示例#1
0
/**
 * Fill in credentials for the machine trust account, from the secrets database.
 *
 * @param cred Credentials structure to fill in
 * @retval NTSTATUS error detailing any failure
 */
_PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
						      struct loadparm_context *lp_ctx)
{
	struct db_context *db_ctx;
	char *secrets_tdb_path;
	int hash_size, tdb_flags;

	secrets_tdb_path = lpcfg_private_db_path(cred, lp_ctx, "secrets");
	if (secrets_tdb_path == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	hash_size = lpcfg_tdb_hash_size(lp_ctx, secrets_tdb_path);
	tdb_flags = lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT);

	db_ctx = dbwrap_local_open(
		cred,
		secrets_tdb_path,
		hash_size,
		tdb_flags,
		O_RDWR,
		0600,
		DBWRAP_LOCK_ORDER_1,
		DBWRAP_FLAG_NONE);
	TALLOC_FREE(secrets_tdb_path);

	/*
	 * We do not check for errors here, we might not have a
	 * secrets.tdb at all, and so we just need to check the
	 * secrets.ldb
	 */
	return cli_credentials_set_machine_account_db_ctx(cred, lp_ctx, db_ctx);
}
示例#2
0
static PyObject *py_wrap_getxattr(PyObject *self, PyObject *args)
{
    char *filename, *attribute, *tdbname;
    TALLOC_CTX *mem_ctx;
    DATA_BLOB blob;
    PyObject *ret;
    NTSTATUS status;
    struct tdb_wrap *eadb = NULL;

    if (!PyArg_ParseTuple(args, "sss", &tdbname, &filename, &attribute))
        return NULL;

    mem_ctx = talloc_new(NULL);
    eadb = tdb_wrap_open(
               mem_ctx, tdbname, 50000,
               lpcfg_tdb_flags(py_default_loadparm_context(mem_ctx),
                               TDB_DEFAULT),
               O_RDWR|O_CREAT, 0600);
    if (eadb == NULL) {
        PyErr_SetFromErrno(PyExc_IOError);
        talloc_free(mem_ctx);
        return NULL;
    }
    status = pull_xattr_blob_tdb_raw(eadb, mem_ctx, attribute, filename,
                                     -1, 100, &blob);
    if (!NT_STATUS_IS_OK(status)) {
        PyErr_SetNTSTATUS(status);
        talloc_free(mem_ctx);
        return NULL;
    }
    ret = PyString_FromStringAndSize((char *)blob.data, blob.length);
    talloc_free(mem_ctx);
    return ret;
}
示例#3
0
static PyObject *py_wrap_getxattr(PyObject *self, PyObject *args)
{
	char *filename, *attribute, *tdbname;
	TALLOC_CTX *mem_ctx;
	struct loadparm_context *lp_ctx;
	DATA_BLOB blob;
	PyObject *ret_obj;
	int ret;
	ssize_t xattr_size;
	struct db_context *eadb = NULL;
	struct file_id id;
	struct stat sbuf;

	if (!PyArg_ParseTuple(args, "sss", &tdbname, &filename, &attribute))
		return NULL;

	mem_ctx = talloc_new(NULL);

	lp_ctx = py_default_loadparm_context(mem_ctx);
	eadb = db_open_tdb(mem_ctx, tdbname, 50000,
			   lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT),
			   O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2,
			   DBWRAP_FLAG_NONE);

	if (eadb == NULL) {
		PyErr_SetFromErrno(PyExc_IOError);
		talloc_free(mem_ctx);
		return NULL;
	}

	ret = stat(filename, &sbuf);
	if (ret < 0) {
		PyErr_SetFromErrno(PyExc_IOError);
		talloc_free(mem_ctx);
		return NULL;
	}

