2 Unix SMB/CIFS implementation.
3 Copyright (C) Andrew Tridgell 1992-2001
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Rafal Szczesniak 2002
6 Copyright (C) Tim Potter 2001
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 /* the Samba secrets database stores any generated, private information
23 such as the local SID and machine trust password */
27 #include "passdb/pdb_secrets.h"
28 #include "librpc/gen_ndr/ndr_secrets.h"
30 #include "dbwrap/dbwrap.h"
31 #include "dbwrap/dbwrap_open.h"
32 #include "../libcli/security/security.h"
36 #define DBGC_CLASS DBGC_PASSDB
39 * Get trusted domains info from secrets.tdb.
42 struct list_trusted_domains_state
{
44 struct trustdom_info
**domains
;
47 static int list_trusted_domain(struct db_record
*rec
, void *private_data
)
49 const size_t prefix_len
= strlen(SECRETS_DOMTRUST_ACCT_PASS
);
50 struct TRUSTED_DOM_PASS pass
;
51 enum ndr_err_code ndr_err
;
53 struct trustdom_info
*dom_info
;
57 struct list_trusted_domains_state
*state
=
58 (struct list_trusted_domains_state
*)private_data
;
60 key
= dbwrap_record_get_key(rec
);
61 value
= dbwrap_record_get_value(rec
);
63 if ((key
.dsize
< prefix_len
)
64 || (strncmp((char *)key
.dptr
, SECRETS_DOMTRUST_ACCT_PASS
,
69 blob
= data_blob_const(value
.dptr
, value
.dsize
);
71 ndr_err
= ndr_pull_struct_blob(&blob
, talloc_tos(), &pass
,
72 (ndr_pull_flags_fn_t
)ndr_pull_TRUSTED_DOM_PASS
);
73 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
77 if (pass
.domain_sid
.num_auths
!= 4) {
78 DEBUG(0, ("SID %s is not a domain sid, has %d "
79 "auths instead of 4\n",
80 sid_string_dbg(&pass
.domain_sid
),
81 pass
.domain_sid
.num_auths
));
85 if (!(dom_info
= talloc(state
->domains
, struct trustdom_info
))) {
86 DEBUG(0, ("talloc failed\n"));
90 dom_info
->name
= talloc_strdup(dom_info
, pass
.uni_name
);
91 if (!dom_info
->name
) {
92 TALLOC_FREE(dom_info
);
96 sid_copy(&dom_info
->sid
, &pass
.domain_sid
);
98 ADD_TO_ARRAY(state
->domains
, struct trustdom_info
*, dom_info
,
99 &state
->domains
, &state
->num_domains
);
101 if (state
->domains
== NULL
) {
102 state
->num_domains
= 0;
108 NTSTATUS
secrets_trusted_domains(TALLOC_CTX
*mem_ctx
, uint32_t *num_domains
,
109 struct trustdom_info
***domains
)
111 struct list_trusted_domains_state state
;
112 struct db_context
*db_ctx
;
114 if (!secrets_init()) {
115 return NT_STATUS_ACCESS_DENIED
;
118 db_ctx
= secrets_db_ctx();
120 state
.num_domains
= 0;
123 * Make sure that a talloc context for the trustdom_info structs
127 if (!(state
.domains
= talloc_array(
128 mem_ctx
, struct trustdom_info
*, 1))) {
129 return NT_STATUS_NO_MEMORY
;
132 dbwrap_traverse_read(db_ctx
, list_trusted_domain
, (void *)&state
, NULL
);
134 *num_domains
= state
.num_domains
;
135 *domains
= state
.domains
;
139 /* In order to avoid direct linking against libsecrets for pdb modules
140 * following helpers are provided for pdb module writers.
141 * To differentiate them from pdb_* API, they are prefixed by PDB upper case
143 bool PDB_secrets_store_domain_sid(const char *domain
, const struct dom_sid
*sid
)
145 return secrets_store_domain_sid(domain
, sid
);
148 bool PDB_secrets_mark_domain_protected(const char *domain
)
150 return secrets_mark_domain_protected(domain
);
153 bool PDB_secrets_clear_domain_protection(const char *domain
)
155 return secrets_clear_domain_protection(domain
);
158 bool PDB_secrets_fetch_domain_sid(const char *domain
, struct dom_sid
*sid
)
160 return secrets_fetch_domain_sid(domain
, sid
);
163 bool PDB_secrets_store_domain_guid(const char *domain
, struct GUID
*guid
)
165 return secrets_store_domain_guid(domain
, guid
);
168 bool PDB_secrets_fetch_domain_guid(const char *domain
, struct GUID
*guid
)
170 return secrets_fetch_domain_guid(domain
, guid
);