[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Thu Oct 29 04:09:40 MDT 2009
The branch, master has been updated
via 184afaa... s3-secrets: use autogenerated code for TRUSTED_DOM_PASS struct parsing from a tdb.
via e92e332... s3: add secrets.idl.
from 83de5c8... tdb: update README a bit
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 184afaa04ca90e089be0071ffb024a884d9d347f
Author: Günther Deschner <gd at samba.org>
Date: Wed Oct 28 16:42:44 2009 +0100
s3-secrets: use autogenerated code for TRUSTED_DOM_PASS struct parsing from a tdb.
Guenther
commit e92e33238c79a917db7af9b6dfbf06ebaaba9fd8
Author: Günther Deschner <gd at samba.org>
Date: Wed Oct 28 16:21:53 2009 +0100
s3: add secrets.idl.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/Makefile.in | 6 +-
source3/include/secrets.h | 12 --
source3/librpc/gen_ndr/ndr_secrets.c | 79 +++++++++++
source3/librpc/gen_ndr/ndr_secrets.h | 13 ++
source3/librpc/gen_ndr/secrets.h | 19 +++
source3/librpc/idl/secrets.idl | 27 ++++
source3/passdb/secrets.c | 256 +++++-----------------------------
7 files changed, 178 insertions(+), 234 deletions(-)
create mode 100644 source3/librpc/gen_ndr/ndr_secrets.c
create mode 100644 source3/librpc/gen_ndr/ndr_secrets.h
create mode 100644 source3/librpc/gen_ndr/secrets.h
create mode 100644 source3/librpc/idl/secrets.idl
Changeset truncated at 500 lines:
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 6a150ac..748bfd3 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -451,7 +451,8 @@ LIBADS_SERVER_OBJ = libads/kerberos_verify.o libads/authdata.o \
../librpc/ndr/ndr_krb5pac.o \
../librpc/gen_ndr/ndr_krb5pac.o
-SECRETS_OBJ = passdb/secrets.o passdb/machine_sid.o
+SECRETS_OBJ = passdb/secrets.o passdb/machine_sid.o \
+ librpc/gen_ndr/ndr_secrets.o
LIBNBT_OBJ = ../libcli/nbt/nbtname.o \
../libcli/netlogon.o \
@@ -1405,7 +1406,8 @@ samba3-idl::
@PIDL_OUTPUTDIR="librpc/gen_ndr" PIDL_ARGS="$(PIDL_ARGS)" CPP="$(CPP)" PIDL="../pidl/pidl" \
srcdir="$(srcdir)" $(srcdir)/script/build_idl.sh \
librpc/idl/messaging.idl librpc/idl/libnetapi.idl librpc/idl/notify.idl \
- librpc/idl/wbint.idl librpc/idl/perfcount.idl
+ librpc/idl/wbint.idl librpc/idl/perfcount.idl \
+ librpc/idl/secrets.idl
#####################################################################
diff --git a/source3/include/secrets.h b/source3/include/secrets.h
index 3c8e2cc..f369379 100644
--- a/source3/include/secrets.h
+++ b/source3/include/secrets.h
@@ -61,18 +61,6 @@ struct machine_acct_pass {
};
/*
- * storage structure for trusted domain
- */
-typedef struct trusted_dom_pass {
- size_t uni_name_len;
- smb_ucs2_t uni_name[32]; /* unicode domain name */
- size_t pass_len;
- fstring pass; /* trust relationship's password */
- time_t mod_time;
- DOM_SID domain_sid; /* remote domain's sid */
-} TRUSTED_DOM_PASS;
-
-/*
* trusted domain entry/entries returned by secrets_get_trusted_domains
* (used in _lsa_enum_trust_dom call)
*/
diff --git a/source3/librpc/gen_ndr/ndr_secrets.c b/source3/librpc/gen_ndr/ndr_secrets.c
new file mode 100644
index 0000000..f9b6145
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_secrets.c
@@ -0,0 +1,79 @@
+/* parser auto-generated by pidl */
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_secrets.h"
+
+_PUBLIC_ enum ndr_err_code ndr_push_TRUSTED_DOM_PASS(struct ndr_push *ndr, int ndr_flags, const struct TRUSTED_DOM_PASS *r)
+{
+ {
+ uint32_t _flags_save_STRUCT = ndr->flags;
+ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_NOALIGN);
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_push_align(ndr, 4));
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, strlen_m_term(r->uni_name)));
+ NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->uni_name, 32, sizeof(uint16_t), CH_UTF16));
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, strlen(r->pass)));
+ {
+ uint32_t _flags_save_string = ndr->flags;
+ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
+ NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r->pass));
+ ndr->flags = _flags_save_string;
+ }
