summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2002-09-18 00:30:00 +0000
committerJeremy Allison <jra@samba.org>2002-09-18 00:30:00 +0000
commit8b4bafc76fab88d78b7234c43c34338b61d42656 (patch)
treeb2e505771f8f2d0b37f7e0f4926f57f5fe1faf21 /source3/smbd
parent8b46126a076075aeed31dae1c80eca1ed9f5a251 (diff)
downloadsamba-8b4bafc76fab88d78b7234c43c34338b61d42656.tar.gz
samba-8b4bafc76fab88d78b7234c43c34338b61d42656.tar.bz2
samba-8b4bafc76fab88d78b7234c43c34338b61d42656.zip
We had a race condition when changing a machine acount password as we
were no longer locking the secrets entry. I saw this on a live system. Jeremy. (This used to be commit 660dafcbb2d1029831212a32d995891626a0344c)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/process.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index c796797fad..0f7cfd0e9c 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1154,9 +1154,16 @@ static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_t
* First, open the machine password file with an exclusive lock.
*/
+ if (secrets_lock_trust_account_password(global_myworkgroup, True) == False) {
+ DEBUG(0,("process: unable to lock the machine account password for \
+machine %s in domain %s.\n", global_myname, global_myworkgroup ));
+ return True;
+ }
+
if(!secrets_fetch_trust_account_password(global_myworkgroup, trust_passwd_hash, &lct)) {
DEBUG(0,("process: unable to read the machine account password for \
machine %s in domain %s.\n", global_myname, global_myworkgroup ));
+ secrets_lock_trust_account_password(global_myworkgroup, False);
return True;
}
@@ -1166,6 +1173,7 @@ machine %s in domain %s.\n", global_myname, global_myworkgroup ));
if(t < lct + lp_machine_password_timeout()) {
global_machine_password_needs_changing = False;
+ secrets_lock_trust_account_password(global_myworkgroup, False);
return True;
}
@@ -1173,6 +1181,7 @@ machine %s in domain %s.\n", global_myname, global_myworkgroup ));
change_trust_account_password( global_myworkgroup, remote_machine_list);
global_machine_password_needs_changing = False;
+ secrets_lock_trust_account_password(global_myworkgroup, False);
}
/*