/**
* Fill in credentials for the machine trust account, from the secrets database.
*
* @param cred Credentials structure to fill in
* @retval NTSTATUS error detailing any failure
*/
_PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
struct loadparm_context *lp_ctx)
{
struct db_context *db_ctx;
char *secrets_tdb_path;
int hash_size, tdb_flags;
secrets_tdb_path = lpcfg_private_db_path(cred, lp_ctx, "secrets");
if (secrets_tdb_path == NULL) {
return NT_STATUS_NO_MEMORY;
}
hash_size = lpcfg_tdb_hash_size(lp_ctx, secrets_tdb_path);
tdb_flags = lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT);
db_ctx = dbwrap_local_open(
cred,
secrets_tdb_path,
hash_size,
tdb_flags,
O_RDWR,
0600,
DBWRAP_LOCK_ORDER_1,
DBWRAP_FLAG_NONE);
TALLOC_FREE(secrets_tdb_path);
/*
* We do not check for errors here, we might not have a
* secrets.tdb at all, and so we just need to check the
* secrets.ldb
*/
return cli_credentials_set_machine_account_db_ctx(cred, lp_ctx, db_ctx);
}
struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *name,
int hash_size, int tdb_flags,
int open_flags, mode_t mode,
enum dbwrap_lock_order lock_order,
uint64_t dbwrap_flags)
{
struct db_context *db = NULL;
if (hash_size == 0) {
hash_size = lpcfg_tdb_hash_size(lp_ctx, name);
}
db = db_open_tdb(mem_ctx, name, hash_size,
lpcfg_tdb_flags(lp_ctx, tdb_flags),
open_flags, mode,
lock_order, dbwrap_flags);
return db;
}
struct db_context *db_open_tdb(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *name,
int hash_size, int tdb_flags,
int open_flags, mode_t mode,
enum dbwrap_lock_order lock_order,
uint64_t dbrwap_flags)
{
struct db_context *result = NULL;
struct db_tdb_ctx *db_tdb;
struct stat st;
result = talloc_zero(mem_ctx, struct db_context);
if (result == NULL) {
DEBUG(0, ("talloc failed\n"));
goto fail;
}
result->private_data = db_tdb = talloc(result, struct db_tdb_ctx);
if (db_tdb == NULL) {
DEBUG(0, ("talloc failed\n"));
goto fail;
}
result->lock_order = lock_order;
if (hash_size == 0) {
hash_size = lpcfg_tdb_hash_size(lp_ctx, name);
}
db_tdb->wtdb = tdb_wrap_open(db_tdb, name, hash_size,
lpcfg_tdb_flags(lp_ctx, tdb_flags),
open_flags, mode);
if (db_tdb->wtdb == NULL) {
DEBUG(3, ("Could not open tdb: %s\n", strerror(errno)));
goto fail;
}
ZERO_STRUCT(db_tdb->id);
if (fstat(tdb_fd(db_tdb->wtdb->tdb), &st) == -1) {
DEBUG(3, ("fstat failed: %s\n", strerror(errno)));
goto fail;
}
db_tdb->id.dev = st.st_dev;
db_tdb->id.ino = st.st_ino;
result->fetch_locked = db_tdb_fetch_locked;
result->try_fetch_locked = db_tdb_try_fetch_locked;
result->traverse = db_tdb_traverse;
result->traverse_read = db_tdb_traverse_read;
result->parse_record = db_tdb_parse;
result->get_seqnum = db_tdb_get_seqnum;
result->persistent = ((tdb_flags & TDB_CLEAR_IF_FIRST) == 0);
result->transaction_start = db_tdb_transaction_start;
result->transaction_start_nonblock = db_tdb_transaction_start_nonblock;
result->transaction_commit = db_tdb_transaction_commit;
result->transaction_cancel = db_tdb_transaction_cancel;
result->exists = db_tdb_exists;
result->wipe = db_tdb_wipe;
result->id = db_tdb_id;
result->check = db_tdb_check;
result->name = tdb_name(db_tdb->wtdb->tdb);