+ NDR_CHECK(ndr_push_time_t(ndr, NDR_SCALARS, r->mod_time));
+ NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->domain_sid));
+ NDR_CHECK(ndr_push_trailer_align(ndr, 4));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->domain_sid));
+ }
+ ndr->flags = _flags_save_STRUCT;
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_TRUSTED_DOM_PASS(struct ndr_pull *ndr, int ndr_flags, struct TRUSTED_DOM_PASS *r)
+{
+ {
+ uint32_t _flags_save_STRUCT = ndr->flags;
+ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_NOALIGN);
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_pull_align(ndr, 4));
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->uni_name_len));
+ NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->uni_name, 32, sizeof(uint16_t), CH_UTF16));
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->pass_len));
+ {
+ uint32_t _flags_save_string = ndr->flags;
+ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
+ NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->pass));
+ ndr->flags = _flags_save_string;
+ }
+ NDR_CHECK(ndr_pull_time_t(ndr, NDR_SCALARS, &r->mod_time));
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->domain_sid));
+ NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_BUFFERS, &r->domain_sid));
+ }
+ ndr->flags = _flags_save_STRUCT;
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_TRUSTED_DOM_PASS(struct ndr_print *ndr, const char *name, const struct TRUSTED_DOM_PASS *r)
+{
+ ndr_print_struct(ndr, name, "TRUSTED_DOM_PASS");
+ {
+ uint32_t _flags_save_STRUCT = ndr->flags;
+ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_NOALIGN);
+ ndr->depth++;
+ ndr_print_uint32(ndr, "uni_name_len", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?strlen_m_term(r->uni_name):r->uni_name_len);
+ ndr_print_string(ndr, "uni_name", r->uni_name);
+ ndr_print_uint32(ndr, "pass_len", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?strlen(r->pass):r->pass_len);
+ ndr_print_string(ndr, "pass", r->pass);
+ ndr_print_time_t(ndr, "mod_time", r->mod_time);
+ ndr_print_dom_sid(ndr, "domain_sid", &r->domain_sid);
+ ndr->depth--;
+ ndr->flags = _flags_save_STRUCT;
+ }
+}
+
diff --git a/source3/librpc/gen_ndr/ndr_secrets.h b/source3/librpc/gen_ndr/ndr_secrets.h
new file mode 100644
index 0000000..eef5ef4
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_secrets.h
@@ -0,0 +1,13 @@
+/* header auto-generated by pidl */
+
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/secrets.h"
+
+#ifndef _HEADER_NDR_secrets
+#define _HEADER_NDR_secrets
+
+#define NDR_SECRETS_CALL_COUNT (0)
+enum ndr_err_code ndr_push_TRUSTED_DOM_PASS(struct ndr_push *ndr, int ndr_flags, const struct TRUSTED_DOM_PASS *r);
+enum ndr_err_code ndr_pull_TRUSTED_DOM_PASS(struct ndr_pull *ndr, int ndr_flags, struct TRUSTED_DOM_PASS *r);
+void ndr_print_TRUSTED_DOM_PASS(struct ndr_print *ndr, const char *name, const struct TRUSTED_DOM_PASS *r);
+#endif /* _HEADER_NDR_secrets */
diff --git a/source3/librpc/gen_ndr/secrets.h b/source3/librpc/gen_ndr/secrets.h
new file mode 100644
index 0000000..c37a48c
--- /dev/null
+++ b/source3/librpc/gen_ndr/secrets.h
@@ -0,0 +1,19 @@
+/* header auto-generated by pidl */
+
+#include <stdint.h>
+
+#include "libcli/util/ntstatus.h"
+
+#ifndef _HEADER_secrets
+#define _HEADER_secrets
+
+struct TRUSTED_DOM_PASS {
+ uint32_t uni_name_len;/* [value(strlen_m_term(uni_name))] */
+ const char *uni_name;/* [charset(UTF16)] */
+ uint32_t pass_len;/* [value(strlen(pass))] */
+ const char * pass;/* [flag(LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM)] */
+ time_t mod_time;
+ struct dom_sid domain_sid;
+}/* [public,flag(LIBNDR_FLAG_NOALIGN)] */;
+
+#endif /* _HEADER_secrets */
diff --git a/source3/librpc/idl/secrets.idl b/source3/librpc/idl/secrets.idl
new file mode 100644
index 0000000..929c9bc
--- /dev/null
+++ b/source3/librpc/idl/secrets.idl
@@ -0,0 +1,27 @@
+#include "idl_types.h"
+
+/*
+ IDL structures for secrets code
+*/
+
+[
+ pointer_default(unique)
+]
+ interface secrets
+{
+
+ /*
+ * s3 on-disc storage structure for trusted domains, do not change !
+ */
+
+ typedef [flag(NDR_NOALIGN),public] struct {
+ [value(strlen_m_term(uni_name))] uint32 uni_name_len;
+ [charset(UTF16)] uint16 uni_name[32]; /* unicode domain name */
+ [value(strlen(pass))] uint32 pass_len;
+ astring pass; /* trust relationship's password */
+ time_t mod_time;
+ dom_sid domain_sid; /* remote domain's sid */
+ } TRUSTED_DOM_PASS;
+
+}
+
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 369abf8..67216a7 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
+#include "librpc/gen_ndr/ndr_secrets.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
@@ -476,178 +477,6 @@ bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
channel);
}
-/**
- * Pack SID passed by pointer
- *
- * @param pack_buf pointer to buffer which is to be filled with packed data
- * @param bufsize size of packing buffer
- * @param sid pointer to sid to be packed
- *
- * @return length of the packed representation of the whole structure
- **/
-static size_t tdb_sid_pack(uint8 *pack_buf, int bufsize, DOM_SID* sid)
-{
- int idx;
- size_t len = 0;
- uint8 *p = pack_buf;
- int remaining_space = pack_buf ? bufsize : 0;
-
- if (!sid) {
- return -1;
- }
-
- len += tdb_pack(p, remaining_space, "bb", sid->sid_rev_num,
- sid->num_auths);
- if (pack_buf) {
- p = pack_buf + len;
- remaining_space = bufsize - len;
- }
-
- for (idx = 0; idx < 6; idx++) {
- len += tdb_pack(p, remaining_space, "b",
- sid->id_auth[idx]);
- if (pack_buf) {
- p = pack_buf + len;
- remaining_space = bufsize - len;
- }
- }
-
- for (idx = 0; idx < MAXSUBAUTHS; idx++) {
- len += tdb_pack(p, remaining_space, "d",
- sid->sub_auths[idx]);
- if (pack_buf) {
- p = pack_buf + len;
- remaining_space = bufsize - len;
- }
- }
-
- return len;
-}
-
-/**
- * Unpack SID into a pointer
- *
- * @param pack_buf pointer to buffer with packed representation
- * @param bufsize size of the buffer
- * @param sid pointer to sid structure to be filled with unpacked data
- *
- * @return size of structure unpacked from buffer
- **/
-static size_t tdb_sid_unpack(uint8 *pack_buf, int bufsize, DOM_SID* sid)
-{
- int idx, len = 0;
-
- if (!sid || !pack_buf) return -1;
-
- len += tdb_unpack(pack_buf + len, bufsize - len, "bb",
- &sid->sid_rev_num, &sid->num_auths);
-
- for (idx = 0; idx < 6; idx++) {
- len += tdb_unpack(pack_buf + len, bufsize - len, "b",
- &sid->id_auth[idx]);
- }
-
- for (idx = 0; idx < MAXSUBAUTHS; idx++) {
- len += tdb_unpack(pack_buf + len, bufsize - len, "d",
- &sid->sub_auths[idx]);
- }
-
- return len;
-}
-
-/**
- * Pack TRUSTED_DOM_PASS passed by pointer
- *
- * @param pack_buf pointer to buffer which is to be filled with packed data
- * @param bufsize size of the buffer
- * @param pass pointer to trusted domain password to be packed
- *
- * @return length of the packed representation of the whole structure
- **/
-static size_t tdb_trusted_dom_pass_pack(uint8 *pack_buf, int bufsize,
- TRUSTED_DOM_PASS* pass)
-{
- int idx, len = 0;
- uint8 *p = pack_buf;
- int remaining_space = pack_buf ? bufsize : 0;
-
- if (!pass) {
- return -1;
- }
-
- /* packing unicode domain name and password */
- len += tdb_pack(p, remaining_space, "d",
- pass->uni_name_len);
- if (pack_buf) {
- p = pack_buf + len;
- remaining_space = bufsize - len;
- }
-
- for (idx = 0; idx < 32; idx++) {
- len += tdb_pack(p, remaining_space, "w",
- pass->uni_name[idx]);
- if (pack_buf) {
- p = pack_buf + len;
- remaining_space = bufsize - len;
- }
- }
-
- len += tdb_pack(p, remaining_space, "dPd", pass->pass_len,
- pass->pass, pass->mod_time);
- if (pack_buf) {
- p = pack_buf + len;
- remaining_space = bufsize - len;
- }
-
- /* packing SID structure */
- len += tdb_sid_pack(p, remaining_space, &pass->domain_sid);
- if (pack_buf) {
- p = pack_buf + len;
- remaining_space = bufsize - len;
- }
-
- return len;
-}
-
-
-/**
- * Unpack TRUSTED_DOM_PASS passed by pointer
- *
- * @param pack_buf pointer to buffer with packed representation
- * @param bufsize size of the buffer
- * @param pass pointer to trusted domain password to be filled with unpacked data
- *
- * @return size of structure unpacked from buffer
- **/
-static size_t tdb_trusted_dom_pass_unpack(uint8 *pack_buf, int bufsize,
- TRUSTED_DOM_PASS* pass)
-{
- int idx, len = 0;
- char *passp = NULL;
-
- if (!pack_buf || !pass) return -1;
-
- /* unpack unicode domain name and plaintext password */
- len += tdb_unpack(pack_buf, bufsize - len, "d", &pass->uni_name_len);
-
- for (idx = 0; idx < 32; idx++)
- len += tdb_unpack(pack_buf + len, bufsize - len, "w",
- &pass->uni_name[idx]);
-
- len += tdb_unpack(pack_buf + len, bufsize - len, "dPd",
- &pass->pass_len, &passp, &pass->mod_time);
- if (passp) {
- fstrcpy(pass->pass, passp);
- }
- SAFE_FREE(passp);
-
- /* unpack domain sid */
- len += tdb_sid_unpack(pack_buf + len, bufsize - len,
- &pass->domain_sid);
-
- return len;
-}
-
/************************************************************************
Routine to get account password to trusted domain
************************************************************************/
@@ -655,31 +484,28 @@ static size_t tdb_trusted_dom_pass_unpack(uint8 *pack_buf, int bufsize,
bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
DOM_SID *sid, time_t *pass_last_set_time)
{
- struct trusted_dom_pass pass;
- size_t size = 0;
+ struct TRUSTED_DOM_PASS pass;
+ enum ndr_err_code ndr_err;
/* unpacking structures */
- uint8 *pass_buf;
- int pass_len = 0;
-
- ZERO_STRUCT(pass);
+ DATA_BLOB blob;
/* fetching trusted domain password structure */
- if (!(pass_buf = (uint8 *)secrets_fetch(trustdom_keystr(domain),
- &size))) {
+ if (!(blob.data = (uint8_t *)secrets_fetch(trustdom_keystr(domain),
+ &blob.length))) {
DEBUG(5, ("secrets_fetch failed!\n"));
return False;
}
/* unpack trusted domain password */
- pass_len = tdb_trusted_dom_pass_unpack(pass_buf, size, &pass);
- SAFE_FREE(pass_buf);
-
- if (pass_len != size) {
- DEBUG(5, ("Invalid secrets size. Unpacked data doesn't match trusted_dom_pass structure.\n"));
- return False;
+ ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &pass,
+ (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
}
+ SAFE_FREE(blob.data);
+
/* the trust's password */
if (pwd) {
*pwd = SMB_STRDUP(pass.pass);
@@ -710,47 +536,37 @@ bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
bool secrets_store_trusted_domain_password(const char* domain, const char* pwd,
const DOM_SID *sid)
{
- smb_ucs2_t *uni_dom_name;
bool ret;
- size_t converted_size;
/* packing structures */
- uint8 *pass_buf = NULL;
- int pass_len = 0;
-
- struct trusted_dom_pass pass;
+ DATA_BLOB blob;
+ enum ndr_err_code ndr_err;
+ struct TRUSTED_DOM_PASS pass;
ZERO_STRUCT(pass);
- if (!push_ucs2_talloc(talloc_tos(), &uni_dom_name, domain, &converted_size)) {
- DEBUG(0, ("Could not convert domain name %s to unicode\n",
- domain));
- return False;
- }
-
- strncpy_w(pass.uni_name, uni_dom_name, sizeof(pass.uni_name) - 1);
- pass.uni_name_len = strlen_w(uni_dom_name)+1;
- TALLOC_FREE(uni_dom_name);
+ pass.uni_name = domain;
+ pass.uni_name_len = strlen(domain)+1;
/* last change time */
pass.mod_time = time(NULL);
/* password of the trust */
pass.pass_len = strlen(pwd);
- fstrcpy(pass.pass, pwd);
+ pass.pass = pwd;
/* domain sid */
sid_copy(&pass.domain_sid, sid);
- /* Calculate the length. */
- pass_len = tdb_trusted_dom_pass_pack(NULL, 0, &pass);
- pass_buf = talloc_array(talloc_tos(), uint8, pass_len);
- if (!pass_buf) {
+ ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &pass,
+ (ndr_push_flags_fn_t)ndr_push_TRUSTED_DOM_PASS);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return false;
}
- pass_len = tdb_trusted_dom_pass_pack(pass_buf, pass_len, &pass);
- ret = secrets_store(trustdom_keystr(domain), (void *)pass_buf,
- pass_len);
- TALLOC_FREE(pass_buf);
+
+ ret = secrets_store(trustdom_keystr(domain), blob.data, blob.length);
+
--
Samba Shared Repository
More information about the samba-cvs
mailing list