bool secrets_fetch_afs_key(const char *cell, struct afs_key *result);
void secrets_fetch_ipc_userpass(char **username, char **domain, char **password);
TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx);
-bool secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx,
- const char *remote_machine,
- const struct dcinfo *pdc);
-bool secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx,
- const char *remote_machine,
- struct dcinfo **ppdc);
bool secrets_store_generic(const char *owner, const char *key, const char *secret);
char *secrets_fetch_generic(const char *owner, const char *key);
bool secrets_store_local_schannel_key(uint8_t schannel_key[16]);
return tdb_sc;
}
-/******************************************************************************
- Store the schannel state after an AUTH2 call.
- Note we must be root here.
-*******************************************************************************/
-
-bool secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx,
- const char *remote_machine,
- const struct dcinfo *pdc)
-{
- TDB_CONTEXT *tdb_sc = NULL;
- TDB_DATA value;
- bool ret;
- char *keystr = talloc_asprintf_strupper_m(mem_ctx, "%s/%s",
- SECRETS_SCHANNEL_STATE,
- remote_machine);
- if (!keystr) {
- return False;
- }
-
- /* Work out how large the record is. */
- value.dsize = tdb_pack(NULL, 0, "dBBBBBfff",
- pdc->sequence,
- 8, pdc->seed_chal.data,
- 8, pdc->clnt_chal.data,
- 8, pdc->srv_chal.data,
- 16, pdc->sess_key,
- 16, pdc->mach_pw,
- pdc->mach_acct,
- pdc->remote_machine,
- pdc->domain);
-
- value.dptr = TALLOC_ARRAY(mem_ctx, uint8, value.dsize);
- if (!value.dptr) {
- TALLOC_FREE(keystr);
- return False;
- }
-
- value.dsize = tdb_pack(value.dptr, value.dsize, "dBBBBBfff",
- pdc->sequence,
- 8, pdc->seed_chal.data,
- 8, pdc->clnt_chal.data,
- 8, pdc->srv_chal.data,
- 16, pdc->sess_key,
- 16, pdc->mach_pw,
- pdc->mach_acct,
- pdc->remote_machine,
- pdc->domain);
-
- tdb_sc = open_schannel_session_store(mem_ctx);
- if (!tdb_sc) {
- TALLOC_FREE(keystr);
- TALLOC_FREE(value.dptr);
- return False;
- }
-
- ret = (tdb_store_bystring(tdb_sc, keystr, value, TDB_REPLACE) == 0 ? True : False);
-
- DEBUG(3,("secrets_store_schannel_session_info: stored schannel info with key %s\n",
- keystr ));
-
- tdb_close(tdb_sc);
- TALLOC_FREE(keystr);
- TALLOC_FREE(value.dptr);
- return ret;
-}
-
-/******************************************************************************
- Restore the schannel state on a client reconnect.
- Note we must be root here.
-*******************************************************************************/
-
-bool secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx,
- const char *remote_machine,
- struct dcinfo **ppdc)
-{
- TDB_CONTEXT *tdb_sc = NULL;
- TDB_DATA value;
- unsigned char *pseed_chal = NULL;
- unsigned char *pclnt_chal = NULL;
- unsigned char *psrv_chal = NULL;
- unsigned char *psess_key = NULL;
- unsigned char *pmach_pw = NULL;
- uint32 l1, l2, l3, l4, l5;
- int ret;
- struct dcinfo *pdc = NULL;
- char *keystr = talloc_asprintf_strupper_m(mem_ctx, "%s/%s",
- SECRETS_SCHANNEL_STATE,
- remote_machine);
-
- *ppdc = NULL;
-
- if (!keystr) {
- return False;
- }
-
- tdb_sc = open_schannel_session_store(mem_ctx);
- if (!tdb_sc) {
- TALLOC_FREE(keystr);
- return False;
- }
-
- value = tdb_fetch_bystring(tdb_sc, keystr);
- if (!value.dptr) {
- DEBUG(0,("secrets_restore_schannel_session_info: Failed to find entry with key %s\n",
- keystr ));
- tdb_close(tdb_sc);
- return False;
- }
-
- pdc = TALLOC_ZERO_P(mem_ctx, struct dcinfo);
-
- /* Retrieve the record. */
- ret = tdb_unpack(value.dptr, value.dsize, "dBBBBBfff",
- &pdc->sequence,
- &l1, &pseed_chal,
- &l2, &pclnt_chal,
- &l3, &psrv_chal,
- &l4, &psess_key,
- &l5, &pmach_pw,
- &pdc->mach_acct,
- &pdc->remote_machine,
- &pdc->domain);
-
- if (ret == -1 || l1 != 8 || l2 != 8 || l3 != 8 || l4 != 16 || l5 != 16) {
- /* Bad record - delete it. */
- tdb_delete_bystring(tdb_sc, keystr);
- tdb_close(tdb_sc);
- TALLOC_FREE(keystr);
- TALLOC_FREE(pdc);
- SAFE_FREE(pseed_chal);
- SAFE_FREE(pclnt_chal);
- SAFE_FREE(psrv_chal);
- SAFE_FREE(psess_key);
- SAFE_FREE(pmach_pw);
- SAFE_FREE(value.dptr);
- return False;
- }
-
- tdb_close(tdb_sc);
-
- memcpy(pdc->seed_chal.data, pseed_chal, 8);
- memcpy(pdc->clnt_chal.data, pclnt_chal, 8);
- memcpy(pdc->srv_chal.data, psrv_chal, 8);
- memcpy(pdc->sess_key, psess_key, 16);
- memcpy(pdc->mach_pw, pmach_pw, 16);
-
- /* We know these are true so didn't bother to store them. */
- pdc->challenge_sent = True;
- pdc->authenticated = True;
-
- DEBUG(3,("secrets_restore_schannel_session_info: restored schannel info key %s\n",
- keystr ));
-
- SAFE_FREE(pseed_chal);
- SAFE_FREE(pclnt_chal);
- SAFE_FREE(psrv_chal);
- SAFE_FREE(psess_key);
- SAFE_FREE(pmach_pw);
-
- TALLOC_FREE(keystr);
- SAFE_FREE(value.dptr);
-
- *ppdc = pdc;
-
- return True;
-}
-
bool secrets_store_generic(const char *owner, const char *key, const char *secret)
{
char *tdbkey = NULL;
git.samba.org / ira / wip.git / commitdiff