added _lsa_query_secret implementation.

author: Luke Leighton <lkcl@samba.org> 2000-02-10 09:34:12 +0000
committer: Luke Leighton <lkcl@samba.org> 2000-02-10 09:34:12 +0000
commit: 0cac988d687857db0cb9b00e7cd602668bce0b63 (patch)
tree: eb409680f51e4dfcdb73195956b519f6f120ddc0 /source/lsarpcd
parent: 2dcd4943ae34e22657f3c196a9560ead08f6ae0f (diff)
download: samba-0cac988d687857db0cb9b00e7cd602668bce0b63.tar.gz
2 files changed, 117 insertions, 0 deletions
diff --git a/source/lsarpcd/srv_lsa.c b/source/lsarpcd/srv_lsa.c
index 0e54ef6a29a..4bf0ba81099 100644
--- a/source/lsarpcd/srv_lsa.c
+++ b/source/lsarpcd/srv_lsa.c
@@ -472,6 +472,53 @@ static void api_lsa_create_secret( rpcsrv_struct *p, prs_struct *data,
 }
 
 /***************************************************************************
+ api_lsa_query_secret.  AGH!  HACK! :)
+ ***************************************************************************/
+static void api_lsa_query_secret( rpcsrv_struct *p, prs_struct *data,
+                                  prs_struct *rdata)
+{
+	LSA_R_QUERY_SECRET r_o;
+	LSA_Q_QUERY_SECRET q_o;
+	NTTIME *curtim = NULL;
+	NTTIME *oldtim = NULL;
+	STRING2 *curval = NULL;
+	STRING2 *oldval = NULL;
+
+	ZERO_STRUCT(r_o);
+	ZERO_STRUCT(q_o);
+
+	lsa_io_q_query_secret("", &q_o, data, 0);
+
+	/* HACK! */
+	if (q_o.sec.curinfo.ptr_value  != 0) curval = &q_o.sec.curinfo.value.enc_secret;
+	if (q_o.sec.curinfo.ptr_update != 0) curtim = &q_o.sec.curinfo.last_update;
+	if (q_o.sec.oldinfo.ptr_value  != 0) oldval = &q_o.sec.oldinfo.value.enc_secret;
+	if (q_o.sec.oldinfo.ptr_update != 0) oldtim = &q_o.sec.oldinfo.last_update;
+
+	r_o.status = _lsa_query_secret(&q_o.pol,
+	                                curval, curtim,
+	                                oldval, oldtim);
+
+	memcpy(&r_o.sec, &q_o.sec, sizeof(r_o.sec)); /* urgh! HACK! */
+	if (r_o.sec.curinfo.ptr_value != 0) /* MORE HACK! */
+	{
+		r_o.sec.curinfo.value.ptr_secret = 1;
+		make_strhdr2(&r_o.sec.curinfo.value.hdr_secret,
+		              r_o.sec.curinfo.value.enc_secret.str_str_len,
+		              r_o.sec.curinfo.value.enc_secret.str_max_len, 1);
+	}
+	if (r_o.sec.oldinfo.ptr_value != 0) /* MORE HACK! */
+	{
+		r_o.sec.curinfo.value.ptr_secret = 1;
+		make_strhdr2(&r_o.sec.oldinfo.value.hdr_secret,
+		              r_o.sec.oldinfo.value.enc_secret.str_str_len,
+		              r_o.sec.oldinfo.value.enc_secret.str_max_len, 1);
+	}
+
+	lsa_io_r_query_secret("", &r_o, rdata, 0);
+}
+
+/***************************************************************************
  api_lsa_open_secret
  ***************************************************************************/
 static void api_lsa_open_secret( rpcsrv_struct *p, prs_struct *data,
@@ -501,6 +548,7 @@ static const struct api_struct api_lsa_cmds[] =
 	{ "LSA_ENUMTRUSTDOM"   , LSA_ENUMTRUSTDOM   , api_lsa_enum_trust_dom },
 	{ "LSA_CLOSE"          , LSA_CLOSE          , api_lsa_close          },
 	{ "LSA_OPENSECRET"     , LSA_OPENSECRET     , api_lsa_open_secret    },
+	{ "LSA_QUERYSECRET"    , LSA_QUERYSECRET    , api_lsa_query_secret   },
 	{ "LSA_CREATESECRET"   , LSA_CREATESECRET   , api_lsa_create_secret  },
 	{ "LSA_LOOKUPSIDS"     , LSA_LOOKUPSIDS     , api_lsa_lookup_sids    },
 	{ "LSA_LOOKUPNAMES"    , LSA_LOOKUPNAMES    , api_lsa_lookup_names   },
diff --git a/source/lsarpcd/srv_lsa_samdb.c b/source/lsarpcd/srv_lsa_samdb.c
index bef698c704c..12a91539060 100644
--- a/source/lsarpcd/srv_lsa_samdb.c
+++ b/source/lsarpcd/srv_lsa_samdb.c
@@ -553,6 +553,75 @@ uint32 _lsa_create_secret(const POLICY_HND *hnd,
 }
 
 /***************************************************************************
+ _lsa_query_secret
+ ***************************************************************************/
+uint32 _lsa_query_secret(const POLICY_HND *hnd_secret,
+				STRING2 *curval, NTTIME *curtime,
+				STRING2 *oldval, NTTIME *oldtime)
+{
+	TDB_CONTEXT *tdb = NULL;
+	UNISTR2 secret_name;
+	LSA_SECRET *sec = NULL;
+	uchar user_sess_key[16];
+
+	if (!pol_get_usr_sesskey(get_global_hnd_cache(), hnd_secret,
+	                         user_sess_key))
+	{
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	dump_data_pw("sess_key:", user_sess_key, 16);
+
+	ZERO_STRUCT(sec);
+	ZERO_STRUCT(secret_name);
+
+	if (!get_tdbsecname(get_global_hnd_cache(), hnd_secret, &tdb,
+	                    &secret_name))
+	{
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (!tdb_lookup_secret(tdb, &secret_name, &sec))
+	{
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (sec == NULL)
+	{
+		return NT_STATUS_ACCESS_DENIED;
+	}
+		
+	if (curtime != NULL)
+	{
+		(*curtime) = sec->curinfo.last_update;
+	}
+	if (oldtime != NULL)
+	{
+		(*oldtime) = sec->oldinfo.last_update;
+	}
+	if (curval != NULL)
+	{
+		if (!nt_encrypt_string2(curval, &sec->curinfo.value.enc_secret,
+		                        user_sess_key))
+		{
+			safe_free(sec);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	}
+	if (oldval != NULL)
+	{
+		if (!nt_encrypt_string2(oldval, &sec->oldinfo.value.enc_secret,
+		                        user_sess_key))
+		{
+			safe_free(sec);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	}
+	safe_free(sec);
+	return NT_STATUS_NOPROBLEMO;
+}
+
+/***************************************************************************
  _lsa_open_secret
  ***************************************************************************/
 uint32 _lsa_open_secret(const POLICY_HND *hnd,
author	Luke Leighton <lkcl@samba.org>	2000-02-10 09:34:12 +0000
committer	Luke Leighton <lkcl@samba.org>	2000-02-10 09:34:12 +0000
commit	0cac988d687857db0cb9b00e7cd602668bce0b63 (patch)
tree	eb409680f51e4dfcdb73195956b519f6f120ddc0 /source/lsarpcd
parent	2dcd4943ae34e22657f3c196a9560ead08f6ae0f (diff)
download	samba-0cac988d687857db0cb9b00e7cd602668bce0b63.tar.gz