summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/winbindd_pam.c35
-rw-r--r--source3/passdb/secrets.c43
-rw-r--r--source3/passdb/smbpassfile.c49
3 files changed, 48 insertions, 79 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 656fb74964..48a1a829eb 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -22,34 +22,6 @@
*/
#include "winbindd.h"
-/************************************************************************
-form a key for fetching a domain trust password
-************************************************************************/
-static char *trust_keystr(char *domain)
-{
- static fstring keystr;
- slprintf(keystr,sizeof(keystr),"%s/%s", SECRETS_MACHINE_ACCT_PASS, domain);
- return keystr;
-}
-
-/************************************************************************
- Routine to get the trust account password for a domain.
- The user of this function must have locked the trust password file.
-************************************************************************/
-static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd, time_t *pass_last_set_time)
-{
- struct machine_acct_pass *pass;
- size_t size;
-
- if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
- size != sizeof(*pass)) return False;
-
- if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
- memcpy(ret_pwd, pass->hash, 16);
- free(pass);
- return True;
-}
-
/* Return a password structure from a username. Specify whether cached data
can be returned. */
@@ -59,7 +31,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
NET_USER_INFO_3 info3;
uchar ntpw[16];
uchar lmpw[16];
- uchar trust_passwd[16];
+ uint8 trust_passwd[16];
uint32 status;
fstring server;
fstring name_domain, name_user;
@@ -76,7 +48,10 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
ZERO_STRUCT(info3);
- if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) return WINBINDD_ERROR;
+ if (!secrets_fetch_trust_account_password(lp_workgroup(),
+ trust_passwd, NULL)) {
+ return WINBINDD_ERROR;
+ }
nt_lm_owf_gen(state->request.data.auth.pass, ntpw, lmpw);
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 459cc6ae36..4093a653d2 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -120,3 +120,46 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid)
return True;
}
+
+/************************************************************************
+form a key for fetching a domain trust password
+************************************************************************/
+static char *trust_keystr(char *domain)
+{
+ static fstring keystr;
+ slprintf(keystr,sizeof(keystr),"%s/%s", SECRETS_MACHINE_ACCT_PASS, domain);
+ return keystr;
+}
+
+/************************************************************************
+ Routine to get the trust account password for a domain.
+ The user of this function must have locked the trust password file.
+************************************************************************/
+BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16],
+ time_t *pass_last_set_time)
+{
+ struct machine_acct_pass *pass;
+ size_t size;
+
+ if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
+ size != sizeof(*pass)) return False;
+
+ if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
+ memcpy(ret_pwd, pass->hash, 16);
+ free(pass);
+ return True;
+}
+
+
+/************************************************************************
+ Routine to set the trust account password for a domain.
+************************************************************************/
+BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16])
+{
+ struct machine_acct_pass pass;
+
+ pass.mod_time = time(NULL);
+ memcpy(pass.hash, new_pwd, 16);
+
+ return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
+}
diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c
index 608f47ea9b..c915c8365a 100644
--- a/source3/passdb/smbpassfile.c
+++ b/source3/passdb/smbpassfile.c
@@ -318,52 +318,3 @@ BOOL trust_password_delete(char *domain)
return secrets_delete(trust_keystr(domain));
}
-/************************************************************************
- Routine to get the trust account password for a domain.
-************************************************************************/
-
-BOOL get_trust_account_password(char *domain, unsigned char *ret_pwd, time_t *pass_last_set_time)
-{
- struct machine_acct_pass *pass;
- size_t size;
-
- /*
- * Firstly check if we need to migrate an old DOMAIN.MACHINE.mac
- * file into the secrets file.
- */
-
- migrate_from_old_password_file(domain);
-
- if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
- size != sizeof(*pass)) return False;
-
- /*
- * Here we check the last change time to see if the machine
- * password needs changing. JRA.
- */
-
- if(time(NULL) > pass->mod_time + lp_machine_password_timeout())
- global_machine_password_needs_changing = True;
-
- if (pass_last_set_time)
- *pass_last_set_time = pass->mod_time;
-
- memcpy(ret_pwd, pass->hash, 16);
- free(pass);
-
- return True;
-}
-
-/************************************************************************
- Routine to get the trust account password for a domain.
-************************************************************************/
-
-BOOL set_trust_account_password(char *domain, unsigned char *md4_new_pwd)
-{
- struct machine_acct_pass pass;
-
- pass.mod_time = time(NULL);
- memcpy(pass.hash, md4_new_pwd, 16);
-
- return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
-}