static WERROR mount_samba_hive(struct registry_context *ctx,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info *auth_info,
struct cli_credentials *creds,
const char *name,
uint32_t hive_id)
{
WERROR error;
struct hive_key *hive;
const char *location;
location = talloc_asprintf(ctx, "%s/%s.ldb",
lp_private_dir(lp_ctx),
name);
error = reg_open_hive(ctx, location, auth_info, creds, event_ctx, lp_ctx, &hive);
if (W_ERROR_EQUAL(error, WERR_BADFILE))
error = reg_open_ldb_file(ctx, location, auth_info,
creds, event_ctx, lp_ctx, &hive);
if (!W_ERROR_IS_OK(error))
return error;
return reg_mount_hive(ctx, hive, hive_id, NULL);
}
/*
open the permanent tdb
*/
static NTSTATUS idmap_tdb2_open_db(void)
{
char *db_path;
if (idmap_tdb2) {
/* its already open */
return NT_STATUS_OK;
}
db_path = lp_parm_talloc_string(-1, "tdb", "idmap2.tdb", NULL);
if (db_path == NULL) {
/* fall back to the private directory, which, despite
its name, is usually on shared storage */
db_path = talloc_asprintf(NULL, "%s/idmap2.tdb", lp_private_dir());
}
NT_STATUS_HAVE_NO_MEMORY(db_path);
/* Open idmap repository */
idmap_tdb2 = db_open(NULL, db_path, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0644);
TALLOC_FREE(db_path);
if (idmap_tdb2 == NULL) {
DEBUG(0, ("Unable to open idmap_tdb2 database '%s'\n",
db_path));
return NT_STATUS_UNSUCCESSFUL;
}
/* load the ranges and high/low water marks */
return idmap_tdb2_alloc_load();
}
static bool open_db(struct idmap_tdb_common_context *ctx)
{
NTSTATUS status;
char *db_path;
if(ctx->db) {
/* already open */
return true;
}
db_path = talloc_asprintf(talloc_tos(), "%s/idmap_test.tdb",
lp_private_dir());
if(!db_path) {
DEBUG(0, ("Out of memory!\n"));
return false;
}
ctx->db = db_open(ctx, db_path, 0, TDB_DEFAULT,
O_RDWR | O_CREAT, 0600,
DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
if(!ctx->db) {
DEBUG(0, ("Failed to open database: %s\n", strerror(errno)));
return false;
}
if(dbwrap_transaction_start(ctx->db) != 0) {
DEBUG(0, ("Failed to start transaction!\n"));
return false;
}
status = dbwrap_store_uint32_bystring(ctx->db, ctx->hwmkey_uid,
LOW_ID);
if(!NT_STATUS_IS_OK(status)) {
dbwrap_transaction_cancel(ctx->db);
return false;
}
status = dbwrap_store_uint32_bystring(ctx->db, ctx->hwmkey_gid,
LOW_ID);
if(!NT_STATUS_IS_OK(status)) {
dbwrap_transaction_cancel(ctx->db);
return false;
}
if(dbwrap_transaction_commit(ctx->db) != 0) {
DEBUG(0, ("Failed to commit transaction!\n"));
return false;
}
return true;
}
static NTSTATUS get_ldapi_ctx(TALLOC_CTX *mem_ctx, struct tldap_context **pld)
{
struct tldap_context *ld;
struct sockaddr_un addr;
char *sockaddr;
int fd;
NTSTATUS status;
int res;
sockaddr = talloc_asprintf(talloc_tos(), "/%s/ldap_priv/ldapi",
lp_private_dir());
if (sockaddr == NULL) {
DEBUG(10, ("talloc failed\n"));
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCT(addr);
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, sockaddr, sizeof(addr.sun_path));
TALLOC_FREE(sockaddr);
status = open_socket_out((struct sockaddr_storage *)(void *)&addr,
0, 0, &fd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("Could not connect to %s: %s\n", addr.sun_path,
nt_errstr(status)));
return status;
}
set_blocking(fd, false);
ld = tldap_context_create(mem_ctx, fd);
if (ld == NULL) {
close(fd);
return NT_STATUS_NO_MEMORY;
}
res = tldap_fetch_rootdse(ld);
if (res != TLDAP_SUCCESS) {
DEBUG(10, ("tldap_fetch_rootdse failed: %s\n",
tldap_errstr(talloc_tos(), ld, res)));
TALLOC_FREE(ld);
return NT_STATUS_LDAP(res);
}
*pld = ld;
return NT_STATUS_OK;;
}
/* open up the secrets database */
BOOL secrets_init(void)
{
pstring fname;
if (tdb)
return True;
pstrcpy(fname, lp_private_dir());
pstrcat(fname,"/secrets.tdb");
tdb = tdb_open_log(fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
if (!tdb) {
DEBUG(0,("Failed to open %s\n", fname));
return False;
}
return True;
}
/* open up the secrets database */
bool secrets_init(void)
{
char *fname = NULL;
unsigned char dummy;
if (db_ctx != NULL)
return True;
fname = talloc_asprintf(talloc_tos(), "%s/secrets.tdb",
lp_private_dir());
if (fname == NULL) {
return false;
}
db_ctx = db_open_trans(NULL, fname, 0,
TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
if (db_ctx == NULL) {
DEBUG(0,("Failed to open %s\n", fname));
TALLOC_FREE(fname);
return False;
}
TALLOC_FREE(fname);
/**
* Set a reseed function for the crypto random generator
*
* This avoids a problem where systems without /dev/urandom
* could send the same challenge to multiple clients
*/
set_rand_reseed_callback(get_rand_seed);
/* Ensure that the reseed is done now, while we are root, etc */
generate_random_buffer(&dummy, sizeof(dummy));
return True;
