
- return false;
+
+ SMB_ASSERT(cache_value.length == sizeof(*psid));
+ memcpy(psid, cache_value.data, sizeof(*psid));
+
+ return true;
}
/*****************************************************************
Find a uid given a SID.
-*****************************************************************/
+*****************************************************************/
static bool fetch_uid_from_cache( uid_t *puid, const DOM_SID *psid )
{
- struct uid_sid_cache *pc;
-
- for (pc = uid_sid_cache_head; pc; pc = pc->next) {
- if (sid_compare(&pc->sid, psid) == 0) {
- *puid = pc->uid;
- DEBUG(3,("fetch uid from cache %u -> %s\n",
- (unsigned int)*puid, sid_string_dbg(psid)));
- DLIST_PROMOTE(uid_sid_cache_head, pc);
- return true;
- }
+ DATA_BLOB cache_value;
+
+ if (!memcache_lookup(NULL, SID_UID_CACHE,
+ data_blob_const(psid, sizeof(*psid)),
+ &cache_value)) {
+ return false;
}
- return false;
+
+ SMB_ASSERT(cache_value.length == sizeof(*puid));
+ memcpy(puid, cache_value.data, sizeof(*puid));
+
+ return true;
}
/*****************************************************************
Store uid to SID mapping in cache.
-*****************************************************************/
+*****************************************************************/
void store_uid_sid_cache(const DOM_SID *psid, uid_t uid)
{
- struct uid_sid_cache *pc;
-
- /* do not store SIDs in the "Unix Group" domain */
-
- if ( sid_check_is_in_unix_users( psid ) )
- return;
-
- if (n_uid_sid_cache >= MAX_UID_SID_CACHE_SIZE && n_uid_sid_cache > TURNOVER_UID_SID_CACHE_SIZE) {
- /* Delete the last TURNOVER_UID_SID_CACHE_SIZE entries. */
- struct uid_sid_cache *pc_next;
- size_t i;
-
- for (i = 0, pc = uid_sid_cache_head; i < (n_uid_sid_cache - TURNOVER_UID_SID_CACHE_SIZE); i++, pc = pc->next)
- ;
- for(; pc; pc = pc_next) {
- pc_next = pc->next;
- DLIST_REMOVE(uid_sid_cache_head,pc);
- SAFE_FREE(pc);
- n_uid_sid_cache--;
- }
- }
-
- pc = SMB_MALLOC_P(struct uid_sid_cache);
- if (!pc)
- return;
- pc->uid = uid;
- sid_copy(&pc->sid, psid);
- DLIST_ADD(uid_sid_cache_head, pc);
- n_uid_sid_cache++;
+ memcache_add(NULL, SID_UID_CACHE,
+ data_blob_const(psid, sizeof(*psid)),
+ data_blob_const(&uid, sizeof(uid)));
+ memcache_add(NULL, UID_SID_CACHE,
+ data_blob_const(&uid, sizeof(uid)),
+ data_blob_const(psid, sizeof(*psid)));
}
/*****************************************************************
Find a SID given a gid.
-*****************************************************************/
+*****************************************************************/
static bool fetch_sid_from_gid_cache(DOM_SID *psid, gid_t gid)
{
- struct gid_sid_cache *pc;
-
- for (pc = gid_sid_cache_head; pc; pc = pc->next) {
- if (pc->gid == gid) {
- *psid = pc->sid;
- DEBUG(3,("fetch sid from gid cache %u -> %s\n",
- (unsigned int)gid, sid_string_dbg(psid)));
- DLIST_PROMOTE(gid_sid_cache_head, pc);
- return true;
- }
+ DATA_BLOB cache_value;
+
+ if (!memcache_lookup(NULL, GID_SID_CACHE,
+ data_blob_const(&gid, sizeof(gid)),
+ &cache_value)) {
+ return false;
}
- return false;
+
+ SMB_ASSERT(cache_value.length == sizeof(*psid));
+ memcpy(psid, cache_value.data, sizeof(*psid));
+
+ return true;
}
/*****************************************************************
Find a gid given a SID.
-*****************************************************************/
+*****************************************************************/
static bool fetch_gid_from_cache(gid_t *pgid, const DOM_SID *psid)
{
- struct gid_sid_cache *pc;
-
- for (pc = gid_sid_cache_head; pc; pc = pc->next) {
- if (sid_compare(&pc->sid, psid) == 0) {
- *pgid = pc->gid;
- DEBUG(3,("fetch gid from cache %u -> %s\n",
- (unsigned int)*pgid, sid_string_dbg(psid)));
- DLIST_PROMOTE(gid_sid_cache_head, pc);
- return true;
- }
+ DATA_BLOB cache_value;
+
+ if (!memcache_lookup(NULL, SID_UID_CACHE,
+ data_blob_const(psid, sizeof(*psid)),
+ &cache_value)) {
+ return false;
}
- return false;
+
+ SMB_ASSERT(cache_value.length == sizeof(*pgid));
+ memcpy(pgid, cache_value.data, sizeof(*pgid));
+
+ return true;
}
/*****************************************************************
Store gid to SID mapping in cache.
