diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2014-05-26 11:58:38 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2014-07-04 02:52:35 +0200 |
| commit | a0105b84b85094375ab92c9e6ca4c9e0a2a531f5 (patch) | |
| tree | 0e8cbf4e307b47dfea6df98aa52ee092852c5ba0 /source3/passdb | |
| parent | 0c97b7eb5359b95c0d51a3b5524e82e34243d2d1 (diff) | |
| download | samba-a0105b84b85094375ab92c9e6ca4c9e0a2a531f5.tar.gz samba-a0105b84b85094375ab92c9e6ca4c9e0a2a531f5.tar.xz samba-a0105b84b85094375ab92c9e6ca4c9e0a2a531f5.zip | |
secrets: Ensure we store the secureChannelType when written to secrets.ldb
This will allow winbindd to know when we are an RODC
without needing to dig into sam.ldb.
Change-Id: Ibdfa37fe6269305ccc5db42479f4a8db5eea53f3
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
Diffstat (limited to 'source3/passdb')
| -rw-r--r-- | source3/passdb/machine_account_secrets.c | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c index 4e35a72638..37ee9bcc4c 100644 --- a/source3/passdb/machine_account_secrets.c +++ b/source3/passdb/machine_account_secrets.c @@ -482,11 +482,13 @@ bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const const char *realm, const char *salting_principal, uint32_t supported_enc_types, const struct dom_sid *domain_sid, uint32_t last_change_time, + uint32_t secure_channel_type, bool delete_join) { bool ret; uint8_t last_change_time_store[4]; TALLOC_CTX *frame = talloc_stackframe(); + uint8_t sec_channel_bytes[4]; void *value; if (delete_join) { @@ -516,13 +518,23 @@ bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const return ret; } - /* We delete this and instead have the read code fall back to - * a default based on server role, as our caller can't specify - * this with any more certainty */ - value = secrets_fetch(machine_sec_channel_type_keystr(domain), NULL); - if (value) { - SAFE_FREE(value); - ret = secrets_delete(machine_sec_channel_type_keystr(domain)); + if (secure_channel_type == 0) { + /* We delete this and instead have the read code fall back to + * a default based on server role, as our caller can't specify + * this with any more certainty */ + value = secrets_fetch(machine_sec_channel_type_keystr(domain), NULL); + if (value) { + SAFE_FREE(value); + ret = secrets_delete(machine_sec_channel_type_keystr(domain)); + if (!ret) { + TALLOC_FREE(frame); + return ret; + } + } + } else { + SIVAL(&sec_channel_bytes, 0, secure_channel_type); + ret = secrets_store(machine_sec_channel_type_keystr(domain), + &sec_channel_bytes, sizeof(sec_channel_bytes)); if (!ret) { TALLOC_FREE(frame); return ret; |