search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
sync'ing up for 3.0alpha20 release
[Samba.git] / source / passdb / machine_sid.c
blobe1a1de83a6037a55c96b8af1119baf5b7bce0de3
1 /*
2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Jeremy Allison 1996-2002
5 Copyright (C) Andrew Tridgell 2002
6 Copyright (C) Gerald (Jerry) Carter 2000
7 Copyright (C) Stefan (metze) Metzmacher 2002
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 /* NOTE! the global_sam_sid is the SID of our local SAM. This is only
27 equal to the domain SID when we are a DC, otherwise its our
28 workstation SID */
29 static DOM_SID *global_sam_sid=NULL;
30
31 #undef DBGC_CLASS
32 #define DBGC_CLASS DBGC_PASSDB
33
34 /****************************************************************************
35 Read a SID from a file. This is for compatibility with the old MACHINE.SID
36 style of SID storage
37 ****************************************************************************/
38 static BOOL read_sid_from_file(const char *fname, DOM_SID *sid)
39 {
40 char **lines;
41 int numlines;
42 BOOL ret;
43
44 lines = file_lines_load(fname, &numlines);
45
46 if (!lines || numlines < 1) {
47 if (lines) file_lines_free(lines);
48 return False;
49 }
50
51 ret = string_to_sid(sid, lines[0]);
52 file_lines_free(lines);
53 return ret;
54 }
55
56 /*
57 generate a random sid - used to build our own sid if we don't have one
58 */
59 static void generate_random_sid(DOM_SID *sid)
60 {
61 int i;
62 uchar raw_sid_data[12];
63
64 memset((char *)sid, '\0', sizeof(*sid));
65 sid->sid_rev_num = 1;
66 sid->id_auth[5] = 5;
67 sid->num_auths = 0;
68 sid->sub_auths[sid->num_auths++] = 21;
69
70 generate_random_buffer(raw_sid_data, 12, True);
71 for (i = 0; i < 3; i++)
72 sid->sub_auths[sid->num_auths++] = IVAL(raw_sid_data, i*4);
73 }
74
75 /****************************************************************************
76 Generate the global machine sid.
77 ****************************************************************************/
78
79 static BOOL pdb_generate_sam_sid(void)
80 {
81 char *fname = NULL;
82 extern pstring global_myname;
83 BOOL is_dc = False;
84
85 if(global_sam_sid==NULL)
86 if(!(global_sam_sid=(DOM_SID *)malloc(sizeof(DOM_SID))))
87 return False;
88
89 generate_wellknown_sids();
90
91 switch (lp_server_role()) {
92 case ROLE_DOMAIN_PDC:
93 case ROLE_DOMAIN_BDC:
94 is_dc = True;
95 break;
96 default:
97 is_dc = False;
98 break;
99 }
100
101 if (secrets_fetch_domain_sid(global_myname, global_sam_sid)) {
102 DOM_SID domain_sid;
103
104 /* We got our sid. If not a pdc/bdc, we're done. */
105 if (!is_dc)
106 return True;
107
108 if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
109
110 /* No domain sid and we're a pdc/bdc. Store it */
111
112 if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
113 DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n"));
114 return False;
115 }
116 return True;
117 }
118
119 if (!sid_equal(&domain_sid, global_sam_sid)) {
120
121 /* Domain name sid doesn't match global sam sid. Re-store global sam sid as domain sid. */
122
123 DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n"));
124 if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
125 DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID as a pdc/bdc.\n"));
126 return False;
127 }
128 return True;
129 }
130
131 return True;
132
133 }
134
135 /* check for an old MACHINE.SID file for backwards compatibility */
136 asprintf(&fname, "%s/MACHINE.SID", lp_private_dir());
137
138 if (read_sid_from_file(fname, global_sam_sid)) {
139 /* remember it for future reference and unlink the old MACHINE.SID */
140 if (!secrets_store_domain_sid(global_myname, global_sam_sid)) {
141 DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n"));
142 SAFE_FREE(fname);
143 return False;
144 }
145 unlink(fname);
146 if (is_dc) {
147 if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
148 DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n"));
149 SAFE_FREE(fname);
150 return False;
151 }
152 }
153
154 /* Stored the old sid from MACHINE.SID successfully.*/
155 SAFE_FREE(fname);
156 return True;
157 }
158
159 SAFE_FREE(fname);
160
161 /* we don't have the SID in secrets.tdb, we will need to
162 generate one and save it */
163 generate_random_sid(global_sam_sid);
164
165 if (!secrets_store_domain_sid(global_myname, global_sam_sid)) {
166 DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n"));
167 return False;
168 }
169 if (is_dc) {
170 if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
171 DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n"));
172 return False;
173 }
174 }
175
176 return True;
177 }
178
179 /* return our global_sam_sid */
180 DOM_SID *get_global_sam_sid(void)
181 {
182 if (global_sam_sid != NULL)
183 return global_sam_sid;
184
185 /* memory for global_sam_sid is allocated in
186 pdb_generate_sam_sid() as needed */
187
188 if (!pdb_generate_sam_sid())
189 global_sam_sid=NULL;
190
191 return global_sam_sid;
192 }
193
Samba GIT mirror