diff options
author | Luke Leighton <lkcl@samba.org> | 2000-02-18 21:43:53 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 2000-02-18 21:43:53 +0000 |
commit | 34313d4aeac5f917064a21af2ff70d222e3adb85 (patch) | |
tree | 47c54b8a1d744da8abb7c133907f6100afaea0ba /source/smbd | |
parent | 5fba3da30cf8ff364f21d99a965bd18dce6a48ac (diff) | |
download | samba-34313d4aeac5f917064a21af2ff70d222e3adb85.tar.gz |
- removed smbpassd "remote" commands relating to trust accounts, added
references to use samedit instead.
- removed global_machine_password_needs_changing and all code that uses
this: replaced with lsa_query_secret ( pol, NULL, &last_updated_time).
probably better off having this code in lsarpcd, not smbd. hmm...
- fixing up _samr_lookup_names to the new sam tdb format, lots more work
needed here.
Diffstat (limited to 'source/smbd')
-rw-r--r-- | source/smbd/process.c | 53 |
1 files changed, 13 insertions, 40 deletions
diff --git a/source/smbd/process.c b/source/smbd/process.c index 2d48b9cc9d3..bb52b884170 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -49,7 +49,6 @@ extern char *InBuffer; extern char *OutBuffer; extern int smb_read_error; extern BOOL reload_after_sighup; -extern BOOL global_machine_password_needs_changing; extern fstring global_myworkgroup; extern pstring global_myname; extern int max_send; @@ -813,6 +812,8 @@ void smbd_process(void) int last_keepalive=0; int service_load_counter = 0; BOOL got_smb = False; + BOOL trust_pwd_needs_changing = False; + NTTIME ntlct; if (deadtime <= 0) deadtime = DEFAULT_SMBD_TIMEOUT; @@ -909,12 +910,17 @@ void smbd_process(void) return; } - if(global_machine_password_needs_changing) + if (msrpc_lsa_query_secret("\\\\.", "$MACHINE.ACC", NULL, &ntlct)) + { + if (time(NULL) > nt_time_to_unix(&ntlct) + lp_machine_password_timeout()) + { + trust_pwd_needs_changing = True; + } + } + + if(trust_pwd_needs_changing) { unsigned char trust_passwd_hash[16]; - time_t lct; - pstring remote_machine_list; - int sec_chan = SEC_CHAN_WKSTA; /* * We're in domain level security, and the code that @@ -922,41 +928,8 @@ void smbd_process(void) * password needs changing. */ - /* - * First, open the machine password file with an exclusive lock. - */ - - if(!trust_password_lock( global_myworkgroup, global_myname, True)) { - DEBUG(0,("process: unable to open the machine account password file for \ -machine %s in domain %s.\n", global_myname, global_myworkgroup )); - continue; - } - - if(!get_trust_account_password( trust_passwd_hash, &lct)) { - DEBUG(0,("process: unable to read the machine account password for \ -machine %s in domain %s.\n", global_myname, global_myworkgroup )); - trust_password_unlock(); - continue; - } - - /* - * Make sure someone else hasn't already done this. - */ - - if(t < lct + lp_machine_password_timeout()) { - trust_password_unlock(); - global_machine_password_needs_changing = False; - continue; - } - - pstrcpy(remote_machine_list, lp_passwordserver()); - if (lp_server_role() == ROLE_DOMAIN_BDC) - sec_chan = SEC_CHAN_BDC; - - change_trust_account_password(global_myworkgroup, remote_machine_list, - sec_chan); - trust_password_unlock(); - global_machine_password_needs_changing = False; + generate_random_buffer( trust_passwd_hash, 16, True); + msrpc_lsa_set_secret("\\\\.", "$MACHINE.ACC", trust_passwd_hash, 16); } /* |