*/
#define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC"
#define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD"
+#define SECRETS_MACHINE_ACCOUNTNAME "SECRETS/MACHINE_ACCOUNTNAME"
#define SECRETS_MACHINE_LAST_CHANGE_TIME "SECRETS/MACHINE_LAST_CHANGE_TIME"
#define SECRETS_MACHINE_SEC_CHANNEL_TYPE "SECRETS/MACHINE_SEC_CHANNEL_TYPE"
#define SECRETS_MACHINE_TRUST_ACCOUNT_NAME "SECRETS/SECRETS_MACHINE_TRUST_ACCOUNT_NAME"
goto failed;
}
- if (!secrets_store_machine_password(new_password, lp_workgroup(), sec_channel_type)) {
+ if (!secrets_store_machine_password(new_password, global_myname(),
+ lp_workgroup(),
+ sec_channel_type)) {
DEBUG(1,("Failed to save machine password\n"));
ret = ADS_ERROR_SYSTEM(EACCES);
goto failed;
* Return the result of trying to write the new password
* back into the trust account file.
*/
- if (!secrets_store_machine_password(new_trust_passwd, domain, sec_channel_type)) {
+ if (!secrets_store_machine_password(new_trust_passwd,
+ global_myname(),
+ domain,
+ sec_channel_type)) {
nt_status = NT_STATUS_UNSUCCESSFUL;
}
}
the password is assumed to be a null terminated ascii string
************************************************************************/
-BOOL secrets_store_machine_password(const char *pass, const char *domain, uint32 sec_channel)
+BOOL secrets_store_machine_password(const char *pass,
+ const char *accountname,
+ const char *domain,
+ uint32 sec_channel)
{
char *key = NULL;
BOOL ret = False;
goto fail;
}
+ if (asprintf(&key, "%s/%s", SECRETS_MACHINE_ACCOUNTNAME,
+ domain) == -1) {
+ DEBUG(5, ("asprintf failed\n"));
+ goto fail;
+ }
+ strupper_m(key);
+
+ ret = secrets_store(key, accountname, strlen(accountname)+1);
+ SAFE_FREE(key);
+
+ if (!ret) {
+ DEBUG(5, ("secrets_store failed: %s\n",
+ tdb_errorstr(tdb)));
+ goto fail;
+ }
+
if (asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME,
domain) == -1) {
DEBUG(5, ("asprintf failed\n"));
trust_pw = get_pass("Enter machine password: ", opt_stdin);
- if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) {
+ if (!secrets_store_machine_password(trust_pw, global_myname(),
+ lp_workgroup(),
+ sec_channel_type)) {
d_fprintf(stderr, "Unable to write the machine account password in the secrets database");
return 1;
}
return -1;
}
- if (!secrets_store_machine_password(pw, domain, SEC_CHAN_WKSTA)) {
+ if (!secrets_store_machine_password(pw, global_myname(), domain,
+ SEC_CHAN_WKSTA)) {
DEBUG(1,("Failed to save machine password\n"));
return -1;
}
goto done;
}
- if (!secrets_store_machine_password(clear_trust_password, domain, sec_channel_type)) {
+ if (!secrets_store_machine_password(clear_trust_password,
+ global_myname(), domain,
+ sec_channel_type)) {
DEBUG(0, ("error storing plaintext domain secrets for %s\n", domain));
}