summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2008-10-03 14:18:35 -0700
committerJeremy Allison <jra@samba.org>2008-10-03 14:18:35 -0700
commitf6c883b4b00f4cd751cd312a27bddffb3be9c059 (patch)
tree2f05ee49e052f94b2be2f4783715521e114a7cbc /source3/auth
parent4b9cc7d478438e34217add83b2647d47d52268a7 (diff)
downloadsamba-f6c883b4b00f4cd751cd312a27bddffb3be9c059.tar.gz
samba-f6c883b4b00f4cd751cd312a27bddffb3be9c059.tar.bz2
samba-f6c883b4b00f4cd751cd312a27bddffb3be9c059.zip
Simply our main loop processing. A lot :-). Correctly use events for all the previous "special" cases.
A step on the way to adding signals to the events and being able to merge the S3 event system with the S4 one. Jeremy.
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_domain.c65
1 files changed, 65 insertions, 0 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index c25e62ab80..f11dbe60ee 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -26,6 +26,71 @@
extern bool global_machine_password_needs_changing;
static struct named_mutex *mutex;
+/*
+ * Change machine password (called from main loop
+ * idle timeout. Must be done as root.
+ */
+
+void attempt_machine_password_change(void)
+{
+ unsigned char trust_passwd_hash[16];
+ time_t lct;
+ void *lock;
+
+ if (!global_machine_password_needs_changing) {
+ return;
+ }
+
+ if (lp_security() != SEC_DOMAIN) {
+ return;
+ }
+
+ /*
+ * We're in domain level security, and the code that
+ * read the machine password flagged that the machine
+ * password needs changing.
+ */
+
+ /*
+ * First, open the machine password file with an exclusive lock.
+ */
+
+ lock = secrets_get_trust_account_lock(NULL, lp_workgroup());
+
+ if (lock == NULL) {
+ DEBUG(0,("attempt_machine_password_change: unable to lock "
+ "the machine account password for machine %s in "
+ "domain %s.\n",
+ global_myname(), lp_workgroup() ));
+ return;
+ }
+
+ if(!secrets_fetch_trust_account_password(lp_workgroup(),
+ trust_passwd_hash, &lct, NULL)) {
+ DEBUG(0,("attempt_machine_password_change: unable to read the "
+ "machine account password for %s in domain %s.\n",
+ global_myname(), lp_workgroup()));
+ TALLOC_FREE(lock);
+ return;
+ }
+
+ /*
+ * Make sure someone else hasn't already done this.
+ */
+
+ if(time(NULL) < lct + lp_machine_password_timeout()) {
+ global_machine_password_needs_changing = false;
+ TALLOC_FREE(lock);
+ return;
+ }
+
+ /* always just contact the PDC here */
+
+ change_trust_account_password( lp_workgroup(), NULL);
+ global_machine_password_needs_changing = false;
+ TALLOC_FREE(lock);
+}
+
/**
* Connect to a remote server for (inter)domain security authenticaion.
*