2 Unix SMB/CIFS implementation.
3 Copyright (C) Guenther Deschner 2009
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "librpc/gen_ndr/ndr_secrets.h"
23 /******************************************************************************
24 *******************************************************************************/
26 static char *lsa_secret_key(TALLOC_CTX
*mem_ctx
,
27 const char *secret_name
)
29 return talloc_asprintf_strupper_m(mem_ctx
, "SECRETS/LSA/%s",
33 /******************************************************************************
34 *******************************************************************************/
36 static NTSTATUS
lsa_secret_get_common(TALLOC_CTX
*mem_ctx
,
37 const char *secret_name
,
38 struct lsa_secret
*secret
)
42 enum ndr_err_code ndr_err
;
46 key
= lsa_secret_key(mem_ctx
, secret_name
);
48 return NT_STATUS_NO_MEMORY
;
51 blob
.data
= (uint8_t *)secrets_fetch(key
, &blob
.length
);
55 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
58 ndr_err
= ndr_pull_struct_blob(&blob
, mem_ctx
, secret
,
59 (ndr_pull_flags_fn_t
)ndr_pull_lsa_secret
);
60 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
62 return ndr_map_error2ntstatus(ndr_err
);
70 /******************************************************************************
71 *******************************************************************************/
73 NTSTATUS
lsa_secret_get(TALLOC_CTX
*mem_ctx
,
74 const char *secret_name
,
75 DATA_BLOB
*secret_current
,
76 NTTIME
*secret_current_lastchange
,
77 DATA_BLOB
*secret_old
,
78 NTTIME
*secret_old_lastchange
,
79 struct security_descriptor
**sd
)
82 struct lsa_secret secret
;
84 status
= lsa_secret_get_common(mem_ctx
, secret_name
, &secret
);
85 if (!NT_STATUS_IS_OK(status
)) {
90 *secret_current
= data_blob_null
;
91 if (secret
.secret_current
) {
92 *secret_current
= *secret
.secret_current
;
95 if (secret_current_lastchange
) {
96 *secret_current_lastchange
= secret
.secret_current_lastchange
;
99 *secret_old
= data_blob_null
;
100 if (secret
.secret_old
) {
101 *secret_old
= *secret
.secret_old
;
104 if (secret_old_lastchange
) {
105 *secret_old_lastchange
= secret
.secret_old_lastchange
;
114 /******************************************************************************
115 *******************************************************************************/
117 static NTSTATUS
lsa_secret_set_common(TALLOC_CTX
*mem_ctx
,
119 struct lsa_secret
*secret
,
120 DATA_BLOB
*secret_current
,
121 DATA_BLOB
*secret_old
,
122 struct security_descriptor
*sd
)
124 enum ndr_err_code ndr_err
;
126 struct timeval now
= timeval_current();
129 secret
= talloc_zero(mem_ctx
, struct lsa_secret
);
133 return NT_STATUS_NO_MEMORY
;
137 secret
->secret_old
= secret_old
;
138 secret
->secret_old_lastchange
= timeval_to_nttime(&now
);
140 if (secret
->secret_current
) {
141 secret
->secret_old
= secret
->secret_current
;
142 secret
->secret_old_lastchange
= secret
->secret_current_lastchange
;
144 secret
->secret_old
= NULL
;
145 secret
->secret_old_lastchange
= timeval_to_nttime(&now
);
148 if (secret_current
) {
149 secret
->secret_current
= secret_current
;
150 secret
->secret_current_lastchange
= timeval_to_nttime(&now
);
152 secret
->secret_current
= NULL
;
153 secret
->secret_current_lastchange
= timeval_to_nttime(&now
);
159 ndr_err
= ndr_push_struct_blob(&blob
, mem_ctx
, secret
,
160 (ndr_push_flags_fn_t
)ndr_push_lsa_secret
);
161 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
162 return ndr_map_error2ntstatus(ndr_err
);
165 if (!secrets_store(key
, blob
.data
, blob
.length
)) {
166 return NT_STATUS_ACCESS_DENIED
;
172 /******************************************************************************
173 *******************************************************************************/
175 NTSTATUS
lsa_secret_set(const char *secret_name
,
176 DATA_BLOB
*secret_current
,
177 DATA_BLOB
*secret_old
,
178 struct security_descriptor
*sd
)
181 struct lsa_secret secret
;
184 key
= lsa_secret_key(talloc_tos(), secret_name
);
186 return NT_STATUS_NO_MEMORY
;
189 status
= lsa_secret_get_common(talloc_tos(), secret_name
, &secret
);
190 if (!NT_STATUS_IS_OK(status
) &&
191 !NT_STATUS_EQUAL(status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
)) {
196 status
= lsa_secret_set_common(talloc_tos(), key
,
206 /******************************************************************************
207 *******************************************************************************/
209 NTSTATUS
lsa_secret_delete(const char *secret_name
)
212 struct lsa_secret secret
;
215 key
= lsa_secret_key(talloc_tos(), secret_name
);
217 return NT_STATUS_NO_MEMORY
;
220 status
= lsa_secret_get_common(talloc_tos(), secret_name
, &secret
);
221 if (!NT_STATUS_IS_OK(status
)) {
226 if (!secrets_delete_entry(key
)) {
228 return NT_STATUS_ACCESS_DENIED
;