diff options
author | Jeremy Allison <jra@samba.org> | 2009-10-17 10:36:33 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2009-10-17 10:36:33 -0700 |
commit | 7c51fa6d699a653cafa90df8e44911b576118ebd (patch) | |
tree | 543bf9ca698e03eff81104898b33e77f1abed319 /source3/winbindd/winbindd_dual_srv.c | |
parent | cc3a6770c77ec8fe1cd63bf4c682853c56201f0c (diff) | |
parent | 3e3214fd91471bca5b6c4d3782e922d252d588fb (diff) | |
download | samba-7c51fa6d699a653cafa90df8e44911b576118ebd.tar.gz samba-7c51fa6d699a653cafa90df8e44911b576118ebd.tar.bz2 samba-7c51fa6d699a653cafa90df8e44911b576118ebd.zip |
Merge branch 'master' of ssh://jra@git.samba.org/data/git/samba
Diffstat (limited to 'source3/winbindd/winbindd_dual_srv.c')
-rw-r--r-- | source3/winbindd/winbindd_dual_srv.c | 70 |
1 files changed, 66 insertions, 4 deletions
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index 179a771066..f0bbee9f31 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -4,6 +4,7 @@ In-Child server implementation of the routines defined in wbint.idl Copyright (C) Volker Lendecke 2009 + Copyright (C) Guenther Deschner 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -437,17 +438,78 @@ again: /* Pass back result code - zero for success, other values for specific failures. */ - DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(status) ? - "good" : "bad")); + DEBUG(3,("domain %s secret is %s\n", domain->name, + NT_STATUS_IS_OK(status) ? "good" : "bad")); done: DEBUG(NT_STATUS_IS_OK(status) ? 5 : 2, - ("Checking the trust account password returned %s\n", - nt_errstr(status))); + ("Checking the trust account password for domain %s returned %s\n", + domain->name, nt_errstr(status))); return status; } +NTSTATUS _wbint_ChangeMachineAccount(pipes_struct *p, + struct wbint_ChangeMachineAccount *r) +{ + struct winbindd_domain *domain; + int num_retries = 0; + NTSTATUS status; + struct rpc_pipe_client *netlogon_pipe; + TALLOC_CTX *tmp_ctx; + +again: + domain = wb_child_domain(); + if (domain == NULL) { + return NT_STATUS_REQUEST_NOT_ACCEPTED; + } + + invalidate_cm_connection(&domain->conn); + + { + status = cm_connect_netlogon(domain, &netlogon_pipe); + } + + /* There is a race condition between fetching the trust account + password and the periodic machine password change. So it's + possible that the trust account password has been changed on us. + We are returned NT_STATUS_ACCESS_DENIED if this happens. */ + +#define MAX_RETRIES 3 + + if ((num_retries < MAX_RETRIES) + && NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + num_retries++; + goto again; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("could not open handle to NETLOGON pipe\n")); + goto done; + } + + tmp_ctx = talloc_new(p->mem_ctx); + + status = trust_pw_find_change_and_store_it(netlogon_pipe, + tmp_ctx, + domain->name); + talloc_destroy(tmp_ctx); + + /* Pass back result code - zero for success, other values for + specific failures. */ + + DEBUG(3,("domain %s secret %s\n", domain->name, + NT_STATUS_IS_OK(status) ? "changed" : "unchanged")); + + done: + DEBUG(NT_STATUS_IS_OK(status) ? 5 : 2, + ("Changing the trust account password for domain %s returned %s\n", + domain->name, nt_errstr(status))); + + return status; +} + + NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r) { struct id_map map; |