/**
* Fill in credentials for the machine trust account, from the secrets database.
*
* @param cred Credentials structure to fill in
* @retval NTSTATUS error detailing any failure
*/
_PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
struct loadparm_context *lp_ctx)
{
struct db_context *db_ctx;
char *secrets_tdb_path;
int hash_size, tdb_flags;
secrets_tdb_path = lpcfg_private_db_path(cred, lp_ctx, "secrets");
if (secrets_tdb_path == NULL) {
return NT_STATUS_NO_MEMORY;
}
hash_size = lpcfg_tdb_hash_size(lp_ctx, secrets_tdb_path);
tdb_flags = lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT);
db_ctx = dbwrap_local_open(
cred,
secrets_tdb_path,
hash_size,
tdb_flags,
O_RDWR,
0600,
DBWRAP_LOCK_ORDER_1,
DBWRAP_FLAG_NONE);
TALLOC_FREE(secrets_tdb_path);
/*
* We do not check for errors here, we might not have a
* secrets.tdb at all, and so we just need to check the
* secrets.ldb
*/
return cli_credentials_set_machine_account_db_ctx(cred, lp_ctx, db_ctx);
}
static PyObject *py_wrap_getxattr(PyObject *self, PyObject *args)
{
char *filename, *attribute, *tdbname;
TALLOC_CTX *mem_ctx;
DATA_BLOB blob;
PyObject *ret;
NTSTATUS status;
struct tdb_wrap *eadb = NULL;
if (!PyArg_ParseTuple(args, "sss", &tdbname, &filename, &attribute))
return NULL;
mem_ctx = talloc_new(NULL);
eadb = tdb_wrap_open(
mem_ctx, tdbname, 50000,
lpcfg_tdb_flags(py_default_loadparm_context(mem_ctx),
TDB_DEFAULT),
O_RDWR|O_CREAT, 0600);
if (eadb == NULL) {
PyErr_SetFromErrno(PyExc_IOError);
talloc_free(mem_ctx);
return NULL;
}
status = pull_xattr_blob_tdb_raw(eadb, mem_ctx, attribute, filename,
-1, 100, &blob);
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetNTSTATUS(status);
talloc_free(mem_ctx);
return NULL;
}
ret = PyString_FromStringAndSize((char *)blob.data, blob.length);
talloc_free(mem_ctx);
return ret;
}
static PyObject *py_wrap_getxattr(PyObject *self, PyObject *args)
{
char *filename, *attribute, *tdbname;
TALLOC_CTX *mem_ctx;
struct loadparm_context *lp_ctx;
DATA_BLOB blob;
PyObject *ret_obj;
int ret;
ssize_t xattr_size;
struct db_context *eadb = NULL;
struct file_id id;
struct stat sbuf;
if (!PyArg_ParseTuple(args, "sss", &tdbname, &filename, &attribute))
return NULL;
mem_ctx = talloc_new(NULL);
lp_ctx = py_default_loadparm_context(mem_ctx);
eadb = db_open_tdb(mem_ctx, tdbname, 50000,
lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT),
O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2,
DBWRAP_FLAG_NONE);
if (eadb == NULL) {
PyErr_SetFromErrno(PyExc_IOError);
talloc_free(mem_ctx);
return NULL;
}
ret = stat(filename, &sbuf);
if (ret < 0) {
PyErr_SetFromErrno(PyExc_IOError);
talloc_free(mem_ctx);
return NULL;
}
ZERO_STRUCT(id);
id.devid = sbuf.st_dev;
id.inode = sbuf.st_ino;
xattr_size = xattr_tdb_getattr(eadb, mem_ctx, &id, attribute, &blob);
if (xattr_size < 0) {
PyErr_SetFromErrno(PyExc_TypeError);
talloc_free(mem_ctx);
return NULL;
}
ret_obj = PyString_FromStringAndSize((char *)blob.data, xattr_size);
talloc_free(mem_ctx);
return ret_obj;
}
static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args)
{
char *filename, *attribute, *tdbname;
DATA_BLOB blob;
int blobsize;
int ret;
TALLOC_CTX *mem_ctx;
struct loadparm_context *lp_ctx;
struct db_context *eadb = NULL;
struct file_id id;
struct stat sbuf;
if (!PyArg_ParseTuple(args, "ssss#", &tdbname, &filename, &attribute,
&blob.data, &blobsize))
return NULL;
blob.length = blobsize;
mem_ctx = talloc_new(NULL);
lp_ctx = py_default_loadparm_context(mem_ctx);
eadb = db_open_tdb(mem_ctx, tdbname, 50000,
lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT),
O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2,
DBWRAP_FLAG_NONE);
if (eadb == NULL) {
PyErr_SetFromErrno(PyExc_IOError);
talloc_free(mem_ctx);
return NULL;
}
ret = stat(filename, &sbuf);
if (ret < 0) {
PyErr_SetFromErrno(PyExc_IOError);
talloc_free(mem_ctx);
return NULL;
}
ZERO_STRUCT(id);
id.devid = sbuf.st_dev;
id.inode = sbuf.st_ino;
ret = xattr_tdb_setattr(eadb, &id, attribute, blob.data, blob.length, 0);
if (ret < 0) {
PyErr_SetFromErrno(PyExc_TypeError);
talloc_free(mem_ctx);
return NULL;
}
talloc_free(mem_ctx);
Py_RETURN_NONE;
}
struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *name,
int hash_size, int tdb_flags,
int open_flags, mode_t mode,
enum dbwrap_lock_order lock_order,
uint64_t dbwrap_flags)
{
struct db_context *db = NULL;
if (hash_size == 0) {
hash_size = lpcfg_tdb_hash_size(lp_ctx, name);
}
db = db_open_tdb(mem_ctx, name, hash_size,
lpcfg_tdb_flags(lp_ctx, tdb_flags),
open_flags, mode,
lock_order, dbwrap_flags);
return db;
}
static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args)
{
char *filename, *attribute, *tdbname;
DATA_BLOB blob;
Py_ssize_t blobsize;
NTSTATUS status;
TALLOC_CTX *mem_ctx;
struct tdb_wrap *eadb;
if (!PyArg_ParseTuple(args, "ssss#", &tdbname, &filename, &attribute,
&blob.data, &blobsize))
return NULL;
blob.length = blobsize;
mem_ctx = talloc_new(NULL);
eadb = tdb_wrap_open(
mem_ctx, tdbname, 50000,
lpcfg_tdb_flags(py_default_loadparm_context(mem_ctx),
TDB_DEFAULT),
O_RDWR|O_CREAT, 0600);
if (eadb == NULL) {
PyErr_SetFromErrno(PyExc_IOError);
talloc_free(mem_ctx);
return NULL;
}
status = push_xattr_blob_tdb_raw(eadb, attribute, filename, -1,
&blob);
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetNTSTATUS(status);
talloc_free(mem_ctx);
return NULL;
}
talloc_free(mem_ctx);
Py_RETURN_NONE;
}
struct db_context *db_open_tdb(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *name,
int hash_size, int tdb_flags,
int open_flags, mode_t mode,
enum dbwrap_lock_order lock_order,
uint64_t dbrwap_flags)
{
struct db_context *result = NULL;
struct db_tdb_ctx *db_tdb;
struct stat st;
result = talloc_zero(mem_ctx, struct db_context);
if (result == NULL) {
DEBUG(0, ("talloc failed\n"));
goto fail;
}
result->private_data = db_tdb = talloc(result, struct db_tdb_ctx);
if (db_tdb == NULL) {
DEBUG(0, ("talloc failed\n"));
goto fail;
}
result->lock_order = lock_order;
if (hash_size == 0) {
hash_size = lpcfg_tdb_hash_size(lp_ctx, name);
}
db_tdb->wtdb = tdb_wrap_open(db_tdb, name, hash_size,
lpcfg_tdb_flags(lp_ctx, tdb_flags),
open_flags, mode);
if (db_tdb->wtdb == NULL) {
DEBUG(3, ("Could not open tdb: %s\n", strerror(errno)));
goto fail;
}
ZERO_STRUCT(db_tdb->id);
if (fstat(tdb_fd(db_tdb->wtdb->tdb), &st) == -1) {
DEBUG(3, ("fstat failed: %s\n", strerror(errno)));
goto fail;
}
db_tdb->id.dev = st.st_dev;
db_tdb->id.ino = st.st_ino;
result->fetch_locked = db_tdb_fetch_locked;
result->try_fetch_locked = db_tdb_try_fetch_locked;
result->traverse = db_tdb_traverse;
result->traverse_read = db_tdb_traverse_read;
result->parse_record = db_tdb_parse;
result->get_seqnum = db_tdb_get_seqnum;
result->persistent = ((tdb_flags & TDB_CLEAR_IF_FIRST) == 0);
result->transaction_start = db_tdb_transaction_start;
result->transaction_start_nonblock = db_tdb_transaction_start_nonblock;
result->transaction_commit = db_tdb_transaction_commit;
result->transaction_cancel = db_tdb_transaction_cancel;
result->exists = db_tdb_exists;
result->wipe = db_tdb_wipe;
result->id = db_tdb_id;
result->check = db_tdb_check;
result->name = tdb_name(db_tdb->wtdb->tdb);
result->hash_size = hash_size;
return result;
fail:
TALLOC_FREE(result);
return NULL;
}
/**
* open a database
*/
struct db_context *db_open(TALLOC_CTX *mem_ctx,
const char *name,
int hash_size, int tdb_flags,
int open_flags, mode_t mode,
enum dbwrap_lock_order lock_order,
uint64_t dbwrap_flags)
{
struct db_context *result = NULL;
const char *sockname;
if (!DBWRAP_LOCK_ORDER_VALID(lock_order)) {
errno = EINVAL;
return NULL;
}
if (tdb_flags & TDB_CLEAR_IF_FIRST) {
const char *base;
bool try_readonly = false;
base = strrchr_m(name, '/');
if (base != NULL) {
base += 1;
} else {
base = name;
}
if (dbwrap_flags & DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS) {
try_readonly = true;
}
try_readonly = lp_parm_bool(-1, "dbwrap_optimize_readonly", "*", try_readonly);
try_readonly = lp_parm_bool(-1, "dbwrap_optimize_readonly", base, try_readonly);
if (try_readonly) {
dbwrap_flags |= DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS;
} else {
dbwrap_flags &= ~DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS;
}
}
if (tdb_flags & TDB_CLEAR_IF_FIRST) {
const char *base;
bool try_mutex = true;
bool require_mutex = false;
