[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-1001-gc344bf0

Günther Deschner gd at samba.org
Tue Oct 6 08:50:50 MDT 2009


The branch, master has been updated
       via  c344bf0184be484fff8bb5ed93b5c2ca6de58611 (commit)
       via  0c2fc9eedf241746067d1625f643c894bfa11394 (commit)
      from  e9f126421d21a66cc695039f798d252e9f98fef9 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c344bf0184be484fff8bb5ed93b5c2ca6de58611
Author: Günther Deschner <gd at samba.org>
Date:   Mon Oct 5 17:05:38 2009 +0200

    s3-winbindd: make sure to reset connections when machine account password change chain was broken.
    
    Guenther

commit 0c2fc9eedf241746067d1625f643c894bfa11394
Author: Günther Deschner <gd at samba.org>
Date:   Mon Oct 5 17:04:52 2009 +0200

    s3-netlogon: setup NETLOGON credential chain in rpccli_netlogon_set_trust_password() only when needed.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_client/cli_netlogon.c |   27 ++++++++++++++-------------
 source3/winbindd/winbindd_dual.c  |    8 ++++++++
 2 files changed, 22 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 911a50f..6caffd7 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -518,19 +518,20 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 	uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
 	struct netr_Authenticator clnt_creds, srv_cred;
 
-	result = rpccli_netlogon_setup_creds(cli,
-					     cli->desthost, /* server name */
-					     lp_workgroup(), /* domain */
-					     global_myname(), /* client name */
-					     global_myname(), /* machine account name */
-					     orig_trust_passwd_hash,
-					     sec_channel_type,
-					     &neg_flags);
-
-	if (!NT_STATUS_IS_OK(result)) {
-		DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n",
-			 nt_errstr(result)));
-		return result;
+	if (!cli->dc) {
+		result = rpccli_netlogon_setup_creds(cli,
+						     cli->desthost, /* server name */
+						     lp_workgroup(), /* domain */
+						     global_myname(), /* client name */
+						     global_myname(), /* machine account name */
+						     orig_trust_passwd_hash,
+						     sec_channel_type,
+						     &neg_flags);
+		if (!NT_STATUS_IS_OK(result)) {
+			DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n",
+				 nt_errstr(result)));
+			return result;
+		}
 	}
 
 	netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index edf784c..a832451 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -1100,6 +1100,14 @@ static void machine_password_change_handler(struct event_context *ctx,
 		DEBUG(10,("machine_password_change_handler: "
 			"failed to change machine password: %s\n",
 			 nt_errstr(result)));
+		if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
+			DEBUG(3,("machine_password_change_handler: password set returned "
+				"ACCESS_DENIED.  Maybe the trust account "
+				"password was changed and we didn't know it. "
+				"Killing connections to domain %s\n",
+				child->domain->name));
+			invalidate_cm_connection(&child->domain->conn);
+		}
 	} else {
 		DEBUG(10,("machine_password_change_handler: "
 			"successfully changed machine password\n"));


-- 
Samba Shared Repository


More information about the samba-cvs mailing list