}
/* open up the secrets database */
bool secrets_init(void)
{
return secrets_init_path(lp_private_dir());
}
static struct dom_sid *pdb_generate_sam_sid(void)
{
struct dom_sid domain_sid;
char *fname = NULL;
struct dom_sid *sam_sid;
if(!(sam_sid=SMB_MALLOC_P(struct dom_sid)))
return NULL;
if ( IS_DC ) {
if (secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
sid_copy(sam_sid, &domain_sid);
return sam_sid;
}
}
if (secrets_fetch_domain_sid(lp_netbios_name(), sam_sid)) {
/* We got our sid. If not a pdc/bdc, we're done. */
if ( !IS_DC )
return sam_sid;
if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
/* No domain sid and we're a pdc/bdc. Store it */
if (!secrets_store_domain_sid(lp_workgroup(), sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n"));
SAFE_FREE(sam_sid);
return NULL;
}
return sam_sid;
}
if (!dom_sid_equal(&domain_sid, sam_sid)) {
/* Domain name sid doesn't match global sam sid. Re-store domain sid as 'local' sid. */
DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n"));
if (!secrets_store_domain_sid(lp_netbios_name(), &domain_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID for local sid as PDC/BDC.\n"));
SAFE_FREE(sam_sid);
return NULL;
}
return sam_sid;
}
return sam_sid;
}
/* check for an old MACHINE.SID file for backwards compatibility */
if (asprintf(&fname, "%s/MACHINE.SID", lp_private_dir()) == -1) {
SAFE_FREE(sam_sid);
return NULL;
}
if (read_sid_from_file(fname, sam_sid)) {
/* remember it for future reference and unlink the old MACHINE.SID */
if (!secrets_store_domain_sid(lp_netbios_name(), sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n"));
SAFE_FREE(fname);
SAFE_FREE(sam_sid);
return NULL;
}
unlink(fname);
if ( !IS_DC ) {
if (!secrets_store_domain_sid(lp_workgroup(), sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n"));
SAFE_FREE(fname);
SAFE_FREE(sam_sid);
return NULL;
}
}
/* Stored the old sid from MACHINE.SID successfully.*/
SAFE_FREE(fname);
return sam_sid;
}
SAFE_FREE(fname);
/* we don't have the SID in secrets.tdb, we will need to
generate one and save it */
generate_random_sid(sam_sid);
if (!secrets_store_domain_sid(lp_netbios_name(), sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n"));
SAFE_FREE(sam_sid);
return NULL;
}
if ( IS_DC ) {
if (!secrets_store_domain_sid(lp_workgroup(), sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n"));
SAFE_FREE(sam_sid);
return NULL;
}
}
return sam_sid;
}
static BOOL pdb_generate_sam_sid(void)
{
DOM_SID domain_sid;
char *fname = NULL;
BOOL is_dc = False;
if(global_sam_sid==NULL)
if(!(global_sam_sid=(DOM_SID *)malloc(sizeof(DOM_SID))))
return False;
generate_wellknown_sids();
switch (lp_server_role()) {
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
is_dc = True;
break;
default:
is_dc = False;
break;
}
if (is_dc) {
if (secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
sid_copy(global_sam_sid, &domain_sid);
return True;
}
}
if (secrets_fetch_domain_sid(global_myname(), global_sam_sid)) {
/* We got our sid. If not a pdc/bdc, we're done. */
if (!is_dc)
return True;
if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
/* No domain sid and we're a pdc/bdc. Store it */
if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n"));
return False;
}
return True;
}
if (!sid_equal(&domain_sid, global_sam_sid)) {
/* Domain name sid doesn't match global sam sid. Re-store domain sid as 'local' sid. */
DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n"));
if (!secrets_store_domain_sid(global_myname(), &domain_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID for local sid as PDC/BDC.\n"));
return False;
}
return True;
}
return True;
}
/* check for an old MACHINE.SID file for backwards compatibility */
asprintf(&fname, "%s/MACHINE.SID", lp_private_dir());
if (read_sid_from_file(fname, global_sam_sid)) {
/* remember it for future reference and unlink the old MACHINE.SID */
if (!secrets_store_domain_sid(global_myname(), global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n"));
SAFE_FREE(fname);
return False;
}
unlink(fname);
if (is_dc) {
if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n"));
SAFE_FREE(fname);
return False;
}
}
/* Stored the old sid from MACHINE.SID successfully.*/
SAFE_FREE(fname);
return True;
}
SAFE_FREE(fname);
/* we don't have the SID in secrets.tdb, we will need to
generate one and save it */
generate_random_sid(global_sam_sid);
if (!secrets_store_domain_sid(global_myname(), global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n"));
return False;
}
if (is_dc) {
if (!secrets_store_domain_sid(lp_workgroup(), global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n"));
return False;
}
}
return True;
}