result->hash_size = hash_size;
return result;
fail:
TALLOC_FREE(result);
return NULL;
}
/**
* open a database
*/
struct db_context *db_open(TALLOC_CTX *mem_ctx,
const char *name,
int hash_size, int tdb_flags,
int open_flags, mode_t mode,
enum dbwrap_lock_order lock_order,
uint64_t dbwrap_flags)
{
struct db_context *result = NULL;
const char *sockname;
if (!DBWRAP_LOCK_ORDER_VALID(lock_order)) {
errno = EINVAL;
return NULL;
}
if (tdb_flags & TDB_CLEAR_IF_FIRST) {
const char *base;
bool try_readonly = false;
base = strrchr_m(name, '/');
if (base != NULL) {
base += 1;
} else {
base = name;
}
if (dbwrap_flags & DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS) {
try_readonly = true;
}
try_readonly = lp_parm_bool(-1, "dbwrap_optimize_readonly", "*", try_readonly);
try_readonly = lp_parm_bool(-1, "dbwrap_optimize_readonly", base, try_readonly);
if (try_readonly) {
dbwrap_flags |= DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS;
} else {
dbwrap_flags &= ~DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS;
}
}
if (tdb_flags & TDB_CLEAR_IF_FIRST) {
const char *base;
bool try_mutex = true;
bool require_mutex = false;
base = strrchr_m(name, '/');
if (base != NULL) {
base += 1;
} else {
base = name;
}
try_mutex = lp_parm_bool(-1, "dbwrap_tdb_mutexes", "*", try_mutex);
try_mutex = lp_parm_bool(-1, "dbwrap_tdb_mutexes", base, try_mutex);
if (!lp_use_mmap()) {
/*
* Mutexes require mmap. "use mmap = no" can
* be a debugging tool, so let it override the
* mutex parameters
*/
try_mutex = false;
}
if (try_mutex && tdb_runtime_check_for_robust_mutexes()) {
tdb_flags |= TDB_MUTEX_LOCKING;
}
require_mutex = lp_parm_bool(-1, "dbwrap_tdb_require_mutexes",
"*", require_mutex);
require_mutex = lp_parm_bool(-1, "dbwrap_tdb_require_mutexes",
base, require_mutex);
if (require_mutex) {
tdb_flags |= TDB_MUTEX_LOCKING;
}
}
sockname = lp_ctdbd_socket();
if (lp_clustering()) {
const char *partname;
if (!socket_exist(sockname)) {
DEBUG(1, ("ctdb socket does not exist - is ctdb not "
"running?\n"));
return NULL;
}
/* ctdb only wants the file part of the name */
partname = strrchr(name, '/');
if (partname) {
partname++;
} else {
partname = name;
}
/* allow ctdb for individual databases to be disabled */
if (lp_parm_bool(-1, "ctdb", partname, True)) {
struct messaging_context *msg_ctx;
struct ctdbd_connection *conn;
conn = messaging_ctdb_connection();
if (conn == NULL) {
DBG_WARNING("No ctdb connection\n");
errno = EIO;
return NULL;
}
msg_ctx = server_messaging_context();
result = db_open_ctdb(mem_ctx, msg_ctx, partname,
hash_size,
tdb_flags, open_flags, mode,
lock_order, dbwrap_flags);
if (result == NULL) {
DEBUG(0,("failed to attach to ctdb %s\n",
partname));
if (errno == 0) {
errno = EIO;
}
return NULL;
}
}
}
if (result == NULL) {
struct loadparm_context *lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers());
if (hash_size == 0) {
hash_size = lpcfg_tdb_hash_size(lp_ctx, name);
}
tdb_flags = lpcfg_tdb_flags(lp_ctx, tdb_flags);
result = dbwrap_local_open(
mem_ctx,
name,
hash_size,
tdb_flags,
open_flags,
mode,
lock_order,
dbwrap_flags);
talloc_unlink(mem_ctx, lp_ctx);
}
return result;
}
