Context Navigation

← Previous Change
Next Change →

secrets.c

Timestamp:

Sep 30, 2007, 3:42:50 AM (18 years ago)

Author:

Paul Smedley

Message:

Update trunk to 3.2.0pre1

File:

: 1 edited

trunk/samba/source/passdb/secrets.c (modified) (50 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/samba/source/passdb/secrets.c

-              r1
+              r77
 /*
+/*
    Unix SMB/CIFS implementation.
    Copyright (C) Andrew Tridgell 1992-2001
 …
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 …
+ *
  * Initialised to the current pid, the very first time Samba starts,
  * and incremented by one each time it is needed.
+ *
+ * and incremented by one each time it is needed.
+ *
  * @note Not called by systems with a working /dev/urandom.
  */
 static void get_rand_seed(int *new_seed)
+static void get_rand_seed(int *new_seed)
+{
         *new_seed = sys_getpid();
 …
         /**
          * Set a reseed function for the crypto random generator
+         *
+         * Set a reseed function for the crypto random generator
+         *
          * This avoids a problem where systems without /dev/urandom
          * could send the same challenge to multiple clients
 …
+}
 /* store a secrets entry
+/* store a secrets entry
  */
 BOOL secrets_store(const char *key, const void *data, size_t size)
 …
                 return False;
         return tdb_trans_store(tdb, string_tdb_data(key),
                                make_tdb_data((const char *)data, size),
+                               make_tdb_data((const uint8 *)data, size),
                                TDB_REPLACE) == 0;
+}
 …
         if (!tdb)
                 return False;
         return tdb_delete(tdb, string_tdb_data(key)) == 0;
+        return tdb_trans_delete(tdb, string_tdb_data(key)) == 0;
+}
 …
                 return False;
         if (size != sizeof(DOM_SID)) {
+        if (size != sizeof(DOM_SID)) {
                 SAFE_FREE(dyn_sid);
                 return False;
 …
+        }
         if (size != sizeof(struct GUID)) {
+        if (size != sizeof(struct GUID)) {
                 DEBUG(1,("UUID size %d is wrong!\n", (int)size));
                 SAFE_FREE(dyn_guid);
 …
         static fstring keystr;
         slprintf(keystr,sizeof(keystr)-1,"%s/%s",
+        slprintf(keystr,sizeof(keystr)-1,"%s/%s",
                  SECRETS_MACHINE_ACCT_PASS, domain);
         strupper_m(keystr);
 …
         pstr_sprintf(keystr, "%s/%s", SECRETS_DOMTRUST_ACCT_PASS, domain);
         strupper_m(keystr);
         return keystr;
+}
 …
 ************************************************************************/
 uint32 get_default_sec_channel(void)
+{
         if (lp_server_role() == ROLE_DOMAIN_BDC ||
+uint32 get_default_sec_channel(void)
+{
+        if (lp_server_role() == ROLE_DOMAIN_BDC ||
             lp_server_role() == ROLE_DOMAIN_PDC) {
                 return SEC_CHAN_BDC;
 …
         size_t size = 0;
         plaintext = secrets_fetch_machine_password(domain, pass_last_set_time,
+        plaintext = secrets_fetch_machine_password(domain, pass_last_set_time,
                                                    channel);
         if (plaintext) {
 …
                 return False;
+        }
         if (size != sizeof(*pass)) {
                 DEBUG(0, ("secrets were of incorrect size!\n"));
 …
  * @return length of the packed representation of the whole structure
  **/
 static size_t tdb_sid_pack(char* pack_buf, int bufsize, DOM_SID* sid)
+static size_t tdb_sid_pack(uint8 *pack_buf, int bufsize, DOM_SID* sid)
+{
         int idx;
         size_t len = 0;
         if (!sid || !pack_buf) return -1;
         len += tdb_pack(pack_buf + len, bufsize - len, "bb", sid->sid_rev_num,
                         sid->num_auths);
         for (idx = 0; idx < 6; idx++) {
                 len += tdb_pack(pack_buf + len, bufsize - len, "b",
                                 sid->id_auth[idx]);
+        }
         for (idx = 0; idx < MAXSUBAUTHS; idx++) {
                 len += tdb_pack(pack_buf + len, bufsize - len, "d",