-*****************************************************************/
+*****************************************************************/
void store_gid_sid_cache(const DOM_SID *psid, gid_t gid)
{
- struct gid_sid_cache *pc;
-
- /* do not store SIDs in the "Unix Group" domain */
-
- if ( sid_check_is_in_unix_groups( psid ) )
- return;
-
- if (n_gid_sid_cache >= MAX_GID_SID_CACHE_SIZE && n_gid_sid_cache > TURNOVER_GID_SID_CACHE_SIZE) {
- /* Delete the last TURNOVER_GID_SID_CACHE_SIZE entries. */
- struct gid_sid_cache *pc_next;
- size_t i;
-
- for (i = 0, pc = gid_sid_cache_head; i < (n_gid_sid_cache - TURNOVER_GID_SID_CACHE_SIZE); i++, pc = pc->next)
- ;
- for(; pc; pc = pc_next) {
- pc_next = pc->next;
- DLIST_REMOVE(gid_sid_cache_head,pc);
- SAFE_FREE(pc);
- n_gid_sid_cache--;
- }
- }
-
- pc = SMB_MALLOC_P(struct gid_sid_cache);
- if (!pc)
- return;
- pc->gid = gid;
- sid_copy(&pc->sid, psid);
- DLIST_ADD(gid_sid_cache_head, pc);
-
- DEBUG(3,("store_gid_sid_cache: gid %u in cache -> %s\n",
- (unsigned int)gid, sid_string_dbg(psid)));
-
- n_gid_sid_cache++;
+ memcache_add(NULL, SID_GID_CACHE,
+ data_blob_const(psid, sizeof(*psid)),
+ data_blob_const(&gid, sizeof(gid)));
+ memcache_add(NULL, GID_SID_CACHE,
+ data_blob_const(&gid, sizeof(gid)),
+ data_blob_const(psid, sizeof(*psid)));
}
/*****************************************************************
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 9311b8a74e..4228f6c32f 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1552,7 +1552,9 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
return false;
}
- *channel = SEC_CHAN_DOMAIN;
+ if (channel != NULL) {
+ *channel = SEC_CHAN_DOMAIN;
+ }
if (account_name != NULL) {
*account_name = lp_workgroup();
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index ed6a91cb2b..0ab45bafc3 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -25,10 +25,6 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
-/* Cache of latest SAM lookup query */
-
-static struct samu *csamuser = NULL;
-
static_decl_pdb;
static struct pdb_init_function_entry *backends = NULL;
@@ -208,55 +204,32 @@ static struct pdb_methods *pdb_get_methods(void)
return pdb_get_methods_reload(False);
}
-/******************************************************************
- Backward compatibility functions for the original passdb interface
-*******************************************************************/
-
-bool pdb_setsampwent(bool update, uint16 acb_mask)
-{
- struct pdb_methods *pdb = pdb_get_methods();
- return NT_STATUS_IS_OK(pdb->setsampwent(pdb, update, acb_mask));
-}
-
-void pdb_endsampwent(void)
-{
- struct pdb_methods *pdb = pdb_get_methods();
- pdb->endsampwent(pdb);
-}
-
-bool pdb_getsampwent(struct samu *user)
-{
- struct pdb_methods *pdb = pdb_get_methods();
-
- if ( !NT_STATUS_IS_OK(pdb->getsampwent(pdb, user) ) ) {
- return False;
- }
-
- return True;
-}
-
bool pdb_getsampwnam(struct samu *sam_acct, const char *username)
{
struct pdb_methods *pdb = pdb_get_methods();
+ struct samu *cache_copy;
+ const struct dom_sid *user_sid;
if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) {
return False;
}
- if ( csamuser ) {
- TALLOC_FREE(csamuser);
- }
-
- csamuser = samu_new( NULL );
- if (!csamuser) {
+ cache_copy = samu_new(NULL);
+ if (cache_copy == NULL) {
return False;
}
- if (!pdb_copy_sam_account(csamuser, sam_acct)) {
- TALLOC_FREE(csamuser);
+ if (!pdb_copy_sam_account(cache_copy, sam_acct)) {
+ TALLOC_FREE(cache_copy);
return False;
}
+ user_sid = pdb_get_user_sid(cache_copy);
+
+ memcache_add_talloc(NULL, PDB_GETPWSID_CACHE,
+ data_blob_const(user_sid, sizeof(*user_sid)),
+ cache_copy);
+
return True;
}
@@ -289,6 +262,7 @@ bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid)
{
struct pdb_methods *pdb = pdb_get_methods();
uint32 rid;
+ void *cache_data;
/* hard code the Guest RID of 501 */
@@ -301,9 +275,16 @@ bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid)
}
/* check the cache first */
-
- if ( csamuser && sid_equal(sid, pdb_get_user_sid(csamuser) ) )
- return pdb_copy_sam_account(sam_acct, csamuser);
+
+ cache_data = memcache_lookup_talloc(
+ NULL, PDB_GETPWSID_CACHE, data_blob_const(sid, sizeof(*sid)));
+
+ if (cache_data != NULL) {
+ struct samu *cache_copy = talloc_get_type_abort(
+ cache_data, struct samu);
+
+ return pdb_copy_sam_account(sam_acct, cache_copy);
+ }
return NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid));
}
@@ -498,10 +479,7 @@ NTSTATUS pdb_update_sam_account(struct samu *sam_acct)
{
struct pdb_methods *pdb = pdb_get_methods();
- if (csamuser != NULL) {
- TALLOC_FREE(csamuser);
- csamuser = NULL;
- }
+ memcache_flush(NULL, PDB_GETPWSID_CACHE);
return pdb->update_sam_account(pdb, sam_acct);
}
@@ -510,10 +488,7 @@ NTSTATUS pdb_delete_sam_account(struct samu *sam_acct)
{
struct pdb_methods *pdb = pdb_get_methods();
- if (csamuser != NULL) {
- TALLOC_FREE(csamuser);
- csamuser = NULL;
- }
+ memcache_flush(NULL, PDB_GETPWSID_CACHE);
return pdb->delete_sam_account(pdb, sam_acct);
}
@@ -524,10 +499,7 @@ NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
uid_t uid;
NTSTATUS status;
- if (csamuser != NULL) {
- TALLOC_FREE(csamuser);
- csamuser = NULL;
- }
+ memcache_flush(NULL, PDB_GETPWSID_CACHE);
/* sanity check to make sure we don't rename root */
@@ -1181,21 +1153,6 @@ static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods,
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, bool update, uint32 acb_mask)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, struct samu *user)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static void pdb_default_endsampwent(struct pdb_methods *methods)
-{
- return; /* NT_STATUS_NOT_IMPLEMENTED; */
-}
-
static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
