static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
struct tdbsam_privates *tdb_state;
if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
return nt_status;
}
(*pdb_method)->name = "tdbsam";
(*pdb_method)->setsampwent = tdbsam_setsampwent;
(*pdb_method)->endsampwent = tdbsam_endsampwent;
(*pdb_method)->getsampwent = tdbsam_getsampwent;
(*pdb_method)->getsampwnam = tdbsam_getsampwnam;
(*pdb_method)->getsampwsid = tdbsam_getsampwsid;
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));
if (!tdb_state) {
DEBUG(0, ("talloc() failed for tdbsam private_data!\n"));
return NT_STATUS_NO_MEMORY;
}
if (location) {
tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, location);
} else {
pstring tdbfile;
get_private_directory(tdbfile);
pstrcat(tdbfile, "/");
pstrcat(tdbfile, PASSDB_FILE_NAME);
tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, tdbfile);
}
(*pdb_method)->private_data = tdb_state;
(*pdb_method)->free_private_data = free_private_data;
return NT_STATUS_OK;
}
/* open up the secrets database */
BOOL secrets_init(void)
{
pstring fname;
if (tdb)
return True;
get_private_directory(fname);
pstrcat(fname,"/secrets.tdb");
tdb = tdb_open_log(fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
if (!tdb) {
DEBUG(0,("Failed to open %s\n", fname));
return False;
}
return True;
}
static void get_trust_account_file_name( char *domain, char *name, char *mac_file)
{
unsigned int mac_file_len;
/* strip the filename to the last '/' */
get_private_directory(mac_file);
pstrcat(mac_file, "/");
mac_file_len = strlen(mac_file);
if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0) {
DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n",
mac_file));
return;
}
pstrcat(mac_file, domain);
pstrcat(mac_file, ".");
pstrcat(mac_file, name);
pstrcat(mac_file, ".mac");
}
BOOL pdb_generate_sam_sid(void)
{
char *fname = NULL;
extern pstring global_myname;
extern fstring global_myworkgroup;
BOOL is_dc = False;
pstring priv_dir;
generate_wellknown_sids();
switch (lp_server_role()) {
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
is_dc = True;
break;
default:
is_dc = False;
break;
}
if (secrets_fetch_domain_sid(global_myname, &global_sam_sid)) {
DOM_SID domain_sid;
/* We got our sid. If not a pdc/bdc, we're done. */
if (!is_dc)
return True;
if (!secrets_fetch_domain_sid(global_myworkgroup, &domain_sid)) {
/* No domain sid and we're a pdc/bdc. Store it */
if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n"));
return False;
}
return True;
}
if (!sid_equal(&domain_sid, &global_sam_sid)) {
/* Domain name sid doesn't match global sam sid. Re-store global sam sid as domain sid. */
DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n"));
if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID as a pdc/bdc.\n"));
return False;
}
return True;
}
return True;
}
/* check for an old MACHINE.SID file for backwards compatibility */
get_private_directory(priv_dir);
asprintf(&fname, "%s/MACHINE.SID", priv_dir);
if (read_sid_from_file(fname, &global_sam_sid)) {
/* remember it for future reference and unlink the old MACHINE.SID */
if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n"));
SAFE_FREE(fname);
return False;
}
unlink(fname);
if (is_dc) {
if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n"));
SAFE_FREE(fname);
return False;
}
}
/* Stored the old sid from MACHINE.SID successfully.
Patch from Stefan "metze" Metzmacher <*****@*****.**>*/
SAFE_FREE(fname);
return True;
}
SAFE_FREE(fname);
/* we don't have the SID in secrets.tdb, we will need to
generate one and save it */
generate_random_sid(&global_sam_sid);
DEBUG(10, ("Generated random SID ...\n"));
if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n"));
return False;
}
if (is_dc) {
if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n"));
return False;
}
}
return True;
}