                                 sid->sub_auths[idx]);
+        }
         return len;
+}
 …
  * @return size of structure unpacked from buffer
  **/
 static size_t tdb_sid_unpack(char* pack_buf, int bufsize, DOM_SID* sid)
+static size_t tdb_sid_unpack(uint8 *pack_buf, int bufsize, DOM_SID* sid)
+{
         int idx, len = 0;
         if (!sid || !pack_buf) return -1;
         len += tdb_unpack(pack_buf + len, bufsize - len, "bb",
                           &sid->sid_rev_num, &sid->num_auths);
         for (idx = 0; idx < 6; idx++) {
                 len += tdb_unpack(pack_buf + len, bufsize - len, "b",
                                   &sid->id_auth[idx]);
+        }
         for (idx = 0; idx < MAXSUBAUTHS; idx++) {
                 len += tdb_unpack(pack_buf + len, bufsize - len, "d",
                                   &sid->sub_auths[idx]);
+        }
         return len;
+}
 …
  * @return length of the packed representation of the whole structure
  **/
 static size_t tdb_trusted_dom_pass_pack(char* pack_buf, int bufsize,
+static size_t tdb_trusted_dom_pass_pack(uint8 *pack_buf, int bufsize,
                                         TRUSTED_DOM_PASS* pass)
+{
         int idx, len = 0;
         if (!pack_buf || !pass) return -1;
         /* packing unicode domain name and password */
         len += tdb_pack(pack_buf + len, bufsize - len, "d",
                         pass->uni_name_len);
         for (idx = 0; idx < 32; idx++)
                 len +=  tdb_pack(pack_buf + len, bufsize - len, "w",
                                  pass->uni_name[idx]);
         len += tdb_pack(pack_buf + len, bufsize - len, "dPd", pass->pass_len,
                              pass->pass, pass->mod_time);
 …
  * @return size of structure unpacked from buffer
  **/
 static size_t tdb_trusted_dom_pass_unpack(char* pack_buf, int bufsize,
+static size_t tdb_trusted_dom_pass_unpack(uint8 *pack_buf, int bufsize,
                                           TRUSTED_DOM_PASS* pass)
+{
         int idx, len = 0;
         if (!pack_buf || !pass) return -1;
         /* unpack unicode domain name and plaintext password */
         len += tdb_unpack(pack_buf, bufsize - len, "d", &pass->uni_name_len);
         for (idx = 0; idx < 32; idx++)
                 len +=  tdb_unpack(pack_buf + len, bufsize - len, "w",
 …
         len += tdb_unpack(pack_buf + len, bufsize - len, "dPd",
                           &pass->pass_len, &pass->pass, &pass->mod_time);
         /* unpack domain sid */
         len += tdb_sid_unpack(pack_buf + len, bufsize - len,
                               &pass->domain_sid);
         return len;
+        return len;
+}
 …
         struct trusted_dom_pass pass;
         size_t size = 0;
         /* unpacking structures */
         char* pass_buf;
+        uint8 *pass_buf;
         int pass_len = 0;
 …
         /* fetching trusted domain password structure */
         if (!(pass_buf = (char *)secrets_fetch(trustdom_keystr(domain),
+        if (!(pass_buf = (uint8 *)secrets_fetch(trustdom_keystr(domain),
                                                &size))) {
                 DEBUG(5, ("secrets_fetch failed!\n"));
 …
                 return False;
+        }
         /* the trust's password */
+        /* the trust's password */
         if (pwd) {
                 *pwd = SMB_STRDUP(pass.pass);
 …
         /* domain sid */
         if (sid != NULL) sid_copy(sid, &pass.domain_sid);
         return True;
+}
 …
         int pass_len = 0;
         int pass_buf_len = sizeof(pass_buf);
         struct trusted_dom_pass pass;
         ZERO_STRUCT(pass);
 …
                 return False;
+        }
         strncpy_w(pass.uni_name, uni_dom_name, sizeof(pass.uni_name) - 1);
         pass.uni_name_len = strlen_w(uni_dom_name)+1;
 …
         /* domain sid */
         sid_copy(&pass.domain_sid, sid);
         pass_len = tdb_trusted_dom_pass_pack(pass_buf, pass_buf_len, &pass);
+        pass_len = tdb_trusted_dom_pass_pack((uint8 *)pass_buf, pass_buf_len, &pass);
         return secrets_store(trustdom_keystr(domain), (void *)&pass_buf, pass_len);
