mirror of
https://github.com/samba-team/samba.git
synced 2025-01-12 09:18:10 +03:00
r21823: Let secrets_store_machine_password() also store the account name. Not used
yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker
This commit is contained in:
parent
34ae610bd5
commit
f94e5af72e
@ -26,6 +26,7 @@
|
||||
*/
|
||||
#define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC"
|
||||
#define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD"
|
||||
#define SECRETS_MACHINE_ACCOUNTNAME "SECRETS/MACHINE_ACCOUNTNAME"
|
||||
#define SECRETS_MACHINE_LAST_CHANGE_TIME "SECRETS/MACHINE_LAST_CHANGE_TIME"
|
||||
#define SECRETS_MACHINE_SEC_CHANNEL_TYPE "SECRETS/MACHINE_SEC_CHANNEL_TYPE"
|
||||
#define SECRETS_MACHINE_TRUST_ACCOUNT_NAME "SECRETS/SECRETS_MACHINE_TRUST_ACCOUNT_NAME"
|
||||
|
@ -42,7 +42,9 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (!secrets_store_machine_password(new_password, lp_workgroup(), sec_channel_type)) {
|
||||
if (!secrets_store_machine_password(new_password, global_myname(),
|
||||
lp_workgroup(),
|
||||
sec_channel_type)) {
|
||||
DEBUG(1,("Failed to save machine password\n"));
|
||||
ret = ADS_ERROR_SYSTEM(EACCES);
|
||||
goto failed;
|
||||
|
@ -104,7 +104,10 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
|
||||
* Return the result of trying to write the new password
|
||||
* back into the trust account file.
|
||||
*/
|
||||
if (!secrets_store_machine_password(new_trust_passwd, domain, sec_channel_type)) {
|
||||
if (!secrets_store_machine_password(new_trust_passwd,
|
||||
global_myname(),
|
||||
domain,
|
||||
sec_channel_type)) {
|
||||
nt_status = NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
}
|
||||
|
@ -553,7 +553,10 @@ BOOL secrets_store_trusted_domain_password(const char* domain, const char* pwd,
|
||||
the password is assumed to be a null terminated ascii string
|
||||
************************************************************************/
|
||||
|
||||
BOOL secrets_store_machine_password(const char *pass, const char *domain, uint32 sec_channel)
|
||||
BOOL secrets_store_machine_password(const char *pass,
|
||||
const char *accountname,
|
||||
const char *domain,
|
||||
uint32 sec_channel)
|
||||
{
|
||||
char *key = NULL;
|
||||
BOOL ret = False;
|
||||
@ -581,6 +584,22 @@ BOOL secrets_store_machine_password(const char *pass, const char *domain, uint32
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (asprintf(&key, "%s/%s", SECRETS_MACHINE_ACCOUNTNAME,
|
||||
domain) == -1) {
|
||||
DEBUG(5, ("asprintf failed\n"));
|
||||
goto fail;
|
||||
}
|
||||
strupper_m(key);
|
||||
|
||||
ret = secrets_store(key, accountname, strlen(accountname)+1);
|
||||
SAFE_FREE(key);
|
||||
|
||||
if (!ret) {
|
||||
DEBUG(5, ("secrets_store failed: %s\n",
|
||||
tdb_errorstr(tdb)));
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME,
|
||||
domain) == -1) {
|
||||
DEBUG(5, ("asprintf failed\n"));
|
||||
|
@ -555,7 +555,9 @@ static int net_changesecretpw(int argc, const char **argv)
|
||||
|
||||
trust_pw = get_pass("Enter machine password: ", opt_stdin);
|
||||
|
||||
if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) {
|
||||
if (!secrets_store_machine_password(trust_pw, global_myname(),
|
||||
lp_workgroup(),
|
||||
sec_channel_type)) {
|
||||
d_fprintf(stderr, "Unable to write the machine account password in the secrets database");
|
||||
return 1;
|
||||
}
|
||||
|
@ -146,7 +146,8 @@ int netdom_store_machine_account( const char *domain, DOM_SID *sid, const char *
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!secrets_store_machine_password(pw, domain, SEC_CHAN_WKSTA)) {
|
||||
if (!secrets_store_machine_password(pw, global_myname(), domain,
|
||||
SEC_CHAN_WKSTA)) {
|
||||
DEBUG(1,("Failed to save machine password\n"));
|
||||
return -1;
|
||||
}
|
||||
|
@ -400,7 +400,9 @@ int net_rpc_join_newstyle(int argc, const char **argv)
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!secrets_store_machine_password(clear_trust_password, domain, sec_channel_type)) {
|
||||
if (!secrets_store_machine_password(clear_trust_password,
|
||||
global_myname(), domain,
|
||||
sec_channel_type)) {
|
||||
DEBUG(0, ("error storing plaintext domain secrets for %s\n", domain));
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user