Refactor the lagacy part of secrets_fetch_trust_account_password() out

into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.

Michael

diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c
index 3466f24533c7da44d606e0996f82983488bd8c8b..fde7fc0968ddf57696509c4366ca4603b0b25dae 100644 (file)
--- a/source/passdb/secrets.c
+++ b/source/passdb/secrets.c
@@ -284,27 +284,19 @@ uint32 get_default_sec_channel(void)
 
 /************************************************************************
  Routine to get the trust account password for a domain.
+ This only tries to get the legacy hashed version of the password.
  The user of this function must have locked the trust password file using
  the above secrets_lock_trust_account_password().
 ************************************************************************/
 
-bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
-                                         time_t *pass_last_set_time,
-                                         uint32 *channel)
+bool secrets_fetch_trust_account_password_legacy(const char *domain,
+                                                uint8 ret_pwd[16],
+                                                time_t *pass_last_set_time,
+                                                uint32 *channel)
 {
        struct machine_acct_pass *pass;
-       char *plaintext;
        size_t size = 0;
 
-       plaintext = secrets_fetch_machine_password(domain, pass_last_set_time,
-                                                  channel);
-       if (plaintext) {
-               DEBUG(4,("Using cleartext machine password\n"));
-               E_md4hash(plaintext, ret_pwd);
-               SAFE_FREE(plaintext);
-               return True;
-       }
-
        if (!(pass = (struct machine_acct_pass *)secrets_fetch(
                      trust_keystr(domain), &size))) {
                DEBUG(5, ("secrets_fetch failed!\n"));
@@ -337,6 +329,32 @@ bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
        return True;
 }
 
+/************************************************************************
+ Routine to get the trust account password for a domain.
+ The user of this function must have locked the trust password file using
+ the above secrets_lock_trust_account_password().
+************************************************************************/
+
+bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
+                                         time_t *pass_last_set_time,
+                                         uint32 *channel)
+{
+       char *plaintext;
+
+       plaintext = secrets_fetch_machine_password(domain, pass_last_set_time,
+                                                  channel);
+       if (plaintext) {
+               DEBUG(4,("Using cleartext machine password\n"));
+               E_md4hash(plaintext, ret_pwd);
+               SAFE_FREE(plaintext);
+               return True;
+       }
+
+       return secrets_fetch_trust_account_password_legacy(domain, ret_pwd,
+                                                          pass_last_set_time,
+                                                          channel);
+}
+
 /**
  * Pack SID passed by pointer
  *