	ZERO_STRUCT(id);
	id.devid = sbuf.st_dev;
	id.inode = sbuf.st_ino;

	xattr_size = xattr_tdb_getattr(eadb, mem_ctx, &id, attribute, &blob);
	if (xattr_size < 0) {
		PyErr_SetFromErrno(PyExc_TypeError);
		talloc_free(mem_ctx);
		return NULL;
	}
	ret_obj = PyString_FromStringAndSize((char *)blob.data, xattr_size);
	talloc_free(mem_ctx);
	return ret_obj;
}
示例#4
0
static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args)
{
	char *filename, *attribute, *tdbname;
	DATA_BLOB blob;
	int blobsize;
	int ret;
	TALLOC_CTX *mem_ctx;
	struct loadparm_context *lp_ctx;
	struct db_context *eadb = NULL;
	struct file_id id;
	struct stat sbuf;

	if (!PyArg_ParseTuple(args, "ssss#", &tdbname, &filename, &attribute, 
						  &blob.data, &blobsize))
		return NULL;

	blob.length = blobsize;
	mem_ctx = talloc_new(NULL);

	lp_ctx = py_default_loadparm_context(mem_ctx);
	eadb = db_open_tdb(mem_ctx, tdbname, 50000,
			   lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT),
			   O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2,
			   DBWRAP_FLAG_NONE);

	if (eadb == NULL) {
		PyErr_SetFromErrno(PyExc_IOError);
		talloc_free(mem_ctx);
		return NULL;
	}

	ret = stat(filename, &sbuf);
	if (ret < 0) {
		PyErr_SetFromErrno(PyExc_IOError);
		talloc_free(mem_ctx);
		return NULL;
	}

	ZERO_STRUCT(id);
	id.devid = sbuf.st_dev;
	id.inode = sbuf.st_ino;

	ret = xattr_tdb_setattr(eadb, &id, attribute, blob.data, blob.length, 0);
	if (ret < 0) {
		PyErr_SetFromErrno(PyExc_TypeError);
		talloc_free(mem_ctx);
		return NULL;
	}
	talloc_free(mem_ctx);
	Py_RETURN_NONE;
}
示例#5
0
struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
				     struct loadparm_context *lp_ctx,
				     const char *name,
				     int hash_size, int tdb_flags,
				     int open_flags, mode_t mode,
				     enum dbwrap_lock_order lock_order,
				     uint64_t dbwrap_flags)
{
	struct db_context *db = NULL;

	if (hash_size == 0) {
		hash_size = lpcfg_tdb_hash_size(lp_ctx, name);
	}

	db = db_open_tdb(mem_ctx, name, hash_size,
			 lpcfg_tdb_flags(lp_ctx, tdb_flags),
			 open_flags, mode,
			 lock_order, dbwrap_flags);

	return db;
}
示例#6
0
static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args)
{
    char *filename, *attribute, *tdbname;
    DATA_BLOB blob;
    Py_ssize_t blobsize;
    NTSTATUS status;
    TALLOC_CTX *mem_ctx;
    struct tdb_wrap *eadb;

    if (!PyArg_ParseTuple(args, "ssss#", &tdbname, &filename, &attribute,
                          &blob.data, &blobsize))
        return NULL;

    blob.length = blobsize;
    mem_ctx = talloc_new(NULL);
    eadb = tdb_wrap_open(
               mem_ctx, tdbname, 50000,
               lpcfg_tdb_flags(py_default_loadparm_context(mem_ctx),
                               TDB_DEFAULT),
               O_RDWR|O_CREAT, 0600);

    if (eadb == NULL) {
        PyErr_SetFromErrno(PyExc_IOError);
        talloc_free(mem_ctx);
        return NULL;
    }
    status = push_xattr_blob_tdb_raw(eadb, attribute, filename, -1,
                                     &blob);
    if (!NT_STATUS_IS_OK(status)) {
        PyErr_SetNTSTATUS(status);
        talloc_free(mem_ctx);
        return NULL;
    }
    talloc_free(mem_ctx);
    Py_RETURN_NONE;
}
示例#7
0
struct db_context *db_open_tdb(TALLOC_CTX *mem_ctx,
			       struct loadparm_context *lp_ctx,
			       const char *name,
			       int hash_size, int tdb_flags,
			       int open_flags, mode_t mode,
			       enum dbwrap_lock_order lock_order,
			       uint64_t dbrwap_flags)
{
	struct db_context *result = NULL;
	struct db_tdb_ctx *db_tdb;
	struct stat st;

	result = talloc_zero(mem_ctx, struct db_context);
	if (result == NULL) {
		DEBUG(0, ("talloc failed\n"));
		goto fail;
	}

	result->private_data = db_tdb = talloc(result, struct db_tdb_ctx);
	if (db_tdb == NULL) {
		DEBUG(0, ("talloc failed\n"));
		goto fail;
	}
	result->lock_order = lock_order;

	if (hash_size == 0) {
		hash_size = lpcfg_tdb_hash_size(lp_ctx, name);
	}

	db_tdb->wtdb = tdb_wrap_open(db_tdb, name, hash_size,
				     lpcfg_tdb_flags(lp_ctx, tdb_flags),
				     open_flags, mode);
	if (db_tdb->wtdb == NULL) {
		DEBUG(3, ("Could not open tdb: %s\n", strerror(errno)));
		goto fail;
	}

