style of SID storage
****************************************************************************/
-static BOOL read_sid_from_file(const char *fname, DOM_SID *sid)
+static bool read_sid_from_file(const char *fname, DOM_SID *sid)
{
char **lines;
int numlines;
- BOOL ret;
+ bool ret;
- lines = file_lines_load(fname, &numlines,0);
+ lines = file_lines_load(fname, &numlines,0, NULL);
if (!lines || numlines < 1) {
- if (lines) file_lines_free(lines);
+ if (lines) TALLOC_FREE(lines);
return False;
}
ret = string_to_sid(sid, lines[0]);
- file_lines_free(lines);
+ TALLOC_FREE(lines);
return ret;
}
}
/* check for an old MACHINE.SID file for backwards compatibility */
- asprintf(&fname, "%s/MACHINE.SID", lp_private_dir());
+ if (asprintf(&fname, "%s/MACHINE.SID", lp_private_dir()) == -1) {
+ SAFE_FREE(sam_sid);
+ return NULL;
+ }
if (read_sid_from_file(fname, sam_sid)) {
/* remember it for future reference and unlink the old MACHINE.SID */
/* return our global_sam_sid */
DOM_SID *get_global_sam_sid(void)
{
+ struct db_context *db;
+
if (global_sam_sid != NULL)
return global_sam_sid;
- /* memory for global_sam_sid is allocated in
- pdb_generate_sam_sid() as needed */
+ /*
+ * memory for global_sam_sid is allocated in
+ * pdb_generate_sam_sid() as needed
+ *
+ * Note: this is garded by a transaction
+ * to prevent races on startup which
+ * can happen with some dbwrap backends
+ */
+
+ db = secrets_db_ctx();
+ if (!db) {
+ smb_panic("could not open secrets db");
+ }
+
+ if (db->transaction_start(db) != 0) {
+ smb_panic("could not start transaction on secrets db");
+ }
if (!(global_sam_sid = pdb_generate_sam_sid())) {
+ db->transaction_cancel(db);
smb_panic("could not generate a machine SID");
}
+ if (db->transaction_commit(db) != 0) {
+ smb_panic("could not start commit secrets db");
+ }
+
return global_sam_sid;
}
Check if the SID is our domain SID (S-1-5-21-x-y-z).
*****************************************************************/
-BOOL sid_check_is_domain(const DOM_SID *sid)
+bool sid_check_is_domain(const DOM_SID *sid)
{
return sid_equal(sid, get_global_sam_sid());
}
Check if the SID is our domain SID (S-1-5-21-x-y-z).
*****************************************************************/
-BOOL sid_check_is_in_our_domain(const DOM_SID *sid)
+bool sid_check_is_in_our_domain(const DOM_SID *sid)
{
DOM_SID dom_sid;
uint32 rid;