/* 

 * Samba LDB module univention_machine_secret

 *	sample LDB Module for storing /tmp/machine.secret

 *

 * Copyright 2011-2012 Univention GmbH

 *

 * http://www.univention.de/

 *

 * All rights reserved.

 *

 * The source code of this program is made available

 * under the terms of the GNU Affero General Public License version 3

 * (GNU AGPL V3) as published by the Free Software Foundation.

 *

 * Binary versions of this program provided by Univention to you as

 * well as other copyrighted, protected or trademarked materials like

 * Logos, graphics, fonts, specific documentations and configurations,

 * cryptographic keys etc. are subject to a license agreement between

 * you and Univention and not subject to the GNU AGPL V3.

 *

 * In the case you use this program under the terms of the GNU AGPL V3,

 * the program is provided in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

 * GNU Affero General Public License for more details.

 *

 * You should have received a copy of the GNU Affero General Public

 * License with the Debian GNU/Linux or Univention distribution in file

 * /usr/share/common-licenses/AGPL-3; if not, see

 * <http://www.gnu.org/licenses/>.

 */

/* univention_machine_secret was derived from the tests/sample_module

   Unix SMB/CIFS implementation.

   Samba utility functions

   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007

     ** NOTE! The following LGPL license applies to the ldb

     ** library. This does NOT imply that all of Samba is released

     ** under the LGPL

   This library is free software; you can redistribute it and/or

   modify it under the terms of the GNU Lesser General Public

   License as published by the Free Software Foundation; either

   version 3 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,

   but WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public

   License along with this library; if not, see <http://www.gnu.org/licenses/>.

*/

#include "ldb_module.h"

#include <unistd.h>

#include <fcntl.h>

static int univention_machine_secret_add(struct ldb_module *module, struct ldb_request *req)

{

	struct ldb_message_element *attribute;

	struct ldb_context *ldb;

	TALLOC_CTX *tmp_ctx;

	char hostname[256];

	struct ldb_result *res = NULL;

	int fd;

	int ret;

	ldb = ldb_module_get_ctx(module);

	ldb_debug(ldb, LDB_DEBUG_TRACE, ("LDB_univention_machine_secret: ldb_add\n"));

	ret = ldb_next_request(module, req);

	if ( ret == LDB_SUCCESS ) {

		attribute = ldb_msg_find_element(req->op.add.message, "secret");

		if (attribute) {

			ldb = ldb_module_get_ctx(module);

			tmp_ctx = talloc_new(module);

			hostname[255] = '\0';

			gethostname(hostname, 255);

			static const char * const attrs[] = { "dn", NULL };

			ret = ldb_search(ldb, tmp_ctx, &res, req->op.mod.message->dn, LDB_SCOPE_BASE, attrs, "samAccountName=%s$", hostname);

			if ( ret == LDB_SUCCESS && attribute->num_values == 1 ) {

				ldb_debug(ldb, LDB_DEBUG_TRACE, ("LDB_univention_machine_secret: ldb_add: secret modified: %s\n", (const char *)attribute->values[0].data));

				fd = open("/tmp/machine.secret", O_WRONLY |O_CREAT |O_TRUNC);

				if (fd != -1) {

					write(fd, (const char *)attribute->values[0].data, attribute->values[0].length);

					close(fd);

				} else {

					ldb_debug(ldb, LDB_DEBUG_ERROR, ("LDB_univention_machine_secret: error opening file /tmp/machine.secret\n"));

				}

			}

			talloc_free(tmp_ctx);

		}

	}

	return ret;

}

static int univention_machine_secret_modify(struct ldb_module *module, struct ldb_request *req)

{

	struct ldb_message_element *attribute;

	struct ldb_context *ldb;

	TALLOC_CTX *tmp_ctx;

	char hostname[256];

	struct ldb_result *res = NULL;

	int fd;

	int ret;

	ldb = ldb_module_get_ctx(module);

	ldb_debug(ldb, LDB_DEBUG_TRACE, ("LDB_univention_machine_secret: ldb_modify\n"));

	ret = ldb_next_request(module, req);

	if ( ret == LDB_SUCCESS ) {

		attribute = ldb_msg_find_element(req->op.mod.message, "secret");

		if (attribute) {

			ldb = ldb_module_get_ctx(module);

			tmp_ctx = talloc_new(module);

			hostname[255] = '\0';

			gethostname(hostname, 255);

			static const char * const attrs[] = { "dn", NULL };

			ret = ldb_search(ldb, tmp_ctx, &res, req->op.mod.message->dn, LDB_SCOPE_BASE, attrs, "samAccountName=%s$", hostname);

			if ( ret == LDB_SUCCESS && attribute->num_values == 1 ) {

				ldb_debug(ldb, LDB_DEBUG_TRACE, ("LDB_univention_machine_secret: ldb_modify: secret modified: %s\n", (const char *)attribute->values[0].data));

				fd = open("/tmp/machine.secret", O_WRONLY |O_CREAT |O_TRUNC);

				if (fd != -1) {

					write(fd, (const char *)attribute->values[0].data, attribute->values[0].length);

					close(fd);

				} else {

					ldb_debug(ldb, LDB_DEBUG_ERROR, ("LDB_univention_machine_secret: error opening file /tmp/machine.secret\n"));

				}

			}

			talloc_free(tmp_ctx);

		}

	}

	return ret;

}

static struct ldb_module_ops ldb_univention_machine_secret_module_ops = {

	.name              = "univention_machine_secret",

	.add		   = univention_machine_secret_add,

	.modify		   = univention_machine_secret_modify,

};

int ldb_univention_machine_secret_init(const char *version)

{

	LDB_MODULE_CHECK_VERSION(version);

	return ldb_register_module(&ldb_univention_machine_secret_module_ops);

}

        bld.SAMBA_MODULE('ldb_univention_machine_secret',

                         'modules/univention_machine_secret.c',

                         init_function='ldb_univention_machine_secret_init',

                         internal_module=False,

                         module_init_name='ldb_init_module',

                         deps='ldb',

                         subsystem='ldb')