{
return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
@@ -1570,11 +1527,12 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
return True;
}
- pw = Get_Pwnam(*name);
+ pw = Get_Pwnam_alloc(talloc_tos(), *name);
if (pw == NULL) {
return False;
}
unix_id->uid = pw->pw_uid;
+ TALLOC_FREE(pw);
return True;
}
TALLOC_FREE(sam_account);
@@ -1737,7 +1695,7 @@ static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods,
}
#endif
-static struct pdb_search *pdb_search_init(enum pdb_search_type type)
+struct pdb_search *pdb_search_init(enum pdb_search_type type)
{
TALLOC_CTX *mem_ctx;
struct pdb_search *result;
@@ -1794,81 +1752,6 @@ static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32 rid,
entry->description = "";
}
-static bool user_search_in_progress = False;
-struct user_search {
- uint16 acct_flags;
-};
-
-static bool next_entry_users(struct pdb_search *s,
- struct samr_displayentry *entry)
-{
- struct user_search *state = (struct user_search *)s->private_data;
- struct samu *user = NULL;
-
- next:
- if ( !(user = samu_new( NULL )) ) {
- DEBUG(0, ("next_entry_users: samu_new() failed!\n"));
- return False;
- }
-
- if (!pdb_getsampwent(user)) {
- TALLOC_FREE(user);
- return False;
- }
-
- if ((state->acct_flags != 0) &&
- ((pdb_get_acct_ctrl(user) & state->acct_flags) == 0)) {
- TALLOC_FREE(user);
- goto next;
- }
-
- fill_displayentry(s->mem_ctx, pdb_get_user_rid(user),
- pdb_get_acct_ctrl(user), pdb_get_username(user),
- pdb_get_fullname(user), pdb_get_acct_desc(user),
- entry);
-
- TALLOC_FREE(user);
- return True;
-}
-
-static void search_end_users(struct pdb_search *search)
-{
- pdb_endsampwent();
- user_search_in_progress = False;
-}
-
-static bool pdb_default_search_users(struct pdb_methods *methods,
- struct pdb_search *search,
- uint32 acct_flags)
-{
- struct user_search *state;
-
- if (user_search_in_progress) {
- DEBUG(1, ("user search in progress\n"));
- return False;
- }
-
- if (!pdb_setsampwent(False, acct_flags)) {
- DEBUG(5, ("Could not start search\n"));
- return False;
- }
-
- user_search_in_progress = True;
-
- state = TALLOC_P(search->mem_ctx, struct user_search);
- if (state == NULL) {
- DEBUG(0, ("talloc failed\n"));
- return False;
- }
-
- state->acct_flags = acct_flags;
-
- search->private_data = state;
- search->next_entry = next_entry_users;
- search->search_end = search_end_users;
- return True;
-}
-
struct group_search {
GROUP_MAP *groups;
size_t num_groups, current_group;
@@ -2135,9 +2018,6 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods )
return NT_STATUS_NO_MEMORY;
}
- (*methods)->setsampwent = pdb_default_setsampwent;
- (*methods)->endsampwent = pdb_default_endsampwent;
- (*methods)->getsampwent = pdb_default_getsampwent;
(*methods)->getsampwnam = pdb_default_getsampwnam;
(*methods)->getsampwsid = pdb_default_getsampwsid;
(*methods)->create_user = pdb_default_create_user;
@@ -2179,7 +2059,6 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods )
(*methods)->gid_to_sid = pdb_default_gid_to_sid;
(*methods)->sid_to_id = pdb_default_sid_to_id;
- (*methods)->search_users = pdb_default_search_users;
(*methods)->search_groups = pdb_default_search_groups;
(*methods)->search_aliases = pdb_default_search_aliases;
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index bc912ada29..90a6ff011b 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1454,79 +1454,6 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
}
/**********************************************************************
- Connect to LDAP server for password enumeration.
-*********************************************************************/
-
-static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, bool update, uint32 acb_mask)
-{
- struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- int rc;
- char *filter = NULL;
- const char *suffix;
- const char **attr_list;
- bool machine_mask = False, user_mask = False;
- NTSTATUS status = NT_STATUS_OK;
- TALLOC_CTX *ctx = talloc_init("ldapsam_setsampwent");
-
- if (!ctx) {
- return NT_STATUS_NO_MEMORY;
- }
- filter = talloc_asprintf(ctx, "(&%s%s)", "(uid=%u)",
- get_objclass_filter(ldap_state->schema_ver));
- if (!filter) {
- status = NT_STATUS_NO_MEMORY;
- goto out;
- }
-
- filter = talloc_all_string_sub(ctx, filter, "%u", "*");
- if (!filter) {
- status = NT_STATUS_NO_MEMORY;
- goto out;
- }
-
- machine_mask = ((acb_mask != 0) && (acb_mask & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)));
- user_mask = ((acb_mask != 0) && (acb_mask & ACB_NORMAL));
-
- if (machine_mask) {
- suffix = lp_ldap_machine_suffix();
- } else if (user_mask) {
- suffix = lp_ldap_user_suffix();
- } else {
- suffix = lp_ldap_suffix();
- }
-
- DEBUG(10,("ldapsam_setsampwent: LDAP Query for acb_mask 0x%x will use suffix %s\n",
- acb_mask, suffix));
-
- attr_list = get_userattr_list(NULL, ldap_state->schema_ver);
- rc = smbldap_search(ldap_state->smbldap_state, suffix, LDAP_SCOPE_SUBTREE, filter,
- attr_list, 0, &ldap_state->result);
- TALLOC_FREE( attr_list );
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0, ("ldapsam_setsampwent: LDAP search failed: %s\n", ldap_err2string(rc)));
- DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", suffix, filter));
- ldap_msgfree(ldap_state->result);
- ldap_state->result = NULL;
- status = NT_STATUS_UNSUCCESSFUL;
- goto out;
- }
-
- DEBUG(2, ("ldapsam_setsampwent: %d entries in the base %s\n",
- ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result), suffix));
-
- ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result);
- ldap_state->index = 0;
-
- out:
-
- TALLOC_FREE(ctx);
- return status;
-}
-
-/**********************************************************************
End enumeration of the LDAP password list.
