diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 3 | ||||
-rw-r--r-- | source3/include/secrets.h | 12 | ||||
-rw-r--r-- | source3/passdb/secrets.c | 256 |
3 files changed, 38 insertions, 233 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 5aa5a8c2f0..748bfd3083 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -451,7 +451,8 @@ LIBADS_SERVER_OBJ = libads/kerberos_verify.o libads/authdata.o \ ../librpc/ndr/ndr_krb5pac.o \ ../librpc/gen_ndr/ndr_krb5pac.o -SECRETS_OBJ = passdb/secrets.o passdb/machine_sid.o +SECRETS_OBJ = passdb/secrets.o passdb/machine_sid.o \ + librpc/gen_ndr/ndr_secrets.o LIBNBT_OBJ = ../libcli/nbt/nbtname.o \ ../libcli/netlogon.o \ diff --git a/source3/include/secrets.h b/source3/include/secrets.h index 3c8e2ccf81..f369379c70 100644 --- a/source3/include/secrets.h +++ b/source3/include/secrets.h @@ -61,18 +61,6 @@ struct machine_acct_pass { }; /* - * storage structure for trusted domain - */ -typedef struct trusted_dom_pass { - size_t uni_name_len; - smb_ucs2_t uni_name[32]; /* unicode domain name */ - size_t pass_len; - fstring pass; /* trust relationship's password */ - time_t mod_time; - DOM_SID domain_sid; /* remote domain's sid */ -} TRUSTED_DOM_PASS; - -/* * trusted domain entry/entries returned by secrets_get_trusted_domains * (used in _lsa_enum_trust_dom call) */ diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 369abf85d6..67216a74ef 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -24,6 +24,7 @@ #include "includes.h" #include "../libcli/auth/libcli_auth.h" +#include "librpc/gen_ndr/ndr_secrets.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -476,178 +477,6 @@ bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], channel); } -/** - * Pack SID passed by pointer - * - * @param pack_buf pointer to buffer which is to be filled with packed data - * @param bufsize size of packing buffer - * @param sid pointer to sid to be packed - * - * @return length of the packed representation of the whole structure - **/ -static size_t tdb_sid_pack(uint8 *pack_buf, int bufsize, DOM_SID* sid) -{ - int idx; - size_t len = 0; - uint8 *p = pack_buf; - int remaining_space = pack_buf ? bufsize : 0; - - if (!sid) { - return -1; - } - - len += tdb_pack(p, remaining_space, "bb", sid->sid_rev_num, - sid->num_auths); - if (pack_buf) { - p = pack_buf + len; - remaining_space = bufsize - len; - } - - for (idx = 0; idx < 6; idx++) { - len += tdb_pack(p, remaining_space, "b", - sid->id_auth[idx]); - if (pack_buf) { - p = pack_buf + len; - remaining_space = bufsize - len; - } - } - - for (idx = 0; idx < MAXSUBAUTHS; idx++) { - len += tdb_pack(p, remaining_space, "d", - sid->sub_auths[idx]); - if (pack_buf) { - p = pack_buf + len; - remaining_space = bufsize - len; - } - } - - return len; -} - -/** - * Unpack SID into a pointer - * - * @param pack_buf pointer to buffer with packed representation - * @param bufsize size of the buffer - * @param sid pointer to sid structure to be filled with unpacked data - * - * @return size of structure unpacked from buffer - **/ -static size_t tdb_sid_unpack(uint8 *pack_buf, int bufsize, DOM_SID* sid) -{ - int idx, len = 0; - - if (!sid || !pack_buf) return -1; - - len += tdb_unpack(pack_buf + len, bufsize - len, "bb", - &sid->sid_rev_num, &sid->num_auths); - - for (idx = 0; idx < 6; idx++) { - len += tdb_unpack(pack_buf + len, bufsize - len, "b", - &sid->id_auth[idx]); - } - - for (idx = 0; idx < MAXSUBAUTHS; idx++) { - len += tdb_unpack(pack_buf + len, bufsize - len, "d", - &sid->sub_auths[idx]); - } - - return len; -} - -/** - * Pack TRUSTED_DOM_PASS passed by pointer - * - * @param pack_buf pointer to buffer which is to be filled with packed data - * @param bufsize size of the buffer - * @param pass pointer to trusted domain password to be packed - * - * @return length of the packed representation of the whole structure - **/ -static size_t tdb_trusted_dom_pass_pack(uint8 *pack_buf, int bufsize, - TRUSTED_DOM_PASS* pass) -{ - int idx, len = 0; - uint8 *p = pack_buf; - int remaining_space = pack_buf ? bufsize : 0; - - if (!pass) { - return -1; - } - - /* packing unicode domain name and password */ - len += tdb_pack(p, remaining_space, "d", - pass->uni_name_len); - if (pack_buf) { - p = pack_buf + len; - remaining_space = bufsize - len; - } - - for (idx = 0; idx < 32; idx++) { - len += tdb_pack(p, remaining_space, "w", - pass->uni_name[idx]); - if (pack_buf) { - p = pack_buf + len; - remaining_space = bufsize - len; - } - } - - len += tdb_pack(p, remaining_space, "dPd", pass->pass_len, - pass->pass, pass->mod_time); - if (pack_buf) { - p = pack_buf + len; - remaining_space = bufsize - len; - } - - /* packing SID structure */ - len += tdb_sid_pack(p, remaining_space, &pass->domain_sid); - if (pack_buf) { - p = pack_buf + len; - remaining_space = bufsize - len; - } - - return len; -} - - -/** - * Unpack TRUSTED_DOM_PASS passed by pointer - * - * @param pack_buf pointer to buffer with packed representation - * @param bufsize size of the buffer - * @param pass pointer to trusted domain password to be filled with unpacked data - * - * @return size of structure unpacked from buffer - **/ -static size_t tdb_trusted_dom_pass_unpack(uint8 *pack_buf, int bufsize, - TRUSTED_DOM_PASS* pass) -{ - int idx, len = 0; - char *passp = NULL; - - if (!pack_buf || !pass) return -1; - - /* unpack unicode domain name and plaintext password */ - len += tdb_unpack(pack_buf, bufsize - len, "d", &pass->uni_name_len); - - for (idx = 0; idx < 32; idx++) - len += tdb_unpack(pack_buf + len, bufsize - len, "w", - &pass->uni_name[idx]); - - len += tdb_unpack(pack_buf + len, bufsize - len, "dPd", - &pass->pass_len, &passp, &pass->mod_time); - if (passp) { - fstrcpy(pass->pass, passp); - } - SAFE_FREE(passp); - - /* unpack domain sid */ - len += tdb_sid_unpack(pack_buf + len, bufsize - len, - &pass->domain_sid); - - return len; -} - /************************************************************************ Routine to get account password to trusted domain ************************************************************************/ @@ -655,31 +484,28 @@ static size_t tdb_trusted_dom_pass_unpack(uint8 *pack_buf, int bufsize, bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd, DOM_SID *sid, time_t *pass_last_set_time) { - struct trusted_dom_pass pass; - size_t size = 0; + struct TRUSTED_DOM_PASS pass; + enum ndr_err_code ndr_err; /* unpacking structures */ - uint8 *pass_buf; - int pass_len = 0; - - ZERO_STRUCT(pass); + DATA_BLOB blob; /* fetching trusted domain password structure */ - if (!(pass_buf = (uint8 *)secrets_fetch(trustdom_keystr(domain), - &size))) { + if (!(blob.data = (uint8_t *)secrets_fetch(trustdom_keystr(domain), + &blob.length))) { DEBUG(5, ("secrets_fetch failed!