diff options
author | Michael Adam <obnox@samba.org> | 2007-12-11 14:02:45 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2007-12-13 10:15:18 +0100 |
commit | fe969f9a7fdf823b7701d4cc4cfd55dac81ca90e (patch) | |
tree | 30b06fc79a262546888d65fb9435ade8ce00085f /source3/passdb | |
parent | f793c99ca54d62cb8142607e8449f5b5b3a5e79d (diff) | |
download | samba-fe969f9a7fdf823b7701d4cc4cfd55dac81ca90e.tar.gz samba-fe969f9a7fdf823b7701d4cc4cfd55dac81ca90e.tar.bz2 samba-fe969f9a7fdf823b7701d4cc4cfd55dac81ca90e.zip |
Refactor the lagacy part of secrets_fetch_trust_account_password() out
into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.
Michael
(This used to be commit 91da12b751b3168dc40049f3e90c10d840393efc)
Diffstat (limited to 'source3/passdb')
-rw-r--r-- | source3/passdb/secrets.c | 44 |
1 files changed, 31 insertions, 13 deletions
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 3466f24533..fde7fc0968 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -284,27 +284,19 @@ uint32 get_default_sec_channel(void) /************************************************************************ Routine to get the trust account password for a domain. + This only tries to get the legacy hashed version of the password. The user of this function must have locked the trust password file using the above secrets_lock_trust_account_password(). ************************************************************************/ -bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], - time_t *pass_last_set_time, - uint32 *channel) +bool secrets_fetch_trust_account_password_legacy(const char *domain, + uint8 ret_pwd[16], + time_t *pass_last_set_time, + uint32 *channel) { struct machine_acct_pass *pass; - char *plaintext; size_t size = 0; - plaintext = secrets_fetch_machine_password(domain, pass_last_set_time, - channel); - if (plaintext) { - DEBUG(4,("Using cleartext machine password\n")); - E_md4hash(plaintext, ret_pwd); - SAFE_FREE(plaintext); - return True; - } - if (!(pass = (struct machine_acct_pass *)secrets_fetch( trust_keystr(domain), &size))) { DEBUG(5, ("secrets_fetch failed!\n")); @@ -337,6 +329,32 @@ bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], return True; } +/************************************************************************ + Routine to get the trust account password for a domain. + The user of this function must have locked the trust password file using + the above secrets_lock_trust_account_password(). +************************************************************************/ + +bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], + time_t *pass_last_set_time, + uint32 *channel) +{ + char *plaintext; + + plaintext = secrets_fetch_machine_password(domain, pass_last_set_time, + channel); + if (plaintext) { + DEBUG(4,("Using cleartext machine password\n")); + E_md4hash(plaintext, ret_pwd); + SAFE_FREE(plaintext); + return True; + } + + return secrets_fetch_trust_account_password_legacy(domain, ret_pwd, + pass_last_set_time, + channel); +} + /** * Pack SID passed by pointer * |