diff options
author | Michael Adam <obnox@samba.org> | 2007-12-11 14:02:45 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2007-12-13 10:15:18 +0100 |
commit | 91da12b751b3168dc40049f3e90c10d840393efc (patch) | |
tree | c04ff9767f96f6bac022c799db9acf996ee651bf /source/passdb | |
parent | 6ced4a7f88798dc449a667d63bc29bf6c569291f (diff) | |
download | samba-91da12b751b3168dc40049f3e90c10d840393efc.tar.gz samba-91da12b751b3168dc40049f3e90c10d840393efc.tar.xz samba-91da12b751b3168dc40049f3e90c10d840393efc.zip |
Refactor the lagacy part of secrets_fetch_trust_account_password() out
into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.
Michael
Diffstat (limited to 'source/passdb')
-rw-r--r-- | source/passdb/secrets.c | 44 |
1 files changed, 31 insertions, 13 deletions
diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c index 3466f24533c..fde7fc0968d 100644 --- a/source/passdb/secrets.c +++ b/source/passdb/secrets.c @@ -284,27 +284,19 @@ uint32 get_default_sec_channel(void) /************************************************************************ Routine to get the trust account password for a domain. + This only tries to get the legacy hashed version of the password. The user of this function must have locked the trust password file using the above secrets_lock_trust_account_password(). ************************************************************************/ -bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], - time_t *pass_last_set_time, - uint32 *channel) +bool secrets_fetch_trust_account_password_legacy(const char *domain, + uint8 ret_pwd[16], + time_t *pass_last_set_time, + uint32 *channel) { struct machine_acct_pass *pass; - char *plaintext; size_t size = 0; - plaintext = secrets_fetch_machine_password(domain, pass_last_set_time, - channel); - if (plaintext) { - DEBUG(4,("Using cleartext machine password\n")); - E_md4hash(plaintext, ret_pwd); - SAFE_FREE(plaintext); - return True; - } - if (!(pass = (struct machine_acct_pass *)secrets_fetch( trust_keystr(domain), &size))) { DEBUG(5, ("secrets_fetch failed!\n")); @@ -337,6 +329,32 @@ bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], return True; } +/************************************************************************ + Routine to get the trust account password for a domain. + The user of this function must have locked the trust password file using + the above secrets_lock_trust_account_password(). +************************************************************************/ + +bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], + time_t *pass_last_set_time, + uint32 *channel) +{ + char *plaintext; + + plaintext = secrets_fetch_machine_password(domain, pass_last_set_time, + channel); + if (plaintext) { + DEBUG(4,("Using cleartext machine password\n")); + E_md4hash(plaintext, ret_pwd); + SAFE_FREE(plaintext); + return True; + } + + return secrets_fetch_trust_account_password_legacy(domain, ret_pwd, + pass_last_set_time, + channel); +} + /** * Pack SID passed by pointer * |