BOOL secrets_lock_trust_account_password(const char *domain, BOOL dolock)
{
if (!tdb)
return False;
if (dolock)
return (tdb_lock_bystring(tdb, trust_keystr(domain),0) == 0);
else
tdb_unlock_bystring(tdb, trust_keystr(domain));
return True;
}
BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16])
{
struct machine_acct_pass pass;
pass.mod_time = time(NULL);
memcpy(pass.hash, new_pwd, 16);
return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
}
void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain)
{
if (!secrets_init()) {
return NULL;
}
return db_ctx->fetch_locked(
db_ctx, mem_ctx, string_term_tdb_data(trust_keystr(domain)));
}
void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain)
{
struct db_context *db_ctx;
if (!secrets_init()) {
return NULL;
}
db_ctx = secrets_db_ctx();
return dbwrap_fetch_locked(
db_ctx, mem_ctx, string_term_tdb_data(trust_keystr(domain)));
}
BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
time_t *pass_last_set_time)
{
struct machine_acct_pass *pass;
size_t size;
if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
size != sizeof(*pass))
return False;
if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
memcpy(ret_pwd, pass->hash, 16);
SAFE_FREE(pass);
return True;
}
BOOL migrate_from_old_password_file(char *domain)
{
struct machine_acct_pass pass;
if (!trust_password_file_lock(domain, global_myname))
return True;
if (!get_trust_account_password_from_file( pass.hash, &pass.mod_time)) {
trust_password_file_unlock();
return False;
}
if (!secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass)))
return False;
trust_password_file_delete(domain, global_myname);
trust_password_file_unlock();
return True;
}
bool secrets_fetch_trust_account_password_legacy(const char *domain,
uint8 ret_pwd[16],
time_t *pass_last_set_time,
enum netr_SchannelType *channel)
{
struct machine_acct_pass *pass;
size_t size = 0;
if (!(pass = (struct machine_acct_pass *)secrets_fetch(
trust_keystr(domain), &size))) {
DEBUG(5, ("secrets_fetch failed!\n"));
return False;
}
if (size != sizeof(*pass)) {
DEBUG(0, ("secrets were of incorrect size!\n"));
SAFE_FREE(pass);
return False;
}
if (pass_last_set_time) {
*pass_last_set_time = pass->mod_time;
}
memcpy(ret_pwd, pass->hash, 16);
if (channel) {
*channel = get_default_sec_channel();
}
/* Test if machine password has expired and needs to be changed */
if (lp_machine_password_timeout()) {
if (pass->mod_time > 0 && time(NULL) > (pass->mod_time +
(time_t)lp_machine_password_timeout())) {
global_machine_password_needs_changing = True;
}
}
SAFE_FREE(pass);
return True;
}
BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
time_t *pass_last_set_time,
uint32 *channel)
{
struct machine_acct_pass *pass;
char *plaintext;
size_t size;
plaintext = secrets_fetch_machine_password(domain, pass_last_set_time,
channel);
if (plaintext) {
DEBUG(4,("Using cleartext machine password\n"));
E_md4hash(plaintext, ret_pwd);
SAFE_FREE(plaintext);
return True;
}
if (!(pass = secrets_fetch(trust_keystr(domain), &size))) {
DEBUG(5, ("secrets_fetch failed!\n"));
return False;
}
if (size != sizeof(*pass)) {
DEBUG(0, ("secrets were of incorrect size!\n"));
return False;
}
if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
memcpy(ret_pwd, pass->hash, 16);
SAFE_FREE(pass);
if (channel)
*channel = get_default_sec_channel();
return True;
}
BOOL trust_password_delete(const char *domain)
{
return secrets_delete(trust_keystr(domain));
}
