source/passdb/secrets.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 3.0.
   4    Samba registry functions
   5    Copyright (C) Andrew Tridgell 1992-1998
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 2 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, write to the Free Software
  19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 /* the Samba secrets database stores any generated, private information
  23    such as the local SID and machine trust password */
  24
  25 #include "includes.h"
  26
  27 static TDB_CONTEXT *tdb;
  28
  29 /* open up the secrets database */
  30 BOOL secrets_init(void)
  31 {
  32         pstring fname;
  33
  34         if (tdb)
  35                 return True;
  36
  37         get_private_directory(fname);
  38         pstrcat(fname,"/secrets.tdb");
  39
  40         tdb = tdb_open_log(fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
  41
  42         if (!tdb) {
  43                 DEBUG(0,("Failed to open %s\n", fname));
  44                 return False;
  45         }
  46         return True;
  47 }
  48
  49 /* read a entry from the secrets database - the caller must free the result
  50    if size is non-null then the size of the entry is put in there
  51  */
  52 void *secrets_fetch(char *key, size_t *size)
  53 {
  54         TDB_DATA kbuf, dbuf;
  55         if (!tdb)
  56                 return False;
  57         kbuf.dptr = key;
  58         kbuf.dsize = strlen(key);
  59         dbuf = tdb_fetch(tdb, kbuf);
  60         if (size)
  61                 *size = dbuf.dsize;
  62         return dbuf.dptr;
  63 }
  64
  65 /* store a secrets entry
  66  */
  67 BOOL secrets_store(char *key, void *data, size_t size)
  68 {
  69         TDB_DATA kbuf, dbuf;
  70         if (!tdb)
  71                 return False;
  72         kbuf.dptr = key;
  73         kbuf.dsize = strlen(key);
  74         dbuf.dptr = data;
  75         dbuf.dsize = size;
  76         return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) == 0;
  77 }
  78
  79
  80 /* delete a secets database entry
  81  */
  82 BOOL secrets_delete(char *key)
  83 {
  84         TDB_DATA kbuf;
  85         if (!tdb)
  86                 return False;
  87         kbuf.dptr = key;
  88         kbuf.dsize = strlen(key);
  89         return tdb_delete(tdb, kbuf) == 0;
  90 }
  91
  92 BOOL secrets_store_domain_sid(char *domain, DOM_SID *sid)
  93 {
  94         fstring key;
  95
  96         slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_SID, domain);
  97         strupper(key);
  98         return secrets_store(key, sid, sizeof(DOM_SID));
  99 }
 100
 101 BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid)
 102 {
 103         DOM_SID *dyn_sid;
 104         fstring key;
 105         size_t size;
 106
 107         slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_SID, domain);
 108         strupper(key);
 109         dos_to_unix(key);                /* Convert key to unix-codepage */
 110         dyn_sid = (DOM_SID *)secrets_fetch(key, &size);
 111
 112         if (dyn_sid == NULL)
 113                 return False;
 114
 115         if (size != sizeof(DOM_SID))
 116         {
 117                 SAFE_FREE(dyn_sid);
 118                 return False;
 119         }
 120
 121         *sid = *dyn_sid;
 122         SAFE_FREE(dyn_sid);
 123         return True;
 124 }
 125
 126 /************************************************************************
 127 form a key for fetching a domain trust password
 128 ************************************************************************/
 129
 130 char *trust_keystr(char *domain)
 131 {
 132         static fstring keystr;
 133         fstring dos_domain;
 134
 135         fstrcpy(dos_domain, domain);
 136         unix_to_dos(dos_domain);
 137
 138         slprintf(keystr,sizeof(keystr)-1,"%s/%s",
 139                  SECRETS_MACHINE_ACCT_PASS, dos_domain);
 140
 141         strupper(keystr);
 142         return keystr;
 143 }
 144
 145 /************************************************************************
 146  Lock the trust password entry.
 147 ************************************************************************/
 148
 149 BOOL secrets_lock_trust_account_password(char *domain, BOOL dolock)
 150 {
 151         if (!tdb)
 152                 return False;
 153
 154         if (dolock)
 155                 return (tdb_lock_bystring(tdb, trust_keystr(domain),0) == 0);
 156         else
 157                 tdb_unlock_bystring(tdb, trust_keystr(domain));
 158         return True;
 159 }
 160
 161 /************************************************************************
 162  Routine to get the trust account password for a domain.
 163  The user of this function must have locked the trust password file using
 164  the above call.
