diff options
| -rw-r--r-- | source3/passdb/secrets.c | 32 | ||||
| -rw-r--r-- | source3/smbd/process.c | 11 |
2 files changed, 31 insertions, 12 deletions
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 2ef8f43988..2c0d648716 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -325,20 +325,36 @@ static char *trustdom_keystr(const char *domain) return keystr; } +static int unlock_trust_account(char *domain) +{ + tdb_unlock_bystring(tdb, trust_keystr(domain)); + return 0; +} + /************************************************************************ Lock the trust password entry. ************************************************************************/ -bool secrets_lock_trust_account_password(const char *domain, bool dolock) +void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain) { - if (!tdb) - return False; + char *result; - if (dolock) - return (tdb_lock_bystring(tdb, trust_keystr(domain)) == 0); - else - tdb_unlock_bystring(tdb, trust_keystr(domain)); - return True; + if (!secrets_init()) { + return NULL; + } + + result = talloc_strdup(mem_ctx, domain); + if (result == NULL) { + return NULL; + } + + if (tdb_lock_bystring(tdb, trust_keystr(domain)) != 0) { + TALLOC_FREE(result); + return NULL; + } + + talloc_set_destructor(result, unlock_trust_account); + return result; } /************************************************************************ diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 68bec7830a..9c01bbaa4a 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1901,6 +1901,7 @@ static void timeout_processing(int *select_timeout, unsigned char trust_passwd_hash[16]; time_t lct; + void *lock; /* * We're in domain level security, and the code that @@ -1912,7 +1913,9 @@ static void timeout_processing(int *select_timeout, * First, open the machine password file with an exclusive lock. */ - if (secrets_lock_trust_account_password(lp_workgroup(), True) == False) { + lock = secrets_get_trust_account_lock(NULL, lp_workgroup()); + + if (lock == NULL) { DEBUG(0,("process: unable to lock the machine account password for \ machine %s in domain %s.\n", global_myname(), lp_workgroup() )); return; @@ -1921,7 +1924,7 @@ machine %s in domain %s.\n", global_myname(), lp_workgroup() )); if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct, NULL)) { DEBUG(0,("process: unable to read the machine account password for \ machine %s in domain %s.\n", global_myname(), lp_workgroup())); - secrets_lock_trust_account_password(lp_workgroup(), False); + TALLOC_FREE(lock); return; } @@ -1931,7 +1934,7 @@ machine %s in domain %s.\n", global_myname(), lp_workgroup())); if(t < lct + lp_machine_password_timeout()) { global_machine_password_needs_changing = False; - secrets_lock_trust_account_password(lp_workgroup(), False); + TALLOC_FREE(lock); return; } @@ -1939,7 +1942,7 @@ machine %s in domain %s.\n", global_myname(), lp_workgroup())); change_trust_account_password( lp_workgroup(), NULL); global_machine_password_needs_changing = False; - secrets_lock_trust_account_password(lp_workgroup(), False); + TALLOC_FREE(lock); } /* update printer queue caches if necessary */ |