sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-09 08:58:35 +03:00
Code

moved secrets handling into secrets.c

Browse Source
This commit is contained in:
Andrew Tridgell -
parent f0a7540831
commit e49550b975
3 changed files with 48 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
source/nsswitch/winbindd_pam.c
View File

@ -22,34 +22,6 @@
*/
#include "winbindd.h"
/************************************************************************
form a key for fetching a domain trust password
************************************************************************/
static char *trust_keystr(char *domain)
{
static fstring keystr;
slprintf(keystr,sizeof(keystr),"%s/%s", SECRETS_MACHINE_ACCT_PASS, domain);
return keystr;
}
/************************************************************************
Routine to get the trust account password for a domain.
The user of this function must have locked the trust password file.
************************************************************************/
static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd, time_t *pass_last_set_time)
{
struct machine_acct_pass *pass;
size_t size;
if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
size != sizeof(*pass)) return False;
if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
memcpy(ret_pwd, pass->hash, 16);
free(pass);
return True;
}
/* Return a password structure from a username. Specify whether cached data
can be returned. */
@ -59,7 +31,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
NET_USER_INFO_3 info3;
uchar ntpw[16];
uchar lmpw[16];
uchar trust_passwd[16];
uint8 trust_passwd[16];
uint32 status;
fstring server;
fstring name_domain, name_user;
@ -76,7 +48,10 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
ZERO_STRUCT(info3);
if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) return WINBINDD_ERROR;
if (!secrets_fetch_trust_account_password(lp_workgroup(),
trust_passwd, NULL)) {
return WINBINDD_ERROR;
}
nt_lm_owf_gen(state->request.data.auth.pass, ntpw, lmpw);

43
source/passdb/secrets.c
View File

@ -120,3 +120,46 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid)
return True;
}
/************************************************************************
form a key for fetching a domain trust password
************************************************************************/
static char *trust_keystr(char *domain)
{
static fstring keystr;
slprintf(keystr,sizeof(keystr),"%s/%s", SECRETS_MACHINE_ACCT_PASS, domain);
return keystr;
}
/************************************************************************
Routine to get the trust account password for a domain.
The user of this function must have locked the trust password file.
************************************************************************/
BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16],
time_t *pass_last_set_time)
{
struct machine_acct_pass *pass;
size_t size;
if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
size != sizeof(*pass)) return False;
if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
memcpy(ret_pwd, pass->hash, 16);
free(pass);
return True;
}
/************************************************************************
Routine to set the trust account password for a domain.
************************************************************************/
BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16])
{
struct machine_acct_pass pass;
pass.mod_time = time(NULL);
memcpy(pass.hash, new_pwd, 16);
return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
}

49
source/passdb/smbpassfile.c
View File

@ -318,52 +318,3 @@ BOOL trust_password_delete(char *domain)
return secrets_delete(trust_keystr(domain));
}
/************************************************************************
Routine to get the trust account password for a domain.
************************************************************************/
BOOL get_trust_account_password(char *domain, unsigned char *ret_pwd, time_t *pass_last_set_time)
{
struct machine_acct_pass *pass;
size_t size;
/*
* Firstly check if we need to migrate an old DOMAIN.MACHINE.mac
* file into the secrets file.
*/
migrate_from_old_password_file(domain);
if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
size != sizeof(*pass)) return False;
/*
* Here we check the last change time to see if the machine
* password needs changing. JRA.
*/
if(time(NULL) > pass->mod_time + lp_machine_password_timeout())
global_machine_password_needs_changing = True;
if (pass_last_set_time)
*pass_last_set_time = pass->mod_time;
memcpy(ret_pwd, pass->hash, 16);
free(pass);
return True;
}
/************************************************************************
Routine to get the trust account password for a domain.
************************************************************************/
BOOL set_trust_account_password(char *domain, unsigned char *md4_new_pwd)
{
struct machine_acct_pass pass;
pass.mod_time = time(NULL);
memcpy(pass.hash, md4_new_pwd, 16);
return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
}