 165 ************************************************************************/
 166
 167 BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16],
 168                                           time_t *pass_last_set_time)
 169 {
 170         struct machine_acct_pass *pass;
 171         size_t size;
 172
 173         if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
 174             size != sizeof(*pass))
 175                 return False;
 176
 177         if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
 178         memcpy(ret_pwd, pass->hash, 16);
 179         SAFE_FREE(pass);
 180         return True;
 181 }
 182
 183
 184 /************************************************************************
 185  Routine to set the trust account password for a domain.
 186 ************************************************************************/
 187 BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16])
 188 {
 189         struct machine_acct_pass pass;
 190
 191         pass.mod_time = time(NULL);
 192         memcpy(pass.hash, new_pwd, 16);
 193
 194         return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
 195 }
 196
 197 /************************************************************************
 198  Routine to delete the trust account password file for a domain.
 199 ************************************************************************/
 200
 201 BOOL trust_password_delete(char *domain)
 202 {
 203         return secrets_delete(trust_keystr(domain));
 204 }
 205
 206 /*******************************************************************
 207  Reset the 'done' variables so after a client process is created
 208  from a fork call these calls will be re-done. This should be
 209  expanded if more variables need reseting.
 210  ******************************************************************/
 211
 212 void reset_globals_after_fork(void)
 213 {
 214         unsigned char dummy;
 215
 216         /*
 217          * Increment the global seed value to ensure every smbd starts
 218          * with a new random seed.
 219          */
 220
 221         if (tdb) {
 222                 int32 initial_val = sys_getpid();
 223                 tdb_change_int32_atomic(tdb, "INFO/random_seed", (int *)&initial_val, 1);
 224                 set_rand_reseed_data((unsigned char *)&initial_val, sizeof(initial_val));
 225         }
 226
 227         /*
 228          * Re-seed the random crypto generator, so all smbd's
 229          * started from the same parent won't generate the same
 230          * sequence.
 231          */
 232         generate_random_buffer( &dummy, 1, True);
 233 }
 234
 235 BOOL secrets_store_ldap_pw(char* dn, char* pw)
 236 {
 237         fstring key;
 238         char *p;
 239
 240         pstrcpy(key, dn);
 241         for (p=key; *p; p++)
 242                 if (*p == ',') *p = '/';
 243
 244         return secrets_store(key, pw, strlen(pw));
 245 }
 246
 247 BOOL fetch_ldap_pw(char *dn, char* pw, int len)
 248 {
 249         fstring key;
 250         char *p;
 251         void *data = NULL;
 252         size_t size;
 253
 254         pstrcpy(key, dn);
 255         for (p=key; *p; p++)
 256                 if (*p == ',') *p = '/';
 257
 258         data=secrets_fetch(key, &size);
 259         if (!size) {
 260                 DEBUG(0,("fetch_ldap_pw: no ldap secret retrieved!\n"));
 261                 return False;
 262         }
 263
 264         if (size > len-1)
 265         {
 266                 DEBUG(0,("fetch_ldap_pw: ldap secret is too long (%d > %d)!\n", size, len-1));
 267                 return False;
 268         }
 269
 270         memcpy(pw, data, size);
 271         pw[size] = '\0';
 272
 273         return True;
 274 }
 275
 276 /*
 277   lock the secrets tdb based on a string - this is used as a primitive form of mutex
 278   between smbd instances.
 279 */
 280 BOOL secrets_named_mutex(const char *name, unsigned int timeout)
 281 {
 282         int ret;
 283
 284         if (!message_init())
 285                 return False;
 286
 287         ret = tdb_lock_bystring(tdb, name, timeout);
 288         if (ret == 0)
 289                 DEBUG(10,("secrets_named_mutex: got mutex for %s\n", name ));
 290
 291         return (ret == 0);
 292 }
 293
 294 /*
 295   unlock a named mutex
 296 */
 297 void secrets_named_mutex_release(char *name)
 298 {
 299         tdb_unlock_bystring(tdb, name);
 300         DEBUG(10,("secrets_named_mutex: released mutex for %s\n", name ));
 301 }