svn commit: samba r2327 - in trunk/source/libsmb: .

mimir at samba.org mimir at samba.org
Mon Sep 13 13:44:31 GMT 2004


Author: mimir
Date: 2004-09-13 13:44:31 +0000 (Mon, 13 Sep 2004)
New Revision: 2327

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/trunk/source/libsmb&rev=2327&nolog=1

Log:
Migrate ADS domain membership password as well as NT.
Also, properly lock machine password while reading it.


rafal


Modified:
   trunk/source/libsmb/trusts_util.c


Changeset:
Modified: trunk/source/libsmb/trusts_util.c
===================================================================
--- trunk/source/libsmb/trusts_util.c	2004-09-13 13:13:21 UTC (rev 2326)
+++ trunk/source/libsmb/trusts_util.c	2004-09-13 13:44:31 UTC (rev 2327)
@@ -191,7 +191,7 @@
 
 /**
  * Migrates trust passwords from previous location (secrets.tdb) to current pdb backend
- * and puts a marker in secrets.tdb to avoid doing this again. This function should be
+ * and puts a marker in secrets.tdb to avoid doing this again. This function needs to be
  * called only once.
  *
  * @return number of passwords migrated
@@ -224,14 +224,19 @@
 	/* Checking whether passwords have already been migrated */
 	if (secrets_passwords_migrated(False)) return migrated;
 
-	/* NT Workstation trust passwords */
-	if (secrets_fetch_trust_account_password(dom_name, wks_pass, &lct, &chan)) {
+	/* NT/ADS Workstation trust passwords */
+	if (secrets_lock_trust_account_password(dom_name, True) &&
+	    secrets_fetch_trust_account_password(dom_name, wks_pass, &lct, &chan)) {
 		memset(&trust, 0, sizeof(trust));
 
-		/* TODO: put a lock on trust wks password */
+		/* flags */
+		switch (lp_security()) {
+		case SEC_DOMAIN: trust.private.flags = PASS_TRUST_NT;
+			break;
+		case SEC_ADS:    trust.private.flags = PASS_TRUST_ADS;
+			break;
+		}
 
-		/* flags */
-		trust.private.flags = PASS_TRUST_NT;
 		switch (chan) {
 		case SEC_CHAN_WKSTA:
 			trust.private.flags |= PASS_TRUST_MACHINE;
@@ -257,6 +262,9 @@
 			sid_copy(&trust.private.domain_sid, &dom_sid);
 		else
 			return 0;
+
+		/* release mutex on secrets.tdb record */
+		secrets_lock_trust_account_password(dom_name, False);
 		
 		nt_status = pdb_ctx->pdb_add_trust_passwd(pdb_ctx, &trust);
 		migrated++;
@@ -287,13 +295,10 @@
 		}
 
 	} while (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MORE_ENTRIES));
+
 	talloc_destroy(mem_ctx);
 
-	/* ADS Workstation trust passwords */
-	memset(&trust, 0, sizeof(trust));
-	
-
-	/* We're done with migration */
+	/* We're done with migration process and don't need to repeat it */
 	secrets_passwords_migrated(True);
 
 	return migrated;



More information about the samba-cvs mailing list