[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Mon Sep 16 09:14:15 CEST 2013
The branch, v3-6-test has been updated
via d1bf6e4 s3:libnet increase timeout for machine password change
via a43c682 s3: Give machine password changes 10 minutes of time
from 037f9ea s3-serverid: call serverid_init_readonly() from commandline tools.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit d1bf6e401a41172a47684518b9836899844fdefd
Author: Christian Ambach <ambi at samba.org>
Date: Tue Mar 5 11:44:03 2013 +0100
s3:libnet increase timeout for machine password change
DCs might run password filter modules that can delay the setting of
the machine password for a significant amount of time
use the same timeout as in the other paths of domain join
(e.g. rpccli_netlogon_set_trust_password)
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 9755541ed156d71df98607375ee3b925266c3c74)
The last 2 patches address bug #8955 - NetrServerPasswordSet2 timeout is too
short.
commit a43c682553e5a731f9fbca8649ba042ae2bb5eba
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jun 22 14:26:45 2012 +0200
s3: Give machine password changes 10 minutes of time
This is what we do at domain join time as well, see
lib/netapi/joindomain.c:141
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b9a15f1bfad30a824f9ec87bc9f7c65adf50dae0)
-----------------------------------------------------------------------
Summary of changes:
source3/libnet/libnet_join.c | 9 +++++++++
source3/rpc_client/cli_netlogon.c | 13 +++++++++++++
2 files changed, 22 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 7bb436b..e84682d 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -850,6 +850,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
struct samr_Ids name_types;
union samr_UserInfo user_info;
struct dcerpc_binding_handle *b = NULL;
+ unsigned int old_timeout = 0;
struct samr_CryptPassword crypt_pwd;
struct samr_CryptPasswordEx crypt_pwd_ex;
@@ -1061,6 +1062,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
/* Set password on machine account - first try level 26 */
+ /*
+ * increase the timeout as password filter modules on the DC
+ * might delay the operation for a significant amount of time
+ */
+ old_timeout = rpccli_set_timeout(pipe_hnd, 600000);
+
init_samr_CryptPasswordEx(r->in.machine_password,
&cli->user_session_key,
&crypt_pwd_ex);
@@ -1092,6 +1099,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
&result);
}
+ old_timeout = rpccli_set_timeout(pipe_hnd, old_timeout);
+
if (!NT_STATUS_IS_OK(status)) {
dcerpc_samr_DeleteUser(b, mem_ctx,
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index bd3232d..c69a933 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -625,11 +625,14 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
if (cli->dc->negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) {
struct netr_CryptPassword new_password;
+ uint32_t old_timeout;
init_netr_CryptPassword(new_trust_pwd_cleartext,
cli->dc->session_key,
&new_password);
+ old_timeout = dcerpc_binding_handle_set_timeout(b, 600000);
+
status = dcerpc_netr_ServerPasswordSet2(b, mem_ctx,
cli->srv_name_slash,
cli->dc->account_name,
@@ -639,6 +642,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
&srv_cred,
&new_password,
&result);
+
+ dcerpc_binding_handle_set_timeout(b, old_timeout);
+
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("dcerpc_netr_ServerPasswordSet2 failed: %s\n",
nt_errstr(status)));
@@ -647,9 +653,13 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
} else {
struct samr_Password new_password;
+ uint32_t old_timeout;
+
memcpy(new_password.hash, new_trust_passwd_hash, sizeof(new_password.hash));
netlogon_creds_des_encrypt(cli->dc, &new_password);
+ old_timeout = dcerpc_binding_handle_set_timeout(b, 600000);
+
status = dcerpc_netr_ServerPasswordSet(b, mem_ctx,
cli->srv_name_slash,
cli->dc->account_name,
@@ -659,6 +669,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
&srv_cred,
&new_password,
&result);
+
+ dcerpc_binding_handle_set_timeout(b, old_timeout);
+
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("dcerpc_netr_ServerPasswordSet failed: %s\n",
nt_errstr(status)));
--
Samba Shared Repository
More information about the samba-cvs
mailing list