This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
Read a SID from a file. This is for compatibility with the old MACHINE.SID
style of SID storage
****************************************************************************/
-static BOOL read_sid_from_file(const char *fname, DOM_SID *sid)
+
+static bool read_sid_from_file(const char *fname, DOM_SID *sid)
{
char **lines;
int numlines;
- BOOL ret;
+ bool ret;
- lines = file_lines_load(fname, &numlines);
+ lines = file_lines_load(fname, &numlines,0, NULL);
if (!lines || numlines < 1) {
- if (lines) file_lines_free(lines);
+ if (lines) TALLOC_FREE(lines);
return False;
}
ret = string_to_sid(sid, lines[0]);
- file_lines_free(lines);
+ TALLOC_FREE(lines);
return ret;
}
}
/* check for an old MACHINE.SID file for backwards compatibility */
- asprintf(&fname, "%s/MACHINE.SID", lp_private_dir());
+ if (asprintf(&fname, "%s/MACHINE.SID", lp_private_dir()) == -1) {
+ SAFE_FREE(sam_sid);
+ return NULL;
+ }
if (read_sid_from_file(fname, sam_sid)) {
/* remember it for future reference and unlink the old MACHINE.SID */
/* return our global_sam_sid */
DOM_SID *get_global_sam_sid(void)
{
+ struct db_context *db;
+
if (global_sam_sid != NULL)
return global_sam_sid;
- /* memory for global_sam_sid is allocated in
- pdb_generate_sam_sid() as needed */
+ /*
+ * memory for global_sam_sid is allocated in
+ * pdb_generate_sam_sid() as needed
+ *
+ * Note: this is garded by a transaction
+ * to prevent races on startup which
+ * can happen with some dbwrap backends
+ */
+
+ db = secrets_db_ctx();
+ if (!db) {
+ smb_panic("could not open secrets db");
+ }
+
+ if (db->transaction_start(db) != 0) {
+ smb_panic("could not start transaction on secrets db");
+ }
if (!(global_sam_sid = pdb_generate_sam_sid())) {
- smb_panic("Could not generate a machine SID\n");
+ db->transaction_cancel(db);
+ smb_panic("could not generate a machine SID");
+ }
+
+ if (db->transaction_commit(db) != 0) {
+ smb_panic("could not start commit secrets db");
}
return global_sam_sid;
{
SAFE_FREE(global_sam_sid);
}
+
+/*****************************************************************
+ Check if the SID is our domain SID (S-1-5-21-x-y-z).
+*****************************************************************/
+
+bool sid_check_is_domain(const DOM_SID *sid)
+{
+ return sid_equal(sid, get_global_sam_sid());
+}
+
+/*****************************************************************
+ Check if the SID is our domain SID (S-1-5-21-x-y-z).
+*****************************************************************/
+
+bool sid_check_is_in_our_domain(const DOM_SID *sid)
+{
+ DOM_SID dom_sid;
+ uint32 rid;
+
+ sid_copy(&dom_sid, sid);
+ sid_split_rid(&dom_sid, &rid);
+ return sid_check_is_domain(&dom_sid);
+}