summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2008-02-16 16:04:01 +0100
committerGünther Deschner <gd@samba.org>2008-02-16 16:04:01 +0100
commitdd65a349350717eb17257ccf281561dd878ead12 (patch)
treee9af08c7d30a496287dff63a2643618fda27d4f0
parentb6285fc0526ff15250242489047bb8d49a1948e6 (diff)
downloadsamba-dd65a349350717eb17257ccf281561dd878ead12.tar.gz
samba-dd65a349350717eb17257ccf281561dd878ead12.tar.bz2
samba-dd65a349350717eb17257ccf281561dd878ead12.zip
Use rpccli_netr_ServerPasswordSet in "just_change_the_password()".
Guenther (This used to be commit 33f91c894488687a42500e751eb9016d99d9129c)
-rw-r--r--source3/libsmb/trusts_util.c27
1 files changed, 26 insertions, 1 deletions
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 11f691bee6..1e92bf21de 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -58,7 +58,32 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
}
}
- result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash);
+ {
+ struct netr_Authenticator clnt_creds, srv_cred;
+ struct samr_Password new_password;
+
+ netlogon_creds_client_step(cli->dc, &clnt_creds);
+
+ cred_hash3(new_password.hash,
+ new_trust_passwd_hash,
+ cli->dc->sess_key, 1);
+
+ result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
+ cli->dc->remote_machine,
+ cli->dc->mach_acct,
+ sec_channel_type,
+ global_myname(),
+ &clnt_creds,
+ &srv_cred,
+ &new_password);
+
+ /* Always check returned credentials. */
+ if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
+ DEBUG(0,("rpccli_netr_ServerPasswordSet: "
+ "credentials chain check failed\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0,("just_change_the_password: unable to change password (%s)!\n",