summaryrefslogtreecommitdiff
path: root/source3/passdb/secrets.c
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2002-09-18 00:30:00 +0000
committerJeremy Allison <jra@samba.org>2002-09-18 00:30:00 +0000
commit8b4bafc76fab88d78b7234c43c34338b61d42656 (patch)
treeb2e505771f8f2d0b37f7e0f4926f57f5fe1faf21 /source3/passdb/secrets.c
parent8b46126a076075aeed31dae1c80eca1ed9f5a251 (diff)
downloadsamba-8b4bafc76fab88d78b7234c43c34338b61d42656.tar.gz
samba-8b4bafc76fab88d78b7234c43c34338b61d42656.tar.bz2
samba-8b4bafc76fab88d78b7234c43c34338b61d42656.zip
We had a race condition when changing a machine acount password as we
were no longer locking the secrets entry. I saw this on a live system. Jeremy. (This used to be commit 660dafcbb2d1029831212a32d995891626a0344c)
Diffstat (limited to 'source3/passdb/secrets.c')
-rw-r--r--source3/passdb/secrets.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index b2bdaf2753..08a0e9c9ac 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -206,8 +206,27 @@ char *trustdom_keystr(const char *domain)
}
/************************************************************************
- Routine to get the machine trust account password for a domain.
+ Lock the trust password entry.
************************************************************************/
+
+BOOL secrets_lock_trust_account_password(char *domain, BOOL dolock)
+{
+ if (!tdb)
+ return False;
+
+ if (dolock)
+ return (tdb_lock_bystring(tdb, trust_keystr(domain)) == 0);
+ else
+ tdb_unlock_bystring(tdb, trust_keystr(domain));
+ return True;
+}
+
+/************************************************************************
+ Routine to get the trust account password for a domain.
+ The user of this function must have locked the trust password file using
+ the above call.
+************************************************************************/
+
BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16],
time_t *pass_last_set_time)
{
@@ -243,6 +262,7 @@ BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16],
/************************************************************************
Routine to get account password to trusted domain
************************************************************************/
+
BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd,
DOM_SID *sid, time_t *pass_last_set_time)
{