2 Unix SMB/CIFS implementation.
3 Copyright (C) Andrew Tridgell 1992-2001
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Rafal Szczesniak 2002
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 /* the Samba secrets database stores any generated, private information
22 such as the local SID and machine trust password */
26 #include "param/param.h"
27 #include "system/filesys.h"
28 #include "lib/tdb_wrap/tdb_wrap.h"
29 #include "lib/ldb-samba/ldb_wrap.h"
31 #include "../lib/util/util_tdb.h"
32 #include "librpc/gen_ndr/ndr_security.h"
33 #include "dsdb/samdb/samdb.h"
36 create or connect to the secrets ldb
38 struct ldb_context
*secrets_db_create(TALLOC_CTX
*mem_ctx
,
39 struct loadparm_context
*lp_ctx
)
41 return ldb_wrap_connect(mem_ctx
, NULL
, lp_ctx
, "secrets.ldb",
46 connect to the secrets ldb
48 struct ldb_context
*secrets_db_connect(TALLOC_CTX
*mem_ctx
,
49 struct loadparm_context
*lp_ctx
)
51 return ldb_wrap_connect(mem_ctx
, NULL
, lp_ctx
, "secrets.ldb",
52 NULL
, NULL
, LDB_FLG_DONT_CREATE_DB
);
56 * Retrieve the domain SID from the secrets database.
57 * @return pointer to a SID object if the SID could be obtained, NULL otherwise
59 struct dom_sid
*secrets_get_domain_sid(TALLOC_CTX
*mem_ctx
,
60 struct loadparm_context
*lp_ctx
,
62 enum netr_SchannelType
*sec_channel_type
,
65 struct ldb_context
*ldb
;
66 struct ldb_message
*msg
;
68 const char *attrs
[] = { "objectSid", "secureChannelType", NULL
};
69 struct dom_sid
*result
= NULL
;
70 const struct ldb_val
*v
;
71 enum ndr_err_code ndr_err
;
75 ldb
= secrets_db_connect(mem_ctx
, lp_ctx
);
77 DEBUG(5, ("secrets_db_connect failed\n"));
81 ldb_ret
= dsdb_search_one(ldb
, ldb
, &msg
,
82 ldb_dn_new(mem_ctx
, ldb
, SECRETS_PRIMARY_DOMAIN_DN
),
84 attrs
, 0, SECRETS_PRIMARY_DOMAIN_FILTER
, domain
);
86 if (ldb_ret
!= LDB_SUCCESS
) {
87 *errstring
= talloc_asprintf(mem_ctx
, "Failed to find record for %s in %s: %s: %s",
88 domain
, (char *) ldb_get_opaque(ldb
, "ldb_url"),
89 ldb_strerror(ldb_ret
), ldb_errstring(ldb
));
92 v
= ldb_msg_find_ldb_val(msg
, "objectSid");
94 *errstring
= talloc_asprintf(mem_ctx
, "Failed to find a SID on record for %s in %s",
95 domain
, (char *) ldb_get_opaque(ldb
, "ldb_url"));
99 if (sec_channel_type
) {
101 t
= ldb_msg_find_attr_as_int(msg
, "secureChannelType", -1);
103 *errstring
= talloc_asprintf(mem_ctx
, "Failed to find secureChannelType for %s in %s",
104 domain
, (char *) ldb_get_opaque(ldb
, "ldb_url"));
107 *sec_channel_type
= t
;
110 result
= talloc(mem_ctx
, struct dom_sid
);
111 if (result
== NULL
) {
116 ndr_err
= ndr_pull_struct_blob(v
, result
, result
,
117 (ndr_pull_flags_fn_t
)ndr_pull_dom_sid
);
118 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
119 *errstring
= talloc_asprintf(mem_ctx
, "Failed to parse SID on record for %s in %s",
120 domain
, (char *) ldb_get_opaque(ldb
, "ldb_url"));
129 char *keytab_name_from_msg(TALLOC_CTX
*mem_ctx
, struct ldb_context
*ldb
, struct ldb_message
*msg
)
131 const char *krb5keytab
= ldb_msg_find_attr_as_string(msg
, "krb5Keytab", NULL
);
133 return talloc_strdup(mem_ctx
, krb5keytab
);
137 const char *privateKeytab
= ldb_msg_find_attr_as_string(msg
, "privateKeytab", NULL
);
138 if (!privateKeytab
) {
142 relative_path
= ldb_relative_path(ldb
, mem_ctx
, privateKeytab
);
143 if (!relative_path
) {
146 file_keytab
= talloc_asprintf(mem_ctx
, "FILE:%s", relative_path
);
147 talloc_free(relative_path
);
