From b99a6b0e8c3ca57666c16a9228337338033df1c1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Dec 2007 23:53:55 +0100 Subject: Remove two unneeded functions. secrets_store_trust_account_password() and trust_password_delete() are the write access functions to the SECRETS/$MACHINE.ACC/domain keys in secrets.tdb, the md4 hashed machine passwords. These are not used any more: Current code always writes the clear text password. Michael (This used to be commit 4788fe392427901f6b1c505e3a743136ac8a91ca) --- source3/passdb/secrets.c | 23 ----------------------- 1 file changed, 23 deletions(-) (limited to 'source3/passdb/secrets.c') diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index a4cb76602a..3466f24533 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -558,20 +558,6 @@ bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd, return True; } -/************************************************************************ - Routine to set the trust account password for a domain. -************************************************************************/ - -bool secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16]) -{ - struct machine_acct_pass pass; - - pass.mod_time = time(NULL); - memcpy(pass.hash, new_pwd, 16); - - return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass)); -} - /** * Routine to store the password for trusted domain * @@ -721,15 +707,6 @@ char *secrets_fetch_machine_password(const char *domain, return ret; } -/************************************************************************ - Routine to delete the machine trust account password file for a domain. -************************************************************************/ - -bool trust_password_delete(const char *domain) -{ - return secrets_delete(trust_keystr(domain)); -} - /************************************************************************ Routine to delete the password for trusted domain ************************************************************************/ -- cgit From fe969f9a7fdf823b7701d4cc4cfd55dac81ca90e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 11 Dec 2007 14:02:45 +0100 Subject: Refactor the lagacy part of secrets_fetch_trust_account_password() out into a new function secrets_fetch_trust_account_password_legacy() that does only try to obtain the hashed version of the machine password directly from secrets.tdb. Michael (This used to be commit 91da12b751b3168dc40049f3e90c10d840393efc) --- source3/passdb/secrets.c | 44 +++++++++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 13 deletions(-) (limited to 'source3/passdb/secrets.c') diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 3466f24533..fde7fc0968 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -284,27 +284,19 @@ uint32 get_default_sec_channel(void) /************************************************************************ Routine to get the trust account password for a domain. + This only tries to get the legacy hashed version of the password. The user of this function must have locked the trust password file using the above secrets_lock_trust_account_password(). ************************************************************************/ -bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], - time_t *pass_last_set_time, - uint32 *channel) +bool secrets_fetch_trust_account_password_legacy(const char *domain, + uint8 ret_pwd[16], + time_t *pass_last_set_time, + uint32 *channel) { struct machine_acct_pass *pass; - char *plaintext; size_t size = 0; - plaintext = secrets_fetch_machine_password(domain, pass_last_set_time, - channel); - if (plaintext) { - DEBUG(4,("Using cleartext machine password\n")); - E_md4hash(plaintext, ret_pwd); - SAFE_FREE(plaintext); - return True; - } - if (!(pass = (struct machine_acct_pass *)secrets_fetch( trust_keystr(domain), &size))) { DEBUG(5, ("secrets_fetch failed!\n")); @@ -337,6 +329,32 @@ bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], return True; } +/************************************************************************ + Routine to get the trust account password for a domain. + The user of this function must have locked the trust password file using + the above secrets_lock_trust_account_password(). +************************************************************************/ + +bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], + time_t *pass_last_set_time, + uint32 *channel) +{ + char *plaintext; + + plaintext = secrets_fetch_machine_password(domain, pass_last_set_time, + channel); + if (plaintext) { + DEBUG(4,("Using cleartext machine password\n")); + E_md4hash(plaintext, ret_pwd); + SAFE_FREE(plaintext); + return True; + } + + return secrets_fetch_trust_account_password_legacy(domain, ret_pwd, + pass_last_set_time, + channel); +} + /** * Pack SID passed by pointer * -- cgit