s3:libads: Call 'sync machine password script' when machine password is updated

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index c482031be9336336815c1377c657fe63de477420..e2fcee634b483d9ae2d91f9effd19036759f9fac 100644 (file)
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -861,9 +861,12 @@ static bool pw2kt_default_keytab_name(char *name_str, size_t name_size)
 NTSTATUS sync_pw2keytabs(void)
 {
        TALLOC_CTX *frame = talloc_stackframe();
+       const struct loadparm_substitution *lp_sub =
+               loadparm_s3_global_substitution();
        struct pw2kt_state *state = NULL;
        const char **line = NULL;
        const char **lp_ptr = NULL;
+       const char *pwsync_script = NULL;
        NTSTATUS status_nt;
        ADS_STATUS status_ads;
        int i;
@@ -950,6 +953,21 @@ params_ready:
                }
        }
 
+       pwsync_script = lp_sync_machine_password_script(frame, lp_sub);
+       if (pwsync_script != NULL && pwsync_script[0] != '\0') {
+               int ret;
+
+               DBG_DEBUG("Running script: '%s'\n.", pwsync_script);
+               ret = smbrun(pwsync_script, NULL, NULL);
+               if (ret != 0) {
+                       DBG_ERR("Script '%s' failed with: %d.\n",
+                               pwsync_script,
+                               ret);
+                       TALLOC_FREE(frame);
+                       return NT_STATUS_INTERNAL_ERROR;
+               }
+       }
+
        TALLOC_FREE(frame);
        return NT_STATUS_OK;
 }