*********************************************************************/
@@ -1539,32 +1466,6 @@ static void ldapsam_endsampwent(struct pdb_methods *my_methods)
}
}
-/**********************************************************************
-Get the next entry in the LDAP password database.
-*********************************************************************/
-
-static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods,
- struct samu *user)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)my_methods->private_data;
- bool bret = False;
-
- while (!bret) {
- if (!ldap_state->entry)
- return ret;
-
- ldap_state->index++;
- bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry);
-
- ldap_state->entry = ldap_next_entry(priv2ld(ldap_state),
- ldap_state->entry);
- }
-
- return NT_STATUS_OK;
-}
-
static void append_attr(TALLOC_CTX *mem_ctx, const char ***attr_list,
const char *new_attr)
{
@@ -1867,6 +1768,10 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
SAFE_FREE(ld_error);
ber_bvfree(bv);
+#if defined(LDAP_CONSTRAINT_VIOLATION)
+ if (rc == LDAP_CONSTRAINT_VIOLATION)
+ return NT_STATUS_PASSWORD_RESTRICTION;
+#endif
return NT_STATUS_UNSUCCESSFUL;
} else {
DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));
@@ -2068,7 +1973,7 @@ static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods,
/* rename the posix user */
rename_script = SMB_STRDUP(lp_renameuser_script());
- if (rename_script) {
+ if (rename_script == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -2981,8 +2886,9 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
/* This sid will be replaced later */
- if (!add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids)) {
- ret = NT_STATUS_NO_MEMORY;
+ ret = add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids,
+ &num_sids);
+ if (!NT_STATUS_IS_OK(ret)) {
goto done;
}
@@ -3021,9 +2927,9 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
ret = NT_STATUS_NO_MEMORY;
goto done;
}
- if (!add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
- &num_sids)) {
- ret = NT_STATUS_NO_MEMORY;
+ ret = add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
+ &num_sids);
+ if (!NT_STATUS_IS_OK(ret)) {
goto done;
}
}
@@ -3741,14 +3647,17 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
for (i=0; i<count; i++) {
DOM_SID member;
+ NTSTATUS status;
if (!string_to_sid(&member, values[i]))
continue;
- if (!add_sid_to_array(NULL, &member, pp_members, &num_members)) {
+ status = add_sid_to_array(NULL, &member, pp_members,
+ &num_members);
+ if (!NT_STATUS_IS_OK(status)) {
ldap_value_free(values);
ldap_msgfree(result);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
}
@@ -6172,9 +6081,6 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c
(*pdb_method)->name = "ldapsam";
- (*pdb_method)->setsampwent = ldapsam_setsampwent;
- (*pdb_method)->endsampwent = ldapsam_endsampwent;
- (*pdb_method)->getsampwent = ldapsam_getsampwent;
(*pdb_method)->getsampwnam = ldapsam_getsampwnam;
(*pdb_method)->getsampwsid = ldapsam_getsampwsid;
(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 6a3bdb80a2..6cf54fbdf6 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1264,79 +1264,6 @@ static bool build_sam_account(struct smbpasswd_privates *smbpasswd_state,
Functions to be implemented by the new passdb API
****************************************************************/
-static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, bool update, uint32 acb_mask)
-{
- struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
-
- smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file,
- update ? PWF_UPDATE : PWF_READ,
- &(smbpasswd_state->pw_file_lock_depth));
-
- /* did we fail? Should we try to create it? */
- if (!smbpasswd_state->pw_file && update && errno == ENOENT) {
- FILE *fp;
- /* slprintf(msg_str,msg_str_len-1,
- "smbpasswd file did not exist - attempting to create it.\n"); */
- DEBUG(0,("smbpasswd file did not exist - attempting to create it.\n"));
- fp = sys_fopen(smbpasswd_state->smbpasswd_file, "w");
- if (fp) {
- fprintf(fp, "# Samba SMB password file\n");
- fclose(fp);
- }
-
- smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file,
- update ? PWF_UPDATE : PWF_READ,
- &(smbpasswd_state->pw_file_lock_depth));
- }
-
- if (smbpasswd_state->pw_file != NULL)
- return NT_STATUS_OK;
- else
- return NT_STATUS_UNSUCCESSFUL;
-}
-
-static void smbpasswd_endsampwent (struct pdb_methods *my_methods)
-{
- struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
- endsmbfilepwent(smbpasswd_state->pw_file, &(smbpasswd_state->pw_file_lock_depth));
-}
-
-/*****************************************************************
- ****************************************************************/
-
-static NTSTATUS smbpasswd_getsampwent(struct pdb_methods *my_methods, struct samu *user)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
- struct smb_passwd *pw_buf=NULL;
- bool done = False;
-
- DEBUG(5,("pdb_getsampwent\n"));
-
- if ( !user ) {
- DEBUG(5,("pdb_getsampwent (smbpasswd): user is NULL\n"));
- return nt_status;
- }
-
- while (!done) {
- /* do we have an entry? */
- pw_buf = getsmbfilepwent(smbpasswd_state, smbpasswd_state->pw_file);
- if (pw_buf == NULL)
- return nt_status;
-
- /* build the struct samu entry from the smb_passwd struct.
