[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger kseeger at samba.org
Mon Sep 16 09:14:15 CEST 2013 

The branch, v3-6-test has been updated
       via  d1bf6e4 s3:libnet increase timeout for machine password change
       via  a43c682 s3: Give machine password changes 10 minutes of time
      from  037f9ea s3-serverid: call serverid_init_readonly() from commandline tools.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit d1bf6e401a41172a47684518b9836899844fdefd
Author: Christian Ambach <ambi at samba.org>
Date:   Tue Mar 5 11:44:03 2013 +0100

    s3:libnet increase timeout for machine password change
    
    DCs might run password filter modules that can delay the setting of
    the machine password for a significant amount of time
    use the same timeout as in the other paths of domain join
    (e.g. rpccli_netlogon_set_trust_password)
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 9755541ed156d71df98607375ee3b925266c3c74)
    
    The last 2 patches address bug #8955 - NetrServerPasswordSet2 timeout is too
    short.

commit a43c682553e5a731f9fbca8649ba042ae2bb5eba
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Jun 22 14:26:45 2012 +0200

    s3: Give machine password changes 10 minutes of time
    
    This is what we do at domain join time as well, see
    lib/netapi/joindomain.c:141
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit b9a15f1bfad30a824f9ec87bc9f7c65adf50dae0)

-----------------------------------------------------------------------

Summary of changes:
 source3/libnet/libnet_join.c      |    9 +++++++++
 source3/rpc_client/cli_netlogon.c |   13 +++++++++++++
 2 files changed, 22 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 7bb436b..e84682d 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -850,6 +850,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 	struct samr_Ids name_types;
 	union samr_UserInfo user_info;
 	struct dcerpc_binding_handle *b = NULL;
+	unsigned int old_timeout = 0;
 
 	struct samr_CryptPassword crypt_pwd;
 	struct samr_CryptPasswordEx crypt_pwd_ex;
@@ -1061,6 +1062,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 
 	/* Set password on machine account - first try level 26 */
 
+	/*
+	 * increase the timeout as password filter modules on the DC
+	 * might delay the operation for a significant amount of time
+	 */
+	old_timeout = rpccli_set_timeout(pipe_hnd, 600000);
+
 	init_samr_CryptPasswordEx(r->in.machine_password,
 				  &cli->user_session_key,
 				  &crypt_pwd_ex);
@@ -1092,6 +1099,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 						  &result);
 	}
 
+	old_timeout = rpccli_set_timeout(pipe_hnd, old_timeout);
+
 	if (!NT_STATUS_IS_OK(status)) {
 
 		dcerpc_samr_DeleteUser(b, mem_ctx,
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index bd3232d..c69a933 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -625,11 +625,14 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 	if (cli->dc->negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) {
 
 		struct netr_CryptPassword new_password;
+		uint32_t old_timeout;
 
 		init_netr_CryptPassword(new_trust_pwd_cleartext,
 					cli->dc->session_key,
 					&new_password);
 
+		old_timeout = dcerpc_binding_handle_set_timeout(b, 600000);
+
 		status = dcerpc_netr_ServerPasswordSet2(b, mem_ctx,
 							cli->srv_name_slash,
 							cli->dc->account_name,
@@ -639,6 +642,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 							&srv_cred,
 							&new_password,
 							&result);
+
+		dcerpc_binding_handle_set_timeout(b, old_timeout);
+
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0,("dcerpc_netr_ServerPasswordSet2 failed: %s\n",
 				nt_errstr(status)));
@@ -647,9 +653,13 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 	} else {
 
 		struct samr_Password new_password;
+		uint32_t old_timeout;
+
 		memcpy(new_password.hash, new_trust_passwd_hash, sizeof(new_password.hash));
 		netlogon_creds_des_encrypt(cli->dc, &new_password);
 
+		old_timeout = dcerpc_binding_handle_set_timeout(b, 600000);
+
 		status = dcerpc_netr_ServerPasswordSet(b, mem_ctx,
 						       cli->srv_name_slash,
 						       cli->dc->account_name,
@@ -659,6 +669,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 						       &srv_cred,
 						       &new_password,
 						       &result);
+
+		dcerpc_binding_handle_set_timeout(b, old_timeout);
+
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0,("dcerpc_netr_ServerPasswordSet failed: %s\n",
 				nt_errstr(status)));


-- 
Samba Shared Repository

More information about the samba-cvs mailing list