diff options
| author | Volker Lendecke <vlendec@samba.org> | 2007-01-16 08:17:26 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:17:10 -0500 |
| commit | b906886e9e9739877fef4c381c46a9a9d61859ba (patch) | |
| tree | 923e6ec17401a2f034ad38459b296dda8441ed11 /source3/passdb/passdb.c | |
| parent | 14ddce8b64b559e0db25e2b79dd16d8f3d9aff26 (diff) | |
| download | samba-b906886e9e9739877fef4c381c46a9a9d61859ba.tar.gz samba-b906886e9e9739877fef4c381c46a9a9d61859ba.tar.bz2 samba-b906886e9e9739877fef4c381c46a9a9d61859ba.zip | |
r20824: Send access to the trusted domain passwords through the pdb backend, so that
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
Diffstat (limited to 'source3/passdb/passdb.c')
| -rw-r--r-- | source3/passdb/passdb.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 310ab50d14..266b28fe95 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1523,3 +1523,46 @@ BOOL pdb_increment_bad_password_count(struct samu *sampass) return True; } + + +/******************************************************************* + Wrapper around retrieving the trust account password +*******************************************************************/ + +BOOL get_trust_pw(const char *domain, uint8 ret_pwd[16], uint32 *channel) +{ + DOM_SID sid; + char *pwd; + time_t last_set_time; + + /* if we are a DC and this is not our domain, then lookup an account + for the domain trust */ + + if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains() ) { + if (!pdb_get_trusteddom_pw(domain, &pwd, &sid, &last_set_time)) { + DEBUG(0, ("get_trust_pw: could not fetch trust " + "account password for trusted domain %s\n", + domain)); + return False; + } + + *channel = SEC_CHAN_DOMAIN; + E_md4hash(pwd, ret_pwd); + SAFE_FREE(pwd); + + return True; + } + + /* Just get the account for the requested domain. In the future this + * might also cover to be member of more than one domain. */ + + if (secrets_fetch_trust_account_password(domain, ret_pwd, + &last_set_time, channel)) + return True; + + DEBUG(5, ("get_trust_pw: could not fetch trust account " + "password for domain %s\n", domain)); + return False; +} + +/* END */ |