From aa6055debd078504f6a7ed861443b02672fc9067 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 13 Mar 2007 16:13:24 +0000 Subject: r21823: Let secrets_store_machine_password() also store the account name. Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker (This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93) --- source3/include/secrets.h | 1 + source3/libads/util.c | 4 +++- source3/libsmb/trusts_util.c | 5 ++++- source3/passdb/secrets.c | 21 ++++++++++++++++++++- source3/utils/net.c | 4 +++- source3/utils/net_domain.c | 3 ++- source3/utils/net_rpc_join.c | 4 +++- 7 files changed, 36 insertions(+), 6 deletions(-) diff --git a/source3/include/secrets.h b/source3/include/secrets.h index 610a14b52b..cd8396ca7a 100644 --- a/source3/include/secrets.h +++ b/source3/include/secrets.h @@ -26,6 +26,7 @@ */ #define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC" #define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD" +#define SECRETS_MACHINE_ACCOUNTNAME "SECRETS/MACHINE_ACCOUNTNAME" #define SECRETS_MACHINE_LAST_CHANGE_TIME "SECRETS/MACHINE_LAST_CHANGE_TIME" #define SECRETS_MACHINE_SEC_CHANNEL_TYPE "SECRETS/MACHINE_SEC_CHANNEL_TYPE" #define SECRETS_MACHINE_TRUST_ACCOUNT_NAME "SECRETS/SECRETS_MACHINE_TRUST_ACCOUNT_NAME" diff --git a/source3/libads/util.c b/source3/libads/util.c index eb6dccb3af..669ed7d141 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -42,7 +42,9 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip goto failed; } - if (!secrets_store_machine_password(new_password, lp_workgroup(), sec_channel_type)) { + if (!secrets_store_machine_password(new_password, global_myname(), + lp_workgroup(), + sec_channel_type)) { DEBUG(1,("Failed to save machine password\n")); ret = ADS_ERROR_SYSTEM(EACCES); goto failed; diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index e4061883eb..3460f2c47c 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -104,7 +104,10 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m * Return the result of trying to write the new password * back into the trust account file. */ - if (!secrets_store_machine_password(new_trust_passwd, domain, sec_channel_type)) { + if (!secrets_store_machine_password(new_trust_passwd, + global_myname(), + domain, + sec_channel_type)) { nt_status = NT_STATUS_UNSUCCESSFUL; } } diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 15c79745a0..21a55b09a0 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -553,7 +553,10 @@ BOOL secrets_store_trusted_domain_password(const char* domain, const char* pwd, the password is assumed to be a null terminated ascii string ************************************************************************/ -BOOL secrets_store_machine_password(const char *pass, const char *domain, uint32 sec_channel) +BOOL secrets_store_machine_password(const char *pass, + const char *accountname, + const char *domain, + uint32 sec_channel) { char *key = NULL; BOOL ret = False; @@ -581,6 +584,22 @@ BOOL secrets_store_machine_password(const char *pass, const char *domain, uint32 goto fail; } + if (asprintf(&key, "%s/%s", SECRETS_MACHINE_ACCOUNTNAME, + domain) == -1) { + DEBUG(5, ("asprintf failed\n")); + goto fail; + } + strupper_m(key); + + ret = secrets_store(key, accountname, strlen(accountname)+1); + SAFE_FREE(key); + + if (!ret) { + DEBUG(5, ("secrets_store failed: %s\n", + tdb_errorstr(tdb))); + goto fail; + } + if (asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME, domain) == -1) { DEBUG(5, ("asprintf failed\n")); diff --git a/source3/utils/net.c b/source3/utils/net.c index 5a9b7d31ec..acd7bfb797 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -555,7 +555,9 @@ static int net_changesecretpw(int argc, const char **argv) trust_pw = get_pass("Enter machine password: ", opt_stdin); - if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) { + if (!secrets_store_machine_password(trust_pw, global_myname(), + lp_workgroup(), + sec_channel_type)) { d_fprintf(stderr, "Unable to write the machine account password in the secrets database"); return 1; } diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c index 4f7bc8ddec..186cb9e8c0 100644 --- a/source3/utils/net_domain.c +++ b/source3/utils/net_domain.c @@ -146,7 +146,8 @@ int netdom_store_machine_account( const char *domain, DOM_SID *sid, const char * return -1; } - if (!secrets_store_machine_password(pw, domain, SEC_CHAN_WKSTA)) { + if (!secrets_store_machine_password(pw, global_myname(), domain, + SEC_CHAN_WKSTA)) { DEBUG(1,("Failed to save machine password\n")); return -1; } diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index ba3c619012..01973d2635 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -400,7 +400,9 @@ int net_rpc_join_newstyle(int argc, const char **argv) goto done; } - if (!secrets_store_machine_password(clear_trust_password, domain, sec_channel_type)) { + if (!secrets_store_machine_password(clear_trust_password, + global_myname(), domain, + sec_channel_type)) { DEBUG(0, ("error storing plaintext domain secrets for %s\n", domain)); } -- cgit