1 files changed, 43 insertions, 0 deletions

diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 459cc6ae36..4093a653d2 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -120,3 +120,46 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid)
 	return True;
 }
 
+
+/************************************************************************
+form a key for fetching a domain trust password
+************************************************************************/
+static char *trust_keystr(char *domain)
+{
+	static fstring keystr;
+	slprintf(keystr,sizeof(keystr),"%s/%s", SECRETS_MACHINE_ACCT_PASS, domain);
+	return keystr;
+}
+
+/************************************************************************
+ Routine to get the trust account password for a domain.
+ The user of this function must have locked the trust password file.
+************************************************************************/
+BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16],
+					  time_t *pass_last_set_time)
+{
+	struct machine_acct_pass *pass;
+	size_t size;
+
+	if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
+	    size != sizeof(*pass)) return False;
+
+	if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
+	memcpy(ret_pwd, pass->hash, 16);
+	free(pass);
+	return True;
+}
+
+
+/************************************************************************
+ Routine to set the trust account password for a domain.
+************************************************************************/
+BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16])
+{
+	struct machine_acct_pass pass;
+
+	pass.mod_time = time(NULL);
+	memcpy(pass.hash, new_pwd, 16);
+
+	return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
+}