diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-04-16 10:20:14 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-04-16 10:20:14 +0000 |
commit | 2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7 (patch) | |
tree | 70203479d0f7bebcbb80e7af48f560715162171a /source3/smbd | |
parent | f9cde25fa492e071960e0857f5075222119a0d1c (diff) | |
download | samba-2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7.tar.gz samba-2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7.tar.bz2 samba-2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7.zip |
Store the type of 'sec channel' that we establish to the DC. If we are a
workstation, we have to use the workstation type, if we have a BDC account,
we must use the BDC type - even if we are pretending to be a workstation
at the moment.
Also actually store and retreive the last change time, so we can do
periodic password changes again (for RPC at least).
And finally, a couple of minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/change_trust_pw.c | 95 | ||||
-rw-r--r-- | source3/smbd/process.c | 6 |
2 files changed, 36 insertions, 65 deletions
diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index a140978733..8aff96d0d6 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -24,26 +24,36 @@ #include "includes.h" -/********************************************************* - Change the domain password on the PDC. -**********************************************************/ +/************************************************************************ + Change the trust account password for a domain. +************************************************************************/ -static NTSTATUS modify_trust_password( const char *domain, const char *remote_machine, - unsigned char orig_trust_passwd_hash[16]) +NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) { + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct in_addr pdc_ip; + fstring dc_name; struct cli_state *cli; - DOM_SID domain_sid; - NTSTATUS nt_status; - /* - * Ensure we have the domain SID for this domain. - */ + if (remote_machine == NULL || !strcmp(remote_machine, "*")) { + /* Use the PDC *only* for this */ + + if ( !get_pdc_ip(domain, &pdc_ip) ) { + DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); + goto failed; + } - if (!secrets_fetch_domain_sid(domain, &domain_sid)) { - DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n")); - return NT_STATUS_UNSUCCESSFUL; + if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) ) + goto failed; } - + /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ + else { + fstrcpy( dc_name, remote_machine ); + } + + /* if this next call fails, then give up. We can't do + password changes on BDC's --jerry */ + if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine, NULL, 0, "IPC$", "IPC", @@ -51,7 +61,8 @@ static NTSTATUS modify_trust_password( const char *domain, const char *remote_ma "", 0, NULL))) { DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine)); - return NT_STATUS_UNSUCCESSFUL; + nt_status = NT_STATUS_UNSUCCESSFUL; + goto failed; } /* @@ -65,64 +76,22 @@ static NTSTATUS modify_trust_password( const char *domain, const char *remote_ma cli_nt_session_close(cli); cli_ulogoff(cli); cli_shutdown(cli); - return NT_STATUS_UNSUCCESSFUL; + nt_status = NT_STATUS_UNSUCCESSFUL; + goto failed; } - nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx, - orig_trust_passwd_hash); + nt_status = trust_pw_find_change_and_store_it(cli, cli->mem_ctx, + domain); cli_nt_session_close(cli); cli_ulogoff(cli); cli_shutdown(cli); - return nt_status; -} - -/************************************************************************ - Change the trust account password for a domain. -************************************************************************/ - -NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) -{ - unsigned char old_trust_passwd_hash[16]; - time_t lct; - NTSTATUS res = NT_STATUS_UNSUCCESSFUL; - struct in_addr pdc_ip; - fstring dc_name; - - - if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) { - DEBUG(0,("change_trust_account_password: unable to read the machine account password for domain %s.\n", - domain)); - return NT_STATUS_UNSUCCESSFUL; - } - - if (remote_machine == NULL || !strcmp(remote_machine, "*")) { - /* Use the PDC *only* for this */ - - if ( !get_pdc_ip(domain, &pdc_ip) ) { - DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); - goto failed; - } - - if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) ) - goto failed; - } - /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ - else { - fstrcpy( dc_name, remote_machine ); - } - - /* if this next call fails, then give up. We can't do - password changes on BDC's --jerry */ - - res = modify_trust_password(domain, dc_name, old_trust_passwd_hash); - failed: - if (!NT_STATUS_IS_OK(res)) { + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", timestring(False), domain)); } - return res; + return nt_status; } diff --git a/source3/smbd/process.c b/source3/smbd/process.c index de1bea493f..54fd4a90d9 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1179,9 +1179,11 @@ machine %s in domain %s.\n", global_myname(), lp_workgroup() )); return True; } - if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct)) { + if(!secrets_fetch_trust_account_password(lp_workgroup(), + trust_passwd_hash, + &lct, NULL)) { DEBUG(0,("process: unable to read the machine account password for \ -machine %s in domain %s.\n", global_myname(), lp_workgroup() )); +machine %s in domain %s.\n", global_myname(), lp_workgroup())); secrets_lock_trust_account_password(lp_workgroup(), False); return True; } |