Changeset 988 for vendor/current/source3/passdb/secrets.c

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

• vendor/current/source3/passdb/secrets.c (modified) (10 diffs)

vendor/current/source3/passdb/secrets.c

@@ -25 +25 @@
 #include "includes.h"
 #include "system/filesys.h"
-#include "passdb.h"
 #include "../libcli/auth/libcli_auth.h"
 #include "librpc/gen_ndr/ndr_secrets.h"
 #include "secrets.h"
-#include "dbwrap.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_open.h"
 #include "../libcli/security/security.h"
 #include "util_tdb.h"
@@ -38 +38 @@
 static struct db_context *db_ctx;
 
-/**
- * Use a TDB to store an incrementing random seed.
- *
- * Initialised to the current pid, the very first time Samba starts,
- * and incremented by one each time it is needed.
- *
- * @note Not called by systems with a working /dev/urandom.
- */
-static void get_rand_seed(void *userdata, int *new_seed)
-{
-        *new_seed = sys_getpid();
-        if (db_ctx) {
-                dbwrap_trans_change_int32_atomic(db_ctx, "INFO/random_seed",
-                                                 new_seed, 1);
-        }
+/* open up the secrets database with specified private_dir path */
+bool secrets_init_path(const char *private_dir)
+{
+        char *fname = NULL;
+        TALLOC_CTX *frame;
+
+        if (db_ctx != NULL) {
+                return True;
+        }
+
+        if (private_dir == NULL) {
+                return False;
+        }
+
+        frame = talloc_stackframe();
+        fname = talloc_asprintf(frame, "%s/secrets.tdb", private_dir);
+        if (fname == NULL) {
+                TALLOC_FREE(frame);
+                return False;
+        }
+
+        db_ctx = db_open(NULL, fname, 0,
+                         TDB_DEFAULT, O_RDWR|O_CREAT, 0600,
+                         DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
+
+        if (db_ctx == NULL) {
+                DEBUG(0,("Failed to open %s\n", fname));
+                TALLOC_FREE(frame);
+                return False;
+        }
+
+        TALLOC_FREE(frame);
+        return True;
 }
 
@@ -58 +76 @@
 bool secrets_init(void)
 {
-        char *fname = NULL;
-        unsigned char dummy;
-
-        if (db_ctx != NULL)
-                return True;
-
-        fname = talloc_asprintf(talloc_tos(), "%s/secrets.tdb",
-                                lp_private_dir());
-        if (fname == NULL) {
-                return false;
-        }
-
-        db_ctx = db_open(NULL, fname, 0,
-                         TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
-
-        if (db_ctx == NULL) {
-                DEBUG(0,("Failed to open %s\n", fname));
-                TALLOC_FREE(fname);
-                return False;
-        }
-
-        TALLOC_FREE(fname);
-
-        /**
-         * Set a reseed function for the crypto random generator
-         *
-         * This avoids a problem where systems without /dev/urandom
-         * could send the same challenge to multiple clients
-         */
-        set_rand_reseed_callback(get_rand_seed, NULL);
-
-        /* Ensure that the reseed is done now, while we are root, etc */
-        generate_random_buffer(&dummy, sizeof(dummy));
-
-        return True;
+        return secrets_init_path(lp_private_dir());
 }
 
@@ -119 +103 @@
         TDB_DATA dbuf;
         void *result;
+        NTSTATUS status;
 
         if (!secrets_init()) {
@@ -124 +109 @@
         }
 
-        if (db_ctx->fetch(db_ctx, talloc_tos(), string_tdb_data(key),
-                          &dbuf) != 0) {
-                return NULL;
-        }
-
-        result = memdup(dbuf.dptr, dbuf.dsize);
+        status = dbwrap_fetch(db_ctx, talloc_tos(), string_tdb_data(key),
+                              &dbuf);
+        if (!NT_STATUS_IS_OK(status)) {
+                return NULL;
+        }
+
+        result = smb_memdup(dbuf.dptr, dbuf.dsize);
         if (result == NULL) {
                 return NULL;
@@ -153 +139 @@
 
         status = dbwrap_trans_store(db_ctx, string_tdb_data(key),
-                                    make_tdb_data((const uint8 *)data, size),
+                                    make_tdb_data((const uint8_t *)data, size),
                                     TDB_REPLACE);
         return NT_STATUS_IS_OK(status);
@@ -320 +306 @@
         size_t size = 0;
 