\n")); return False; } /* unpack trusted domain password */ - pass_len = tdb_trusted_dom_pass_unpack(pass_buf, size, &pass); - SAFE_FREE(pass_buf); - - if (pass_len != size) { - DEBUG(5, ("Invalid secrets size. Unpacked data doesn't match trusted_dom_pass structure.\n")); - return False; + ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &pass, + (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; } + SAFE_FREE(blob.data); + /* the trust's password */ if (pwd) { *pwd = SMB_STRDUP(pass.pass); @@ -710,47 +536,37 @@ bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd, bool secrets_store_trusted_domain_password(const char* domain, const char* pwd, const DOM_SID *sid) { - smb_ucs2_t *uni_dom_name; bool ret; - size_t converted_size; /* packing structures */ - uint8 *pass_buf = NULL; - int pass_len = 0; - - struct trusted_dom_pass pass; + DATA_BLOB blob; + enum ndr_err_code ndr_err; + struct TRUSTED_DOM_PASS pass; ZERO_STRUCT(pass); - if (!push_ucs2_talloc(talloc_tos(), &uni_dom_name, domain, &converted_size)) { - DEBUG(0, ("Could not convert domain name %s to unicode\n", - domain)); - return False; - } - - strncpy_w(pass.uni_name, uni_dom_name, sizeof(pass.uni_name) - 1); - pass.uni_name_len = strlen_w(uni_dom_name)+1; - TALLOC_FREE(uni_dom_name); + pass.uni_name = domain; + pass.uni_name_len = strlen(domain)+1; /* last change time */ pass.mod_time = time(NULL); /* password of the trust */ pass.pass_len = strlen(pwd); - fstrcpy(pass.pass, pwd); + pass.pass = pwd; /* domain sid */ sid_copy(&pass.domain_sid, sid); - /* Calculate the length. */ - pass_len = tdb_trusted_dom_pass_pack(NULL, 0, &pass); - pass_buf = talloc_array(talloc_tos(), uint8, pass_len); - if (!pass_buf) { + ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &pass, + (ndr_push_flags_fn_t)ndr_push_TRUSTED_DOM_PASS); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return false; } - pass_len = tdb_trusted_dom_pass_pack(pass_buf, pass_len, &pass); - ret = secrets_store(trustdom_keystr(domain), (void *)pass_buf, - pass_len); - TALLOC_FREE(pass_buf); + + ret = secrets_store(trustdom_keystr(domain), blob.data, blob.length); + + data_blob_free(&blob); + return ret; } @@ -957,8 +773,9 @@ struct list_trusted_domains_state { static int list_trusted_domain(struct db_record *rec, void *private_data) { const size_t prefix_len = strlen(SECRETS_DOMTRUST_ACCT_PASS); - size_t converted_size, packed_size = 0; - struct trusted_dom_pass pass; + struct TRUSTED_DOM_PASS pass; + enum ndr_err_code ndr_err; + DATA_BLOB blob; struct trustdom_info *dom_info; struct list_trusted_domains_state *state = @@ -970,12 +787,12 @@ static int list_trusted_domain(struct db_record *rec, void *private_data) return 0; } - packed_size = tdb_trusted_dom_pass_unpack( - rec->value.dptr, rec->value.dsize, &pass); + blob = data_blob_const(rec->value.dptr, rec->value.dsize); - if (rec->value.dsize != packed_size) { - DEBUG(2, ("Secrets record is invalid!\n")); - return 0; + ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &pass, + (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; } if (pass.domain_sid.num_auths != 4) { @@ -991,9 +808,8 @@ static int list_trusted_domain(struct db_record *rec, void *private_data) return 0; } - if (!pull_ucs2_talloc(dom_info, &dom_info->name, pass.uni_name, - &converted_size)) { - DEBUG(2, ("pull_ucs2_talloc failed\n")); + dom_info->name = talloc_strdup(dom_info, pass.uni_name); + if (!dom_info->name) { TALLOC_FREE(dom_info); return 0; } |