From: Michael Adam Date: Tue, 11 Dec 2007 13:02:45 +0000 (+0100) Subject: Refactor the lagacy part of secrets_fetch_trust_account_password() out X-Git-Tag: samba-4.0.0alpha6~801^2~4101^2~5^2~8 X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=fe969f9a7fdf823b7701d4cc4cfd55dac81ca90e;p=ira%2Fwip.git Refactor the lagacy part of secrets_fetch_trust_account_password() out into a new function secrets_fetch_trust_account_password_legacy() that does only try to obtain the hashed version of the machine password directly from secrets.tdb. Michael (This used to be commit 91da12b751b3168dc40049f3e90c10d840393efc) --- diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 3466f24533c..fde7fc0968d 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -284,27 +284,19 @@ uint32 get_default_sec_channel(void) /************************************************************************ Routine to get the trust account password for a domain. + This only tries to get the legacy hashed version of the password. The user of this function must have locked the trust password file using the above secrets_lock_trust_account_password(). ************************************************************************/ -bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], - time_t *pass_last_set_time, - uint32 *channel) +bool secrets_fetch_trust_account_password_legacy(const char *domain, + uint8 ret_pwd[16], + time_t *pass_last_set_time, + uint32 *channel) { struct machine_acct_pass *pass; - char *plaintext; size_t size = 0; - plaintext = secrets_fetch_machine_password(domain, pass_last_set_time, - channel); - if (plaintext) { - DEBUG(4,("Using cleartext machine password\n")); - E_md4hash(plaintext, ret_pwd); - SAFE_FREE(plaintext); - return True; - } - if (!(pass = (struct machine_acct_pass *)secrets_fetch( trust_keystr(domain), &size))) { DEBUG(5, ("secrets_fetch failed!\n")); @@ -337,6 +329,32 @@ bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], return True; } +/************************************************************************ + Routine to get the trust account password for a domain. + The user of this function must have locked the trust password file using + the above secrets_lock_trust_account_password(). +************************************************************************/ + +bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], + time_t *pass_last_set_time, + uint32 *channel) +{ + char *plaintext; + + plaintext = secrets_fetch_machine_password(domain, pass_last_set_time, + channel); + if (plaintext) { + DEBUG(4,("Using cleartext machine password\n")); + E_md4hash(plaintext, ret_pwd); + SAFE_FREE(plaintext); + return True; + } + + return secrets_fetch_trust_account_password_legacy(domain, ret_pwd, + pass_last_set_time, + channel); +} + /** * Pack SID passed by pointer *