From fbdcf2663b56007a438ac4f0d8d82436b1bfe688 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Jul 2006 18:01:26 +0000 Subject: r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8) --- source3/passdb/secrets.c | 193 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 172 insertions(+), 21 deletions(-) (limited to 'source3/passdb/secrets.c') diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 04d6da2814..f72a7cb8d5 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -104,8 +104,9 @@ BOOL secrets_store(const char *key, const void *data, size_t size) secrets_init(); if (!tdb) return False; - return tdb_store(tdb, string_tdb_data(key), make_tdb_data(data, size), - TDB_REPLACE) == 0; + return tdb_trans_store(tdb, string_tdb_data(key), + make_tdb_data((const char *)data, size), + TDB_REPLACE) == 0; } @@ -288,7 +289,8 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], return True; } - if (!(pass = secrets_fetch(trust_keystr(domain), &size))) { + if (!(pass = (struct machine_acct_pass *)secrets_fetch( + trust_keystr(domain), &size))) { DEBUG(5, ("secrets_fetch failed!\n")); return False; } @@ -319,6 +321,136 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], return True; } +/** + * Pack SID passed by pointer + * + * @param pack_buf pointer to buffer which is to be filled with packed data + * @param bufsize size of packing buffer + * @param sid pointer to sid to be packed + * + * @return length of the packed representation of the whole structure + **/ +static size_t tdb_sid_pack(char* pack_buf, int bufsize, DOM_SID* sid) +{ + int idx; + size_t len = 0; + + if (!sid || !pack_buf) return -1; + + len += tdb_pack(pack_buf + len, bufsize - len, "bb", sid->sid_rev_num, + sid->num_auths); + + for (idx = 0; idx < 6; idx++) { + len += tdb_pack(pack_buf + len, bufsize - len, "b", + sid->id_auth[idx]); + } + + for (idx = 0; idx < MAXSUBAUTHS; idx++) { + len += tdb_pack(pack_buf + len, bufsize - len, "d", + sid->sub_auths[idx]); + } + + return len; +} + +/** + * Unpack SID into a pointer + * + * @param pack_buf pointer to buffer with packed representation + * @param bufsize size of the buffer + * @param sid pointer to sid structure to be filled with unpacked data + * + * @return size of structure unpacked from buffer + **/ +static size_t tdb_sid_unpack(char* pack_buf, int bufsize, DOM_SID* sid) +{ + int idx, len = 0; + + if (!sid || !pack_buf) return -1; + + len += tdb_unpack(pack_buf + len, bufsize - len, "bb", + &sid->sid_rev_num, &sid->num_auths); + + for (idx = 0; idx < 6; idx++) { + len += tdb_unpack(pack_buf + len, bufsize - len, "b", + &sid->id_auth[idx]); + } + + for (idx = 0; idx < MAXSUBAUTHS; idx++) { + len += tdb_unpack(pack_buf + len, bufsize - len, "d", + &sid->sub_auths[idx]); + } + + return len; +} + +/** + * Pack TRUSTED_DOM_PASS passed by pointer + * + * @param pack_buf pointer to buffer which is to be filled with packed data + * @param bufsize size of the buffer + * @param pass pointer to trusted domain password to be packed + * + * @return length of the packed representation of the whole structure + **/ +static size_t tdb_trusted_dom_pass_pack(char* pack_buf, int bufsize, + TRUSTED_DOM_PASS* pass) +{ + int idx, len = 0; + + if (!pack_buf || !pass) return -1; + + /* packing unicode domain name and password */ + len += tdb_pack(pack_buf + len, bufsize - len, "d", + pass->uni_name_len); + + for (idx = 0; idx < 32; idx++) + len += tdb_pack(pack_buf + len, bufsize - len, "w", + pass->uni_name[idx]); + + len += tdb_pack(pack_buf + len, bufsize - len, "dPd", pass->pass_len, + pass->pass, pass->mod_time); + + /* packing SID structure */ + len += tdb_sid_pack(pack_buf + len, bufsize - len, &pass->domain_sid); + + return len; +} + + +/** + * Unpack TRUSTED_DOM_PASS passed by pointer + * + * @param pack_buf pointer to buffer with packed representation + * @param bufsize size of the buffer + * @param pass pointer to trusted domain password to be filled with unpacked data + * + * @return size of structure unpacked from buffer + **/ +size_t tdb_trusted_dom_pass_unpack(char* pack_buf, int bufsize, + TRUSTED_DOM_PASS* pass) +{ + int idx, len = 0; + + if (!pack_buf || !pass) return -1; + + /* unpack unicode domain name and plaintext password */ + len += tdb_unpack(pack_buf, bufsize - len, "d", &pass->uni_name_len); + + for (idx = 0; idx < 32; idx++) + len += tdb_unpack(pack_buf + len, bufsize - len, "w", + &pass->uni_name[idx]); + + len += tdb_unpack(pack_buf + len, bufsize - len, "dPd", + &pass->pass_len, &pass->pass, &pass->mod_time); + + /* unpack domain sid */ + len += tdb_sid_unpack(pack_buf + len, bufsize - len, + &pass->domain_sid); + + return len; +} + /************************************************************************ Routine to get account password to trusted domain ************************************************************************/ @@ -336,7 +468,8 @@ BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd, ZERO_STRUCT(pass); /* fetching trusted domain password structure */ - if (!(pass_buf = secrets_fetch(trustdom_keystr(domain), &size))) { + if (!(pass_buf = (char *)secrets_fetch(trustdom_keystr(domain), + &size))) { DEBUG(5, ("secrets_fetch failed!\n")); return False; } @@ -494,7 +627,7 @@ char *secrets_fetch_machine_password(const char *domain, uint32 *last_set_time; asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME, domain); strupper_m(key); - last_set_time = secrets_fetch(key, &size); + last_set_time = (unsigned int *)secrets_fetch(key, &size); if (last_set_time) { *pass_last_set_time = IVAL(last_set_time,0); SAFE_FREE(last_set_time); @@ -509,7 +642,7 @@ char *secrets_fetch_machine_password(const char *domain, uint32 *channel_type; asprintf(&key, "%s/%s", SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain); strupper_m(key); - channel_type = secrets_fetch(key, &size); + channel_type = (unsigned int *)secrets_fetch(key, &size); if (channel_type) { *channel = IVAL(channel_type,0); SAFE_FREE(channel_type); @@ -613,7 +746,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw) DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n")); } - *pw=secrets_fetch(key, &size); + *pw=(char *)secrets_fetch(key, &size); SAFE_FREE(key); if (!size) { @@ -631,7 +764,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw) for (p=old_style_key; *p; p++) if (*p == ',') *p = '/'; - data=secrets_fetch(old_style_key, &size); + data=(char *)secrets_fetch(old_style_key, &size); if (!size && size < sizeof(old_style_pw)) { DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n")); SAFE_FREE(old_style_key); @@ -672,20 +805,35 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, { TDB_LIST_NODE *keys, *k; char *pattern; + TALLOC_CTX *tmp_ctx; + + if (!(tmp_ctx = talloc_new(mem_ctx))) { + return NT_STATUS_NO_MEMORY; + } if (!secrets_init()) return NT_STATUS_ACCESS_DENIED; /* generate searching pattern */ - pattern = talloc_asprintf(mem_ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS); + pattern = talloc_asprintf(tmp_ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS); if (pattern == NULL) { DEBUG(0, ("secrets_trusted_domains: talloc_asprintf() " "failed!\n")); + TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - *domains = NULL; *num_domains = 0; + /* + * Make sure that a talloc context for the trustdom_info structs + * exists + */ + + if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *, 1))) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + /* fetching trusted domains' data and collecting them in a list */ keys = tdb_search_keys(tdb, pattern); @@ -698,16 +846,17 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, struct trustdom_info *dom_info; /* important: ensure null-termination of the key string */ - secrets_key = talloc_strndup(mem_ctx, + secrets_key = talloc_strndup(tmp_ctx, k->node_key.dptr, k->node_key.dsize); if (!secrets_key) { DEBUG(0, ("strndup failed!\n")); tdb_search_list_free(keys); + TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - packed_pass = secrets_fetch(secrets_key, &size); + packed_pass = (char *)secrets_fetch(secrets_key, &size); packed_size = tdb_trusted_dom_pass_unpack(packed_pass, size, &pass); /* packed representation isn't needed anymore */ @@ -727,30 +876,31 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, continue; } - dom_info = TALLOC_P(mem_ctx, struct trustdom_info); - if (dom_info == NULL) { + if (!(dom_info = TALLOC_P(*domains, struct trustdom_info))) { DEBUG(0, ("talloc failed\n")); tdb_search_list_free(keys); + TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - if (pull_ucs2_talloc(mem_ctx, &dom_info->name, + if (pull_ucs2_talloc(dom_info, &dom_info->name, pass.uni_name) == (size_t)-1) { DEBUG(2, ("pull_ucs2_talloc failed\n")); tdb_search_list_free(keys); + TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } sid_copy(&dom_info->sid, &pass.domain_sid); - ADD_TO_ARRAY(mem_ctx, struct trustdom_info *, dom_info, + ADD_TO_ARRAY(*domains, struct trustdom_info *, dom_info, domains, num_domains); if (*domains == NULL) { tdb_search_list_free(keys); + TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - talloc_steal(*domains, dom_info); } DEBUG(5, ("secrets_get_trusted_domains: got %d domains\n", @@ -758,6 +908,7 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, /* free the results of searching the keys */ tdb_search_list_free(keys); + TALLOC_FREE(tmp_ctx); return NT_STATUS_OK; } @@ -858,9 +1009,9 @@ BOOL secrets_fetch_afs_key(const char *cell, struct afs_key *result) *******************************************************************************/ void secrets_fetch_ipc_userpass(char **username, char **domain, char **password) { - *username = secrets_fetch(SECRETS_AUTH_USER, NULL); - *domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL); - *password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL); + *username = (char *)secrets_fetch(SECRETS_AUTH_USER, NULL); + *domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL); + *password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL); if (*username && **username) { @@ -965,7 +1116,7 @@ BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx, pdc->remote_machine, pdc->domain); - value.dptr = TALLOC(mem_ctx, value.dsize); + value.dptr = (char *)TALLOC(mem_ctx, value.dsize); if (!value.dptr) { TALLOC_FREE(keystr); return False; -- cgit