From b14bed45da261591000e439234ee6120f00a5ccd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Oct 2014 06:35:28 +1300 Subject: [PATCH] passdb: Use common code in cli_credentials_set_machine_account_db_ctx() This avoids some duplication in setting the machine account passsword for the domain member and DC case. This does not yet remove the duplication, that requires a bigger restructure of the various routines used here to obtain the machine and domain trust secrets. Also no longer used is the timeout/2 code to not set the previous password. It is now always passed to the caller. Andrew Bartlett Change-Id: Idd5bafedf4cbac30b174955d743ec4128a6902ee Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 37f5d822d636d4286bd8ee64c7e9e44ae1a297e1) --- source3/passdb/passdb.c | 66 +++++++++++++++++++++++++++++++---------- 1 file changed, 50 insertions(+), 16 deletions(-) diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 70d862651c9..02f0a78e226 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -2521,9 +2521,58 @@ NTSTATUS pdb_get_trust_credentials(const char *netbios_domain, char *prev_pw = NULL; struct samr_Password cur_nt_hash; struct cli_credentials *creds = NULL; - struct pdb_get_trust_credentials_state *state = NULL; bool ok; + lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers()); + if (lp_ctx == NULL) { + DEBUG(1, ("loadparm_init_s3 failed\n")); + status = NT_STATUS_INTERNAL_ERROR; + goto fail; + } + + creds = cli_credentials_init(mem_ctx); + if (creds == NULL) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + cli_credentials_set_conf(creds, lp_ctx); + + ok = cli_credentials_set_domain(creds, netbios_domain, CRED_SPECIFIED); + if (!ok) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + /* + * If this is our primary trust relationship, use the common + * code to read the secrets.ldb or secrets.tdb file. + */ + if (strequal(netbios_domain, lp_workgroup())) { + struct db_context *db_ctx = secrets_db_ctx(); + if (db_ctx == NULL) { + DEBUG(1, ("failed to open secrets.tdb to obtain our trust credentials for %s\n", + netbios_domain)); + status = NT_STATUS_INTERNAL_ERROR; + goto fail; + } + + status = cli_credentials_set_machine_account_db_ctx(creds, + lp_ctx, + db_ctx); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + goto done; + } else if (!IS_DC) { + DEBUG(1, ("Refusing to get trust account info for %s, " + "which is not our primary domain %s, " + "as we are not a DC\n", + netbios_domain, lp_workgroup())); + status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + goto fail; + } + ok = get_trust_pw_clear2(netbios_domain, &_account_name, &channel, @@ -2551,21 +2600,6 @@ NTSTATUS pdb_get_trust_credentials(const char *netbios_domain, goto fail; } - lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers()); - if (lp_ctx == NULL) { - DEBUG(1, ("loadparm_init_s3 failed\n")); - status = NT_STATUS_INTERNAL_ERROR; - goto fail; - } - - creds = cli_credentials_init(mem_ctx); - if (creds == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - - cli_credentials_set_conf(creds, lp_ctx); - cli_credentials_set_secure_channel_type(creds, channel); cli_credentials_set_password_last_changed_time(creds, last_set_time); -- 2.34.1