summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-04-21 14:09:03 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-04-21 14:09:03 +0000
commitf071020f5e49837154581c97c5af5f84d0e2de89 (patch)
tree14c4f4c08cc935145926000a886f8dd718c66e93 /source3/smbd
parent06c99d15e217e265d51778268d5b859dff3c478c (diff)
downloadsamba-f071020f5e49837154581c97c5af5f84d0e2de89.tar.gz
samba-f071020f5e49837154581c97c5af5f84d0e2de89.tar.bz2
samba-f071020f5e49837154581c97c5af5f84d0e2de89.zip
Merge from HEAD - save the type of channel used to contact the DC.
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/change_trust_pw.c95
-rw-r--r--source3/smbd/process.c6
2 files changed, 36 insertions, 65 deletions
diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c
index a140978733..8aff96d0d6 100644
--- a/source3/smbd/change_trust_pw.c
+++ b/source3/smbd/change_trust_pw.c
@@ -24,26 +24,36 @@
#include "includes.h"
-/*********************************************************
- Change the domain password on the PDC.
-**********************************************************/
+/************************************************************************
+ Change the trust account password for a domain.
+************************************************************************/
-static NTSTATUS modify_trust_password( const char *domain, const char *remote_machine,
- unsigned char orig_trust_passwd_hash[16])
+NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine)
{
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+ struct in_addr pdc_ip;
+ fstring dc_name;
struct cli_state *cli;
- DOM_SID domain_sid;
- NTSTATUS nt_status;
- /*
- * Ensure we have the domain SID for this domain.
- */
+ if (remote_machine == NULL || !strcmp(remote_machine, "*")) {
+ /* Use the PDC *only* for this */
+
+ if ( !get_pdc_ip(domain, &pdc_ip) ) {
+ DEBUG(0,("Can't get IP for PDC for domain %s\n", domain));
+ goto failed;
+ }
- if (!secrets_fetch_domain_sid(domain, &domain_sid)) {
- DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) )
+ goto failed;
}
-
+ /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
+ else {
+ fstrcpy( dc_name, remote_machine );
+ }
+
+ /* if this next call fails, then give up. We can't do
+ password changes on BDC's --jerry */
+
if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine,
NULL, 0,
"IPC$", "IPC",
@@ -51,7 +61,8 @@ static NTSTATUS modify_trust_password( const char *domain, const char *remote_ma
"", 0, NULL)))
{
DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine));
- return NT_STATUS_UNSUCCESSFUL;
+ nt_status = NT_STATUS_UNSUCCESSFUL;
+ goto failed;
}
/*
@@ -65,64 +76,22 @@ static NTSTATUS modify_trust_password( const char *domain, const char *remote_ma
cli_nt_session_close(cli);
cli_ulogoff(cli);
cli_shutdown(cli);
- return NT_STATUS_UNSUCCESSFUL;
+ nt_status = NT_STATUS_UNSUCCESSFUL;
+ goto failed;
}
- nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx,
- orig_trust_passwd_hash);
+ nt_status = trust_pw_find_change_and_store_it(cli, cli->mem_ctx,
+ domain);
cli_nt_session_close(cli);
cli_ulogoff(cli);
cli_shutdown(cli);
- return nt_status;
-}
-
-/************************************************************************
- Change the trust account password for a domain.
-************************************************************************/
-
-NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine)
-{
- unsigned char old_trust_passwd_hash[16];
- time_t lct;
- NTSTATUS res = NT_STATUS_UNSUCCESSFUL;
- struct in_addr pdc_ip;
- fstring dc_name;
-
-
- if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) {
- DEBUG(0,("change_trust_account_password: unable to read the machine account password for domain %s.\n",
- domain));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (remote_machine == NULL || !strcmp(remote_machine, "*")) {
- /* Use the PDC *only* for this */
-
- if ( !get_pdc_ip(domain, &pdc_ip) ) {
- DEBUG(0,("Can't get IP for PDC for domain %s\n", domain));
- goto failed;
- }
-
- if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) )
- goto failed;
- }
- /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
- else {
- fstrcpy( dc_name, remote_machine );
- }
-
- /* if this next call fails, then give up. We can't do
- password changes on BDC's --jerry */
-
- res = modify_trust_password(domain, dc_name, old_trust_passwd_hash);
-
failed:
- if (!NT_STATUS_IS_OK(res)) {
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n",
timestring(False), domain));
}
- return res;
+ return nt_status;
}
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index de1bea493f..54fd4a90d9 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1179,9 +1179,11 @@ machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
return True;
}
- if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct)) {
+ if(!secrets_fetch_trust_account_password(lp_workgroup(),
+ trust_passwd_hash,
+ &lct, NULL)) {
DEBUG(0,("process: unable to read the machine account password for \
-machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
+machine %s in domain %s.\n", global_myname(), lp_workgroup()));
secrets_lock_trust_account_password(lp_workgroup(), False);
return True;
}