diff options
author | Jeremy Allison <jra@samba.org> | 2002-09-18 00:30:00 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2002-09-18 00:30:00 +0000 |
commit | 660dafcbb2d1029831212a32d995891626a0344c (patch) | |
tree | 234fdd5a1254f98391642a007f14aa753b162f00 /source/passdb | |
parent | a7781f91d8c1177210bffc199cd2f3b7ff993eaf (diff) | |
download | samba-660dafcbb2d1029831212a32d995891626a0344c.tar.gz samba-660dafcbb2d1029831212a32d995891626a0344c.tar.xz samba-660dafcbb2d1029831212a32d995891626a0344c.zip |
We had a race condition when changing a machine acount password as we
were no longer locking the secrets entry. I saw this on a live system.
Jeremy.
Diffstat (limited to 'source/passdb')
-rw-r--r-- | source/passdb/secrets.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c index b2bdaf2753c..08a0e9c9acf 100644 --- a/source/passdb/secrets.c +++ b/source/passdb/secrets.c @@ -206,8 +206,27 @@ char *trustdom_keystr(const char *domain) } /************************************************************************ - Routine to get the machine trust account password for a domain. + Lock the trust password entry. ************************************************************************/ + +BOOL secrets_lock_trust_account_password(char *domain, BOOL dolock) +{ + if (!tdb) + return False; + + if (dolock) + return (tdb_lock_bystring(tdb, trust_keystr(domain)) == 0); + else + tdb_unlock_bystring(tdb, trust_keystr(domain)); + return True; +} + +/************************************************************************ + Routine to get the trust account password for a domain. + The user of this function must have locked the trust password file using + the above call. +************************************************************************/ + BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16], time_t *pass_last_set_time) { @@ -243,6 +262,7 @@ BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16], /************************************************************************ Routine to get account password to trusted domain ************************************************************************/ + BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, DOM_SID *sid, time_t *pass_last_set_time) { |