diff options
author | Günther Deschner <gd@samba.org> | 2009-08-27 23:30:50 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-09-02 10:47:36 +0200 |
commit | 2b8afd2257d8c9886f785929ca8dfcd04eb45755 (patch) | |
tree | 1848a73c1a3c4e0112f5d5652e1701c117c112b3 | |
parent | 71e9dfc0cd7d054dd52508faa4c07db9205b541a (diff) | |
download | samba-2b8afd2257d8c9886f785929ca8dfcd04eb45755.tar.gz samba-2b8afd2257d8c9886f785929ca8dfcd04eb45755.tar.bz2 samba-2b8afd2257d8c9886f785929ca8dfcd04eb45755.zip |
s3-netlogon: implement _netr_ServerPasswordSet2.
Guenther
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 66 |
1 files changed, 55 insertions, 11 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index ce0a3fa255..0b476e1cae 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -491,7 +491,8 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, NETLOGON_NEG_FULL_SYNC_REPL | NETLOGON_NEG_MULTIPLE_SIDS | NETLOGON_NEG_REDO | - NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | + NETLOGON_NEG_PASSWORD_SET2; /* Ensure we support strong (128-bit) keys. */ if (in_neg_flags & NETLOGON_NEG_STRONG_KEYS) { @@ -824,6 +825,59 @@ NTSTATUS _netr_ServerPasswordSet(pipes_struct *p, return status; } +/**************************************************************** + _netr_ServerPasswordSet2 +****************************************************************/ + +NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, + struct netr_ServerPasswordSet2 *r) +{ + NTSTATUS status; + struct netlogon_creds_CredentialState *creds; + struct samu *sampass; + DATA_BLOB plaintext; + struct samr_CryptPassword password_buf; + + become_root(); + status = netr_creds_server_step_check(p, p->mem_ctx, + r->in.computer_name, + r->in.credential, + r->out.return_authenticator, + &creds); + unbecome_root(); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2,("_netr_ServerPasswordSet2: netlogon_creds_server_step " + "failed. Rejecting auth request from client %s machine account %s\n", + r->in.computer_name, creds->computer_name)); + TALLOC_FREE(creds); + return status; + } + + memcpy(password_buf.data, r->in.new_password->data, 512); + SIVAL(password_buf.data, 512, r->in.new_password->length); + netlogon_creds_arcfour_crypt(creds, password_buf.data, 516); + + if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) { + return NT_STATUS_WRONG_PASSWORD; + } + + status = netr_find_machine_account(p->mem_ctx, + creds->account_name, + &sampass); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = netr_set_machine_account_password(sampass, + sampass, + &plaintext, + NULL, + NULL); + TALLOC_FREE(sampass); + return status; +} + /************************************************************************* _netr_LogonSamLogoff *************************************************************************/ @@ -1370,16 +1424,6 @@ NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p, /**************************************************************** ****************************************************************/ -NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, - struct netr_ServerPasswordSet2 *r) -{ - p->rng_fault_state = true; - return NT_STATUS_NOT_IMPLEMENTED; -} - -/**************************************************************** -****************************************************************/ - WERROR _netr_ServerPasswordGet(pipes_struct *p, struct netr_ServerPasswordGet *r) { |