bool secrets_delete_machine_password_ex(const char *domain)
{
if (!secrets_delete(machine_password_keystr(domain))) {
return false;
}
if (!secrets_delete(machine_sec_channel_type_keystr(domain))) {
return false;
}
return secrets_delete(machine_last_change_time_keystr(domain));
}
bool secrets_delete_machine_password(const char *domain)
{
if (!secrets_delete_prev_machine_password(domain)) {
return false;
}
return secrets_delete(machine_password_keystr(domain));
}
static bool secrets_delete_prev_machine_password(const char *domain)
{
char *oldpass = (char *)secrets_fetch(machine_prev_password_keystr(domain), NULL);
if (oldpass == NULL) {
return true;
}
SAFE_FREE(oldpass);
return secrets_delete(machine_prev_password_keystr(domain));
}
static void delete_key(void)
{
size_t size;
char *akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
if (akey != NULL) {
free(akey);
secrets_delete("smb_traffic_analyzer_key");
printf("Removed installed key. Encryption deactivated.\n");
} else {
printf("No key is installed.\n");
}
}
bool secrets_delete_generic(const char *owner, const char *key)
{
char *tdbkey = NULL;
bool ret;
if (asprintf(&tdbkey, "SECRETS/GENERIC/%s/%s", owner, key) < 0) {
DEBUG(0, ("asprintf failed!\n"));
return False;
}
ret = secrets_delete(tdbkey);
SAFE_FREE(tdbkey);
return ret;
}
static bool wbinfo_set_auth_user(char *username)
{
const char *password;
char *p;
fstring user, domain;
/* Separate into user and password */
parse_wbinfo_domain_user(username, domain, user);
p = strchr(user, '%');
if (p != NULL) {
*p = 0;
password = p+1;
} else {
char *thepass = getpass("Password: "******"";
}
/* Store or remove DOMAIN\username%password in secrets.tdb */
secrets_init();
if (user[0]) {
if (!secrets_store(SECRETS_AUTH_USER, user,
strlen(user) + 1)) {
d_fprintf(stderr, "error storing username\n");
return false;
}
/* We always have a domain name added by the
parse_wbinfo_domain_user() function. */
if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
strlen(domain) + 1)) {
d_fprintf(stderr, "error storing domain name\n");
return false;
}
} else {
secrets_delete(SECRETS_AUTH_USER);
secrets_delete(SECRETS_AUTH_DOMAIN);
}
if (password[0]) {
if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
strlen(password) + 1)) {
d_fprintf(stderr, "error storing password\n");
return false;
}
} else
secrets_delete(SECRETS_AUTH_PASSWORD);
return true;
}
bool fetch_ldap_pw(char **dn, char** pw)
{
char *key = NULL;
size_t size = 0;
*dn = smb_xstrdup(lp_ldap_admin_dn());
if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) {
SAFE_FREE(*dn);
DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n"));
return false;
}
*pw=(char *)secrets_fetch(key, &size);
SAFE_FREE(key);
if (!size) {
/* Upgrade 2.2 style entry */
char *p;
char* old_style_key = SMB_STRDUP(*dn);
char *data;
fstring old_style_pw;
if (!old_style_key) {
DEBUG(0, ("fetch_ldap_pw: strdup failed!\n"));
return False;
}
for (p=old_style_key; *p; p++)
if (*p == ',') *p = '/';
data=(char *)secrets_fetch(old_style_key, &size);
if ((data == NULL) || (size < sizeof(old_style_pw))) {
DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n"));
SAFE_FREE(old_style_key);
SAFE_FREE(*dn);
SAFE_FREE(data);
return False;
}
size = MIN(size, sizeof(fstring)-1);
strncpy(old_style_pw, data, size);
old_style_pw[size] = 0;
SAFE_FREE(data);
if (!secrets_store_ldap_pw(*dn, old_style_pw)) {
DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n"));
SAFE_FREE(old_style_key);
SAFE_FREE(*dn);
return False;
}
if (!secrets_delete(old_style_key)) {
DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n"));
}
SAFE_FREE(old_style_key);
*pw = smb_xstrdup(old_style_pw);
}
return True;
}
bool trusted_domain_password_delete(const char *domain)
{
return secrets_delete(trustdom_keystr(domain));
}
/**
* @brief Set the authorised user for winbindd access in secrets.tdb
*/
static int net_setauthuser(struct net_context *c, int argc, const char **argv)
{
const char *password = NULL;
if (!secrets_init()) {
d_fprintf(stderr, _("Failed to open secrets.tdb.\n"));
return 1;
}
/* Delete the settings. */
if (argc >= 1) {
if (strncmp(argv[0], "delete", 6) != 0) {
d_fprintf(stderr,_("Usage:\n"));
d_fprintf(stderr,
_(" net setauthuser -U user[%%password] \n"
" Set the auth user account to user"
"password. Prompt for password if not "
"specified.\n"));
d_fprintf(stderr,
_(" net setauthuser delete\n"
" Delete the auth user setting.\n"));
return 1;
}
secrets_delete(SECRETS_AUTH_USER);
secrets_delete(SECRETS_AUTH_DOMAIN);
secrets_delete(SECRETS_AUTH_PASSWORD);
return 0;
}
if (!c->opt_user_specified) {
d_fprintf(stderr, _("Usage:\n"));
d_fprintf(stderr,
_(" net setauthuser -U user[%%password]\n"
" Set the auth user account to user"
"password. Prompt for password if not "
"specified.\n"));
d_fprintf(stderr,
_(" net setauthuser delete\n"
" Delete the auth user setting.\n"));
return 1;
}
password = net_prompt_pass(c, _("the auth user"));
if (password == NULL) {
d_fprintf(stderr,_("Failed to get the auth users password.\n"));
return 1;
}
if (!secrets_store(SECRETS_AUTH_USER, c->opt_user_name,
strlen(c->opt_user_name) + 1)) {
d_fprintf(stderr, _("error storing auth user name\n"));
return 1;
}
if (!secrets_store(SECRETS_AUTH_DOMAIN, c->opt_workgroup,
strlen(c->opt_workgroup) + 1)) {
d_fprintf(stderr, _("error storing auth user domain\n"));
return 1;
}
if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
strlen(password) + 1)) {
d_fprintf(stderr, _("error storing auth user password\n"));
return 1;
}
return 0;
}
bool secrets_delete_domain_sid(const char *domain)
{
return secrets_delete(domain_sid_keystr(domain));
}
BOOL trust_password_delete(const char *domain)
{
return secrets_delete(trust_keystr(domain));
}
bool secrets_delete_machine_password(const char *domain)
{
return secrets_delete(machine_password_keystr(domain));
}
