static int net_ads_leave(int argc, const char **argv) { ADS_STRUCT *ads = NULL; ADS_STATUS rc; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } if (!opt_password) { net_use_machine_password(); } if (!(ads = ads_startup())) { return -1; } rc = ads_leave_realm(ads, global_myname()); if (!ADS_ERR_OK(rc)) { d_printf("Failed to delete host '%s' from the '%s' realm.\n", global_myname(), ads->config.realm); ads_destroy(&ads); return -1; } d_printf("Removed '%s' from realm '%s'\n", global_myname(), ads->config.realm); ads_destroy(&ads); return 0; }
static int net_afs_key(int argc, const char **argv) { int fd; struct afs_keyfile keyfile; if (argc != 2) { d_printf("usage: 'net afs key <keyfile> cell'\n"); return -1; } if (!secrets_init()) { d_fprintf(stderr, "Could not open secrets.tdb\n"); return -1; } if ((fd = open(argv[0], O_RDONLY, 0)) < 0) { d_fprintf(stderr, "Could not open %s\n", argv[0]); return -1; } if (read(fd, &keyfile, sizeof(keyfile)) != sizeof(keyfile)) { d_fprintf(stderr, "Could not read keyfile\n"); return -1; } if (!secrets_store_afs_keyfile(argv[1], &keyfile)) { d_fprintf(stderr, "Could not write keyfile to secrets.tdb\n"); return -1; } return 0; }
int net_afs_key(struct net_context *c, int argc, const char **argv) { int fd; struct afs_keyfile keyfile; if (argc != 2) { d_printf("%s net afs key <keyfile> cell\n", _("Usage:")); return -1; } if (!secrets_init()) { d_fprintf(stderr, _("Could not open secrets.tdb\n")); return -1; } if ((fd = open(argv[0], O_RDONLY, 0)) < 0) { d_fprintf(stderr, _("Could not open %s\n"), argv[0]); return -1; } if (read(fd, &keyfile, sizeof(keyfile)) != sizeof(keyfile)) { d_fprintf(stderr, _("Could not read keyfile\n")); close(fd); return -1; } close(fd); if (!secrets_store_afs_keyfile(argv[1], &keyfile)) { d_fprintf(stderr, _("Could not write keyfile to secrets.tdb\n")); return -1; } return 0; }
/* read a entry from the secrets database - the caller must free the result if size is non-null then the size of the entry is put in there */ void *secrets_fetch(const char *key, size_t *size) { TDB_DATA dbuf; void *result; NTSTATUS status; if (!secrets_init()) { return NULL; } status = dbwrap_fetch(db_ctx, talloc_tos(), string_tdb_data(key), &dbuf); if (!NT_STATUS_IS_OK(status)) { return NULL; } result = memdup(dbuf.dptr, dbuf.dsize); if (result == NULL) { return NULL; } TALLOC_FREE(dbuf.dptr); if (size) { *size = dbuf.dsize; } return result; }
bool set_cmdline_auth_info_machine_account_creds(struct user_auth_info *auth_info) { char *pass = NULL; char *account = NULL; if (!get_cmdline_auth_info_use_machine_account(auth_info)) { return false; } if (!secrets_init()) { d_printf("ERROR: Unable to open secrets database\n"); return false; } if (asprintf(&account, "%s$@%s", lp_netbios_name(), lp_realm()) < 0) { return false; } pass = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); if (!pass) { d_printf("ERROR: Unable to fetch machine password for " "%s in domain %s\n", account, lp_workgroup()); SAFE_FREE(account); return false; } set_cmdline_auth_info_username(auth_info, account); set_cmdline_auth_info_password(auth_info, pass); SAFE_FREE(account); SAFE_FREE(pass); return true; }
/* read a entry from the secrets database - the caller must free the result if size is non-null then the size of the entry is put in there */ void *secrets_fetch(const char *key, size_t *size) { TDB_DATA dbuf; void *result; if (!secrets_init()) { return NULL; } if (db_ctx->fetch(db_ctx, talloc_tos(), string_tdb_data(key), &dbuf) != 0) { return NULL; } result = memdup(dbuf.dptr, dbuf.dsize); if (result == NULL) { return NULL; } TALLOC_FREE(dbuf.dptr); if (size) { *size = dbuf.dsize; } return result; }
struct db_context *secrets_db_ctx(void) { if (!secrets_init()) { return NULL; } return db_ctx; }