	ZERO_STRUCT(db_tdb->id);

	if (fstat(tdb_fd(db_tdb->wtdb->tdb), &st) == -1) {
		DEBUG(3, ("fstat failed: %s\n", strerror(errno)));
		goto fail;
	}
	db_tdb->id.dev = st.st_dev;
	db_tdb->id.ino = st.st_ino;

	result->fetch_locked = db_tdb_fetch_locked;
	result->try_fetch_locked = db_tdb_try_fetch_locked;
	result->traverse = db_tdb_traverse;
	result->traverse_read = db_tdb_traverse_read;
	result->parse_record = db_tdb_parse;
	result->get_seqnum = db_tdb_get_seqnum;
	result->persistent = ((tdb_flags & TDB_CLEAR_IF_FIRST) == 0);
	result->transaction_start = db_tdb_transaction_start;
	result->transaction_start_nonblock = db_tdb_transaction_start_nonblock;
	result->transaction_commit = db_tdb_transaction_commit;
	result->transaction_cancel = db_tdb_transaction_cancel;
	result->exists = db_tdb_exists;
	result->wipe = db_tdb_wipe;
	result->id = db_tdb_id;
	result->check = db_tdb_check;
	result->name = tdb_name(db_tdb->wtdb->tdb);
	result->hash_size = hash_size;
	return result;

 fail:
	TALLOC_FREE(result);
	return NULL;
}
示例#8
0
/**
 * open a database
 */
struct db_context *db_open(TALLOC_CTX *mem_ctx,
			   const char *name,
			   int hash_size, int tdb_flags,
			   int open_flags, mode_t mode,
			   enum dbwrap_lock_order lock_order,
			   uint64_t dbwrap_flags)
{
	struct db_context *result = NULL;
	const char *sockname;

	if (!DBWRAP_LOCK_ORDER_VALID(lock_order)) {
		errno = EINVAL;
		return NULL;
	}

	if (tdb_flags & TDB_CLEAR_IF_FIRST) {
		const char *base;
		bool try_readonly = false;

		base = strrchr_m(name, '/');
		if (base != NULL) {
			base += 1;
		} else {
			base = name;
		}

		if (dbwrap_flags & DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS) {
			try_readonly = true;
		}

		try_readonly = lp_parm_bool(-1, "dbwrap_optimize_readonly", "*", try_readonly);
		try_readonly = lp_parm_bool(-1, "dbwrap_optimize_readonly", base, try_readonly);

		if (try_readonly) {
			dbwrap_flags |= DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS;
		} else {
			dbwrap_flags &= ~DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS;
		}
	}

	if (tdb_flags & TDB_CLEAR_IF_FIRST) {
		const char *base;
		bool try_mutex = true;
		bool require_mutex = false;

		base = strrchr_m(name, '/');
		if (base != NULL) {
			base += 1;
		} else {
			base = name;
		}

		try_mutex = lp_parm_bool(-1, "dbwrap_tdb_mutexes", "*", try_mutex);
		try_mutex = lp_parm_bool(-1, "dbwrap_tdb_mutexes", base, try_mutex);

		if (!lp_use_mmap()) {
			/*
			 * Mutexes require mmap. "use mmap = no" can
			 * be a debugging tool, so let it override the
			 * mutex parameters
			 */
			try_mutex = false;
		}

		if (try_mutex && tdb_runtime_check_for_robust_mutexes()) {
			tdb_flags |= TDB_MUTEX_LOCKING;
		}

		require_mutex = lp_parm_bool(-1, "dbwrap_tdb_require_mutexes",
					   "*", require_mutex);
		require_mutex = lp_parm_bool(-1, "dbwrap_tdb_require_mutexes",
					   base, require_mutex);

		if (require_mutex) {
			tdb_flags |= TDB_MUTEX_LOCKING;
		}
	}

	sockname = lp_ctdbd_socket();

	if (lp_clustering()) {
		const char *partname;

		if (!socket_exist(sockname)) {
			DEBUG(1, ("ctdb socket does not exist - is ctdb not "
				  "running?\n"));
			return NULL;
		}

