1 files changed, 14 insertions, 0 deletions

diff --git a/source/smbd/process.c b/source/smbd/process.c
index c34a146eab1..ea3eb4ba76f 100644
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -1166,13 +1166,22 @@ static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_t
      * password needs changing.
      */
 
+    DEBUG(10,("timeout_processing: checking to see if machine account password need changing.\n"));
+
     /*
      * First, open the machine password file with an exclusive lock.
      */
 
+    if (secrets_lock_trust_account_password(global_myworkgroup, True) == False) {
+      DEBUG(0,("process: unable to lock the machine account password for \
+machine %s in domain %s.\n", global_myname, global_myworkgroup ));
+      return True;
+    }
+
     if(!secrets_fetch_trust_account_password(global_myworkgroup, trust_passwd_hash, &lct)) {
       DEBUG(0,("process: unable to read the machine account password for \
 machine %s in domain %s.\n", global_myname, global_myworkgroup ));
+      secrets_lock_trust_account_password(global_myworkgroup, False);
       return True;
     }
 
@@ -1182,13 +1191,18 @@ machine %s in domain %s.\n", global_myname, global_myworkgroup ));
 
     if(t < lct + lp_machine_password_timeout()) {
       global_machine_password_needs_changing = False;
+      secrets_lock_trust_account_password(global_myworkgroup, False);
       return True;
     }
 
+    DEBUG(10,("timeout_processing: machine account password last change time = (%u) %s.\n",
+			    (unsigned int)lct, http_timestring(lct)));
+
     pstrcpy(remote_machine_list, lp_passwordserver());
 
     change_trust_account_password( global_myworkgroup, remote_machine_list);
     global_machine_password_needs_changing = False;
+    secrets_lock_trust_account_password(global_myworkgroup, False);
   }
 
   /*