diff options
| author | Jeremy Allison <jra@samba.org> | 1998-05-27 00:30:52 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 1998-05-27 00:30:52 +0000 |
| commit | 9bd7e1e8870da87ea6f3c9e78933beeb08b65a0c (patch) | |
| tree | 04a7bff5aa2db16fcaab1396e81e7caaeb6c900d /source3/smbd | |
| parent | 1d16f750515bcf49e0dc87394479dc56e7192538 (diff) | |
| download | samba-9bd7e1e8870da87ea6f3c9e78933beeb08b65a0c.tar.gz samba-9bd7e1e8870da87ea6f3c9e78933beeb08b65a0c.tar.bz2 samba-9bd7e1e8870da87ea6f3c9e78933beeb08b65a0c.zip | |
loadparm.c: Added machine password timeout parameter - set to 7 days be default.
password.c: Added code to tell server.c when machine password needs changing.
server.c: Change machine password in idle cycles if it needs it.
smbpassfile.c: Fixed up length calculations for machine password file.
smbpasswd.c: Moved domain joining code/machine password changing code.
lib/rpc/client/cli_netlogon.c: And this is where it now lives.
Jeremy.
(This used to be commit b8fedca6191de96159df0d1d17082d82e8e44773)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/password.c | 9 | ||||
| -rw-r--r-- | source3/smbd/server.c | 47 |
2 files changed, 52 insertions, 4 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 0f2efcc1da..48fd7cbe24 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -28,6 +28,8 @@ extern int DEBUGLEVEL; extern int Protocol; +BOOL global_machine_pasword_needs_changing; + /* users from session setup */ static pstring session_users=""; @@ -1972,8 +1974,6 @@ BOOL domain_client_validate( char *user, char *domain, } } - become_root(False); - /* * Get the machine account password. */ @@ -1992,13 +1992,14 @@ machine %s in domain %s.\n", global_myname, global_myworkgroup )); trust_password_unlock(); - unbecome_root(False); - /* * Here we should check the last change time to see if the machine * password needs changing..... TODO... JRA. */ + if(time(NULL) > lct + lp_machine_password_timeout()) + global_machine_pasword_needs_changing = True; + /* * At this point, smb_apasswd points to the lanman response to * the challenge in local_challenge, and smb_ntpasswd points to diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 2b2ebb5304..408d5cd068 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -50,6 +50,7 @@ extern BOOL use_mangled_map; extern BOOL short_case_preserve; extern BOOL case_mangle; time_t smb_last_time=(time_t)0; +extern BOOL global_machine_pasword_needs_changing; extern int smb_read_error; @@ -4950,6 +4951,52 @@ static void process(void) DEBUG(2,("%s Closing idle connection 2\n",timestring())); return; } + + if(global_machine_pasword_needs_changing) + { + unsigned char trust_passwd_hash[16]; + time_t lct; + pstring remote_machine_list; + + /* + * We're in domain level security, and the code that + * read the machine password flagged that the machine + * password needs changing. + */ + + /* + * First, open the machine password file with an exclusive lock. + */ + + if(!trust_password_lock( global_myworkgroup, global_myname, True)) { + DEBUG(0,("process: unable to open the machine account password file for \ +machine %s in domain %s.\n", global_myname, global_myworkgroup )); + continue; + } + + if(!get_trust_account_password( trust_passwd_hash, &lct)) { + DEBUG(0,("process: unable to read the machine account password for \ +machine %s in domain %s.\n", global_myname, global_myworkgroup )); + trust_password_unlock(); + continue; + } + + /* + * Make sure someone else hasn't already done this. + */ + + if(t < lct + lp_machine_password_timeout()) { + trust_password_unlock(); + global_machine_pasword_needs_changing = False; + continue; + } + + pstrcpy(remote_machine_list, lp_passwordserver()); + + change_trust_account_password( global_myworkgroup, remote_machine_list); + trust_password_unlock(); + global_machine_pasword_needs_changing = False; + } } if(got_smb) |