summaryrefslogtreecommitdiff
path: root/source3/libsmb/passchange.c
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-07-11 18:01:26 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:19:14 -0500
commitfbdcf2663b56007a438ac4f0d8d82436b1bfe688 (patch)
tree4e42c1f061391cea3d640152fd240682cbf4fd9a /source3/libsmb/passchange.c
parent5bf62a0c3cc95abe918f3e772bb10e0a90fdce22 (diff)
downloadsamba-fbdcf2663b56007a438ac4f0d8d82436b1bfe688.tar.gz
samba-fbdcf2663b56007a438ac4f0d8d82436b1bfe688.tar.bz2
samba-fbdcf2663b56007a438ac4f0d8d82436b1bfe688.zip
r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
Diffstat (limited to 'source3/libsmb/passchange.c')
-rw-r--r--source3/libsmb/passchange.c108
1 files changed, 57 insertions, 51 deletions
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 673671d28d..0d3dcf4d75 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -29,7 +29,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
char *err_str, size_t err_str_len)
{
struct nmb_name calling, called;
- struct cli_state cli;
+ struct cli_state *cli;
struct rpc_pipe_client *pipe_hnd;
struct in_addr ip;
@@ -44,39 +44,45 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
return NT_STATUS_UNSUCCESSFUL;
}
- ZERO_STRUCT(cli);
-
- if (!cli_initialise(&cli) || !cli_connect(&cli, remote_machine, &ip)) {
+ cli = cli_initialise();
+ if (!cli) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!cli_connect(cli, remote_machine, &ip)) {
slprintf(err_str, err_str_len-1, "unable to connect to SMB server on machine %s. Error was : %s.\n",
- remote_machine, cli_errstr(&cli) );
- return NT_STATUS_UNSUCCESSFUL;
+ remote_machine, cli_errstr(cli) );
+ result = cli_nt_error(cli);
+ cli_shutdown(cli);
+ return result;
}
make_nmb_name(&calling, global_myname() , 0x0);
make_nmb_name(&called , remote_machine, 0x20);
- if (!cli_session_request(&cli, &calling, &called)) {
+ if (!cli_session_request(cli, &calling, &called)) {
slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n",
- remote_machine, cli_errstr(&cli) );
- cli_shutdown(&cli);
- return NT_STATUS_UNSUCCESSFUL;
+ remote_machine, cli_errstr(cli) );
+ result = cli_nt_error(cli);
+ cli_shutdown(cli);
+ return result;
}
- cli.protocol = PROTOCOL_NT1;
+ cli->protocol = PROTOCOL_NT1;
- if (!cli_negprot(&cli)) {
+ if (!cli_negprot(cli)) {
slprintf(err_str, err_str_len-1, "machine %s rejected the negotiate protocol. Error was : %s.\n",
- remote_machine, cli_errstr(&cli) );
- result = cli_nt_error(&cli);
- cli_shutdown(&cli);
+ remote_machine, cli_errstr(cli) );
+ result = cli_nt_error(cli);
+ cli_shutdown(cli);
return result;
}
/* Given things like SMB signing, restrict anonymous and the like,
try an authenticated connection first */
- if (!cli_session_setup(&cli, user_name, old_passwd, strlen(old_passwd)+1, old_passwd, strlen(old_passwd)+1, "")) {
+ if (!cli_session_setup(cli, user_name, old_passwd, strlen(old_passwd)+1, old_passwd, strlen(old_passwd)+1, "")) {
- result = cli_nt_error(&cli);
+ result = cli_nt_error(cli);
if (!NT_STATUS_IS_OK(result)) {
@@ -89,8 +95,8 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
NT_STATUS_PASSWORD_MUST_CHANGE)) {
slprintf(err_str, err_str_len-1, "Could not "
"connect to machine %s: %s\n",
- remote_machine, cli_errstr(&cli));
- cli_shutdown(&cli);
+ remote_machine, cli_errstr(cli));
+ cli_shutdown(cli);
return result;
}
@@ -103,31 +109,31 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
* Thanks to <Nicholas.S.Jenkins@cdc.com> for this fix.
