summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-04-16 10:20:14 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-04-16 10:20:14 +0000
commit2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7 (patch)
tree70203479d0f7bebcbb80e7af48f560715162171a /source3/smbd
parentf9cde25fa492e071960e0857f5075222119a0d1c (diff)
downloadsamba-2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7.tar.gz
samba-2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7.tar.bz2
samba-2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7.zip
Store the type of 'sec channel' that we establish to the DC. If we are a
workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett (This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/change_trust_pw.c95
-rw-r--r--source3/smbd/process.c6
2 files changed, 36 insertions, 65 deletions
diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c
index a140978733..8aff96d0d6 100644
--- a/source3/smbd/change_trust_pw.c
+++ b/source3/smbd/change_trust_pw.c
@@ -24,26 +24,36 @@
#include "includes.h"
-/*********************************************************
- Change the domain password on the PDC.
-**********************************************************/
+/************************************************************************
+ Change the trust account password for a domain.
+************************************************************************/
-static NTSTATUS modify_trust_password( const char *domain, const char *remote_machine,
- unsigned char orig_trust_passwd_hash[16])
+NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine)
{
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+ struct in_addr pdc_ip;
+ fstring dc_name;
struct cli_state *cli;
- DOM_SID domain_sid;
- NTSTATUS nt_status;
- /*
- * Ensure we have the domain SID for this domain.
- */
+ if (remote_machine == NULL || !strcmp(remote_machine, "*")) {
+ /* Use the PDC *only* for this */
+
+ if ( !get_pdc_ip(domain, &pdc_ip) ) {
+ DEBUG(0,("Can't get IP for PDC for domain %s\n", domain));
+ goto failed;
+ }
- if (!secrets_fetch_domain_sid(domain, &domain_sid)) {
- DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) )
+ goto failed;
}
-
+ /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
+ else {
+ fstrcpy( dc_name, remote_machine );
+ }
+
+ /* if this next call fails, then give up. We can't do
+ password changes on BDC's --jerry */
+
if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine,
NULL, 0,
"IPC$", "IPC",
@@ -51,7 +61,8 @@ static NTSTATUS modify_trust_password( const char *domain, const char *remote_ma
"", 0, NULL)))
{
DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine));
- return NT_STATUS_UNSUCCESSFUL;
+ nt_status = NT_STATUS_UNSUCCESSFUL;
+ goto failed;
}
/*
@@ -65,64 +76,22 @@ static NTSTATUS modify_trust_password( const char *domain, const char *remote_ma
cli_nt_session_close(cli);
cli_ulogoff(cli);
cli_shutdown(cli);
- return NT_STATUS_UNSUCCESSFUL;
+ nt_status = NT_STATUS_UNSUCCESSFUL;
+ goto failed;
}
- nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx,
- orig_trust_passwd_hash);
+ nt_status = trust_pw_find_change_and_store_it(cli, cli->mem_ctx,
+ domain);
cli_nt_session_close(cli);
cli_ulogoff(cli);
cli_shutdown(cli);
- return nt_status;
-}
-
-/************************************************************************
- Change the trust account password for a domain.
-************************************************************************/
-
-NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine)
-{
- unsigned char old_trust_passwd_hash[16];
- time_t lct;
- NTSTATUS res = NT_STATUS_UNSUCCESSFUL;
- struct in_addr pdc_ip;
- fstring dc_name;
-
-
- if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) {
- DEBUG(0,("change_trust_account_password: unable to read the machine account password for domain %s.\n",
- domain));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (remote_machine == NULL || !strcmp(remote_machine, "*")) {
- /* Use the PDC *only* for this */
-
- if ( !get_pdc_ip(domain, &pdc_ip) ) {
- DEBUG(0,("Can't get IP for PDC for domain %s\n", domain));
- goto failed;
- }
-
- if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) )
- goto failed;
- }
- /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
- else {
- fstrcpy( dc_name, remote_machine );
- }
-
- /* if this next call fails, then give up. We can't do
- password changes on BDC's --jerry */
-
- res = modify_trust_password(domain, dc_name, old_trust_passwd_hash);
-
failed:
- if (!NT_STATUS_IS_OK(res)) {
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n",
timestring(False), domain));
}
- return res;
+ return nt_status;
}
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index de1bea493f..54fd4a90d9 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1179,9 +1179,11 @@ machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
return True;
}
- if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct)) {
+ if(!secrets_fetch_trust_account_password(lp_workgroup(),
+ trust_passwd_hash,
+ &lct, NULL)) {
DEBUG(0,("process: unable to read the machine account password for \
-machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
+machine %s in domain %s.\n", global_myname(), lp_workgroup()));
secrets_lock_trust_account_password(lp_workgroup(), False);
return True;
}