/* Unix SMB/CIFS implementation. Copyright (C) Guenther Deschner 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "includes.h" #include "../libcli/auth/libcli_auth.h" #include "../libcli/auth/schannel_state.h" /****************************************************************************** Open or create the schannel session store tdb. *******************************************************************************/ #define SCHANNEL_STORE_VERSION_1 1 #define SCHANNEL_STORE_VERSION_2 2 /* should not be used */ #define SCHANNEL_STORE_VERSION_CURRENT SCHANNEL_STORE_VERSION_1 TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx) { TDB_DATA vers; uint32 ver; TDB_CONTEXT *tdb_sc = NULL; char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", lp_private_dir()); if (!fname) { return NULL; } tdb_sc = tdb_open_log(fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb_sc) { DEBUG(0,("open_schannel_session_store: Failed to open %s\n", fname)); TALLOC_FREE(fname); return NULL; } again: vers = tdb_fetch_bystring(tdb_sc, "SCHANNEL_STORE_VERSION"); if (vers.dptr == NULL) { /* First opener, no version. */ SIVAL(&ver,0,SCHANNEL_STORE_VERSION_CURRENT); vers.dptr = (uint8 *)&ver; vers.dsize = 4; tdb_store_bystring(tdb_sc, "SCHANNEL_STORE_VERSION", vers, TDB_REPLACE); vers.dptr = NULL; } else if (vers.dsize == 4) { ver = IVAL(vers.dptr,0); if (ver == SCHANNEL_STORE_VERSION_2) { DEBUG(0,("open_schannel_session_store: wrong version number %d in %s\n", (int)ver, fname )); tdb_wipe_all(tdb_sc); goto again; } if (ver != SCHANNEL_STORE_VERSION_CURRENT) { DEBUG(0,("open_schannel_session_store: wrong version number %d in %s\n", (int)ver, fname )); tdb_close(tdb_sc); tdb_sc = NULL; } } else { tdb_close(tdb_sc); tdb_sc = NULL; DEBUG(0,("open_schannel_session_store: wrong version number size %d in %s\n", (int)vers.dsize, fname )); } SAFE_FREE(vers.dptr); TALLOC_FREE(fname); return tdb_sc; } /****************************************************************************** Wrapper around schannel_fetch_session_key_tdb() Note we must be root here. *******************************************************************************/ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, const char *computer_name, struct netlogon_creds_CredentialState **pcreds) { struct tdb_context *tdb; NTSTATUS status; tdb = open_schannel_session_store(mem_ctx); if (!tdb) { return NT_STATUS_ACCESS_DENIED; } status = schannel_fetch_session_key_tdb(tdb, mem_ctx, computer_name, pcreds); tdb_close(tdb); return status; } /****************************************************************************** Wrapper around schannel_store_session_key_tdb() Note we must be root here. *******************************************************************************/ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, struct netlogon_creds_CredentialState *creds) { struct tdb_context *tdb; NTSTATUS status; tdb = open_schannel_session_store(mem_ctx); if (!tdb) { return NT_STATUS_ACCESS_DENIED; } status = schannel_store_session_key_tdb(tdb, mem_ctx, creds); tdb_close(tdb); return status; }