s3-passdb: wrap secrets.tdb accessors used by PDB modules

PDB modules store domain sid and guid in secrets.tdb to cooperate
with other parts of smbd. If PDB module is built outside Samba
source code it has to be linked against internal libsecrets.

Wrap required secrets_* calls to avoid direct linking. libpdb
is linked against libsecrets by itself and this is enough.

diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index ec724bccfad920cff7329348d04e4bb81bec3b8b..5202bd3af4fc8799fcd0612cb2349b8cceecf682 100644 (file)
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -922,4 +922,15 @@ void unixid_from_uid(struct unixid *id, uint32_t some_uid);
 void unixid_from_gid(struct unixid *id, uint32_t some_gid);
 void unixid_from_both(struct unixid *id, uint32_t some_id);
 
+/* The following definitions come from passdb/pdb_secrets.c
+ * and should be used by PDB modules if they need to store
+ * sid/guid information for the domain in secrets database
+ */
+bool PDB_secrets_mark_domain_protected(const char *domain);
+bool PDB_secrets_clear_domain_protection(const char *domain);
+bool PDB_secrets_store_domain_sid(const char *domain, const struct dom_sid  *sid);
+bool PDB_secrets_fetch_domain_sid(const char *domain, struct dom_sid  *sid);
+bool PDB_secrets_store_domain_guid(const char *domain, struct GUID *guid);
+bool PDB_secrets_fetch_domain_guid(const char *domain, struct GUID *guid);
+
 #endif /* _PASSDB_H */

diff --git a/source3/passdb/pdb_secrets.c b/source3/passdb/pdb_secrets.c
index 30262c999f2fcf4356859a609917bd1b8844d390..ad4fe4ab71e705882e13c243c301a6928de2ba0f 100644 (file)
--- a/source3/passdb/pdb_secrets.c
+++ b/source3/passdb/pdb_secrets.c
@@ -135,3 +135,37 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
        *domains = state.domains;
        return NT_STATUS_OK;
 }
+
+/* In order to avoid direct linking against libsecrets for pdb modules
+ * following helpers are provided for pdb module writers.
+ * To differentiate them from pdb_* API, they are prefixed by PDB upper case
+ */
+bool PDB_secrets_store_domain_sid(const char *domain, const struct dom_sid *sid)
+{
+       return secrets_store_domain_sid(domain, sid);
+}
+
+bool PDB_secrets_mark_domain_protected(const char *domain)
+{
+       return secrets_mark_domain_protected(domain);
+}
+
+bool PDB_secrets_clear_domain_protection(const char *domain)
+{
+       return secrets_clear_domain_protection(domain);
+}
+
+bool PDB_secrets_fetch_domain_sid(const char *domain, struct dom_sid  *sid)
+{
+       return secrets_fetch_domain_sid(domain, sid);
+}
+
+bool PDB_secrets_store_domain_guid(const char *domain, struct GUID *guid)
+{
+       return secrets_store_domain_guid(domain, guid);
+}
+
+bool PDB_secrets_fetch_domain_guid(const char *domain, struct GUID *guid)
+{
+       return secrets_fetch_domain_guid(domain, guid);
+}