From f9a5df89292eeab54b9eed4bacb5b11e7f31f1fb Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Oct 2009 11:03:15 +0100 Subject: [PATCH] s3-passdb: add dummy calls to control global (replicated) secrets. Guenther --- source3/include/passdb.h | 20 +++++++++- source3/passdb/pdb_interface.c | 68 ++++++++++++++++++++++++++++++++++ source3/passdb/proto.h | 12 ++++++ 3 files changed, 98 insertions(+), 2 deletions(-) diff --git a/source3/include/passdb.h b/source3/include/passdb.h index 855d2530866..546bcb0cb10 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -316,9 +316,10 @@ enum pdb_policy_type { * Changed to 17, the sampwent interface is gone. * Changed to 18, pdb_rid_algorithm -> pdb_capabilities * Changed to 19, removed uid_to_rid + * Changed to 20, pdb_secret calls */ -#define PASSDB_INTERFACE_VERSION 19 +#define PASSDB_INTERFACE_VERSION 20 struct pdb_methods { @@ -484,7 +485,6 @@ struct pdb_methods TALLOC_CTX *mem_ctx, uint32_t *num_domains, struct trustdom_info ***domains); - NTSTATUS (*get_trusted_domain)(struct pdb_methods *methods, TALLOC_CTX *mem_ctx, const char *domain, @@ -503,6 +503,22 @@ struct pdb_methods uint32_t *num_domains, struct pdb_trusted_domain ***domains); + NTSTATUS (*get_secret)(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + const char *secret_name, + DATA_BLOB *secret_current, + NTTIME *secret_current_lastchange, + DATA_BLOB *secret_old, + NTTIME *secret_old_lastchange, + struct security_descriptor **sd); + NTSTATUS (*set_secret)(struct pdb_methods *methods, + const char *secret_name, + DATA_BLOB *secret_current, + DATA_BLOB *secret_old, + struct security_descriptor *sd); + NTSTATUS (*delete_secret)(struct pdb_methods *methods, + const char *secret_name); + void *private_data; /* Private data of some kind */ void (*free_private_data)(void **); diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 94ed355e2c5..11c186a3988 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -2282,6 +2282,70 @@ static struct pdb_domain_info *pdb_default_get_domain_info( return NULL; } +/******************************************************************* + secret methods + *******************************************************************/ + +NTSTATUS pdb_get_secret(TALLOC_CTX *mem_ctx, + const char *secret_name, + DATA_BLOB *secret_current, + NTTIME *secret_current_lastchange, + DATA_BLOB *secret_old, + NTTIME *secret_old_lastchange, + struct security_descriptor **sd) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->get_secret(pdb, mem_ctx, secret_name, + secret_current, secret_current_lastchange, + secret_old, secret_old_lastchange, + sd); +} + +NTSTATUS pdb_set_secret(const char *secret_name, + DATA_BLOB *secret_current, + DATA_BLOB *secret_old, + struct security_descriptor *sd) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->set_secret(pdb, secret_name, + secret_current, + secret_old, + sd); +} + +NTSTATUS pdb_delete_secret(const char *secret_name) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->delete_secret(pdb, secret_name); +} + +static NTSTATUS pdb_default_get_secret(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + const char *secret_name, + DATA_BLOB *secret_current, + NTTIME *secret_current_lastchange, + DATA_BLOB *secret_old, + NTTIME *secret_old_lastchange, + struct security_descriptor **sd) +{ + return NT_STATUS_NOT_SUPPORTED; +} + +static NTSTATUS pdb_default_set_secret(struct pdb_methods *methods, + const char *secret_name, + DATA_BLOB *secret_current, + DATA_BLOB *secret_old, + struct security_descriptor *sd) +{ + return NT_STATUS_NOT_SUPPORTED; +} + +static NTSTATUS pdb_default_delete_secret(struct pdb_methods *methods, + const char *secret_name) +{ + return NT_STATUS_NOT_SUPPORTED; +} + /******************************************************************* Create a pdb_methods structure and initialize it with the default operations. In this way a passdb module can simply implement @@ -2353,5 +2417,9 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) (*methods)->del_trusted_domain = pdb_default_del_trusted_domain; (*methods)->enum_trusted_domains = pdb_default_enum_trusted_domains; + (*methods)->get_secret = pdb_default_get_secret; + (*methods)->set_secret = pdb_default_set_secret; + (*methods)->delete_secret = pdb_default_delete_secret; + return NT_STATUS_OK; } diff --git a/source3/passdb/proto.h b/source3/passdb/proto.h index 8b95b729597..3699efe7995 100644 --- a/source3/passdb/proto.h +++ b/source3/passdb/proto.h @@ -295,6 +295,18 @@ NTSTATUS pdb_del_trusted_domain(const char *domain); NTSTATUS pdb_enum_trusted_domains(TALLOC_CTX *mem_ctx, uint32_t *num_domains, struct pdb_trusted_domain ***domains); NTSTATUS make_pdb_method( struct pdb_methods **methods ) ; +NTSTATUS pdb_get_secret(TALLOC_CTX *mem_ctx, + const char *secret_name, + DATA_BLOB *secret_current, + NTTIME *secret_current_lastchange, + DATA_BLOB *secret_old, + NTTIME *secret_old_lastchange, + struct security_descriptor **sd); +NTSTATUS pdb_set_secret(const char *secret_name, + DATA_BLOB *secret_current, + DATA_BLOB *secret_old, + struct security_descriptor *sd); +NTSTATUS pdb_delete_secret(const char *secret_name); /* The following definitions come from passdb/pdb_ldap.c */ -- 2.34.1