The branch, v3-5-test has been updated
via 2a9accd85e992798ee36cb1ea74ed06f5379be3d (commit)
via d76c914adc17e4374c9e21b6733514fd7ad9bdac (commit)
from 2fa98946d9eb3d0b6973dfaeadc55c8112ec30e1 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit 2a9accd85e992798ee36cb1ea74ed06f5379be3d
Author: Günther Deschner <g...@samba.org>
Date: Mon Oct 5 17:05:38 2009 +0200
s3-winbindd: make sure to reset connections when machine account password
change chain was broken.
Guenther
(cherry picked from commit c344bf0184be484fff8bb5ed93b5c2ca6de58611)
commit d76c914adc17e4374c9e21b6733514fd7ad9bdac
Author: Günther Deschner <g...@samba.org>
Date: Mon Oct 5 17:04:52 2009 +0200
s3-netlogon: setup NETLOGON credential chain in
rpccli_netlogon_set_trust_password() only when needed.
Guenther
(cherry picked from commit 0c2fc9eedf241746067d1625f643c894bfa11394)
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_client/cli_netlogon.c | 27 ++++++++++++++-------------
source3/winbindd/winbindd_dual.c | 8 ++++++++
2 files changed, 22 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_client/cli_netlogon.c
b/source3/rpc_client/cli_netlogon.c
index 911a50f..6caffd7 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -518,19 +518,20 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct
rpc_pipe_client *cli,
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct netr_Authenticator clnt_creds, srv_cred;
- result = rpccli_netlogon_setup_creds(cli,
- cli->desthost, /* server name */
- lp_workgroup(), /* domain */
- global_myname(), /* client name */
- global_myname(), /* machine
account name */
- orig_trust_passwd_hash,
- sec_channel_type,
- &neg_flags);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup
creds (%s)!\n",
- nt_errstr(result)));
- return result;
+ if (!cli->dc) {
+ result = rpccli_netlogon_setup_creds(cli,
+ cli->desthost, /* server
name */
+ lp_workgroup(), /* domain
*/
+ global_myname(), /* client
name */
+ global_myname(), /*
machine account name */
+ orig_trust_passwd_hash,
+ sec_channel_type,
+ &neg_flags);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(3,("rpccli_netlogon_set_trust_password: unable to
setup creds (%s)!\n",
+ nt_errstr(result)));
+ return result;
+ }
}
netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index edf784c..a832451 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -1100,6 +1100,14 @@ static void machine_password_change_handler(struct
event_context *ctx,
DEBUG(10,("machine_password_change_handler: "
"failed to change machine password: %s\n",
nt_errstr(result)));
+ if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
+ DEBUG(3,("machine_password_change_handler: password set
returned "
+ "ACCESS_DENIED. Maybe the trust account "
+ "password was changed and we didn't know it. "
+ "Killing connections to domain %s\n",
+ child->domain->name));
+ invalidate_cm_connection(&child->domain->conn);
+ }
} else {
DEBUG(10,("machine_password_change_handler: "
"successfully changed machine password\n"));
--
Samba Shared Repository