base = strrchr_m(name, '/');
if (base != NULL) {
base += 1;
} else {
base = name;
}
try_mutex = lp_parm_bool(-1, "dbwrap_tdb_mutexes", "*", try_mutex);
try_mutex = lp_parm_bool(-1, "dbwrap_tdb_mutexes", base, try_mutex);
if (!lp_use_mmap()) {
/*
* Mutexes require mmap. "use mmap = no" can
* be a debugging tool, so let it override the
* mutex parameters
*/
try_mutex = false;
}
if (try_mutex && tdb_runtime_check_for_robust_mutexes()) {
tdb_flags |= TDB_MUTEX_LOCKING;
}
require_mutex = lp_parm_bool(-1, "dbwrap_tdb_require_mutexes",
"*", require_mutex);
require_mutex = lp_parm_bool(-1, "dbwrap_tdb_require_mutexes",
base, require_mutex);
if (require_mutex) {
tdb_flags |= TDB_MUTEX_LOCKING;
}
}
sockname = lp_ctdbd_socket();
if (lp_clustering()) {
const char *partname;
if (!socket_exist(sockname)) {
DEBUG(1, ("ctdb socket does not exist - is ctdb not "
"running?\n"));
return NULL;
}
/* ctdb only wants the file part of the name */
partname = strrchr(name, '/');
if (partname) {
partname++;
} else {
partname = name;
}
/* allow ctdb for individual databases to be disabled */
if (lp_parm_bool(-1, "ctdb", partname, True)) {
struct messaging_context *msg_ctx;
struct ctdbd_connection *conn;
conn = messaging_ctdb_connection();
if (conn == NULL) {
DBG_WARNING("No ctdb connection\n");
errno = EIO;
return NULL;
}
msg_ctx = server_messaging_context();
result = db_open_ctdb(mem_ctx, msg_ctx, partname,
hash_size,
tdb_flags, open_flags, mode,
lock_order, dbwrap_flags);
if (result == NULL) {
DEBUG(0,("failed to attach to ctdb %s\n",
partname));
if (errno == 0) {
errno = EIO;
}
return NULL;
}
}
}
if (result == NULL) {
struct loadparm_context *lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers());
if (hash_size == 0) {
hash_size = lpcfg_tdb_hash_size(lp_ctx, name);
}
tdb_flags = lpcfg_tdb_flags(lp_ctx, tdb_flags);
result = dbwrap_local_open(
mem_ctx,
name,
hash_size,
tdb_flags,
open_flags,
mode,
lock_order,
dbwrap_flags);
talloc_unlink(mem_ctx, lp_ctx);
}
return result;
}
/*
* Open sam.ldb.d/metadata.tdb.
*/
static int partition_metadata_open(struct ldb_module *module, bool create)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
TALLOC_CTX *tmp_ctx;
struct partition_private_data *data;
struct loadparm_context *lp_ctx;
const char *sam_name;
char *filename, *dirname;
int open_flags;
struct stat statbuf;
data = talloc_get_type_abort(ldb_module_get_private(module),
struct partition_private_data);
if (!data || !data->metadata) {
return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
"partition_metadata: metadata not initialized");
}
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ldb_module_oom(module);
}
sam_name = (const char *)ldb_get_opaque(ldb, "ldb_url");
if (!sam_name) {
talloc_free(tmp_ctx);
return ldb_operr(ldb);
}
if (strncmp("tdb://", sam_name, 6) == 0) {
sam_name += 6;
}
filename = talloc_asprintf(tmp_ctx, "%s.d/metadata.tdb", sam_name);
if (!filename) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
open_flags = O_RDWR;
if (create) {
open_flags |= O_CREAT;
/* While provisioning, sam.ldb.d directory may not exist,
* so create it. Ignore errors, if it already exists. */
dirname = talloc_asprintf(tmp_ctx, "%s.d", sam_name);
if (!dirname) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
mkdir(dirname, 0700);
talloc_free(dirname);
} else {
if (stat(filename, &statbuf) != 0) {
talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
}
lp_ctx = talloc_get_type_abort(ldb_get_opaque(ldb, "loadparm"),
struct loadparm_context);
data->metadata->db = tdb_wrap_open(
data->metadata, filename, 10,
lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT), open_flags, 0660);
if (data->metadata->db == NULL) {
talloc_free(tmp_ctx);
if (create) {
ldb_asprintf_errstring(ldb, "partition_metadata: Unable to create %s: %s",
filename, strerror(errno));
} else {
ldb_asprintf_errstring(ldb, "partition_metadata: Unable to open %s: %s",
filename, strerror(errno));
}
if (errno == EACCES || errno == EPERM) {
return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
}
return LDB_ERR_OPERATIONS_ERROR;
}
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}