- We loop in case the user in the pdb does not exist in
- the local system password file */
- if (build_sam_account(smbpasswd_state, user, pw_buf))
- done = True;
- }
-
- DEBUG(5,("getsampwent (smbpasswd): done\n"));
-
- /* success */
- return NT_STATUS_OK;
-}
-
/****************************************************************
Search smbpasswd file by iterating over the entries. Do not
call getpwnam() for unix account information until we have found
@@ -1606,6 +1533,119 @@ static void free_private_data(void **vp)
/* No need to free any further, as it is talloc()ed */
}
+struct smbpasswd_search_state {
+ uint32_t acct_flags;
+
+ struct samr_displayentry *entries;
+ uint32_t num_entries;
+ ssize_t array_size;
+ uint32_t current;
+};
+
+static void smbpasswd_search_end(struct pdb_search *search)
+{
+ struct smbpasswd_search_state *state = talloc_get_type_abort(
+ search->private_data, struct smbpasswd_search_state);
+ TALLOC_FREE(state);
+}
+
+static bool smbpasswd_search_next_entry(struct pdb_search *search,
+ struct samr_displayentry *entry)
+{
+ struct smbpasswd_search_state *state = talloc_get_type_abort(
+ search->private_data, struct smbpasswd_search_state);
+
+ if (state->current == state->num_entries) {
+ return false;
+ }
+
+ *entry = state->entries[state->current++];
+
+ return true;
+}
+
+static bool smbpasswd_search_users(struct pdb_methods *methods,
+ struct pdb_search *search,
+ uint32_t acct_flags)
+{
+ struct smbpasswd_privates *smbpasswd_state =
+ (struct smbpasswd_privates*)methods->private_data;
+
+ struct smbpasswd_search_state *search_state;
+ struct smb_passwd *pwd;
+ FILE *fp;
+
+ search_state = TALLOC_ZERO_P(search->mem_ctx,
+ struct smbpasswd_search_state);
+ if (search_state == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ return false;
+ }
+ search_state->acct_flags = acct_flags;
+
+ fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ,
+ &smbpasswd_state->pw_file_lock_depth);
+
+ if (fp == NULL) {
+ DEBUG(10, ("Unable to open smbpasswd file.\n"));
+ TALLOC_FREE(search_state);
+ return false;
+ }
+
+ while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) {
+ struct samr_displayentry entry;
+ struct samu *user;
+
+ if ((acct_flags != 0)
+ && ((acct_flags & pwd->acct_ctrl) == 0)) {
+ continue;
+ }
+
+ user = samu_new(talloc_tos());
+ if (user == NULL) {
+ DEBUG(0, ("samu_new failed\n"));
+ break;
+ }
+
+ if (!build_sam_account(smbpasswd_state, user, pwd)) {
+ /* Already got debug msgs... */
+ break;
+ }
+
+ ZERO_STRUCT(entry);
+
+ entry.acct_flags = pdb_get_acct_ctrl(user);
+ sid_peek_rid(pdb_get_user_sid(user), &entry.rid);
+ entry.account_name = talloc_strdup(
+ search_state, pdb_get_username(user));
+ entry.fullname = talloc_strdup(
+ search_state, pdb_get_fullname(user));
+ entry.description = talloc_strdup(
+ search_state, pdb_get_acct_desc(user));
+
+ TALLOC_FREE(user);
+
+ if ((entry.account_name == NULL) || (entry.fullname == NULL)
+ || (entry.description == NULL)) {
+ DEBUG(0, ("talloc_strdup failed\n"));
+ break;
+ }
+
+ ADD_TO_LARGE_ARRAY(search_state, struct samr_displayentry,
+ entry, &search_state->entries,
+ &search_state->num_entries,
+ &search_state->array_size);
+ }
+
+ endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+
+ search->private_data = search_state;
+ search->next_entry = smbpasswd_search_next_entry;
+ search->search_end = smbpasswd_search_end;
+
+ return true;
+}
+
static NTSTATUS pdb_init_smbpasswd( struct pdb_methods **pdb_method, const char *location )
{
NTSTATUS nt_status;
@@ -1617,15 +1657,13 @@ static NTSTATUS pdb_init_smbpasswd( struct pdb_methods **pdb_method, const char
(*pdb_method)->name = "smbpasswd";
- (*pdb_method)->setsampwent = smbpasswd_setsampwent;
- (*pdb_method)->endsampwent = smbpasswd_endsampwent;
- (*pdb_method)->getsampwent = smbpasswd_getsampwent;
(*pdb_method)->getsampwnam = smbpasswd_getsampwnam;
(*pdb_method)->getsampwsid = smbpasswd_getsampwsid;
(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
(*pdb_method)->rename_sam_account = smbpasswd_rename_sam_account;
+ (*pdb_method)->search_users = smbpasswd_search_users;
(*pdb_method)->rid_algorithm = smbpasswd_rid_algorithm;
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index b4282b1278..b05a42b32c 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -44,13 +44,6 @@ static int tdbsam_debug_level = DBGC_ALL;
#define RIDPREFIX "RID_"
#define PRIVPREFIX "PRIV_"
-struct pwent_list {
- struct pwent_list *prev, *next;
- TDB_DATA key;
-};
-static struct pwent_list *tdbsam_pwent_list;
-static bool pwent_initialized;
-
/* GLOBAL TDB SAM CONTEXT */
static TDB_CONTEXT *tdbsam;
@@ -891,134 +884,6 @@ void tdbsam_close( void )
return;
}
-/****************************************************************************
- creates a list of user keys
-****************************************************************************/
-
-static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state)
-{
- const char *prefix = USERPREFIX;
- int prefixlen = strlen (prefix);
- struct pwent_list *ptr;
-
- if ( strncmp((const char *)key.dptr, prefix, prefixlen) == 0 ) {
- if ( !(ptr=SMB_MALLOC_P(struct pwent_list)) ) {
- DEBUG(0,("tdbsam_traverse_setpwent: Failed to malloc new entry for list\n"));
-
- /* just return 0 and let the traversal continue */
- return 0;
- }
- ZERO_STRUCTP(ptr);
-
- /* save a copy of the key */
-
- ptr->key.dptr = (uint8 *)memdup( key.dptr, key.dsize );
- if (!ptr->key.dptr) {
- DEBUG(0,("tdbsam_traverse_setpwent: memdup failed\n"));
- /* just return 0 and let the traversal continue */
- SAFE_FREE(ptr);
- return 0;
- }
-
- ptr->key.dsize = key.dsize;
-
- DLIST_ADD( tdbsam_pwent_list, ptr );
-
- }
-
- return 0;
-}
-
-/***************************************************************
- Open the TDB passwd database for SAM account enumeration.
