The Samba-Bugzilla – Attachment 9205 Details for
Bug 8955
NetrServerPasswordSet2 timeout is too short
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v3-6-test
tmp36.diff (text/plain), 4.20 KB, created by
Stefan Metzmacher
on 2013-09-12 07:08:19 UTC
(
hide
)
Description:
Patches for v3-6-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2013-09-12 07:08:19 UTC
Size:
4.20 KB
patch
obsolete
>From 4681838c0d1cc6544fe6ff4e0ee2d70e2bd05bf7 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 22 Jun 2012 14:26:45 +0200 >Subject: [PATCH 1/2] s3: Give machine password changes 10 minutes of time > >This is what we do at domain join time as well, see >lib/netapi/joindomain.c:141 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit b9a15f1bfad30a824f9ec87bc9f7c65adf50dae0) >--- > source3/rpc_client/cli_netlogon.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > >diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c >index bd3232d..c69a933 100644 >--- a/source3/rpc_client/cli_netlogon.c >+++ b/source3/rpc_client/cli_netlogon.c >@@ -625,11 +625,14 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, > if (cli->dc->negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) { > > struct netr_CryptPassword new_password; >+ uint32_t old_timeout; > > init_netr_CryptPassword(new_trust_pwd_cleartext, > cli->dc->session_key, > &new_password); > >+ old_timeout = dcerpc_binding_handle_set_timeout(b, 600000); >+ > status = dcerpc_netr_ServerPasswordSet2(b, mem_ctx, > cli->srv_name_slash, > cli->dc->account_name, >@@ -639,6 +642,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, > &srv_cred, > &new_password, > &result); >+ >+ dcerpc_binding_handle_set_timeout(b, old_timeout); >+ > if (!NT_STATUS_IS_OK(status)) { > DEBUG(0,("dcerpc_netr_ServerPasswordSet2 failed: %s\n", > nt_errstr(status))); >@@ -647,9 +653,13 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, > } else { > > struct samr_Password new_password; >+ uint32_t old_timeout; >+ > memcpy(new_password.hash, new_trust_passwd_hash, sizeof(new_password.hash)); > netlogon_creds_des_encrypt(cli->dc, &new_password); > >+ old_timeout = dcerpc_binding_handle_set_timeout(b, 600000); >+ > status = dcerpc_netr_ServerPasswordSet(b, mem_ctx, > cli->srv_name_slash, > cli->dc->account_name, >@@ -659,6 +669,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, > &srv_cred, > &new_password, > &result); >+ >+ dcerpc_binding_handle_set_timeout(b, old_timeout); >+ > if (!NT_STATUS_IS_OK(status)) { > DEBUG(0,("dcerpc_netr_ServerPasswordSet failed: %s\n", > nt_errstr(status))); >-- >1.7.9.5 > > >From 79c7eb69a416665a5e7503bce278d794d9bc11e2 Mon Sep 17 00:00:00 2001 >From: Christian Ambach <ambi@samba.org> >Date: Tue, 5 Mar 2013 11:44:03 +0100 >Subject: [PATCH 2/2] s3:libnet increase timeout for machine password change > >DCs might run password filter modules that can delay the setting of >the machine password for a significant amount of time >use the same timeout as in the other paths of domain join >(e.g. rpccli_netlogon_set_trust_password) > >Signed-off-by: Christian Ambach <ambi@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 9755541ed156d71df98607375ee3b925266c3c74) >--- > source3/libnet/libnet_join.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > >diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c >index 7bb436b..e84682d 100644 >--- a/source3/libnet/libnet_join.c >+++ b/source3/libnet/libnet_join.c >@@ -850,6 +850,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, > struct samr_Ids name_types; > union samr_UserInfo user_info; > struct dcerpc_binding_handle *b = NULL; >+ unsigned int old_timeout = 0; > > struct samr_CryptPassword crypt_pwd; > struct samr_CryptPasswordEx crypt_pwd_ex; >@@ -1061,6 +1062,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, > > /* Set password on machine account - first try level 26 */ > >+ /* >+ * increase the timeout as password filter modules on the DC >+ * might delay the operation for a significant amount of time >+ */ >+ old_timeout = rpccli_set_timeout(pipe_hnd, 600000); >+ > init_samr_CryptPasswordEx(r->in.machine_password, > &cli->user_session_key, > &crypt_pwd_ex); >@@ -1092,6 +1099,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, > &result); > } > >+ old_timeout = rpccli_set_timeout(pipe_hnd, old_timeout); >+ > if (!NT_STATUS_IS_OK(status)) { > > dcerpc_samr_DeleteUser(b, mem_ctx, >-- >1.7.9.5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9205">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
ambi
:
review+
Actions:
View
Attachments on
bug 8955
: 9205