-        *dn = smb_xstrdup(lp_ldap_admin_dn());
+        *dn = smb_xstrdup(lp_ldap_admin_dn(talloc_tos()));
 
         if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) {
@@ -379 +365 @@
 }
 
-/**
- * Get trusted domains info from secrets.tdb.
- **/
-
-struct list_trusted_domains_state {
-        uint32 num_domains;
-        struct trustdom_info **domains;
-};
-
-static int list_trusted_domain(struct db_record *rec, void *private_data)
-{
-        const size_t prefix_len = strlen(SECRETS_DOMTRUST_ACCT_PASS);
-        struct TRUSTED_DOM_PASS pass;
-        enum ndr_err_code ndr_err;
-        DATA_BLOB blob;
-        struct trustdom_info *dom_info;
-
-        struct list_trusted_domains_state *state =
-                (struct list_trusted_domains_state *)private_data;
-
-        if ((rec->key.dsize < prefix_len)
-            || (strncmp((char *)rec->key.dptr, SECRETS_DOMTRUST_ACCT_PASS,
-                        prefix_len) != 0)) {
-                return 0;
-        }
-
-        blob = data_blob_const(rec->value.dptr, rec->value.dsize);
-
-        ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass,
-                        (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS);
-        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-                return false;
-        }
-
-        if (pass.domain_sid.num_auths != 4) {
-                DEBUG(0, ("SID %s is not a domain sid, has %d "
-                          "auths instead of 4\n",
-                          sid_string_dbg(&pass.domain_sid),
-                          pass.domain_sid.num_auths));
-                return 0;
-        }
-
-        if (!(dom_info = TALLOC_P(state->domains, struct trustdom_info))) {
-                DEBUG(0, ("talloc failed\n"));
-                return 0;
-        }
-
-        dom_info->name = talloc_strdup(dom_info, pass.uni_name);
-        if (!dom_info->name) {
-                TALLOC_FREE(dom_info);
-                return 0;
-        }
-
-        sid_copy(&dom_info->sid, &pass.domain_sid);
-
-        ADD_TO_ARRAY(state->domains, struct trustdom_info *, dom_info,
-                     &state->domains, &state->num_domains);
-
-        if (state->domains == NULL) {
-                state->num_domains = 0;
-                return -1;
-        }
-        return 0;
-}
-
-NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
-                                 struct trustdom_info ***domains)
-{
-        struct list_trusted_domains_state state;
-
-        if (!secrets_init()) {
-                return NT_STATUS_ACCESS_DENIED;
-        }
-
-        state.num_domains = 0;
-
-        /*
-         * Make sure that a talloc context for the trustdom_info structs
-         * exists
-         */
-
-        if (!(state.domains = TALLOC_ARRAY(
-                      mem_ctx, struct trustdom_info *, 1))) {
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        db_ctx->traverse_read(db_ctx, list_trusted_domain, (void *)&state);
-
-        *num_domains = state.num_domains;
-        *domains = state.domains;
-        return NT_STATUS_OK;
-}
-
 /*******************************************************************************
  Store a complete AFS keyfile into secrets.tdb.
@@ -498 +391 @@
         struct afs_keyfile *keyfile;
         size_t size = 0;
-        uint32 i;
+        uint32_t i;
 
         slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_AFS_KEYFILE, cell);
@@ -580 +473 @@
 }
 
-bool secrets_delete_generic(const char *owner, const char *key)
-{
-        char *tdbkey = NULL;
-        bool ret;
-
-        if (asprintf(&tdbkey, "SECRETS/GENERIC/%s/%s", owner, key) < 0) {
-                DEBUG(0, ("asprintf failed!\n"));
-                return False;
-        }
-
-        ret = secrets_delete(tdbkey);
-
-        SAFE_FREE(tdbkey);
-        return ret;
-}
-
 /*******************************************************************
  Find the ldap password.