- Save a list of user keys for iteration.
-****************************************************************/
-
-static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, bool update, uint32 acb_mask)
-{
- if ( !tdbsam_open( tdbsam_filename ) ) {
- DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- tdb_traverse( tdbsam, tdbsam_traverse_setpwent, NULL );
- pwent_initialized = True;
-
- return NT_STATUS_OK;
-}
-
-
-/***************************************************************
- End enumeration of the TDB passwd list.
-****************************************************************/
-
-static void tdbsam_endsampwent(struct pdb_methods *my_methods)
-{
- struct pwent_list *ptr, *ptr_next;
-
- /* close the tdb only if we have a valid pwent state */
-
- if ( pwent_initialized ) {
- DEBUG(7, ("endtdbpwent: closed sam database.\n"));
- tdbsam_close();
- }
-
- /* clear out any remaining entries in the list */
-
- for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) {
- ptr_next = ptr->next;
- DLIST_REMOVE( tdbsam_pwent_list, ptr );
- SAFE_FREE( ptr->key.dptr);
- SAFE_FREE( ptr );
- }
-
- pwent_initialized = False;
-}
-
-/*****************************************************************
- Get one struct samu from the TDB (next in line)
-*****************************************************************/
-
-static NTSTATUS tdbsam_getsampwent(struct pdb_methods *my_methods, struct samu *user)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- TDB_DATA data;
- struct pwent_list *pkey;
-
- if ( !user ) {
- DEBUG(0,("tdbsam_getsampwent: struct samu is NULL.\n"));
- return nt_status;
- }
-
- if ( !tdbsam_pwent_list ) {
- DEBUG(4,("tdbsam_getsampwent: end of list\n"));
- return nt_status;
- }
-
- /* pull the next entry */
-
- pkey = tdbsam_pwent_list;
- DLIST_REMOVE( tdbsam_pwent_list, pkey );
-
- data = tdb_fetch(tdbsam, pkey->key);
-
- SAFE_FREE( pkey->key.dptr);
- SAFE_FREE( pkey);
-
- if ( !data.dptr ) {
- DEBUG(5,("pdb_getsampwent: database entry not found. Was the user deleted?\n"));
- return nt_status;
- }
-
- if ( !init_sam_from_buffer(user, (unsigned char *)data.dptr, data.dsize) ) {
- DEBUG(0,("pdb_getsampwent: Bad struct samu entry returned from TDB!\n"));
- }
-
- SAFE_FREE( data.dptr );
-
- return NT_STATUS_OK;
-}
-
/******************************************************************
Lookup a name in the SAM TDB
******************************************************************/
@@ -1306,10 +1171,6 @@ static bool tdb_update_sam(struct pdb_methods *my_methods, struct samu* newpwd,
{
bool result = True;
- /* invalidate the existing TDB iterator if it is open */
-
- tdbsam_endsampwent( my_methods );
-
#if 0
if ( !pdb_get_group_rid(newpwd) ) {
DEBUG (0,("tdb_update_sam: Failing to store a struct samu for [%s] "
@@ -1396,10 +1257,6 @@ static NTSTATUS tdbsam_rename_sam_account(struct pdb_methods *my_methods,
return NT_STATUS_ACCESS_DENIED;
}
- /* invalidate the existing TDB iterator if it is open */
-
- tdbsam_endsampwent( my_methods );
-
if ( !(new_acct = samu_new( NULL )) ) {
return NT_STATUS_NO_MEMORY;
}
@@ -1495,8 +1352,7 @@ done:
tdbsam_close();
- if (new_acct)
- TALLOC_FREE(new_acct);
+ TALLOC_FREE(new_acct);
return NT_STATUS_ACCESS_DENIED;
}
@@ -1592,6 +1448,139 @@ static bool tdbsam_new_rid(struct pdb_methods *methods, uint32 *prid)
return ret;
}
+struct tdbsam_search_state {
+ struct pdb_methods *methods;
+ uint32_t acct_flags;
+
+ uint32_t *rids;
+ uint32_t num_rids;
+ ssize_t array_size;
+ uint32_t current;
+};
+
+static int tdbsam_collect_rids(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data,
+ void *private_data)
+{
+ struct tdbsam_search_state *state = talloc_get_type_abort(
+ private_data, struct tdbsam_search_state);
+ size_t prefixlen = strlen(RIDPREFIX);
+ uint32 rid;
+
+ if ((key.dsize < prefixlen)
+ || (strncmp((char *)key.dptr, RIDPREFIX, prefixlen))) {
+ return 0;
+ }
+
+ rid = strtoul((char *)key.dptr+prefixlen, NULL, 16);
+
+ ADD_TO_LARGE_ARRAY(state, uint32, rid, &state->rids, &state->num_rids,
+ &state->array_size);
+
+ return 0;
+}
+
+static void tdbsam_search_end(struct pdb_search *search)
+{
+ struct tdbsam_search_state *state = talloc_get_type_abort(
+ search->private_data, struct tdbsam_search_state);
+ TALLOC_FREE(state);
+}
+
+static bool tdbsam_search_next_entry(struct pdb_search *search,
+ struct samr_displayentry *entry)
+{
+ struct tdbsam_search_state *state = talloc_get_type_abort(
+ search->private_data, struct tdbsam_search_state);
+ struct samu *user = NULL;
+ NTSTATUS status;
+ uint32_t rid;
+
+ again:
+ TALLOC_FREE(user);
+ user = samu_new(talloc_tos());
+ if (user == NULL) {
+ DEBUG(0, ("samu_new failed\n"));
+ return false;
+ }
+
+ if (state->current == state->num_rids) {
+ return false;
+ }
+
+ rid = state->rids[state->current++];
+
+ status = tdbsam_getsampwrid(state->methods, user, rid);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+ /*
+ * Someone has deleted that user since we listed the RIDs
+ */
