Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Copyright (C) Andrew Tridgell 1992-2001
4 : Copyright (C) Andrew Bartlett 2002
5 : Copyright (C) Rafal Szczesniak 2002
6 : Copyright (C) Tim Potter 2001
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : /* the Samba secrets database stores any generated, private information
23 : such as the local SID and machine trust password */
24 :
25 : #include "includes.h"
26 : #include "passdb.h"
27 : #include "passdb/pdb_secrets.h"
28 : #include "librpc/gen_ndr/ndr_secrets.h"
29 : #include "secrets.h"
30 : #include "dbwrap/dbwrap.h"
31 : #include "dbwrap/dbwrap_open.h"
32 : #include "../libcli/security/security.h"
33 : #include "util_tdb.h"
34 :
35 : #undef DBGC_CLASS
36 : #define DBGC_CLASS DBGC_PASSDB
37 :
38 : /**
39 : * Get trusted domains info from secrets.tdb.
40 : **/
41 :
42 : struct list_trusted_domains_state {
43 : uint32_t num_domains;
44 : struct trustdom_info **domains;
45 : };
46 :
47 4 : static int list_trusted_domain(struct db_record *rec, void *private_data)
48 : {
49 4 : const size_t prefix_len = strlen(SECRETS_DOMTRUST_ACCT_PASS);
50 : struct TRUSTED_DOM_PASS pass;
51 : enum ndr_err_code ndr_err;
52 : DATA_BLOB blob;
53 : struct trustdom_info *dom_info;
54 : TDB_DATA key;
55 : TDB_DATA value;
56 :
57 4 : struct list_trusted_domains_state *state =
58 : (struct list_trusted_domains_state *)private_data;
59 :
60 4 : key = dbwrap_record_get_key(rec);
61 4 : value = dbwrap_record_get_value(rec);
62 :
63 4 : if ((key.dsize < prefix_len)
64 4 : || (strncmp((char *)key.dptr, SECRETS_DOMTRUST_ACCT_PASS,
65 : prefix_len) != 0)) {
66 4 : return 0;
67 : }
68 :
69 0 : blob = data_blob_const(value.dptr, value.dsize);
70 :
71 0 : ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass,
72 : (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS);
73 0 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
74 0 : return false;
75 : }
76 :
77 0 : if (pass.domain_sid.num_auths != 4) {
78 : struct dom_sid_buf buf;
79 0 : DEBUG(0, ("SID %s is not a domain sid, has %d "
80 : "auths instead of 4\n",
81 : dom_sid_str_buf(&pass.domain_sid, &buf),
82 : pass.domain_sid.num_auths));
83 0 : return 0;
84 : }
85 :
86 0 : if (!(dom_info = talloc(state->domains, struct trustdom_info))) {
87 0 : DEBUG(0, ("talloc failed\n"));
88 0 : return 0;
89 : }
90 :
91 0 : dom_info->name = talloc_strdup(dom_info, pass.uni_name);
92 0 : if (!dom_info->name) {
93 0 : TALLOC_FREE(dom_info);
94 0 : return 0;
95 : }
96 :
97 0 : sid_copy(&dom_info->sid, &pass.domain_sid);
98 :
99 0 : ADD_TO_ARRAY(state->domains, struct trustdom_info *, dom_info,
100 : &state->domains, &state->num_domains);
101 :
102 0 : if (state->domains == NULL) {
103 0 : state->num_domains = 0;
104 0 : return -1;
105 : }
106 0 : return 0;
107 : }
108 :
109 2 : NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32_t *num_domains,
110 : struct trustdom_info ***domains)
111 : {
112 : struct list_trusted_domains_state state;
113 : struct db_context *db_ctx;
114 :
115 2 : if (!secrets_init()) {
116 0 : return NT_STATUS_ACCESS_DENIED;
117 : }
118 :
119 2 : db_ctx = secrets_db_ctx();
120 :
121 2 : state.num_domains = 0;
122 :
123 : /*
124 : * Make sure that a talloc context for the trustdom_info structs
125 : * exists
126 : */
127 :
128 2 : if (!(state.domains = talloc_array(
129 : mem_ctx, struct trustdom_info *, 1))) {
130 0 : return NT_STATUS_NO_MEMORY;
131 : }
132 :
133 2 : dbwrap_traverse_read(db_ctx, list_trusted_domain, (void *)&state, NULL);
134 :
135 2 : *num_domains = state.num_domains;
136 2 : *domains = state.domains;
137 2 : return NT_STATUS_OK;
138 : }
139 :
140 : /* In order to avoid direct linking against libsecrets for pdb modules
141 : * following helpers are provided for pdb module writers.
142 : * To differentiate them from pdb_* API, they are prefixed by PDB upper case
143 : */
144 0 : bool PDB_secrets_store_domain_sid(const char *domain, const struct dom_sid *sid)
145 : {
146 0 : return secrets_store_domain_sid(domain, sid);
147 : }
148 :
149 0 : bool PDB_secrets_mark_domain_protected(const char *domain)
150 : {
151 0 : return secrets_mark_domain_protected(domain);
152 : }
153 :
154 0 : bool PDB_secrets_clear_domain_protection(const char *domain)
155 : {
156 0 : return secrets_clear_domain_protection(domain);
157 : }
158 :
159 0 : bool PDB_secrets_fetch_domain_sid(const char *domain, struct dom_sid *sid)
160 : {
161 0 : return secrets_fetch_domain_sid(domain, sid);
162 : }
163 :
164 0 : bool PDB_secrets_store_domain_guid(const char *domain, struct GUID *guid)
165 : {
166 0 : return secrets_store_domain_guid(domain, guid);
167 : }
168 :
169 0 : bool PDB_secrets_fetch_domain_guid(const char *domain, struct GUID *guid)
170 : {
171 0 : return secrets_fetch_domain_guid(domain, guid);
172 : }
|