2 Unix SMB/CIFS implementation.
3 Copyright (C) Andrew Tridgell 1992-2001
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Rafal Szczesniak 2002
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 /* the Samba secrets database stores any generated, private information
22 such as the local SID and machine trust password */
26 #include "param/param.h"
27 #include "system/filesys.h"
28 #include "lib/tdb_wrap/tdb_wrap.h"
29 #include "lib/ldb-samba/ldb_wrap.h"
31 #include "../lib/util/util_tdb.h"
32 #include "librpc/gen_ndr/ndr_security.h"
33 #include "dsdb/samdb/samdb.h"
36 connect to the secrets ldb
38 struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx,
39 struct loadparm_context *lp_ctx,
42 return ldb_wrap_connect(mem_ctx, NULL, lp_ctx, "secrets.ldb",
47 * Retrieve the domain SID from the secrets database.
48 * @return pointer to a SID object if the SID could be obtained, NULL otherwise
50 struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
51 struct loadparm_context *lp_ctx,
53 enum netr_SchannelType *sec_channel_type,
56 struct ldb_context *ldb;
57 struct ldb_message *msg;
59 const char *attrs[] = { "objectSid", "secureChannelType", NULL };
60 struct dom_sid *result = NULL;
61 const struct ldb_val *v;
62 enum ndr_err_code ndr_err;
66 ldb = secrets_db_connect(mem_ctx, lp_ctx);
68 DEBUG(5, ("secrets_db_connect failed\n"));
72 ldb_ret = dsdb_search_one(ldb, ldb, &msg,
73 ldb_dn_new(mem_ctx, ldb, SECRETS_PRIMARY_DOMAIN_DN),
75 attrs, 0, SECRETS_PRIMARY_DOMAIN_FILTER, domain);
77 if (ldb_ret != LDB_SUCCESS) {
78 *errstring = talloc_asprintf(mem_ctx, "Failed to find record for %s in %s: %s: %s",
79 domain, (char *) ldb_get_opaque(ldb, "ldb_url"),
80 ldb_strerror(ldb_ret), ldb_errstring(ldb));
83 v = ldb_msg_find_ldb_val(msg, "objectSid");
85 *errstring = talloc_asprintf(mem_ctx, "Failed to find a SID on record for %s in %s",
86 domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
90 if (sec_channel_type) {
92 t = ldb_msg_find_attr_as_int(msg, "secureChannelType", -1);
94 *errstring = talloc_asprintf(mem_ctx, "Failed to find secureChannelType for %s in %s",
95 domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
98 *sec_channel_type = t;
101 result = talloc(mem_ctx, struct dom_sid);
102 if (result == NULL) {
107 ndr_err = ndr_pull_struct_blob(v, result, result,
108 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
109 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
110 *errstring = talloc_asprintf(mem_ctx, "Failed to parse SID on record for %s in %s",
111 domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
120 char *keytab_name_from_msg(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_message *msg)
122 const char *krb5keytab = ldb_msg_find_attr_as_string(msg, "krb5Keytab", NULL);
124 return talloc_strdup(mem_ctx, krb5keytab);
128 const char *privateKeytab = ldb_msg_find_attr_as_string(msg, "privateKeytab", NULL);
129 if (!privateKeytab) {
133 relative_path = ldb_relative_path(ldb, mem_ctx, privateKeytab);
134 if (!relative_path) {
137 file_keytab = talloc_asprintf(mem_ctx, "FILE:%s", relative_path);
138 talloc_free(relative_path);
git.samba.org / metze / samba / wip.git / blob