+ goto again;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("tdbsam_getsampwrid failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(user);
+ return false;
+ }
+
+ if ((state->acct_flags != 0) &&
+ ((state->acct_flags & pdb_get_acct_ctrl(user)) == 0)) {
+ goto again;
+ }
+
+ entry->acct_flags = pdb_get_acct_ctrl(user);
+ entry->rid = rid;
+ entry->account_name = talloc_strdup(
+ search->mem_ctx, pdb_get_username(user));
+ entry->fullname = talloc_strdup(
+ search->mem_ctx, pdb_get_fullname(user));
+ entry->description = talloc_strdup(
+ search->mem_ctx, pdb_get_acct_desc(user));
+
+ TALLOC_FREE(user);
+
+ if ((entry->account_name == NULL) || (entry->fullname == NULL)
+ || (entry->description == NULL)) {
+ DEBUG(0, ("talloc_strdup failed\n"));
+ return false;
+ }
+
+ return true;
+}
+
+static bool tdbsam_search_users(struct pdb_methods *methods,
+ struct pdb_search *search,
+ uint32 acct_flags)
+{
+ struct tdbsam_search_state *state;
+
+ if (!tdbsam_open(tdbsam_filename)) {
+ DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n",
+ tdbsam_filename));
+ return false;
+ }
+
+ state = TALLOC_ZERO_P(search->mem_ctx, struct tdbsam_search_state);
+ if (state == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ return false;
+ }
+ state->acct_flags = acct_flags;
+ state->methods = methods;
+
+ tdb_traverse(tdbsam, tdbsam_collect_rids, state);
+
+ tdbsam_close();
+
+ search->private_data = state;
+ search->next_entry = tdbsam_search_next_entry;
+ search->search_end = tdbsam_search_end;
+
+ return true;
+}
+
/*********************************************************************
Initialize the tdb sam backend. Setup the dispath table of methods,
open the tdb, etc...
@@ -1609,15 +1598,13 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc
(*pdb_method)->name = "tdbsam";
- (*pdb_method)->setsampwent = tdbsam_setsampwent;
- (*pdb_method)->endsampwent = tdbsam_endsampwent;
- (*pdb_method)->getsampwent = tdbsam_getsampwent;
(*pdb_method)->getsampwnam = tdbsam_getsampwnam;
(*pdb_method)->getsampwsid = tdbsam_getsampwsid;
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
(*pdb_method)->rename_sam_account = tdbsam_rename_sam_account;
+ (*pdb_method)->search_users = tdbsam_search_users;
(*pdb_method)->rid_algorithm = tdbsam_rid_algorithm;
(*pdb_method)->new_rid = tdbsam_new_rid;
@@ -1625,7 +1612,8 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc
/* save the path for later */
if (!location) {
- if (asprintf(&tdbfile, "%s/%s", get_dyn_STATEDIR(), PASSDB_FILE_NAME) < 0) {
+ if (asprintf(&tdbfile, "%s/%s", lp_private_dir(),
+ PASSDB_FILE_NAME) < 0) {
return NT_STATUS_NO_MEMORY;
}
pfile = tdbfile;
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 0ea3887378..330ffbc853 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -94,6 +94,19 @@ bool secrets_init(void)
return True;
}
+/*
+ * close secrets.tdb
+ */
+void secrets_shutdown(void)
+{
+ if (!tdb) {
+ return;
+ }
+
+ tdb_close(tdb);
+ tdb = NULL;
+}
+
/* read a entry from the secrets database - the caller must free the result
if size is non-null then the size of the entry is put in there
*/
@@ -132,14 +145,31 @@ bool secrets_delete(const char *key)
return tdb_trans_delete(tdb, string_tdb_data(key)) == 0;
}
+/**
+ * Form a key for fetching the domain sid
+ *
+ * @param domain domain name
+ *
+ * @return keystring
+ **/
+static const char *domain_sid_keystr(const char *domain)
+{
+ char *keystr;
+
+ keystr = talloc_asprintf(talloc_tos(), "%s/%s",
+ SECRETS_DOMAIN_SID, domain);
+ SMB_ASSERT(keystr != NULL);
+
+ strupper_m(keystr);
+
+ return keystr;
+}
+
bool secrets_store_domain_sid(const char *domain, const DOM_SID *sid)
{
- fstring key;
bool ret;
- slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_SID, domain);
- strupper_m(key);
- ret = secrets_store(key, sid, sizeof(DOM_SID));
+ ret = secrets_store(domain_sid_keystr(domain), sid, sizeof(DOM_SID));
/* Force a re-query, in case we modified our domain */
if (ret)
@@ -150,12 +180,9 @@ bool secrets_store_domain_sid(const char *domain, const DOM_SID *sid)
bool secrets_fetch_domain_sid(const char *domain, DOM_SID *sid)
{
DOM_SID *dyn_sid;
- fstring key;
size_t size = 0;
- slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_SID, domain);
- strupper_m(key);
- dyn_sid = (DOM_SID *)secrets_fetch(key, &size);
+ dyn_sid = (DOM_SID *)secrets_fetch(domain_sid_keystr(domain), &size);
if (dyn_sid == NULL)
return False;
@@ -214,6 +241,67 @@ bool secrets_fetch_domain_guid(const char *domain, struct GUID *guid)
}
/**
+ * Form a key for fetching the machine trust account sec channel type
+ *
+ * @param domain domain name
+ *
+ * @return keystring
+ **/
+static const char *machine_sec_channel_type_keystr(const char *domain)
+{
+ char *keystr;
+
+ keystr = talloc_asprintf(talloc_tos(), "%s/%s",
+ SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain);
+ SMB_ASSERT(keystr != NULL);
+
+ strupper_m(keystr);
+
+ return keystr;
+}
+
+/**
+ * Form a key for fetching the machine trust account last change time
