summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2008-09-21 23:11:30 +0200
committerJelmer Vernooij <jelmer@samba.org>2008-09-21 23:11:30 +0200
commit2121c1bb2967f0aa8cc6903c507eb2c22a25b341 (patch)
tree3428e62ed9dfe9643c10fe5f0066916166b4f69a
parentafa850910ff7845b2c8b19fdcf6fbb703e42d2db (diff)
parent73aebd7d070099d4d6d6da98817f42937bc7fd03 (diff)
downloadsamba-2121c1bb2967f0aa8cc6903c507eb2c22a25b341.tar.gz
samba-2121c1bb2967f0aa8cc6903c507eb2c22a25b341.tar.bz2
samba-2121c1bb2967f0aa8cc6903c507eb2c22a25b341.zip
Merge branch 'master' of ssh://git.samba.org/data/git/samba
-rw-r--r--source3/client/mount.cifs.c10
-rw-r--r--source3/include/proto.h9
-rw-r--r--source3/libsmb/trusts_util.c108
-rw-r--r--source3/rpc_client/cli_netlogon.c91
-rw-r--r--source3/rpc_client/init_netlogon.c17
-rwxr-xr-xsource3/script/build_idl.sh2
6 files changed, 133 insertions, 104 deletions
diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c
index 3b56e5f861..b7a76c6102 100644
--- a/source3/client/mount.cifs.c
+++ b/source3/client/mount.cifs.c
@@ -56,6 +56,10 @@
#endif /* _SAMBA_BUILD_ */
#endif /* MOUNT_CIFS_VENDOR_SUFFIX */
+#ifdef _SAMBA_BUILD_
+#include "include/config.h"
+#endif
+
#ifndef MS_MOVE
#define MS_MOVE 8192
#endif
@@ -94,6 +98,8 @@ char * prefixpath = NULL;
/* like strncpy but does not 0 fill the buffer and always null
* terminates. bufsize is the size of the destination buffer */
+
+#ifndef HAVE_STRLCPY
static size_t strlcpy(char *d, const char *s, size_t bufsize)
{
size_t len = strlen(s);
@@ -104,10 +110,13 @@ static size_t strlcpy(char *d, const char *s, size_t bufsize)
d[len] = 0;
return ret;
}
+#endif
/* like strncat but does not 0 fill the buffer and always null
* terminates. bufsize is the length of the buffer, which should
* be one more than the maximum resulting string length */
+
+#ifndef HAVE_STRLCAT
static size_t strlcat(char *d, const char *s, size_t bufsize)
{
size_t len1 = strlen(d);
@@ -126,6 +135,7 @@ static size_t strlcat(char *d, const char *s, size_t bufsize)
}
return ret;
}
+#endif
/* BB finish BB
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 2901911c70..194548c082 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -7049,6 +7049,12 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
DATA_BLOB lm_response,
DATA_BLOB nt_response,
struct netr_SamInfo3 **info3);
+NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ const unsigned char orig_trust_passwd_hash[16],
+ const char *new_trust_pwd_cleartext,
+ const unsigned char new_trust_passwd_hash[16],
+ uint32_t sec_channel_type);
/* The following definitions come from rpc_client/cli_pipe.c */
@@ -7427,6 +7433,9 @@ void init_netr_PasswordInfo(struct netr_PasswordInfo *r,
const char *workstation,
struct samr_Password lmpassword,
struct samr_Password ntpassword);
+void init_netr_CryptPassword(const char *pwd,
+ unsigned char session_key[16],
+ struct netr_CryptPassword *pwd_buf);
/* The following definitions come from rpc_client/init_samr.c */
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 08a49930b4..2f336f14e6 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -22,104 +22,6 @@
/*********************************************************
Change the domain password on the PDC.
-
- Just changes the password betwen the two values specified.
-
- Caller must have the cli connected to the netlogon pipe
- already.
-**********************************************************/
-
-static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- const unsigned char orig_trust_passwd_hash[16],
- const char *new_trust_pwd_cleartext,
- const unsigned char new_trust_passwd_hash[16],
- uint32 sec_channel_type)
-{
- NTSTATUS result;
- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-
- result = rpccli_netlogon_setup_creds(cli,
- cli->desthost, /* server name */
- lp_workgroup(), /* domain */
- global_myname(), /* client name */
- global_myname(), /* machine account name */
- orig_trust_passwd_hash,
- sec_channel_type,
- &neg_flags);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
- nt_errstr(result)));
- return result;
- }
-
- if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
-
- struct netr_Authenticator clnt_creds, srv_cred;
- struct netr_CryptPassword new_password;
- struct samr_CryptPassword password_buf;
-
- netlogon_creds_client_step(cli->dc, &clnt_creds);
-
- encode_pw_buffer(password_buf.data, new_trust_pwd_cleartext, STR_UNICODE);
-
- SamOEMhash(password_buf.data, cli->dc->sess_key, 516);
- memcpy(new_password.data, password_buf.data, 512);
- new_password.length = IVAL(password_buf.data, 512);
-
- result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
- cli->dc->remote_machine,
- cli->dc->mach_acct,
- sec_channel_type,
- global_myname(),
- &clnt_creds,
- &srv_cred,
- &new_password);
-
- /* Always check returned credentials. */
- if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
- DEBUG(0,("rpccli_netr_ServerPasswordSet2: "
- "credentials chain check failed\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- } else {
-
- struct netr_Authenticator clnt_creds, srv_cred;
- struct samr_Password new_password;
-
- netlogon_creds_client_step(cli->dc, &clnt_creds);
-
- cred_hash3(new_password.hash,
- new_trust_passwd_hash,
- cli->dc->sess_key, 1);
-
- result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
- cli->dc->remote_machine,
- cli->dc->mach_acct,
- sec_channel_type,
- global_myname(),
- &clnt_creds,
- &srv_cred,
- &new_password);
-
- /* Always check returned credentials. */
- if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
- DEBUG(0,("rpccli_netr_ServerPasswordSet: "
- "credentials chain check failed\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
- }
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(0,("just_change_the_password: unable to change password (%s)!\n",
- nt_errstr(result)));
- }
- return result;
-}
-
-/*********************************************************
- Change the domain password on the PDC.
