diff options
| -rw-r--r-- | source3/auth/auth_domain.c | 66 | ||||
| -rw-r--r-- | source3/passdb/machine_account_secrets.c | 11 | ||||
| -rw-r--r-- | source3/smbd/process.c | 5 |
3 files changed, 0 insertions, 82 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 82160bb4f9..286c75c786 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -31,74 +31,8 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH -extern bool global_machine_password_needs_changing; static struct named_mutex *mutex; -/* - * Change machine password (called from main loop - * idle timeout. Must be done as root. - */ - -void attempt_machine_password_change(void) -{ - unsigned char trust_passwd_hash[16]; - time_t lct; - void *lock; - - if (!global_machine_password_needs_changing) { - return; - } - - if (lp_security() != SEC_DOMAIN) { - return; - } - - /* - * We're in domain level security, and the code that - * read the machine password flagged that the machine - * password needs changing. - */ - - /* - * First, open the machine password file with an exclusive lock. - */ - - lock = secrets_get_trust_account_lock(NULL, lp_workgroup()); - - if (lock == NULL) { - DEBUG(0,("attempt_machine_password_change: unable to lock " - "the machine account password for machine %s in " - "domain %s.\n", - lp_netbios_name(), lp_workgroup() )); - return; - } - - if(!secrets_fetch_trust_account_password(lp_workgroup(), - trust_passwd_hash, &lct, NULL)) { - DEBUG(0,("attempt_machine_password_change: unable to read the " - "machine account password for %s in domain %s.\n", - lp_netbios_name(), lp_workgroup())); - TALLOC_FREE(lock); - return; - } - - /* - * Make sure someone else hasn't already done this. - */ - - if(time(NULL) < lct + lp_machine_password_timeout()) { - global_machine_password_needs_changing = false; - TALLOC_FREE(lock); - return; - } - - /* always just contact the PDC here */ - - change_trust_account_password( lp_workgroup(), NULL); - global_machine_password_needs_changing = false; - TALLOC_FREE(lock); -} - /** * Connect to a remote server for (inter)domain security authenticaion. * diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c index 8aaea10d8c..463de714c1 100644 --- a/source3/passdb/machine_account_secrets.c +++ b/source3/passdb/machine_account_secrets.c @@ -33,9 +33,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB -/* Urrrg. global.... */ -bool global_machine_password_needs_changing; - /** * Form a key for fetching the domain sid * @@ -344,14 +341,6 @@ bool secrets_fetch_trust_account_password_legacy(const char *domain, *channel = get_default_sec_channel(); } - /* Test if machine password has expired and needs to be changed */ - if (lp_machine_password_timeout()) { - if (pass->mod_time > 0 && time(NULL) > (pass->mod_time + - (time_t)lp_machine_password_timeout())) { - global_machine_password_needs_changing = True; - } - } - SAFE_FREE(pass); return True; } diff --git a/source3/smbd/process.c b/source3/smbd/process.c index f8757faae0..80b0c1d79b 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -41,8 +41,6 @@ #include "lib/id_cache.h" #include "serverid.h" -extern bool global_machine_password_needs_changing; - /* Internal message queue for deferred opens. */ struct pending_message_list { struct pending_message_list *next, *prev; @@ -2581,9 +2579,6 @@ static bool housekeeping_fn(const struct timeval *now, void *private_data) /* check if we need to reload services */ check_reload(sconn, time_mono(NULL)); - /* Change machine password if neccessary. */ - attempt_machine_password_change(); - /* * Force a log file check. */ |