+ *
+ * @param domain domain name
+ *
+ * @return keystring
+ **/
+static const char *machine_last_change_time_keystr(const char *domain)
+{
+ char *keystr;
+
+ keystr = talloc_asprintf(talloc_tos(), "%s/%s",
+ SECRETS_MACHINE_LAST_CHANGE_TIME, domain);
+ SMB_ASSERT(keystr != NULL);
+
+ strupper_m(keystr);
+
+ return keystr;
+}
+
+
+/**
+ * Form a key for fetching the machine trust account password
+ *
+ * @param domain domain name
+ *
+ * @return keystring
+ **/
+static const char *machine_password_keystr(const char *domain)
+{
+ char *keystr;
+
+ keystr = talloc_asprintf(talloc_tos(), "%s/%s",
+ SECRETS_MACHINE_PASSWORD, domain);
+ SMB_ASSERT(keystr != NULL);
+
+ strupper_m(keystr);
+
+ return keystr;
+}
+
+/**
* Form a key for fetching the machine trust account password
*
* @param domain domain name
@@ -633,45 +721,59 @@ bool secrets_store_trusted_domain_password(const char* domain, const char* pwd,
}
/************************************************************************
+ Routine to delete the plaintext machine account password
+************************************************************************/
+
+bool secrets_delete_machine_password(const char *domain)
+{
+ return secrets_delete(machine_password_keystr(domain));
+}
+
+/************************************************************************
+ Routine to delete the plaintext machine account password, sec channel type and
+ last change time from secrets database
+************************************************************************/
+
+bool secrets_delete_machine_password_ex(const char *domain)
+{
+ if (!secrets_delete(machine_password_keystr(domain))) {
+ return false;
+ }
+ if (!secrets_delete(machine_sec_channel_type_keystr(domain))) {
+ return false;
+ }
+ return secrets_delete(machine_last_change_time_keystr(domain));
+}
+
+/************************************************************************
+ Routine to delete the domain sid
+************************************************************************/
+
+bool secrets_delete_domain_sid(const char *domain)
+{
+ return secrets_delete(domain_sid_keystr(domain));
+}
+
+/************************************************************************
Routine to set the plaintext machine account password for a realm
the password is assumed to be a null terminated ascii string
************************************************************************/
bool secrets_store_machine_password(const char *pass, const char *domain, uint32 sec_channel)
{
- char *key = NULL;
bool ret;
uint32 last_change_time;
uint32 sec_channel_type;
- asprintf(&key, "%s/%s", SECRETS_MACHINE_PASSWORD, domain);
- if (!key)
- return False;
- strupper_m(key);
-
- ret = secrets_store(key, pass, strlen(pass)+1);
- SAFE_FREE(key);
-
+ ret = secrets_store(machine_password_keystr(domain), pass, strlen(pass)+1);
if (!ret)
return ret;
- asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME, domain);
- if (!key)
- return False;
- strupper_m(key);
-
SIVAL(&last_change_time, 0, time(NULL));
- ret = secrets_store(key, &last_change_time, sizeof(last_change_time));
- SAFE_FREE(key);
-
- asprintf(&key, "%s/%s", SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain);
- if (!key)
- return False;
- strupper_m(key);
+ ret = secrets_store(machine_last_change_time_keystr(domain), &last_change_time, sizeof(last_change_time));
SIVAL(&sec_channel_type, 0, sec_channel);
- ret = secrets_store(key, &sec_channel_type, sizeof(sec_channel_type));
- SAFE_FREE(key);
+ ret = secrets_store(machine_sec_channel_type_keystr(domain), &sec_channel_type, sizeof(sec_channel_type));
return ret;
}
@@ -685,41 +787,31 @@ char *secrets_fetch_machine_password(const char *domain,
time_t *pass_last_set_time,
uint32 *channel)
{
- char *key = NULL;
char *ret;
- asprintf(&key, "%s/%s", SECRETS_MACHINE_PASSWORD, domain);
- strupper_m(key);
- ret = (char *)secrets_fetch(key, NULL);
- SAFE_FREE(key);
+ ret = (char *)secrets_fetch(machine_password_keystr(domain), NULL);
if (pass_last_set_time) {
size_t size;
uint32 *last_set_time;
- asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME, domain);
- strupper_m(key);
- last_set_time = (unsigned int *)secrets_fetch(key, &size);
+ last_set_time = (unsigned int *)secrets_fetch(machine_last_change_time_keystr(domain), &size);
if (last_set_time) {
*pass_last_set_time = IVAL(last_set_time,0);
SAFE_FREE(last_set_time);
} else {
*pass_last_set_time = 0;
}
- SAFE_FREE(key);
}
if (channel) {
size_t size;
uint32 *channel_type;
- asprintf(&key, "%s/%s", SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain);
- strupper_m(key);
- channel_type = (unsigned int *)secrets_fetch(key, &size);
+ channel_type = (unsigned int *)secrets_fetch(machine_sec_channel_type_keystr(domain), &size);
if (channel_type) {
*channel = IVAL(channel_type,0);
SAFE_FREE(channel_type);
} else {
*channel = get_default_sec_channel();
}
- SAFE_FREE(key);
}
return ret;
generated by cgit (git 2.34.1) at 2024-07-21 02:36:11 +0000