diff options
author | Jeremy Allison <jra@samba.org> | 1998-05-27 00:30:52 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-05-27 00:30:52 +0000 |
commit | 9bd7e1e8870da87ea6f3c9e78933beeb08b65a0c (patch) | |
tree | 04a7bff5aa2db16fcaab1396e81e7caaeb6c900d /source3/smbd/server.c | |
parent | 1d16f750515bcf49e0dc87394479dc56e7192538 (diff) | |
download | samba-9bd7e1e8870da87ea6f3c9e78933beeb08b65a0c.tar.gz samba-9bd7e1e8870da87ea6f3c9e78933beeb08b65a0c.tar.bz2 samba-9bd7e1e8870da87ea6f3c9e78933beeb08b65a0c.zip |
loadparm.c: Added machine password timeout parameter - set to 7 days be default.
password.c: Added code to tell server.c when machine password needs changing.
server.c: Change machine password in idle cycles if it needs it.
smbpassfile.c: Fixed up length calculations for machine password file.
smbpasswd.c: Moved domain joining code/machine password changing code.
lib/rpc/client/cli_netlogon.c: And this is where it now lives.
Jeremy.
(This used to be commit b8fedca6191de96159df0d1d17082d82e8e44773)
Diffstat (limited to 'source3/smbd/server.c')
-rw-r--r-- | source3/smbd/server.c | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 2b2ebb5304..408d5cd068 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -50,6 +50,7 @@ extern BOOL use_mangled_map; extern BOOL short_case_preserve; extern BOOL case_mangle; time_t smb_last_time=(time_t)0; +extern BOOL global_machine_pasword_needs_changing; extern int smb_read_error; @@ -4950,6 +4951,52 @@ static void process(void) DEBUG(2,("%s Closing idle connection 2\n",timestring())); return; } + + if(global_machine_pasword_needs_changing) + { + unsigned char trust_passwd_hash[16]; + time_t lct; + pstring remote_machine_list; + + /* + * We're in domain level security, and the code that + * read the machine password flagged that the machine + * password needs changing. + */ + + /* + * First, open the machine password file with an exclusive lock. + */ + + if(!trust_password_lock( global_myworkgroup, global_myname, True)) { + DEBUG(0,("process: unable to open the machine account password file for \ +machine %s in domain %s.\n", global_myname, global_myworkgroup )); + continue; + } + + if(!get_trust_account_password( trust_passwd_hash, &lct)) { + DEBUG(0,("process: unable to read the machine account password for \ +machine %s in domain %s.\n", global_myname, global_myworkgroup )); + trust_password_unlock(); + continue; + } + + /* + * Make sure someone else hasn't already done this. + */ + + if(t < lct + lp_machine_password_timeout()) { + trust_password_unlock(); + global_machine_pasword_needs_changing = False; + continue; + } + + pstrcpy(remote_machine_list, lp_passwordserver()); + + change_trust_account_password( global_myworkgroup, remote_machine_list); + trust_password_unlock(); + global_machine_pasword_needs_changing = False; + } } if(got_smb) |