diff options
author | Luke Leighton <lkcl@samba.org> | 2000-02-20 05:47:02 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 2000-02-20 05:47:02 +0000 |
commit | 807f264eb662a0bb7a57f2cb9f93b26af2b663c0 (patch) | |
tree | 1b051c6896a465859264cfb622e0bd5a72a49c32 /source/lsarpcd | |
parent | 6678f948368302ce7cb83e27b83f441e4e79b134 (diff) | |
download | samba-807f264eb662a0bb7a57f2cb9f93b26af2b663c0.tar.gz |
proper job on set secret stuff. added idle function to msrpc fn table.
called during idle or on exit of msrpc daemon.
Diffstat (limited to 'source/lsarpcd')
-rw-r--r-- | source/lsarpcd/lsarpcd.c | 118 |
1 files changed, 86 insertions, 32 deletions
diff --git a/source/lsarpcd/lsarpcd.c b/source/lsarpcd/lsarpcd.c index 23fc9518bcb..8f584096348 100644 --- a/source/lsarpcd/lsarpcd.c +++ b/source/lsarpcd/lsarpcd.c @@ -60,37 +60,76 @@ static void update_trust_account(void) BOOL trust_pwd_needs_changing = False; uint8 old_trust[16]; NTTIME ntlct; - BOOL res = True; - BOOL res1; - BOOL res2; + uint32 s2 = NT_STATUS_NOPROBLEMO; + uint32 s1 = NT_STATUS_NOPROBLEMO; + uint32 s = NT_STATUS_NOPROBLEMO; POLICY_HND pol_sec; POLICY_HND lsa_pol; STRING2 secret; + STRING2 encsec; UNISTR2 uni_sec_name; char *name = "$MACHINE.ACC"; extern fstring global_myworkgroup; + time_t cur_time; + time_t sec_time; + uchar user_sess_key[16]; make_unistr2(&uni_sec_name, name, strlen(name)); - res = - res ? _lsa_open_policy2(NULL, &lsa_pol, NULL, - 0x02000000) : False; + s = _lsa_open_policy2(NULL, &lsa_pol, NULL, 0x02000000); - res1 = res ? _lsa_open_secret(&lsa_pol, - &uni_sec_name, 0x02000000, - &pol_sec) : False; + if (s == NT_STATUS_NOPROBLEMO) + { + s1 = _lsa_open_secret(&lsa_pol, &uni_sec_name, 0x02000000, + &pol_sec); + } + + if (s1 == NT_STATUS_NOPROBLEMO) + { + if (!pol_get_usr_sesskey(get_global_hnd_cache(), &pol_sec, + user_sess_key)) + { + s2 = NT_STATUS_INVALID_HANDLE; + } + } + if (s2 == NT_STATUS_NOPROBLEMO) + { + s2 = _lsa_query_secret(&pol_sec, &encsec, &ntlct, NULL, NULL); + } + if (s2 == NT_STATUS_NOPROBLEMO) + { + if (!nt_decrypt_string2(&secret, &encsec, user_sess_key)) + { + s2 = NT_STATUS_INVALID_PARAMETER; + } + } + if (s2 == NT_STATUS_NOPROBLEMO) + { + if (!secret_get_data(&secret, old_trust, 16)) + { + s2 = NT_STATUS_ACCESS_DENIED; + } + else + { + dump_data_pw("$MACHINE.ACC:", old_trust, 16); + } + } - res2 = - res1 ? _lsa_query_secret(&pol_sec, &secret, &ntlct, NULL, - NULL) : False; - res2 = res2 ? secret_get_data(&secret, old_trust, 16) : False; + cur_time = time(NULL); + sec_time = nt_time_to_unix(&ntlct); + + if (DEBUGLVL(100)) + { + DEBUG(100, ("secret time: %s\n", http_timestring(sec_time))); + DEBUG(100, ("current time: %s\n", http_timestring(cur_time))); + } - if (res2 && time(NULL) > - nt_time_to_unix(&ntlct) + lp_machine_password_timeout()) + if (s2 == NT_STATUS_NOPROBLEMO + && cur_time > sec_time + lp_machine_password_timeout()) { - DEBUG(1,("$MACHINE.ACC password being updated.\n")); + DEBUG(1, ("$MACHINE.ACC password being updated.\n")); trust_pwd_needs_changing = True; } @@ -98,29 +137,45 @@ static void update_trust_account(void) { unsigned char trust_passwd_hash[16]; fstring srv_name; + BOOL res2; - res2 = res2 ? get_any_dc_name(global_myworkgroup, - srv_name) : False; + res2 = get_any_dc_name(global_myworkgroup, srv_name); generate_random_buffer(trust_passwd_hash, 16, True); secret_store_data(&secret, trust_passwd_hash, 16); - res2 = res2 ? modify_trust_password(global_myworkgroup, - srv_name, old_trust, - trust_passwd_hash, - SEC_CHAN_WKSTA) : False; + res2 = + res2 ? nt_encrypt_string2(&encsec, &secret, + user_sess_key) : False; - res2 = res2 ? (_lsa_set_secret(&pol_sec, &secret, 0x0) == - NT_STATUS_NOPROBLEMO) : False; - if (!res2) + if (!strequal("\\\\.", srv_name)) { - DEBUG(0,("$MACHINE.ACC password update FAILED\n")); + res2 = + res2 ? + modify_trust_password(global_myworkgroup, + srv_name, old_trust, + trust_passwd_hash, + SEC_CHAN_WKSTA) : False; } - } - res1 = res1 ? _lsa_close(&pol_sec) : False; + if (res2) + { + s2 = _lsa_set_secret(&pol_sec, &encsec, 0x0); + } + if (s2 != NT_STATUS_NOPROBLEMO) + { + DEBUG(0, ("$MACHINE.ACC password update FAILED\n")); + } + } - res = res ? _lsa_close(&lsa_pol) : False; + if (s1 == NT_STATUS_NOPROBLEMO) + { + _lsa_close(&pol_sec); + } + if (s == NT_STATUS_NOPROBLEMO) + { + _lsa_close(&lsa_pol); + } } /**************************************************************************** @@ -130,8 +185,6 @@ static BOOL reload_msrpc(BOOL test) { BOOL ret; - update_trust_account(); - if (lp_loaded()) { pstring fname; @@ -192,7 +245,8 @@ static msrpc_service_fns fn_table = { auth_init, service_init, reload_msrpc, - main_init + main_init, + update_trust_account }; msrpc_service_fns *get_service_fns(void) |