 …
         asprintf(&key, "%s/%s", SECRETS_MACHINE_PASSWORD, domain);
         if (!key)
+        if (!key)
                 return False;
         strupper_m(key);
 …
         if (!ret)
                 return ret;
         asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME, domain);
         if (!key)
+        if (!key)
                 return False;
         strupper_m(key);
 …
         asprintf(&key, "%s/%s", SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain);
         if (!key)
+        if (!key)
                 return False;
         strupper_m(key);
 …
 ************************************************************************/
 char *secrets_fetch_machine_password(const char *domain,
+char *secrets_fetch_machine_password(const char *domain,
                                      time_t *pass_last_set_time,
                                      uint32 *channel)
 …
         ret = (char *)secrets_fetch(key, NULL);
         SAFE_FREE(key);
         if (pass_last_set_time) {
                 size_t size;
 …
                 SAFE_FREE(key);
+        }
         if (channel) {
                 size_t size;
 …
                 SAFE_FREE(key);
+        }
         return ret;
+}
-/*******************************************************************
- Wrapper around retrieving the trust account password
-*******************************************************************/
-BOOL get_trust_pw(const char *domain, uint8 ret_pwd[16], uint32 *channel)
+{
-        DOM_SID sid;
-        char *pwd;
-        time_t last_set_time;
-        /* if we are a DC and this is not our domain, then lookup an account
-                for the domain trust */
-        if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains() ) {
-                if (!secrets_fetch_trusted_domain_password(domain, &pwd, &sid,
-                                                        &last_set_time)) {
-                        DEBUG(0, ("get_trust_pw: could not fetch trust "
-                                "account password for trusted domain %s\n",
-                                domain));
-                        return False;
+                }
-                *channel = SEC_CHAN_DOMAIN;
-                E_md4hash(pwd, ret_pwd);
-                SAFE_FREE(pwd);
-                return True;
+        }
-        /* Just get the account for the requested domain. In the future this
-         * might also cover to be member of more than one domain. */
-        if (secrets_fetch_trust_account_password(domain, ret_pwd,
-                                                &last_set_time, channel))
-                return True;
-        DEBUG(5, ("get_trust_pw: could not fetch trust account "
-                "password for domain %s\n", domain));
-        return False;
+}
 …
         char *key = NULL;
         BOOL ret;
         if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, dn) < 0) {
                 DEBUG(0, ("secrets_store_ldap_pw: asprintf failed!\n"));
                 return False;
+        }
         ret = secrets_store(key, pw, strlen(pw)+1);
         SAFE_FREE(key);
         return ret;
 …
         char *key = NULL;
         size_t size = 0;
         *dn = smb_xstrdup(lp_ldap_admin_dn());
         if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) {
                 SAFE_FREE(*dn);
                 DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n"));
+        }
         *pw=(char *)secrets_fetch(key, &size);
         SAFE_FREE(key);
 …
                 char *data;
                 fstring old_style_pw;
                 if (!old_style_key) {
                         DEBUG(0, ("fetch_ldap_pw: strdup failed!\n"));
 …
                 for (p=old_style_key; *p; p++)
                         if (*p == ',') *p = '/';
                 data=(char *)secrets_fetch(old_style_key, &size);
                 if (!size && size < sizeof(old_style_pw)) {
 …
                         SAFE_FREE(old_style_key);
                         SAFE_FREE(*dn);
                         return False;
