2 Unix SMB/Netbios implementation.
4 Samba registry functions
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 /* the Samba secrets database stores any generated, private information
23 such as the local SID and machine trust password */
27 static TDB_CONTEXT
*tdb
;
29 /* open up the secrets database */
30 BOOL
secrets_init(void)
37 get_private_directory(fname
);
38 pstrcat(fname
,"/secrets.tdb");
40 tdb
= tdb_open_log(fname
, 0, TDB_DEFAULT
, O_RDWR
|O_CREAT
, 0600);
43 DEBUG(0,("Failed to open %s\n", fname
));
49 /* read a entry from the secrets database - the caller must free the result
50 if size is non-null then the size of the entry is put in there
52 void *secrets_fetch(char *key
, size_t *size
)
58 kbuf
.dsize
= strlen(key
);
59 dbuf
= tdb_fetch(tdb
, kbuf
);
65 /* store a secrets entry
67 BOOL
secrets_store(char *key
, void *data
, size_t size
)
73 kbuf
.dsize
= strlen(key
);
76 return tdb_store(tdb
, kbuf
, dbuf
, TDB_REPLACE
) == 0;
80 /* delete a secets database entry
82 BOOL
secrets_delete(char *key
)
88 kbuf
.dsize
= strlen(key
);
89 return tdb_delete(tdb
, kbuf
) == 0;
92 BOOL
secrets_store_domain_sid(char *domain
, DOM_SID
*sid
)
96 slprintf(key
, sizeof(key
)-1, "%s/%s", SECRETS_DOMAIN_SID
, domain
);
98 return secrets_store(key
, sid
, sizeof(DOM_SID
));
101 BOOL
secrets_fetch_domain_sid(char *domain
, DOM_SID
*sid
)
107 slprintf(key
, sizeof(key
)-1, "%s/%s", SECRETS_DOMAIN_SID
, domain
);
109 dos_to_unix(key
); /* Convert key to unix-codepage */
110 dyn_sid
= (DOM_SID
*)secrets_fetch(key
, &size
);
115 if (size
!= sizeof(DOM_SID
))
126 /************************************************************************
127 form a key for fetching a domain trust password
128 ************************************************************************/
130 char *trust_keystr(char *domain
)
132 static fstring keystr
;
135 fstrcpy(dos_domain
, domain
);
136 unix_to_dos(dos_domain
);
138 slprintf(keystr
,sizeof(keystr
)-1,"%s/%s",
139 SECRETS_MACHINE_ACCT_PASS
, dos_domain
);
145 /************************************************************************
146 Lock the trust password entry.
147 ************************************************************************/
149 BOOL
secrets_lock_trust_account_password(char *domain
, BOOL dolock
)
155 return (tdb_lock_bystring(tdb
, trust_keystr(domain
),0) == 0);
157 tdb_unlock_bystring(tdb
, trust_keystr(domain
));
161 /************************************************************************
162 Routine to get the trust account password for a domain.
163 The user of this function must have locked the trust password file using
165 ************************************************************************/
167 BOOL
secrets_fetch_trust_account_password(char *domain
, uint8 ret_pwd
[16],
168 time_t *pass_last_set_time
)
170 struct machine_acct_pass
*pass
;
173 if (!(pass
= secrets_fetch(trust_keystr(domain
), &size
)) ||
174 size
!= sizeof(*pass
))
177 if (pass_last_set_time
) *pass_last_set_time
= pass
->mod_time
;
178 memcpy(ret_pwd
, pass
->hash
, 16);
184 /************************************************************************
185 Routine to set the trust account password for a domain.
186 ************************************************************************/
187 BOOL
secrets_store_trust_account_password(char *domain
, uint8 new_pwd
[16])
189 struct machine_acct_pass pass
;
191 pass
.mod_time
= time(NULL
);
192 memcpy(pass
.hash
, new_pwd
, 16);
194 return secrets_store(trust_keystr(domain
), (void *)&pass
, sizeof(pass
));
197 /************************************************************************
198 Routine to delete the trust account password file for a domain.
199 ************************************************************************/
201 BOOL
trust_password_delete(char *domain
)
203 return secrets_delete(trust_keystr(domain
));
206 /*******************************************************************
207 Reset the 'done' variables so after a client process is created
208 from a fork call these calls will be re-done. This should be
209 expanded if more variables need reseting.
210 ******************************************************************/
212 void reset_globals_after_fork(void)
217 * Increment the global seed value to ensure every smbd starts
218 * with a new random seed.
222 int32 initial_val
= sys_getpid();
223 tdb_change_int32_atomic(tdb
, "INFO/random_seed", (int *)&initial_val
, 1);
224 set_rand_reseed_data((unsigned char *)&initial_val
, sizeof(initial_val
));
228 * Re-seed the random crypto generator, so all smbd's
229 * started from the same parent won't generate the same
232 generate_random_buffer( &dummy
, 1, True
);
235 BOOL
secrets_store_ldap_pw(char* dn
, char* pw
)
242 if (*p
== ',') *p
= '/';
244 return secrets_store(key
, pw
, strlen(pw
));
247 BOOL
fetch_ldap_pw(char *dn
, char* pw
, int len
)
256 if (*p
== ',') *p
= '/';
258 data
=secrets_fetch(key
, &size
);
260 DEBUG(0,("fetch_ldap_pw: no ldap secret retrieved!\n"));
266 DEBUG(0,("fetch_ldap_pw: ldap secret is too long (%d > %d)!\n", size
, len
-1));
270 memcpy(pw
, data
, size
);
277 lock the secrets tdb based on a string - this is used as a primitive form of mutex
278 between smbd instances.
280 BOOL
secrets_named_mutex(const char *name
, unsigned int timeout
)
287 ret
= tdb_lock_bystring(tdb
, name
, timeout
);
289 DEBUG(10,("secrets_named_mutex: got mutex for %s\n", name
));
297 void secrets_named_mutex_release(char *name
)
299 tdb_unlock_bystring(tdb
, name
);
300 DEBUG(10,("secrets_named_mutex: released mutex for %s\n", name
));