svn commit: samba r2327 - in trunk/source/libsmb: .
mimir at samba.org
mimir at samba.org
Mon Sep 13 13:44:31 GMT 2004
Author: mimir
Date: 2004-09-13 13:44:31 +0000 (Mon, 13 Sep 2004)
New Revision: 2327
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/trunk/source/libsmb&rev=2327&nolog=1
Log:
Migrate ADS domain membership password as well as NT.
Also, properly lock machine password while reading it.
rafal
Modified:
trunk/source/libsmb/trusts_util.c
Changeset:
Modified: trunk/source/libsmb/trusts_util.c
===================================================================
--- trunk/source/libsmb/trusts_util.c 2004-09-13 13:13:21 UTC (rev 2326)
+++ trunk/source/libsmb/trusts_util.c 2004-09-13 13:44:31 UTC (rev 2327)
@@ -191,7 +191,7 @@
/**
* Migrates trust passwords from previous location (secrets.tdb) to current pdb backend
- * and puts a marker in secrets.tdb to avoid doing this again. This function should be
+ * and puts a marker in secrets.tdb to avoid doing this again. This function needs to be
* called only once.
*
* @return number of passwords migrated
@@ -224,14 +224,19 @@
/* Checking whether passwords have already been migrated */
if (secrets_passwords_migrated(False)) return migrated;
- /* NT Workstation trust passwords */
- if (secrets_fetch_trust_account_password(dom_name, wks_pass, &lct, &chan)) {
+ /* NT/ADS Workstation trust passwords */
+ if (secrets_lock_trust_account_password(dom_name, True) &&
+ secrets_fetch_trust_account_password(dom_name, wks_pass, &lct, &chan)) {
memset(&trust, 0, sizeof(trust));
- /* TODO: put a lock on trust wks password */
+ /* flags */
+ switch (lp_security()) {
+ case SEC_DOMAIN: trust.private.flags = PASS_TRUST_NT;
+ break;
+ case SEC_ADS: trust.private.flags = PASS_TRUST_ADS;
+ break;
+ }
- /* flags */
- trust.private.flags = PASS_TRUST_NT;
switch (chan) {
case SEC_CHAN_WKSTA:
trust.private.flags |= PASS_TRUST_MACHINE;
@@ -257,6 +262,9 @@
sid_copy(&trust.private.domain_sid, &dom_sid);
else
return 0;
+
+ /* release mutex on secrets.tdb record */
+ secrets_lock_trust_account_password(dom_name, False);
nt_status = pdb_ctx->pdb_add_trust_passwd(pdb_ctx, &trust);
migrated++;
@@ -287,13 +295,10 @@
}
} while (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MORE_ENTRIES));
+
talloc_destroy(mem_ctx);
- /* ADS Workstation trust passwords */
- memset(&trust, 0, sizeof(trust));
-
-
- /* We're done with migration */
+ /* We're done with migration process and don't need to repeat it */
secrets_passwords_migrated(True);
return migrated;
More information about the samba-cvs
mailing list