diff options
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 35 | ||||
-rw-r--r-- | source3/passdb/secrets.c | 43 | ||||
-rw-r--r-- | source3/passdb/smbpassfile.c | 49 |
3 files changed, 48 insertions, 79 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 656fb74964..48a1a829eb 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -22,34 +22,6 @@ */ #include "winbindd.h" -/************************************************************************ -form a key for fetching a domain trust password -************************************************************************/ -static char *trust_keystr(char *domain) -{ - static fstring keystr; - slprintf(keystr,sizeof(keystr),"%s/%s", SECRETS_MACHINE_ACCT_PASS, domain); - return keystr; -} - -/************************************************************************ - Routine to get the trust account password for a domain. - The user of this function must have locked the trust password file. -************************************************************************/ -static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd, time_t *pass_last_set_time) -{ - struct machine_acct_pass *pass; - size_t size; - - if (!(pass = secrets_fetch(trust_keystr(domain), &size)) || - size != sizeof(*pass)) return False; - - if (pass_last_set_time) *pass_last_set_time = pass->mod_time; - memcpy(ret_pwd, pass->hash, 16); - free(pass); - return True; -} - /* Return a password structure from a username. Specify whether cached data can be returned. */ @@ -59,7 +31,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) NET_USER_INFO_3 info3; uchar ntpw[16]; uchar lmpw[16]; - uchar trust_passwd[16]; + uint8 trust_passwd[16]; uint32 status; fstring server; fstring name_domain, name_user; @@ -76,7 +48,10 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) ZERO_STRUCT(info3); - if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) return WINBINDD_ERROR; + if (!secrets_fetch_trust_account_password(lp_workgroup(), + trust_passwd, NULL)) { + return WINBINDD_ERROR; + } nt_lm_owf_gen(state->request.data.auth.pass, ntpw, lmpw); diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 459cc6ae36..4093a653d2 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -120,3 +120,46 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid) return True; } + +/************************************************************************ +form a key for fetching a domain trust password +************************************************************************/ +static char *trust_keystr(char *domain) +{ + static fstring keystr; + slprintf(keystr,sizeof(keystr),"%s/%s", SECRETS_MACHINE_ACCT_PASS, domain); + return keystr; +} + +/************************************************************************ + Routine to get the trust account password for a domain. + The user of this function must have locked the trust password file. +************************************************************************/ +BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16], + time_t *pass_last_set_time) +{ + struct machine_acct_pass *pass; + size_t size; + + if (!(pass = secrets_fetch(trust_keystr(domain), &size)) || + size != sizeof(*pass)) return False; + + if (pass_last_set_time) *pass_last_set_time = pass->mod_time; + memcpy(ret_pwd, pass->hash, 16); + free(pass); + return True; +} + + +/************************************************************************ + Routine to set the trust account password for a domain. +************************************************************************/ +BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16]) +{ + struct machine_acct_pass pass; + + pass.mod_time = time(NULL); + memcpy(pass.hash, new_pwd, 16); + + return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass)); +} diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c index 608f47ea9b..c915c8365a 100644 --- a/source3/passdb/smbpassfile.c +++ b/source3/passdb/smbpassfile.c @@ -318,52 +318,3 @@ BOOL trust_password_delete(char *domain) return secrets_delete(trust_keystr(domain)); } -/************************************************************************ - Routine to get the trust account password for a domain. -************************************************************************/ - -BOOL get_trust_account_password(char *domain, unsigned char *ret_pwd, time_t *pass_last_set_time) -{ - struct machine_acct_pass *pass; - size_t size; - - /* - * Firstly check if we need to migrate an old DOMAIN.MACHINE.mac - * file into the secrets file. - */ - - migrate_from_old_password_file(domain); - - if (!(pass = secrets_fetch(trust_keystr(domain), &size)) || - size != sizeof(*pass)) return False; - - /* - * Here we check the last change time to see if the machine - * password needs changing. JRA. - */ - - if(time(NULL) > pass->mod_time + lp_machine_password_timeout()) - global_machine_password_needs_changing = True; - - if (pass_last_set_time) - *pass_last_set_time = pass->mod_time; - - memcpy(ret_pwd, pass->hash, 16); - free(pass); - - return True; -} - -/************************************************************************ - Routine to get the trust account password for a domain. -************************************************************************/ - -BOOL set_trust_account_password(char *domain, unsigned char *md4_new_pwd) -{ - struct machine_acct_pass pass; - - pass.mod_time = time(NULL); - memcpy(pass.hash, md4_new_pwd, 16); - - return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass)); -} |