bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd, DOM_SID *sid, time_t *pass_last_set_time) { struct trusted_dom_pass pass; size_t size = 0; /* unpacking structures */ uint8 *pass_buf; int pass_len = 0; ZERO_STRUCT(pass); /* fetching trusted domain password structure */ if (!(pass_buf = (uint8 *)secrets_fetch(trustdom_keystr(domain), &size))) { DEBUG(5, ("secrets_fetch failed!\n")); return False; } /* unpack trusted domain password */ pass_len = tdb_trusted_dom_pass_unpack(pass_buf, size, &pass); SAFE_FREE(pass_buf); if (pass_len != size) { DEBUG(5, ("Invalid secrets size. Unpacked data doesn't match trusted_dom_pass structure.\n")); return False; } /* the trust's password */ if (pwd) { *pwd = SMB_STRDUP(pass.pass); if (!*pwd) { return False; } } /* last change time */ if (pass_last_set_time) *pass_last_set_time = pass.mod_time; /* domain sid */ if (sid != NULL) sid_copy(sid, &pass.domain_sid); return True; }
NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains, int *num_domains, TRUSTDOM ***domains) { TDB_LIST_NODE *keys, *k; TRUSTDOM *dom = NULL; char *pattern; unsigned int start_idx; uint32 idx = 0; size_t size, packed_size = 0; fstring dom_name; char *packed_pass; struct trusted_dom_pass *pass = talloc_zero(ctx, sizeof(struct trusted_dom_pass)); NTSTATUS status; if (!secrets_init()) return NT_STATUS_ACCESS_DENIED; if (!pass) { DEBUG(0, ("talloc_zero failed!\n")); return NT_STATUS_NO_MEMORY; } *num_domains = 0; start_idx = *enum_ctx; /* generate searching pattern */ if (!(pattern = talloc_asprintf(ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS))) { DEBUG(0, ("secrets_get_trusted_domains: talloc_asprintf() failed!\n")); return NT_STATUS_NO_MEMORY; } DEBUG(5, ("secrets_get_trusted_domains: looking for %d domains, starting at index %d\n", max_num_domains, *enum_ctx)); *domains = talloc_zero(ctx, sizeof(**domains)*max_num_domains); /* fetching trusted domains' data and collecting them in a list */ keys = tdb_search_keys(tdb, pattern); /* * if there's no keys returned ie. no trusted domain, * return "no more entries" code */ status = NT_STATUS_NO_MORE_ENTRIES; /* searching for keys in secrets db -- way to go ... */ for (k = keys; k; k = k->next) { char *secrets_key; /* important: ensure null-termination of the key string */ secrets_key = strndup(k->node_key.dptr, k->node_key.dsize); if (!secrets_key) { DEBUG(0, ("strndup failed!\n")); return NT_STATUS_NO_MEMORY; } packed_pass = secrets_fetch(secrets_key, &size); packed_size = tdb_trusted_dom_pass_unpack(packed_pass, size, pass); /* packed representation isn't needed anymore */ SAFE_FREE(packed_pass); if (size != packed_size) { DEBUG(2, ("Secrets record %s is invalid!\n", secrets_key)); continue; } pull_ucs2_fstring(dom_name, pass->uni_name); DEBUG(18, ("Fetched secret record num %d.\nDomain name: %s, SID: %s\n", idx, dom_name, sid_string_static(&pass->domain_sid))); SAFE_FREE(secrets_key); if (idx >= start_idx && idx < start_idx + max_num_domains) { dom = talloc_zero(ctx, sizeof(*dom)); if (!dom) { /* free returned tdb record */ return NT_STATUS_NO_MEMORY; } /* copy domain sid */ SMB_ASSERT(sizeof(dom->sid) == sizeof(pass->domain_sid)); memcpy(&(dom->sid), &(pass->domain_sid), sizeof(dom->sid)); /* copy unicode domain name */ dom->name = talloc_strdup_w(ctx, pass->uni_name); (*domains)[idx - start_idx] = dom; DEBUG(18, ("Secret record is in required range.\n \ start_idx = %d, max_num_domains = %d. Added to returned array.\n", start_idx, max_num_domains)); *enum_ctx = idx + 1; (*num_domains)++; /* set proper status code to return */ if (k->next) { /* there are yet some entries to enumerate */ status = STATUS_MORE_ENTRIES; } else { /* this is the last entry in the whole enumeration */ status = NT_STATUS_OK; } } else {