#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
-extern bool global_machine_password_needs_changing;
static struct named_mutex *mutex;
-/*
- * Change machine password (called from main loop
- * idle timeout. Must be done as root.
- */
-
-void attempt_machine_password_change(void)
-{
- unsigned char trust_passwd_hash[16];
- time_t lct;
- void *lock;
-
- if (!global_machine_password_needs_changing) {
- return;
- }
-
- if (lp_security() != SEC_DOMAIN) {
- return;
- }
-
- /*
- * We're in domain level security, and the code that
- * read the machine password flagged that the machine
- * password needs changing.
- */
-
- /*
- * First, open the machine password file with an exclusive lock.
- */
-
- lock = secrets_get_trust_account_lock(NULL, lp_workgroup());
-
- if (lock == NULL) {
- DEBUG(0,("attempt_machine_password_change: unable to lock "
- "the machine account password for machine %s in "
- "domain %s.\n",
- lp_netbios_name(), lp_workgroup() ));
- return;
- }
-
- if(!secrets_fetch_trust_account_password(lp_workgroup(),
- trust_passwd_hash, &lct, NULL)) {
- DEBUG(0,("attempt_machine_password_change: unable to read the "
- "machine account password for %s in domain %s.\n",
- lp_netbios_name(), lp_workgroup()));
- TALLOC_FREE(lock);
- return;
- }
-
- /*
- * Make sure someone else hasn't already done this.
- */
-
- if(time(NULL) < lct + lp_machine_password_timeout()) {
- global_machine_password_needs_changing = false;
- TALLOC_FREE(lock);
- return;
- }
-
- /* always just contact the PDC here */
-
- change_trust_account_password( lp_workgroup(), NULL);
- global_machine_password_needs_changing = false;
- TALLOC_FREE(lock);
-}
-
/**
* Connect to a remote server for (inter)domain security authenticaion.
*
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
-/* Urrrg. global.... */
-bool global_machine_password_needs_changing;
-
/**
* Form a key for fetching the domain sid
*
*channel = get_default_sec_channel();
}
- /* Test if machine password has expired and needs to be changed */
- if (lp_machine_password_timeout()) {
- if (pass->mod_time > 0 && time(NULL) > (pass->mod_time +
- (time_t)lp_machine_password_timeout())) {
- global_machine_password_needs_changing = True;
- }
- }
-
SAFE_FREE(pass);
return True;
}
#include "lib/id_cache.h"
#include "serverid.h"
-extern bool global_machine_password_needs_changing;
-
/* Internal message queue for deferred opens. */
struct pending_message_list {
struct pending_message_list *next, *prev;
/* check if we need to reload services */
check_reload(sconn, time_mono(NULL));
- /* Change machine password if neccessary. */
- attempt_machine_password_change();
-
/*
* Force a log file check.
*/
git.samba.org / mat / samba.git / commitdiff