From 15fedb3c6855751678e93e3f4a7e443b0495b1c3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 13 Jul 2012 11:01:47 +1000 Subject: s3-auth Remove unused global_machine_account_needs_changing This boolean was only set if the old machine account store (with an MD4 hash in it) was returned. We have not set that password type for years. If this call ever worked, it would store a plaintext password, so we could only ever be here if we had set a password using a version of Samba so old as not to store plaintext, and then never honered the flag anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Fri Jul 13 07:52:40 CEST 2012 on sn-devel-104 --- source3/auth/auth_domain.c | 66 ---------------------------------------------- 1 file changed, 66 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 82160bb4f9..286c75c786 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -31,74 +31,8 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH -extern bool global_machine_password_needs_changing; static struct named_mutex *mutex; -/* - * Change machine password (called from main loop - * idle timeout. Must be done as root. - */ - -void attempt_machine_password_change(void) -{ - unsigned char trust_passwd_hash[16]; - time_t lct; - void *lock; - - if (!global_machine_password_needs_changing) { - return; - } - - if (lp_security() != SEC_DOMAIN) { - return; - } - - /* - * We're in domain level security, and the code that - * read the machine password flagged that the machine - * password needs changing. - */ - - /* - * First, open the machine password file with an exclusive lock. - */ - - lock = secrets_get_trust_account_lock(NULL, lp_workgroup()); - - if (lock == NULL) { - DEBUG(0,("attempt_machine_password_change: unable to lock " - "the machine account password for machine %s in " - "domain %s.\n", - lp_netbios_name(), lp_workgroup() )); - return; - } - - if(!secrets_fetch_trust_account_password(lp_workgroup(), - trust_passwd_hash, &lct, NULL)) { - DEBUG(0,("attempt_machine_password_change: unable to read the " - "machine account password for %s in domain %s.\n", - lp_netbios_name(), lp_workgroup())); - TALLOC_FREE(lock); - return; - } - - /* - * Make sure someone else hasn't already done this. - */ - - if(time(NULL) < lct + lp_machine_password_timeout()) { - global_machine_password_needs_changing = false; - TALLOC_FREE(lock); - return; - } - - /* always just contact the PDC here */ - - change_trust_account_password( lp_workgroup(), NULL); - global_machine_password_needs_changing = false; - TALLOC_FREE(lock); -} - /** * Connect to a remote server for (inter)domain security authenticaion. * -- cgit