[SCM] Samba Shared Repository - branch v3-6-test updated

Mon, 16 Sep 2013 00:16:14 -0700 

The branch, v3-6-test has been updated
       via  d1bf6e4 s3:libnet increase timeout for machine password change
       via  a43c682 s3: Give machine password changes 10 minutes of time
      from  037f9ea s3-serverid: call serverid_init_readonly() from commandline 
tools.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit d1bf6e401a41172a47684518b9836899844fdefd
Author: Christian Ambach <a...@samba.org>
Date:   Tue Mar 5 11:44:03 2013 +0100

    s3:libnet increase timeout for machine password change
    
    DCs might run password filter modules that can delay the setting of
    the machine password for a significant amount of time
    use the same timeout as in the other paths of domain join
    (e.g. rpccli_netlogon_set_trust_password)
    
    Signed-off-by: Christian Ambach <a...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>
    (cherry picked from commit 9755541ed156d71df98607375ee3b925266c3c74)
    
    The last 2 patches address bug #8955 - NetrServerPasswordSet2 timeout is too
    short.

commit a43c682553e5a731f9fbca8649ba042ae2bb5eba
Author: Volker Lendecke <v...@samba.org>
Date:   Fri Jun 22 14:26:45 2012 +0200

    s3: Give machine password changes 10 minutes of time
    
    This is what we do at domain join time as well, see
    lib/netapi/joindomain.c:141
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    (cherry picked from commit b9a15f1bfad30a824f9ec87bc9f7c65adf50dae0)

-----------------------------------------------------------------------

Summary of changes:
 source3/libnet/libnet_join.c      |    9 +++++++++
 source3/rpc_client/cli_netlogon.c |   13 +++++++++++++
 2 files changed, 22 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 7bb436b..e84682d 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -850,6 +850,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX 
*mem_ctx,
        struct samr_Ids name_types;
        union samr_UserInfo user_info;
        struct dcerpc_binding_handle *b = NULL;
+       unsigned int old_timeout = 0;
 
        struct samr_CryptPassword crypt_pwd;
        struct samr_CryptPasswordEx crypt_pwd_ex;
@@ -1061,6 +1062,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX 
*mem_ctx,
 
        /* Set password on machine account - first try level 26 */
 
+       /*
+        * increase the timeout as password filter modules on the DC
+        * might delay the operation for a significant amount of time
+        */
+       old_timeout = rpccli_set_timeout(pipe_hnd, 600000);
+
        init_samr_CryptPasswordEx(r->in.machine_password,
                                  &cli->user_session_key,
                                  &crypt_pwd_ex);
@@ -1092,6 +1099,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX 
*mem_ctx,
                                                  &result);
        }
 
+       old_timeout = rpccli_set_timeout(pipe_hnd, old_timeout);
+
        if (!NT_STATUS_IS_OK(status)) {
 
                dcerpc_samr_DeleteUser(b, mem_ctx,
diff --git a/source3/rpc_client/cli_netlogon.c 
b/source3/rpc_client/cli_netlogon.c
index bd3232d..c69a933 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -625,11 +625,14 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct 
rpc_pipe_client *cli,
        if (cli->dc->negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) {
 
                struct netr_CryptPassword new_password;
+               uint32_t old_timeout;
 
                init_netr_CryptPassword(new_trust_pwd_cleartext,
                                        cli->dc->session_key,
                                        &new_password);
 
+               old_timeout = dcerpc_binding_handle_set_timeout(b, 600000);
+
                status = dcerpc_netr_ServerPasswordSet2(b, mem_ctx,
                                                        cli->srv_name_slash,
                                                        cli->dc->account_name,
@@ -639,6 +642,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct 
rpc_pipe_client *cli,
                                                        &srv_cred,
                                                        &new_password,
                                                        &result);
+
+               dcerpc_binding_handle_set_timeout(b, old_timeout);
+
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0,("dcerpc_netr_ServerPasswordSet2 failed: %s\n",
                                nt_errstr(status)));
@@ -647,9 +653,13 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct 
rpc_pipe_client *cli,
        } else {
 
                struct samr_Password new_password;
+               uint32_t old_timeout;
+
                memcpy(new_password.hash, new_trust_passwd_hash, 
sizeof(new_password.hash));
                netlogon_creds_des_encrypt(cli->dc, &new_password);
 
+               old_timeout = dcerpc_binding_handle_set_timeout(b, 600000);
+
                status = dcerpc_netr_ServerPasswordSet(b, mem_ctx,
                                                       cli->srv_name_slash,
                                                       cli->dc->account_name,
@@ -659,6 +669,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct 
rpc_pipe_client *cli,
                                                       &srv_cred,
                                                       &new_password,
                                                       &result);
+
+               dcerpc_binding_handle_set_timeout(b, old_timeout);
+
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0,("dcerpc_netr_ServerPasswordSet failed: %s\n",
                                nt_errstr(status)));


-- 
Samba Shared Repository

Reply via email to