[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-1001-gc344bf0
Günther Deschner
gd at samba.org
Tue Oct 6 08:50:50 MDT 2009
The branch, master has been updated
via c344bf0184be484fff8bb5ed93b5c2ca6de58611 (commit)
via 0c2fc9eedf241746067d1625f643c894bfa11394 (commit)
from e9f126421d21a66cc695039f798d252e9f98fef9 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c344bf0184be484fff8bb5ed93b5c2ca6de58611
Author: Günther Deschner <gd at samba.org>
Date: Mon Oct 5 17:05:38 2009 +0200
s3-winbindd: make sure to reset connections when machine account password change chain was broken.
Guenther
commit 0c2fc9eedf241746067d1625f643c894bfa11394
Author: Günther Deschner <gd at samba.org>
Date: Mon Oct 5 17:04:52 2009 +0200
s3-netlogon: setup NETLOGON credential chain in rpccli_netlogon_set_trust_password() only when needed.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_client/cli_netlogon.c | 27 ++++++++++++++-------------
source3/winbindd/winbindd_dual.c | 8 ++++++++
2 files changed, 22 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 911a50f..6caffd7 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -518,19 +518,20 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct netr_Authenticator clnt_creds, srv_cred;
- result = rpccli_netlogon_setup_creds(cli,
- cli->desthost, /* server name */
- lp_workgroup(), /* domain */
- global_myname(), /* client name */
- global_myname(), /* machine account name */
- orig_trust_passwd_hash,
- sec_channel_type,
- &neg_flags);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n",
- nt_errstr(result)));
- return result;
+ if (!cli->dc) {
+ result = rpccli_netlogon_setup_creds(cli,
+ cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
+ orig_trust_passwd_hash,
+ sec_channel_type,
+ &neg_flags);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n",
+ nt_errstr(result)));
+ return result;
+ }
}
netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index edf784c..a832451 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -1100,6 +1100,14 @@ static void machine_password_change_handler(struct event_context *ctx,
DEBUG(10,("machine_password_change_handler: "
"failed to change machine password: %s\n",
nt_errstr(result)));
+ if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
+ DEBUG(3,("machine_password_change_handler: password set returned "
+ "ACCESS_DENIED. Maybe the trust account "
+ "password was changed and we didn't know it. "
+ "Killing connections to domain %s\n",
+ child->domain->name));
+ invalidate_cm_connection(&child->domain->conn);
+ }
} else {
DEBUG(10,("machine_password_change_handler: "
"successfully changed machine password\n"));
--
Samba Shared Repository
More information about the samba-cvs
mailing list