		/* ctdb only wants the file part of the name */
		partname = strrchr(name, '/');
		if (partname) {
			partname++;
		} else {
			partname = name;
		}
		/* allow ctdb for individual databases to be disabled */
		if (lp_parm_bool(-1, "ctdb", partname, True)) {
			struct messaging_context *msg_ctx;
			struct ctdbd_connection *conn;

			conn = messaging_ctdb_connection();
			if (conn == NULL) {
				DBG_WARNING("No ctdb connection\n");
				errno = EIO;
				return NULL;
			}
			msg_ctx = server_messaging_context();

			result = db_open_ctdb(mem_ctx, msg_ctx, partname,
					      hash_size,
					      tdb_flags, open_flags, mode,
					      lock_order, dbwrap_flags);
			if (result == NULL) {
				DEBUG(0,("failed to attach to ctdb %s\n",
					 partname));
				if (errno == 0) {
					errno = EIO;
				}
				return NULL;
			}
		}
	}

	if (result == NULL) {
		struct loadparm_context *lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers());

		if (hash_size == 0) {
			hash_size = lpcfg_tdb_hash_size(lp_ctx, name);
		}
		tdb_flags = lpcfg_tdb_flags(lp_ctx, tdb_flags);

		result = dbwrap_local_open(
			mem_ctx,
			name,
			hash_size,
			tdb_flags,
			open_flags,
			mode,
			lock_order,
			dbwrap_flags);
		talloc_unlink(mem_ctx, lp_ctx);
	}
	return result;
}
示例#9
0
/*
 * Open sam.ldb.d/metadata.tdb.
 */
static int partition_metadata_open(struct ldb_module *module, bool create)
{
	struct ldb_context *ldb = ldb_module_get_ctx(module);
	TALLOC_CTX *tmp_ctx;
	struct partition_private_data *data;
	struct loadparm_context *lp_ctx;
	const char *sam_name;
	char *filename, *dirname;
	int open_flags;
	struct stat statbuf;

	data = talloc_get_type_abort(ldb_module_get_private(module),
				     struct partition_private_data);
	if (!data || !data->metadata) {
		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
					"partition_metadata: metadata not initialized");
	}

	tmp_ctx = talloc_new(NULL);
	if (tmp_ctx == NULL) {
		return ldb_module_oom(module);
	}

	sam_name = (const char *)ldb_get_opaque(ldb, "ldb_url");
	if (!sam_name) {
		talloc_free(tmp_ctx);
		return ldb_operr(ldb);
	}
	if (strncmp("tdb://", sam_name, 6) == 0) {
		sam_name += 6;
	}
	filename = talloc_asprintf(tmp_ctx, "%s.d/metadata.tdb", sam_name);
	if (!filename) {
		talloc_free(tmp_ctx);
		return ldb_oom(ldb);
	}

	open_flags = O_RDWR;
	if (create) {
		open_flags |= O_CREAT;

		/* While provisioning, sam.ldb.d directory may not exist,
		 * so create it. Ignore errors, if it already exists. */
		dirname = talloc_asprintf(tmp_ctx, "%s.d", sam_name);
		if (!dirname) {
			talloc_free(tmp_ctx);
			return ldb_oom(ldb);
		}

		mkdir(dirname, 0700);
		talloc_free(dirname);
	} else {
		if (stat(filename, &statbuf) != 0) {
			talloc_free(tmp_ctx);
			return LDB_ERR_OPERATIONS_ERROR;
		}
	}

	lp_ctx = talloc_get_type_abort(ldb_get_opaque(ldb, "loadparm"),
				       struct loadparm_context);

	data->metadata->db = tdb_wrap_open(
		data->metadata, filename, 10,
		lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT), open_flags, 0660);
	if (data->metadata->db == NULL) {
		talloc_free(tmp_ctx);
		if (create) {
			ldb_asprintf_errstring(ldb, "partition_metadata: Unable to create %s: %s",
					       filename, strerror(errno));
		} else {
			ldb_asprintf_errstring(ldb, "partition_metadata: Unable to open %s: %s",
					       filename, strerror(errno));
		}
		if (errno == EACCES || errno == EPERM) {
			return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
		}
		return LDB_ERR_OPERATIONS_ERROR;
	}

	talloc_free(tmp_ctx);
	return LDB_SUCCESS;
}