diff options
| author | Jeremy Allison <jra@samba.org> | 2008-10-03 14:18:35 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2008-10-03 14:18:35 -0700 |
| commit | f6c883b4b00f4cd751cd312a27bddffb3be9c059 (patch) | |
| tree | 2f05ee49e052f94b2be2f4783715521e114a7cbc /source3/auth | |
| parent | 4b9cc7d478438e34217add83b2647d47d52268a7 (diff) | |
| download | samba-f6c883b4b00f4cd751cd312a27bddffb3be9c059.tar.gz samba-f6c883b4b00f4cd751cd312a27bddffb3be9c059.tar.bz2 samba-f6c883b4b00f4cd751cd312a27bddffb3be9c059.zip | |
Simply our main loop processing. A lot :-). Correctly use events for all the previous "special" cases.
A step on the way to adding signals to the events and being able to merge the S3 event system with
the S4 one.
Jeremy.
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_domain.c | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index c25e62ab80..f11dbe60ee 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -26,6 +26,71 @@ extern bool global_machine_password_needs_changing; static struct named_mutex *mutex; +/* + * Change machine password (called from main loop + * idle timeout. Must be done as root. + */ + +void attempt_machine_password_change(void) +{ + unsigned char trust_passwd_hash[16]; + time_t lct; + void *lock; + + if (!global_machine_password_needs_changing) { + return; + } + + if (lp_security() != SEC_DOMAIN) { + return; + } + + /* + * We're in domain level security, and the code that + * read the machine password flagged that the machine + * password needs changing. + */ + + /* + * First, open the machine password file with an exclusive lock. + */ + + lock = secrets_get_trust_account_lock(NULL, lp_workgroup()); + + if (lock == NULL) { + DEBUG(0,("attempt_machine_password_change: unable to lock " + "the machine account password for machine %s in " + "domain %s.\n", + global_myname(), lp_workgroup() )); + return; + } + + if(!secrets_fetch_trust_account_password(lp_workgroup(), + trust_passwd_hash, &lct, NULL)) { + DEBUG(0,("attempt_machine_password_change: unable to read the " + "machine account password for %s in domain %s.\n", + global_myname(), lp_workgroup())); + TALLOC_FREE(lock); + return; + } + + /* + * Make sure someone else hasn't already done this. + */ + + if(time(NULL) < lct + lp_machine_password_timeout()) { + global_machine_password_needs_changing = false; + TALLOC_FREE(lock); + return; + } + + /* always just contact the PDC here */ + + change_trust_account_password( lp_workgroup(), NULL); + global_machine_password_needs_changing = false; + TALLOC_FREE(lock); +} + /** * Connect to a remote server for (inter)domain security authenticaion. * |