+                        return False;
+                }
                 if (!secrets_delete(old_style_key)) {
 …
                 SAFE_FREE(old_style_key);
                 *pw = smb_xstrdup(old_style_pw);
+        }
+                *pw = smb_xstrdup(old_style_pw);
+        }
         return True;
+}
 …
 /**
  * Get trusted domains info from secrets.tdb.
  **/
+ **/
 NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
 …
         if (!secrets_init()) return NT_STATUS_ACCESS_DENIED;
         /* generate searching pattern */
         pattern = talloc_asprintf(tmp_ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS);
 …
         /* searching for keys in secrets db -- way to go ... */
         for (k = keys; k; k = k->next) {
                 char *packed_pass;
+                uint8 *packed_pass;
                 size_t size = 0, packed_size = 0;
                 struct trusted_dom_pass pass;
                 char *secrets_key;
                 struct trustdom_info *dom_info;
                 /* important: ensure null-termination of the key string */
                 secrets_key = talloc_strndup(tmp_ctx,
                                              k->node_key.dptr,
+                                             (const char *)k->node_key.dptr,
                                              k->node_key.dsize);
                 if (!secrets_key) {
 …
+                }
                 packed_pass = (char *)secrets_fetch(secrets_key, &size);
+                packed_pass = (uint8 *)secrets_fetch(secrets_key, &size);
                 packed_size = tdb_trusted_dom_pass_unpack(packed_pass, size,
                                                           &pass);
                 /* packed representation isn't needed anymore */
                 SAFE_FREE(packed_pass);
                 if (size != packed_size) {
                         DEBUG(2, ("Secrets record %s is invalid!\n",
 …
+                }
+        }
         DEBUG(5, ("secrets_get_trusted_domains: got %d domains\n",
                   *num_domains));
 …
 /******************************************************************************
   When kerberos is not available, choose between anonymous or
   authenticated connections.
+  authenticated connections.
   We need to use an authenticated connection if DCs have the
 …
         *domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
         *password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
         if (*username && **username) {
                 if (!*domain || !**domain)
                         *domain = smb_xstrdup(lp_workgroup());
                 if (!*password || !**password)
                         *password = smb_xstrdup("");
                 DEBUG(3, ("IPC$ connections done by user %s\\%s\n",
+                DEBUG(3, ("IPC$ connections done by user %s\\%s\n",
                           *domain, *username));
 …
                 /* First opener, no version. */
                 SIVAL(&ver,0,1);
                 vers.dptr = (char *)&ver;
+                vers.dptr = (uint8 *)&ver;
                 vers.dsize = 4;
                 tdb_store_bystring(tdb_sc, "SCHANNEL_STORE_VERSION", vers, TDB_REPLACE);
 …
                                 pdc->domain);
         value.dptr = (char *)TALLOC(mem_ctx, value.dsize);
+        value.dptr = TALLOC_ARRAY(mem_ctx, uint8, value.dsize);
         if (!value.dptr) {
                 TALLOC_FREE(keystr);
 …
         char *tdbkey = NULL;
         BOOL ret;
         if (asprintf(&tdbkey, "SECRETS/GENERIC/%s/%s", owner, key) < 0) {
                 DEBUG(0, ("asprintf failed!\n"));
                 return False;
+        }
         ret = secrets_store(tdbkey, secret, strlen(secret)+1);
         SAFE_FREE(tdbkey);
         return ret;
 …
                 return NULL;
+        }
         secret = (char *)secrets_fetch(tdbkey, NULL);
         SAFE_FREE(tdbkey);

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 77 for trunk/samba/source/passdb/secrets.c

Legend:

trunk/samba/source/passdb/secrets.c

Download in other formats: