bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
DOM_SID *sid, time_t *pass_last_set_time)
{
struct trusted_dom_pass pass;
size_t size = 0;
/* unpacking structures */
uint8 *pass_buf;
int pass_len = 0;
ZERO_STRUCT(pass);
/* fetching trusted domain password structure */
if (!(pass_buf = (uint8 *)secrets_fetch(trustdom_keystr(domain),
&size))) {
DEBUG(5, ("secrets_fetch failed!\n"));
return False;
}
/* unpack trusted domain password */
pass_len = tdb_trusted_dom_pass_unpack(pass_buf, size, &pass);
SAFE_FREE(pass_buf);
if (pass_len != size) {
DEBUG(5, ("Invalid secrets size. Unpacked data doesn't match trusted_dom_pass structure.\n"));
return False;
}
/* the trust's password */
if (pwd) {
*pwd = SMB_STRDUP(pass.pass);
if (!*pwd) {
return False;
}
}
/* last change time */
if (pass_last_set_time) *pass_last_set_time = pass.mod_time;
/* domain sid */
if (sid != NULL) sid_copy(sid, &pass.domain_sid);
return True;
}
NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains, int *num_domains, TRUSTDOM ***domains)
{
TDB_LIST_NODE *keys, *k;
TRUSTDOM *dom = NULL;
char *pattern;
unsigned int start_idx;
uint32 idx = 0;
size_t size, packed_size = 0;
fstring dom_name;
char *packed_pass;
struct trusted_dom_pass *pass = talloc_zero(ctx, sizeof(struct trusted_dom_pass));
NTSTATUS status;
if (!secrets_init()) return NT_STATUS_ACCESS_DENIED;
if (!pass) {
DEBUG(0, ("talloc_zero failed!\n"));
return NT_STATUS_NO_MEMORY;
}
*num_domains = 0;
start_idx = *enum_ctx;
/* generate searching pattern */
if (!(pattern = talloc_asprintf(ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS))) {
DEBUG(0, ("secrets_get_trusted_domains: talloc_asprintf() failed!\n"));
return NT_STATUS_NO_MEMORY;
}
DEBUG(5, ("secrets_get_trusted_domains: looking for %d domains, starting at index %d\n",
max_num_domains, *enum_ctx));
*domains = talloc_zero(ctx, sizeof(**domains)*max_num_domains);
/* fetching trusted domains' data and collecting them in a list */
keys = tdb_search_keys(tdb, pattern);
/*
* if there's no keys returned ie. no trusted domain,
* return "no more entries" code
*/
status = NT_STATUS_NO_MORE_ENTRIES;
/* searching for keys in secrets db -- way to go ... */
for (k = keys; k; k = k->next) {
char *secrets_key;
/* important: ensure null-termination of the key string */
secrets_key = strndup(k->node_key.dptr, k->node_key.dsize);
if (!secrets_key) {
DEBUG(0, ("strndup failed!\n"));
return NT_STATUS_NO_MEMORY;
}
packed_pass = secrets_fetch(secrets_key, &size);
packed_size = tdb_trusted_dom_pass_unpack(packed_pass, size, pass);
/* packed representation isn't needed anymore */
SAFE_FREE(packed_pass);
if (size != packed_size) {
DEBUG(2, ("Secrets record %s is invalid!\n", secrets_key));
continue;
}
pull_ucs2_fstring(dom_name, pass->uni_name);
DEBUG(18, ("Fetched secret record num %d.\nDomain name: %s, SID: %s\n",
idx, dom_name, sid_string_static(&pass->domain_sid)));
SAFE_FREE(secrets_key);
if (idx >= start_idx && idx < start_idx + max_num_domains) {
dom = talloc_zero(ctx, sizeof(*dom));
if (!dom) {
/* free returned tdb record */
return NT_STATUS_NO_MEMORY;
}
/* copy domain sid */
SMB_ASSERT(sizeof(dom->sid) == sizeof(pass->domain_sid));
memcpy(&(dom->sid), &(pass->domain_sid), sizeof(dom->sid));
/* copy unicode domain name */
dom->name = talloc_strdup_w(ctx, pass->uni_name);
(*domains)[idx - start_idx] = dom;
DEBUG(18, ("Secret record is in required range.\n \
start_idx = %d, max_num_domains = %d. Added to returned array.\n",
start_idx, max_num_domains));
*enum_ctx = idx + 1;
(*num_domains)++;
/* set proper status code to return */
if (k->next) {
/* there are yet some entries to enumerate */
status = STATUS_MORE_ENTRIES;
} else {
/* this is the last entry in the whole enumeration */
status = NT_STATUS_OK;
}
} else {
