summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-12-19 23:57:48 +0000
committerJeremy Allison <jra@samba.org>2000-12-19 23:57:48 +0000
commit7bf9d8ce4bb7e96a4c72f674e21d015b1ef1481e (patch)
tree7f143422e11c062a31e011625abb8a0d579d637f /source3/smbd
parent0f95385d2887a50abbfed7ffe5631f13287bd4b4 (diff)
downloadsamba-7bf9d8ce4bb7e96a4c72f674e21d015b1ef1481e.tar.gz
samba-7bf9d8ce4bb7e96a4c72f674e21d015b1ef1481e.tar.bz2
samba-7bf9d8ce4bb7e96a4c72f674e21d015b1ef1481e.zip
Fixed bug found by Gerald. If a Samba server joins a domain and is set
to search for a DC to authenticate to using the "*" syntax than ensure that for the first hour after the password change is searches for the PDC using the 1B name not the 1C name as domain replication may not have occured. Jeremy. (This used to be commit c25533de9918ed9b0c79fd039e11d1b79f513db0)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/password.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 1924bf3217..c2bcac339e 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -1344,14 +1344,27 @@ static BOOL attempt_connect_to_dc(struct cli_state *pcli, struct in_addr *ip, un
We have been asked to dynamcially determine the IP addresses of
the PDC and BDC's for this DOMAIN, and query them in turn.
************************************************************************/
-static BOOL find_connect_pdc(struct cli_state *pcli, unsigned char *trust_passwd)
+static BOOL find_connect_pdc(struct cli_state *pcli, unsigned char *trust_passwd, time_t last_change_time)
{
struct in_addr *ip_list = NULL;
int count = 0;
int i;
BOOL connected_ok = False;
+ time_t time_now = time(NULL);
+ BOOL use_pdc_only = False;
- if (!get_dc_list(lp_workgroup(), &ip_list, &count))
+ /*
+ * If the time the machine password has changed
+ * was less than an hour ago then we need to contact
+ * the PDC only, as we cannot be sure domain replication
+ * has yet taken place. Bug found by Gerald (way to go
+ * Gerald !). JRA.
+ */
+
+ if (time_now - last_change_time < 3600)
+ use_pdc_only = True;
+
+ if (!get_dc_list(use_pdc_only, lp_workgroup(), &ip_list, &count))
return False;
/*
@@ -1423,6 +1436,7 @@ BOOL domain_client_validate( char *user, char *domain,
struct cli_state cli;
uint32 smb_uid_low;
BOOL connected_ok = False;
+ time_t last_change_time;
if(user_exists != NULL)
*user_exists = True; /* Only set false on a very specific error. */
@@ -1473,7 +1487,7 @@ BOOL domain_client_validate( char *user, char *domain,
/*
* Get the machine account password for our primary domain
*/
- if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd, NULL))
+ if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd, &last_change_time))
{
DEBUG(0, ("domain_client_validate: could not fetch trust account password for domain %s\n", lp_workgroup()));
return False;
@@ -1501,7 +1515,7 @@ BOOL domain_client_validate( char *user, char *domain,
while (!connected_ok &&
next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) {
if(strequal(remote_machine, "*")) {
- connected_ok = find_connect_pdc(&cli, trust_passwd);
+ connected_ok = find_connect_pdc(&cli, trust_passwd, last_change_time);
} else {
connected_ok = connect_to_domain_password_server(&cli, remote_machine, trust_passwd);
}