From: Pavel Filipenský <pfilipensky@samba.org>
Date: Wed, 28 Feb 2024 12:30:30 +0000 (+0100)
Subject: s3:libads: Call 'sync machine password script' when machine password is updated
X-Git-Tag: tdb-1.4.11~17
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e08b2963d98ea82cb5989f5e7c80e808859e98dd;p=thirdparty%2Fsamba.git

s3:libads: Call 'sync machine password script' when machine password is updated

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index c482031be93..e2fcee634b4 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -861,9 +861,12 @@ static bool pw2kt_default_keytab_name(char *name_str, size_t name_size)
 NTSTATUS sync_pw2keytabs(void)
 {
 	TALLOC_CTX *frame = talloc_stackframe();
+	const struct loadparm_substitution *lp_sub =
+		loadparm_s3_global_substitution();
 	struct pw2kt_state *state = NULL;
 	const char **line = NULL;
 	const char **lp_ptr = NULL;
+	const char *pwsync_script = NULL;
 	NTSTATUS status_nt;
 	ADS_STATUS status_ads;
 	int i;
@@ -950,6 +953,21 @@ params_ready:
 		}
 	}
 
+	pwsync_script = lp_sync_machine_password_script(frame, lp_sub);
+	if (pwsync_script != NULL && pwsync_script[0] != '\0') {
+		int ret;
+
+		DBG_DEBUG("Running script: '%s'\n.", pwsync_script);
+		ret = smbrun(pwsync_script, NULL, NULL);
+		if (ret != 0) {
+			DBG_ERR("Script '%s' failed with: %d.\n",
+				pwsync_script,
+				ret);
+			TALLOC_FREE(frame);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+	}
+
 	TALLOC_FREE(frame);
 	return NT_STATUS_OK;
 }