static NTSTATUS cmd_netlogon_sam_deltas(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, char **argv) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; unsigned char trust_passwd[16]; uint32 database_id, num_deltas, tmp; SAM_DELTA_HDR *hdr_deltas; SAM_DELTA_CTR *deltas; UINT64_S seqnum; if (argc != 3) { fprintf(stderr, "Usage: %s database_id seqnum\n", argv[0]); return NT_STATUS_OK; } database_id = atoi(argv[1]); tmp = atoi(argv[2]); seqnum.low = tmp & 0xffff; seqnum.high = 0; if (!secrets_init()) { fprintf(stderr, "Unable to initialise secrets database\n"); goto done; } /* Initialise session credentials */ if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd, NULL)) { fprintf(stderr, "could not fetch trust account password\n"); goto done; } result = cli_nt_setup_creds(cli, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); goto done; } /* Synchronise sam database */ result = cli_netlogon_sam_deltas(cli, mem_ctx, database_id, seqnum, &num_deltas, &hdr_deltas, &deltas); if (!NT_STATUS_IS_OK(result)) goto done; /* Display results */ display_sam_sync(num_deltas, hdr_deltas, deltas); done: return result; }
static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, char **argv) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; unsigned char trust_passwd[16]; uint32 database_id = 0, num_deltas; SAM_DELTA_HDR *hdr_deltas; SAM_DELTA_CTR *deltas; DOM_CRED ret_creds; if (argc > 2) { fprintf(stderr, "Usage: %s [database_id]\n", argv[0]); return NT_STATUS_OK; } if (argc == 2) database_id = atoi(argv[1]); if (!secrets_init()) { fprintf(stderr, "Unable to initialise secrets database\n"); return result; } /* Initialise session credentials */ if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd, NULL)) { fprintf(stderr, "could not fetch trust account password\n"); goto done; } result = cli_nt_setup_creds(cli, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); goto done; } /* on first call the returnAuthenticator is empty */ memset(&ret_creds, 0, sizeof(ret_creds)); /* Synchronise sam database */ result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, database_id, &num_deltas, &hdr_deltas, &deltas); if (!NT_STATUS_IS_OK(result)) goto done; /* Display results */ display_sam_sync(num_deltas, hdr_deltas, deltas); done: return result; }
void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain) { if (!secrets_init()) { return NULL; } return db_ctx->fetch_locked( db_ctx, mem_ctx, string_term_tdb_data(trust_keystr(domain))); }
/******************************************************************* Store the LDAP admin password in secrets.tdb ******************************************************************/ static BOOL store_ldap_admin_pw (char* pw) { if (!pw) return False; if (!secrets_init()) return False; return secrets_store_ldap_pw(lp_ldap_admin_dn(), pw); }
/******************************************************************* Store the LDAP admin password in secrets.tdb ******************************************************************/ static bool store_ldap_admin_pw (char* pw) { if (!pw) return False; if (!secrets_init()) return False; return secrets_store_ldap_pw(lp_ldap_admin_dn(talloc_tos()), pw); }
/* delete a secets database entry */ BOOL secrets_delete(const char *key) { TDB_DATA kbuf; secrets_init(); if (!tdb) return False; kbuf.dptr = (char *)key; kbuf.dsize = strlen(key); return tdb_delete(tdb, kbuf) == 0; }
static NTSTATUS cmd_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, char **argv) { unsigned char trust_passwd[16]; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; int logon_type = NET_LOGON_TYPE; char *username, *password; /* Check arguments */ if (argc < 3 || argc > 4) { fprintf(stderr, "Usage: samlogon <username> <password> " "[logon_type]\n"); return NT_STATUS_OK; } username = argv[1]; password = argv[2]; if (argc == 4) sscanf(argv[3], "%i", &logon_type); /* Authenticate ourselves with the domain controller */ if (!secrets_init()) { fprintf(stderr, "Unable to initialise secrets database\n"); return result; } if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd, NULL)) { fprintf(stderr, "could not fetch trust account password\n"); goto done; } result = cli_nt_setup_creds(cli, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); goto done; } /* Perform the sam logon */ result = cli_netlogon_sam_logon(cli, mem_ctx, username, password, logon_type); if (!NT_STATUS_IS_OK(result)) goto done; done: return result; }
