passdb: Use common code in cli_credentials_set_machine_account_db_ctx()

This avoids some duplication in setting the machine account passsword
for the domain member and DC case.

This does not yet remove the duplication, that requires a bigger
restructure of the various routines used here to obtain the machine
and domain trust secrets.

Also no longer used is the timeout/2 code to not set the previous
password.  It is now always passed to the caller.

Andrew Bartlett

Change-Id: Idd5bafedf4cbac30b174955d743ec4128a6902ee
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 70d862651c931cf6802b8bcc3296db7e25df303c..02f0a78e226ede4da6b9995f46b87663e6de0aab 100644 (file)
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -2521,9 +2521,58 @@ NTSTATUS pdb_get_trust_credentials(const char *netbios_domain,
        char *prev_pw = NULL;
        struct samr_Password cur_nt_hash;
        struct cli_credentials *creds = NULL;
-       struct pdb_get_trust_credentials_state *state = NULL;
        bool ok;
 
+       lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers());
+       if (lp_ctx == NULL) {
+               DEBUG(1, ("loadparm_init_s3 failed\n"));
+               status = NT_STATUS_INTERNAL_ERROR;
+               goto fail;
+       }
+
+       creds = cli_credentials_init(mem_ctx);
+       if (creds == NULL) {
+               status = NT_STATUS_NO_MEMORY;
+               goto fail;
+       }
+
+       cli_credentials_set_conf(creds, lp_ctx);
+
+       ok = cli_credentials_set_domain(creds, netbios_domain, CRED_SPECIFIED);
+       if (!ok) {
+               status = NT_STATUS_NO_MEMORY;
+               goto fail;
+       }
+
+       /*
+        * If this is our primary trust relationship, use the common
+        * code to read the secrets.ldb or secrets.tdb file.
+        */
+       if (strequal(netbios_domain, lp_workgroup())) {
+               struct db_context *db_ctx = secrets_db_ctx();
+               if (db_ctx == NULL) {
+                       DEBUG(1, ("failed to open secrets.tdb to obtain our trust credentials for %s\n",
+                                 netbios_domain));
+                       status = NT_STATUS_INTERNAL_ERROR;
+                       goto fail;
+               }
+
+               status = cli_credentials_set_machine_account_db_ctx(creds,
+                                                                   lp_ctx,
+                                                                   db_ctx);
+               if (!NT_STATUS_IS_OK(status)) {
+                       goto fail;
+               }
+               goto done;
+       } else if (!IS_DC) {
+               DEBUG(1, ("Refusing to get trust account info for %s, "
+                         "which is not our primary domain %s, "
+                         "as we are not a DC\n",
+                         netbios_domain, lp_workgroup()));
+               status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+               goto fail;
+       }
+
        ok = get_trust_pw_clear2(netbios_domain,
                                 &_account_name,
                                 &channel,
@@ -2551,21 +2600,6 @@ NTSTATUS pdb_get_trust_credentials(const char *netbios_domain,
                goto fail;
        }
 
-       lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers());
-       if (lp_ctx == NULL) {
-               DEBUG(1, ("loadparm_init_s3 failed\n"));
-               status = NT_STATUS_INTERNAL_ERROR;
-               goto fail;
-       }
-
-       creds = cli_credentials_init(mem_ctx);
-       if (creds == NULL) {
-               status = NT_STATUS_NO_MEMORY;
-               goto fail;
-       }
-
-       cli_credentials_set_conf(creds, lp_ctx);
-
        cli_credentials_set_secure_channel_type(creds, channel);
        cli_credentials_set_password_last_changed_time(creds, last_set_time);