Store the password ourselves, but use the supplied password
Caller must have already setup the connection to the NETLOGON pipe
**********************************************************/
@@ -144,11 +46,11 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
E_md4hash(new_trust_passwd, new_trust_passwd_hash);
- nt_status = just_change_the_password(cli, mem_ctx,
- orig_trust_passwd_hash,
- new_trust_passwd,
- new_trust_passwd_hash,
- sec_channel_type);
+ nt_status = rpccli_netlogon_set_trust_password(cli, mem_ctx,
+ orig_trust_passwd_hash,
+ new_trust_passwd,
+ new_trust_passwd_hash,
+ sec_channel_type);
if (NT_STATUS_IS_OK(nt_status)) {
DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n",
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index df87ed13d1..23618efd9f 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -538,3 +538,94 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
return result;
}
+
+/*********************************************************
+ Change the domain password on the PDC.
+
+ Just changes the password betwen the two values specified.
+
+ Caller must have the cli connected to the netlogon pipe
+ already.
+**********************************************************/
+
+NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ const unsigned char orig_trust_passwd_hash[16],
+ const char *new_trust_pwd_cleartext,
+ const unsigned char new_trust_passwd_hash[16],
+ uint32_t sec_channel_type)
+{
+ NTSTATUS result;
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+ struct netr_Authenticator clnt_creds, srv_cred;
+
+ result = rpccli_netlogon_setup_creds(cli,
+ cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
+ orig_trust_passwd_hash,
+ sec_channel_type,
+ &neg_flags);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n",
+ nt_errstr(result)));
+ return result;
+ }
+
+ netlogon_creds_client_step(cli->dc, &clnt_creds);
+
+ if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
+
+ struct netr_CryptPassword new_password;
+
+ init_netr_CryptPassword(new_trust_pwd_cleartext,
+ cli->dc->sess_key,
+ &new_password);
+
+ result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
+ cli->dc->remote_machine,
+ cli->dc->mach_acct,
+ sec_channel_type,
+ global_myname(),
+ &clnt_creds,
+ &srv_cred,
+ &new_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0,("rpccli_netr_ServerPasswordSet2 failed: %s\n",
+ nt_errstr(result)));
+ return result;
+ }
+ } else {
+
+ struct samr_Password new_password;
+
+ cred_hash3(new_password.hash,
+ new_trust_passwd_hash,
+ cli->dc->sess_key, 1);
+
+ result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
+ cli->dc->remote_machine,
+ cli->dc->mach_acct,
+ sec_channel_type,
+ global_myname(),
+ &clnt_creds,
+ &srv_cred,
+ &new_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0,("rpccli_netr_ServerPasswordSet failed: %s\n",
+ nt_errstr(result)));
+ return result;
+ }
+ }
+
+ /* Always check returned credentials. */
+ if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
+ DEBUG(0,("credentials chain check failed\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ return result;
+}
+
diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c
index 61841953fc..e4c39e739e 100644
--- a/source3/rpc_client/init_netlogon.c
+++ b/source3/rpc_client/init_netlogon.c
@@ -391,3 +391,20 @@ void init_netr_PasswordInfo(struct netr_PasswordInfo *r,
r->lmpassword = lmpassword;
r->ntpassword = ntpassword;
}
+
+/*************************************************************************
+ inits a netr_CryptPassword structure
+ *************************************************************************/
+
+void init_netr_CryptPassword(const char *pwd,
+ unsigned char session_key[16],
+ struct netr_CryptPassword *pwd_buf)
+{
+ struct samr_CryptPassword password_buf;
+
+ encode_pw_buffer(password_buf.data, pwd, STR_UNICODE);
+
+ SamOEMhash(password_buf.data, session_key, 516);
+ memcpy(pwd_buf->data, password_buf.data, 512);
+ pwd_buf->length = IVAL(password_buf.data, 512);
+}
diff --git a/source3/script/build_idl.sh b/source3/script/build_idl.sh
index 8ff5dcd949..2027fd3937 100755
--- a/source3/script/build_idl.sh
+++ b/source3/script/build_idl.sh
@@ -19,7 +19,7 @@ for f in ${IDL_FILES}; do
basename=`basename $f .idl`
ndr="librpc/gen_ndr/ndr_$basename.c"
- if [ -f $ndr ] && false; then
+ if [ -f $ndr ]; then
if [ "x`find librpc/idl/$f -newer $ndr -print`" = "xlibrpc/idl/$f" ]; then
list="$list librpc/idl/$f"
fi