2 files changed, 80 insertions, 88 deletions

diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c
index 28a004eba8..a140978733 100644
--- a/source3/smbd/change_trust_pw.c
+++ b/source3/smbd/change_trust_pw.c
@@ -31,106 +31,98 @@
 static NTSTATUS modify_trust_password( const char *domain, const char *remote_machine, 
 				   unsigned char orig_trust_passwd_hash[16])
 {
-  struct cli_state *cli;
-  DOM_SID domain_sid;
-  NTSTATUS nt_status;
+	struct cli_state *cli;
+	DOM_SID domain_sid;
+	NTSTATUS nt_status;
 
-  /*
-   * Ensure we have the domain SID for this domain.
-   */
+	/*
+	 * Ensure we have the domain SID for this domain.
+	 */
 
-  if (!secrets_fetch_domain_sid(domain, &domain_sid)) {
-    DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n"));
-    return NT_STATUS_UNSUCCESSFUL;
-  }
+	if (!secrets_fetch_domain_sid(domain, &domain_sid)) {
+		DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
 
-  if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine, 
+	if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine, 
 					   NULL, 0,
 					   "IPC$", "IPC",  
 					   "", "",
-					   "", 0, NULL))) {
-	  DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine));
-	  return NT_STATUS_UNSUCCESSFUL;
-  }
+					   "", 0, NULL))) 
+	{
+		DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
       
-  /*
-   * Ok - we have an anonymous connection to the IPC$ share.
-   * Now start the NT Domain stuff :-).
-   */
-
-  if(cli_nt_session_open(cli, PI_NETLOGON) == False) {
-    DEBUG(0,("modify_trust_password: unable to open the domain client session to \
-machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli)));
-    cli_nt_session_close(cli);
-    cli_ulogoff(cli);
-    cli_shutdown(cli);
-    return NT_STATUS_UNSUCCESSFUL;
-  } 
-
-  nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx,
+	/*
+	 * Ok - we have an anonymous connection to the IPC$ share.
+	 * Now start the NT Domain stuff :-).
+	 */
+
+	if(cli_nt_session_open(cli, PI_NETLOGON) == False) {
+		DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", 
+			remote_machine, cli_errstr(cli)));
+		cli_nt_session_close(cli);
+		cli_ulogoff(cli);
+		cli_shutdown(cli);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx,
 					   orig_trust_passwd_hash);
   
-  cli_nt_session_close(cli);
-  cli_ulogoff(cli);
-  cli_shutdown(cli);
-  return nt_status;
+	cli_nt_session_close(cli);
+	cli_ulogoff(cli);
+	cli_shutdown(cli);
+	
+	return nt_status;
 }
 
 /************************************************************************
  Change the trust account password for a domain.
 ************************************************************************/
 
-NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine_list)
+NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine)
 {
-  fstring remote_machine;
-  unsigned char old_trust_passwd_hash[16];
-  time_t lct;
-  NTSTATUS res = NT_STATUS_UNSUCCESSFUL;
-
-  if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) {
-    DEBUG(0,("change_trust_account_password: unable to read the machine \
-account password for domain %s.\n", domain));
-    return NT_STATUS_UNSUCCESSFUL;
-  }
-
-  while(remote_machine_list && 
-	next_token(&remote_machine_list, remote_machine, 
-		   LIST_SEP, sizeof(remote_machine))) {
-    strupper(remote_machine);
-    if(strequal(remote_machine, "*")) {
-
-      /*
-       * We have been asked to dynamcially determine the IP addresses of the PDC.
-       */
-
-      struct in_addr pdc_ip;
-      fstring dc_name;
-
-      /* Use the PDC *only* for this. */
-      if(!get_pdc_ip(domain, &pdc_ip))
-        continue;
-
-      /*
-       * Try and connect to the PDC/BDC list in turn as an IP
-       * address used as a string.
-       */
-
-        if(!lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name))
-          continue;
-        if(NT_STATUS_IS_OK(res = modify_trust_password( domain, dc_name,
-                                         old_trust_passwd_hash)))
-          break;
-    } else {
-	    res = modify_trust_password( domain, remote_machine,
-					 old_trust_passwd_hash);
-    }
-
-  }
-
-  if (!NT_STATUS_IS_OK(res)) {
-	  DEBUG(0,("%s : change_trust_account_password: Failed to change password for \
-domain %s.\n", timestring(False), domain));
-  }
+	unsigned char old_trust_passwd_hash[16];
+	time_t lct;
+	NTSTATUS res = NT_STATUS_UNSUCCESSFUL;
+	struct in_addr pdc_ip;
+	fstring dc_name;
+
+
+	if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) {
+		DEBUG(0,("change_trust_account_password: unable to read the machine account password for domain %s.\n", 
+			domain));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (remote_machine == NULL || !strcmp(remote_machine, "*")) {
+		/* Use the PDC *only* for this */
+	
+		if ( !get_pdc_ip(domain, &pdc_ip) ) {
+			DEBUG(0,("Can't get IP for PDC for domain %s\n", domain));
+			goto failed;
+		}
+
+		if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) ) 
+			goto failed;
+	}
+	/* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
+	else {
+		fstrcpy( dc_name, remote_machine );
+	}
+	
+	/* if this next call fails, then give up.  We can't do
+	   password changes on BDC's  --jerry */
+	   
+	res = modify_trust_password(domain, dc_name, old_trust_passwd_hash);	
+	
+failed:
+	if (!NT_STATUS_IS_OK(res)) {
+		DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", 
+			timestring(False), domain));
+	}
   
-  return res;
+	return res;
 }
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index c46c4c5509..3b0619b7d0 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1175,9 +1175,9 @@ machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
       return True;
     }
 
-    pstrcpy(remote_machine_list, lp_passwordserver());
-
-    change_trust_account_password( lp_workgroup(), remote_machine_list);
+    /* always just contact the PDC here */
+    
+    change_trust_account_password( lp_workgroup(), NULL);
     global_machine_password_needs_changing = False;
     secrets_lock_trust_account_password(lp_workgroup(), False);
   }