/* delete a secets database entry */ bool secrets_delete(const char *key) { NTSTATUS status; if (!secrets_init()) { return false; } status = dbwrap_trans_delete(db_ctx, string_tdb_data(key)); return NT_STATUS_IS_OK(status); }
/* store a secrets entry */ BOOL secrets_store(const char *key, const void *data, size_t size) { TDB_DATA kbuf, dbuf; secrets_init(); if (!tdb) return False; kbuf.dptr = (char *)key; kbuf.dsize = strlen(key); dbuf.dptr = (char *)data; dbuf.dsize = size; return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) == 0; }
void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain) { struct db_context *db_ctx; if (!secrets_init()) { return NULL; } db_ctx = secrets_db_ctx(); return dbwrap_fetch_locked( db_ctx, mem_ctx, string_term_tdb_data(trust_keystr(domain))); }
/* store a secrets entry */ bool secrets_store(const char *key, const void *data, size_t size) { NTSTATUS status; if (!secrets_init()) { return false; } status = dbwrap_trans_store(db_ctx, string_tdb_data(key), make_tdb_data((const uint8 *)data, size), TDB_REPLACE); return NT_STATUS_IS_OK(status); }
/* read a entry from the secrets database - the caller must free the result if size is non-null then the size of the entry is put in there */ void *secrets_fetch(const char *key, size_t *size) { TDB_DATA kbuf, dbuf; secrets_init(); if (!tdb) return NULL; kbuf.dptr = (char *)key; kbuf.dsize = strlen(key); dbuf = tdb_fetch(tdb, kbuf); if (size) *size = dbuf.dsize; return dbuf.dptr; }
static int net_getdomainsid(struct net_context *c, int argc, const char **argv) { struct dom_sid domain_sid; fstring sid_str; if (argc > 0) { d_printf(_("Usage:")); d_printf(" net getdomainsid\n"); return 1; } if(!initialize_password_db(false, NULL)) { DEBUG(0, ("WARNING: Could not open passdb - domain SID may " "not reflect passdb\n" "backend knowledge (such as the SID stored in " "LDAP)\n")); } /* first check to see if we can even access secrets, so we don't panic when we can't. */ if (!secrets_init()) { d_fprintf(stderr, _("Unable to open secrets.tdb. Can't fetch " "domain SID for name: %s\n"), get_global_sam_name()); return 1; } /* Generate one, if it doesn't exist */ get_global_sam_sid(); if (!secrets_fetch_domain_sid(lp_netbios_name(), &domain_sid)) { d_fprintf(stderr, _("Could not fetch local SID\n")); return 1; } sid_to_fstring(sid_str, &domain_sid); d_printf(_("SID for local machine %s is: %s\n"), lp_netbios_name(), sid_str); if (!secrets_fetch_domain_sid(c->opt_workgroup, &domain_sid)) { d_fprintf(stderr, _("Could not fetch domain SID\n")); return 1; } sid_to_fstring(sid_str, &domain_sid); d_printf(_("SID for domain %s is: %s\n"), c->opt_workgroup, sid_str); return 0; }
static void create_new_key_and_activate( char *filename ) { char key[17] = {0}; if (!secrets_init()) { printf("Error opening secrets database."); exit(1); } generate_key(key); delete_key(); secrets_store("smb_traffic_analyzer_key", key, strlen(key)+1 ); printf("Key installed, encryption activated.\n"); create_file_from_key(filename); }
/* * Deletes the key if it exists. */ bool secrets_delete(const char *key) { bool exists; if (!secrets_init()) { return false; } exists = dbwrap_exists(db_ctx, string_tdb_data(key)); if (!exists) { return true; } return secrets_delete_entry(key); }
static bool init_structs(void ) { /* * Set the machine NETBIOS name if not already * set from the config file. */ if (!init_names()) return False; if (!secrets_init()) return False; return True; }
