Changeset 740 for vendor/current/source4/param/secrets.c
- Timestamp:
- Nov 14, 2012, 12:59:34 PM (13 years ago)
- File:
-
- 1 edited
-
vendor/current/source4/param/secrets.c (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source4/param/secrets.c
r414 r740 26 26 #include "param/param.h" 27 27 #include "system/filesys.h" 28 #include " tdb_wrap.h"29 #include "lib/ldb /include/ldb.h"30 #include "../tdb/include/tdb.h"28 #include "lib/util/tdb_wrap.h" 29 #include "lib/ldb-samba/ldb_wrap.h" 30 #include <ldb.h> 31 31 #include "../lib/util/util_tdb.h" 32 #include "../lib/util/util_ldb.h"33 32 #include "librpc/gen_ndr/ndr_security.h" 33 #include "dsdb/samdb/samdb.h" 34 34 35 35 /** … … 87 87 */ 88 88 struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx, 89 struct tevent_context *ev_ctx,90 89 struct loadparm_context *lp_ctx) 91 90 { 92 char *path; 93 const char *url; 94 struct ldb_context *ldb; 95 96 url = lp_secrets_url(lp_ctx); 97 if (!url || !url[0]) { 98 return NULL; 99 } 100 101 path = private_path(mem_ctx, lp_ctx, url); 102 if (!path) { 103 return NULL; 104 } 105 106 /* Secrets.ldb *must* always be local. If we call for a 107 * system_session() we will recurse */ 108 ldb = ldb_init(mem_ctx, ev_ctx); 109 if (!ldb) { 110 talloc_free(path); 111 return NULL; 112 } 113 114 ldb_set_modules_dir(ldb, 115 talloc_asprintf(ldb, "%s/ldb", lp_modulesdir(lp_ctx))); 116 117 if (ldb_connect(ldb, path, 0, NULL) != 0) { 118 talloc_free(path); 119 return NULL; 120 } 121 122 /* the update_keytab module relies on this being setup */ 123 if (ldb_set_opaque(ldb, "loadparm", lp_ctx) != LDB_SUCCESS) { 124 talloc_free(path); 125 talloc_free(ldb); 126 return NULL; 127 } 128 129 talloc_free(path); 130 131 return ldb; 91 return ldb_wrap_connect(mem_ctx, NULL, lp_ctx, lpcfg_secrets_url(lp_ctx), 92 NULL, NULL, 0); 132 93 } 133 94 … … 137 98 */ 138 99 struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx, 139 struct tevent_context *ev_ctx,140 100 struct loadparm_context *lp_ctx, 141 const char *domain) 101 const char *domain, 102 enum netr_SchannelType *sec_channel_type, 103 char **errstring) 142 104 { 143 105 struct ldb_context *ldb; 144 struct ldb_message * *msgs;106 struct ldb_message *msg; 145 107 int ldb_ret; 146 const char *attrs[] = { "objectSid", NULL };108 const char *attrs[] = { "objectSid", "secureChannelType", NULL }; 147 109 struct dom_sid *result = NULL; 148 110 const struct ldb_val *v; 149 111 enum ndr_err_code ndr_err; 150 112 151 ldb = secrets_db_connect(mem_ctx, ev_ctx, lp_ctx); 113 *errstring = NULL; 114 115 ldb = secrets_db_connect(mem_ctx, lp_ctx); 152 116 if (ldb == NULL) { 153 117 DEBUG(5, ("secrets_db_connect failed\n")); … … 155 119 } 156 120 157 ldb_ret = gendb_search(ldb, ldb,158 ldb_dn_new(mem_ctx, ldb, SECRETS_PRIMARY_DOMAIN_DN),159 &msgs, attrs,160 SECRETS_PRIMARY_DOMAIN_FILTER, domain);121 ldb_ret = dsdb_search_one(ldb, ldb, &msg, 122 ldb_dn_new(mem_ctx, ldb, SECRETS_PRIMARY_DOMAIN_DN), 123 LDB_SCOPE_ONELEVEL, 124 attrs, 0, SECRETS_PRIMARY_DOMAIN_FILTER, domain); 161 125 162 if (ldb_ret == -1) { 163 DEBUG(5, ("Error searching for domain SID for %s: %s", 164 domain, ldb_errstring(ldb))); 165 talloc_free(ldb); 126 if (ldb_ret != LDB_SUCCESS) { 127 *errstring = talloc_asprintf(mem_ctx, "Failed to find record for %s in %s: %s: %s", 128 domain, (char *) ldb_get_opaque(ldb, "ldb_url"), 129 ldb_strerror(ldb_ret), ldb_errstring(ldb)); 130 return NULL; 131 } 132 v = ldb_msg_find_ldb_val(msg, "objectSid"); 133 if (v == NULL) { 134 *errstring = talloc_asprintf(mem_ctx, "Failed to find a SID on record for %s in %s", 135 domain, (char *) ldb_get_opaque(ldb, "ldb_url")); 166 136 return NULL; 167 137 } 168 138 169 if (ldb_ret == 0) { 170 DEBUG(5, ("Did not find domain record for %s\n", domain)); 171 talloc_free(ldb); 172 return NULL; 139 if (sec_channel_type) { 140 int t; 141 t = ldb_msg_find_attr_as_int(msg, "secureChannelType", -1); 142 if (t == -1) { 143 *errstring = talloc_asprintf(mem_ctx, "Failed to find secureChannelType for %s in %s", 144 domain, (char *) ldb_get_opaque(ldb, "ldb_url")); 145 return NULL; 146 } 147 *sec_channel_type = t; 173 148 } 174 149 175 if (ldb_ret > 1) {176 DEBUG(5, ("Found more than one (%d) domain records for %s\n",177 ldb_ret, domain));178 talloc_free(ldb);179 return NULL;180 }181 182 v = ldb_msg_find_ldb_val(msgs[0], "objectSid");183 if (v == NULL) {184 DEBUG(0, ("Domain object for %s does not contain a SID!\n",185 domain));186 return NULL;187 }188 150 result = talloc(mem_ctx, struct dom_sid); 189 151 if (result == NULL) { … … 192 154 } 193 155 194 ndr_err = ndr_pull_struct_blob(v, result, NULL,result,156 ndr_err = ndr_pull_struct_blob(v, result, result, 195 157 (ndr_pull_flags_fn_t)ndr_pull_dom_sid); 196 158 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 159 *errstring = talloc_asprintf(mem_ctx, "Failed to parse SID on record for %s in %s", 160 domain, (char *) ldb_get_opaque(ldb, "ldb_url")); 197 161 talloc_free(result); 198 162 talloc_free(ldb); … … 202 166 return result; 203 167 } 168 169 char *keytab_name_from_msg(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_message *msg) 170 { 171 const char *krb5keytab = ldb_msg_find_attr_as_string(msg, "krb5Keytab", NULL); 172 if (krb5keytab) { 173 return talloc_strdup(mem_ctx, krb5keytab); 174 } else { 175 char *file_keytab; 176 char *relative_path; 177 const char *privateKeytab = ldb_msg_find_attr_as_string(msg, "privateKeytab", NULL); 178 if (!privateKeytab) { 179 return NULL; 180 } 181 182 relative_path = ldb_relative_path(ldb, mem_ctx, privateKeytab); 183 if (!relative_path) { 184 return NULL; 185 } 186 file_keytab = talloc_asprintf(mem_ctx, "FILE:%s", relative_path); 187 talloc_free(relative_path); 188 return file_keytab; 189 } 190 return NULL; 191 } 192
Note:
See TracChangeset
for help on using the changeset viewer.
