The branch, v3-5-test has been updated via 2a9accd85e992798ee36cb1ea74ed06f5379be3d (commit) via d76c914adc17e4374c9e21b6733514fd7ad9bdac (commit) from 2fa98946d9eb3d0b6973dfaeadc55c8112ec30e1 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log ----------------------------------------------------------------- commit 2a9accd85e992798ee36cb1ea74ed06f5379be3d Author: Günther Deschner <g...@samba.org> Date: Mon Oct 5 17:05:38 2009 +0200 s3-winbindd: make sure to reset connections when machine account password change chain was broken. Guenther (cherry picked from commit c344bf0184be484fff8bb5ed93b5c2ca6de58611) commit d76c914adc17e4374c9e21b6733514fd7ad9bdac Author: Günther Deschner <g...@samba.org> Date: Mon Oct 5 17:04:52 2009 +0200 s3-netlogon: setup NETLOGON credential chain in rpccli_netlogon_set_trust_password() only when needed. Guenther (cherry picked from commit 0c2fc9eedf241746067d1625f643c894bfa11394) ----------------------------------------------------------------------- Summary of changes: source3/rpc_client/cli_netlogon.c | 27 ++++++++++++++------------- source3/winbindd/winbindd_dual.c | 8 ++++++++ 2 files changed, 22 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 911a50f..6caffd7 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -518,19 +518,20 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; struct netr_Authenticator clnt_creds, srv_cred; - result = rpccli_netlogon_setup_creds(cli, - cli->desthost, /* server name */ - lp_workgroup(), /* domain */ - global_myname(), /* client name */ - global_myname(), /* machine account name */ - orig_trust_passwd_hash, - sec_channel_type, - &neg_flags); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n", - nt_errstr(result))); - return result; + if (!cli->dc) { + result = rpccli_netlogon_setup_creds(cli, + cli->desthost, /* server name */ + lp_workgroup(), /* domain */ + global_myname(), /* client name */ + global_myname(), /* machine account name */ + orig_trust_passwd_hash, + sec_channel_type, + &neg_flags); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n", + nt_errstr(result))); + return result; + } } netlogon_creds_client_authenticator(cli->dc, &clnt_creds); diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index edf784c..a832451 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -1100,6 +1100,14 @@ static void machine_password_change_handler(struct event_context *ctx, DEBUG(10,("machine_password_change_handler: " "failed to change machine password: %s\n", nt_errstr(result))); + if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) { + DEBUG(3,("machine_password_change_handler: password set returned " + "ACCESS_DENIED. Maybe the trust account " + "password was changed and we didn't know it. " + "Killing connections to domain %s\n", + child->domain->name)); + invalidate_cm_connection(&child->domain->conn); + } } else { DEBUG(10,("machine_password_change_handler: " "successfully changed machine password\n")); -- Samba Shared Repository