diff options
Diffstat (limited to 'source3/passdb')
| -rw-r--r-- | source3/passdb/lookup_sid.c | 9 | ||||
| -rw-r--r-- | source3/passdb/passdb.c | 43 | ||||
| -rw-r--r-- | source3/passdb/pdb_interface.c | 76 | ||||
| -rw-r--r-- | source3/passdb/secrets.c | 41 |
4 files changed, 123 insertions, 46 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index c1dca6e433..82db246f04 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -178,8 +178,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, /* 5. Trusted domains as such, to me it looks as if members don't do this, tested an XP workstation in a NT domain -- vl */ - if (IS_DC && (secrets_fetch_trusted_domain_password(name, NULL, - &sid, NULL))) { + if (IS_DC && (pdb_get_trusteddom_pw(name, NULL, &sid, NULL))) { /* Swap domain and name */ tmp = name; name = domain; domain = tmp; type = SID_NAME_DOMAIN; @@ -581,9 +580,9 @@ static BOOL lookup_as_domain(const DOM_SID *sid, TALLOC_CTX *mem_ctx, * and for SIDs that have 4 sub-authorities and thus look like * domains */ - if (!NT_STATUS_IS_OK(secrets_trusted_domains(mem_ctx, - &num_domains, - &domains))) { + if (!NT_STATUS_IS_OK(pdb_enum_trusteddoms(mem_ctx, + &num_domains, + &domains))) { return False; } diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 310ab50d14..266b28fe95 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1523,3 +1523,46 @@ BOOL pdb_increment_bad_password_count(struct samu *sampass) return True; } + + +/******************************************************************* + Wrapper around retrieving the trust account password +*******************************************************************/ + +BOOL get_trust_pw(const char *domain, uint8 ret_pwd[16], uint32 *channel) +{ + DOM_SID sid; + char *pwd; + time_t last_set_time; + + /* if we are a DC and this is not our domain, then lookup an account + for the domain trust */ + + if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains() ) { + if (!pdb_get_trusteddom_pw(domain, &pwd, &sid, &last_set_time)) { + DEBUG(0, ("get_trust_pw: could not fetch trust " + "account password for trusted domain %s\n", + domain)); + return False; + } + + *channel = SEC_CHAN_DOMAIN; + E_md4hash(pwd, ret_pwd); + SAFE_FREE(pwd); + + return True; + } + + /* Just get the account for the requested domain. In the future this + * might also cover to be member of more than one domain. */ + + if (secrets_fetch_trust_account_password(domain, ret_pwd, + &last_set_time, channel)) + return True; + + DEBUG(5, ("get_trust_pw: could not fetch trust account " + "password for domain %s\n", domain)); + return False; +} + +/* END */ diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index f7990f2939..36536e5fea 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1997,6 +1997,77 @@ void pdb_search_destroy(struct pdb_search *search) } /******************************************************************* + trustodm methods + *******************************************************************/ + +BOOL pdb_get_trusteddom_pw(const char *domain, char** pwd, DOM_SID *sid, + time_t *pass_last_set_time) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->get_trusteddom_pw(pdb, domain, pwd, sid, + pass_last_set_time); +} + +BOOL pdb_set_trusteddom_pw(const char* domain, const char* pwd, + const DOM_SID *sid) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->set_trusteddom_pw(pdb, domain, pwd, sid); +} + +BOOL pdb_del_trusteddom_pw(const char *domain) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->del_trusteddom_pw(pdb, domain); +} + +NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32 *num_domains, + struct trustdom_info ***domains) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->enum_trusteddoms(pdb, mem_ctx, num_domains, domains); +} + +/******************************************************************* + the defaults for trustdom methods: + these simply call the original passdb/secrets.c actions, + to be replaced by pdb_ldap. + *******************************************************************/ + +static BOOL pdb_default_get_trusteddom_pw(struct pdb_methods *methods, + const char *domain, + char** pwd, + DOM_SID *sid, + time_t *pass_last_set_time) +{ + return secrets_fetch_trusted_domain_password(domain, pwd, + sid, pass_last_set_time); + +} + +static BOOL pdb_default_set_trusteddom_pw(struct pdb_methods *methods, + const char* domain, + const char* pwd, + const DOM_SID *sid) +{ + return secrets_store_trusted_domain_password(domain, pwd, sid); +} + +static BOOL pdb_default_del_trusteddom_pw(struct pdb_methods *methods, + const char *domain) +{ + return trusted_domain_password_delete(domain); +} + +static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + uint32 *num_domains, + struct trustdom_info ***domains) +{ + return secrets_trusted_domains(mem_ctx, num_domains, domains); +} + +/******************************************************************* Create a pdb_methods structure and initialize it with the default operations. In this way a passdb module can simply implement the functionality it cares about. However, normally this is done @@ -2060,5 +2131,10 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) (*methods)->search_groups = pdb_default_search_groups; (*methods)->search_aliases = pdb_default_search_aliases; + (*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw; + (*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw; + (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw; + (*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms; + return NT_STATUS_OK; } diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 3ac3a93233..262ca4f7ed 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -655,47 +655,6 @@ char *secrets_fetch_machine_password(const char *domain, return ret; } -/******************************************************************* - Wrapper around retrieving the trust account password -*******************************************************************/ - -BOOL get_trust_pw(const char *domain, uint8 ret_pwd[16], uint32 *channel) -{ - DOM_SID sid; - char *pwd; - time_t last_set_time; - - /* if we are a DC and this is not our domain, then lookup an account - for the domain trust */ - - if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains() ) { - if (!secrets_fetch_trusted_domain_password(domain, &pwd, &sid, - &last_set_time)) { - DEBUG(0, ("get_trust_pw: could not fetch trust " - "account password for trusted domain %s\n", - domain)); - return False; - } - - *channel = SEC_CHAN_DOMAIN; - E_md4hash(pwd, ret_pwd); - SAFE_FREE(pwd); - - return True; - } - - /* Just get the account for the requested domain. In the future this - * might also cover to be member of more than one domain. */ - - if (secrets_fetch_trust_account_password(domain, ret_pwd, - &last_set_time, channel)) - return True; - - DEBUG(5, ("get_trust_pw: could not fetch trust account " - "password for domain %s\n", domain)); - return False; -} - /************************************************************************ Routine to delete the machine trust account password file for a domain. ************************************************************************/ |