Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Copyright (C) Andrew Tridgell 1992-2001
4 : Copyright (C) Andrew Bartlett 2002
5 : Copyright (C) Rafal Szczesniak 2002
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : /* the Samba secrets database stores any generated, private information
22 : such as the local SID and machine trust password */
23 :
24 : #include "includes.h"
25 : #include "secrets.h"
26 : #include "param/param.h"
27 : #include "system/filesys.h"
28 : #include "lib/tdb_wrap/tdb_wrap.h"
29 : #include "lib/ldb-samba/ldb_wrap.h"
30 : #include <ldb.h>
31 : #include "../lib/util/util_tdb.h"
32 : #include "librpc/gen_ndr/ndr_security.h"
33 : #include "dsdb/samdb/samdb.h"
34 :
35 : /**
36 : create or connect to the secrets ldb
37 : */
38 11 : struct ldb_context *secrets_db_create(TALLOC_CTX *mem_ctx,
39 : struct loadparm_context *lp_ctx)
40 : {
41 11 : return ldb_wrap_connect(mem_ctx, NULL, lp_ctx, "secrets.ldb",
42 : NULL, NULL, 0);
43 : }
44 :
45 : /**
46 : connect to the secrets ldb
47 : */
48 70095 : struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx,
49 : struct loadparm_context *lp_ctx)
50 : {
51 70095 : return ldb_wrap_connect(mem_ctx, NULL, lp_ctx, "secrets.ldb",
52 : NULL, NULL, LDB_FLG_DONT_CREATE_DB);
53 : }
54 :
55 : /**
56 : * Retrieve the domain SID from the secrets database.
57 : * @return pointer to a SID object if the SID could be obtained, NULL otherwise
58 : */
59 0 : struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
60 : struct loadparm_context *lp_ctx,
61 : const char *domain,
62 : enum netr_SchannelType *sec_channel_type,
63 : char **errstring)
64 : {
65 0 : struct ldb_context *ldb;
66 0 : struct ldb_message *msg;
67 0 : int ldb_ret;
68 0 : const char *attrs[] = { "objectSid", "secureChannelType", NULL };
69 0 : struct dom_sid *result = NULL;
70 0 : const struct ldb_val *v;
71 0 : enum ndr_err_code ndr_err;
72 :
73 0 : *errstring = NULL;
74 :
75 0 : ldb = secrets_db_connect(mem_ctx, lp_ctx);
76 0 : if (ldb == NULL) {
77 0 : DEBUG(5, ("secrets_db_connect failed\n"));
78 0 : return NULL;
79 : }
80 :
81 0 : ldb_ret = dsdb_search_one(ldb, ldb, &msg,
82 : ldb_dn_new(mem_ctx, ldb, SECRETS_PRIMARY_DOMAIN_DN),
83 : LDB_SCOPE_ONELEVEL,
84 : attrs, 0, SECRETS_PRIMARY_DOMAIN_FILTER, domain);
85 :
86 0 : if (ldb_ret != LDB_SUCCESS) {
87 0 : *errstring = talloc_asprintf(mem_ctx, "Failed to find record for %s in %s: %s: %s",
88 0 : domain, (char *) ldb_get_opaque(ldb, "ldb_url"),
89 : ldb_strerror(ldb_ret), ldb_errstring(ldb));
90 0 : return NULL;
91 : }
92 0 : v = ldb_msg_find_ldb_val(msg, "objectSid");
93 0 : if (v == NULL) {
94 0 : *errstring = talloc_asprintf(mem_ctx, "Failed to find a SID on record for %s in %s",
95 0 : domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
96 0 : return NULL;
97 : }
98 :
99 0 : if (sec_channel_type) {
100 0 : int t;
101 0 : t = ldb_msg_find_attr_as_int(msg, "secureChannelType", -1);
102 0 : if (t == -1) {
103 0 : *errstring = talloc_asprintf(mem_ctx, "Failed to find secureChannelType for %s in %s",
104 0 : domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
105 0 : return NULL;
106 : }
107 0 : *sec_channel_type = t;
108 : }
109 :
110 0 : result = talloc(mem_ctx, struct dom_sid);
111 0 : if (result == NULL) {
112 0 : talloc_free(ldb);
113 0 : return NULL;
114 : }
115 :
116 0 : ndr_err = ndr_pull_struct_blob(v, result, result,
117 : (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
118 0 : if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
119 0 : *errstring = talloc_asprintf(mem_ctx, "Failed to parse SID on record for %s in %s",
120 0 : domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
121 0 : talloc_free(result);
122 0 : talloc_free(ldb);
123 0 : return NULL;
124 : }
125 :
126 0 : return result;
127 : }
128 :
129 67662 : char *keytab_name_from_msg(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_message *msg)
130 : {
131 67662 : const char *krb5keytab = ldb_msg_find_attr_as_string(msg, "krb5Keytab", NULL);
132 67662 : if (krb5keytab) {
133 0 : return talloc_strdup(mem_ctx, krb5keytab);
134 : } else {
135 2681 : char *file_keytab;
136 2681 : char *relative_path;
137 67662 : const char *privateKeytab = ldb_msg_find_attr_as_string(msg, "privateKeytab", NULL);
138 67662 : if (!privateKeytab) {
139 0 : return NULL;
140 : }
141 :
142 67662 : relative_path = ldb_relative_path(ldb, mem_ctx, privateKeytab);
143 67662 : if (!relative_path) {
144 0 : return NULL;
145 : }
146 67662 : file_keytab = talloc_asprintf(mem_ctx, "FILE:%s", relative_path);
147 67662 : talloc_free(relative_path);
148 67662 : return file_keytab;
149 : }
150 : return NULL;
151 : }
152 :
|