int net_ads_changetrustpw(int argc, const char **argv) { ADS_STRUCT *ads; char *host_principal; fstring my_name; ADS_STATUS ret; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } net_use_machine_password(); use_in_memory_ccache(); if (!(ads = ads_startup())) { return -1; } fstrcpy(my_name, global_myname()); strlower_m(my_name); asprintf(&host_principal, "%s@%s", my_name, ads->config.realm); d_printf("Changing password for principal: HOST/%s\n", host_principal); ret = ads_change_trust_account_password(ads, host_principal); if (!ADS_ERR_OK(ret)) { d_printf("Password change failed :-( ...\n"); ads_destroy(&ads); SAFE_FREE(host_principal); return -1; } d_printf("Password change for principal HOST/%s succeeded.\n", host_principal); if (lp_use_kerberos_keytab()) { d_printf("Attempting to update system keytab with new password.\n"); if (ads_keytab_create_default(ads)) { d_printf("Failed to update system keytab.\n"); } } ads_destroy(&ads); SAFE_FREE(host_principal); return 0; }
/********************************************************* Start here. **********************************************************/ int main(int argc, char **argv) { TALLOC_CTX *frame = talloc_stackframe(); int local_flags = 0; int ret; #if defined(HAVE_SET_AUTH_PARAMETERS) set_auth_parameters(argc, argv); #endif /* HAVE_SET_AUTH_PARAMETERS */ if (getuid() == 0) { local_flags = LOCAL_AM_ROOT; } smb_init_locale(); local_flags = process_options(argc, argv, local_flags); setup_logging("smbpasswd", DEBUG_STDERR); /* * Set the machine NETBIOS name if not already * set from the config file. */ if (!init_names()) return 1; /* Check the effective uid - make sure we are not setuid */ if (is_setuid_root()) { fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n"); exit(1); } if (local_flags & LOCAL_AM_ROOT) { bool ok; ok = secrets_init(); if (!ok) { return 1; } ret = process_root(local_flags); } else { ret = process_nonroot(local_flags); } TALLOC_FREE(frame); return ret; }
int net_use_machine_account(void) { char *user_name = NULL; if (!secrets_init()) { d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); exit(1); } opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL); if (asprintf(&user_name, "%s$", global_myname()) == -1) { return -1; } opt_user_name = user_name; return 0; }
static void check_key(void) { size_t size; char *akey; if (!secrets_init()) { printf("Error opening secrets database."); exit(1); } akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size); if (akey != NULL) { printf("A key is installed: %s\n",akey); printf("Encryption activated.\n"); free(akey); exit(0); } else printf("No key is installed.\n"); exit(1); }
int net_use_krb_machine_account(struct net_context *c) { char *user_name = NULL; if (!secrets_init()) { d_fprintf(stderr,_("ERROR: Unable to open secrets database\n")); exit(1); } c->opt_password = secrets_fetch_machine_password( c->opt_target_workgroup, NULL, NULL); if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) { return -1; } c->opt_user_name = user_name; return 0; }
static int net_ads_join_ok(void) { ADS_STRUCT *ads = NULL; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } net_use_machine_password(); if (!(ads = ads_startup())) { return -1; } ads_destroy(&ads); return 0; }
/********************************************************* Start here. **********************************************************/ int main(int argc, char **argv) { int local_flags = 0; AllowDebugChange = False; #if defined(HAVE_SET_AUTH_PARAMETERS) set_auth_parameters(argc, argv); #endif /* HAVE_SET_AUTH_PARAMETERS */ if (getuid() == 0) { local_flags = LOCAL_AM_ROOT; } load_case_tables(); local_flags = process_options(argc, argv, local_flags); setup_logging("smbpasswd", True); /* * Set the machine NETBIOS name if not already * set from the config file. */ if (!init_names()) return 1; /* Check the effective uid - make sure we are not setuid */ if (is_setuid_root()) { fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n"); exit(1); } if (local_flags & LOCAL_AM_ROOT) { secrets_init(); return process_root(local_flags); } return process_nonroot(local_flags); }