*/
- if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
+ if (!cli_session_setup(cli, "", "", 0, "", 0, "")) {
slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n",
- remote_machine, cli_errstr(&cli) );
- result = cli_nt_error(&cli);
- cli_shutdown(&cli);
+ remote_machine, cli_errstr(cli) );
+ result = cli_nt_error(cli);
+ cli_shutdown(cli);
return result;
}
- cli_init_creds(&cli, "", "", NULL);
+ cli_init_creds(cli, "", "", NULL);
} else {
- cli_init_creds(&cli, user_name, "", old_passwd);
+ cli_init_creds(cli, user_name, "", old_passwd);
}
- if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
+ if (!cli_send_tconX(cli, "IPC$", "IPC", "", 1)) {
slprintf(err_str, err_str_len-1, "machine %s rejected the tconX on the IPC$ share. Error was : %s.\n",
- remote_machine, cli_errstr(&cli) );
- result = cli_nt_error(&cli);
- cli_shutdown(&cli);
+ remote_machine, cli_errstr(cli) );
+ result = cli_nt_error(cli);
+ cli_shutdown(cli);
return result;
}
/* Try not to give the password away too easily */
if (!pass_must_change) {
- pipe_hnd = cli_rpc_pipe_open_ntlmssp(&cli,
+ pipe_hnd = cli_rpc_pipe_open_ntlmssp(cli,
PI_SAMR,
PIPE_AUTH_LEVEL_PRIVACY,
"", /* what domain... ? */
@@ -143,17 +149,17 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
* will just fail. So we do it anonymously, there's no other
* way.
*/
- pipe_hnd = cli_rpc_pipe_open_noauth(&cli, PI_SAMR, &result);
+ pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &result);
}
if (!pipe_hnd) {
if (lp_client_lanman_auth()) {
/* Use the old RAP method. */
- if (!cli_oem_change_password(&cli, user_name, new_passwd, old_passwd)) {
+ if (!cli_oem_change_password(cli, user_name, new_passwd, old_passwd)) {
slprintf(err_str, err_str_len-1, "machine %s rejected the password change: Error was : %s.\n",
- remote_machine, cli_errstr(&cli) );
- result = cli_nt_error(&cli);
- cli_shutdown(&cli);
+ remote_machine, cli_errstr(cli) );
+ result = cli_nt_error(cli);
+ cli_shutdown(cli);
return result;
}
} else {
@@ -161,16 +167,16 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
"SAMR connection to machine %s failed. Error was %s, "
"but LANMAN password changed are disabled\n",
nt_errstr(result), remote_machine);
- result = cli_nt_error(&cli);
- cli_shutdown(&cli);
+ result = cli_nt_error(cli);
+ cli_shutdown(cli);
return result;
}
}
- if (NT_STATUS_IS_OK(result = rpccli_samr_chgpasswd_user(pipe_hnd, cli.mem_ctx, user_name,
+ if (NT_STATUS_IS_OK(result = rpccli_samr_chgpasswd_user(pipe_hnd, cli->mem_ctx, user_name,
new_passwd, old_passwd))) {
/* Great - it all worked! */
- cli_shutdown(&cli);
+ cli_shutdown(cli);
return NT_STATUS_OK;
} else if (!(NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)
@@ -179,7 +185,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
slprintf(err_str, err_str_len-1, "machine %s rejected the password change: Error was : %s.\n",
remote_machine, get_friendly_nt_error_msg(result));
- cli_shutdown(&cli);
+ cli_shutdown(cli);
return result;
}
@@ -187,21 +193,21 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
cli_rpc_pipe_close(pipe_hnd);
/* Try anonymous NTLMSSP... */
- cli_init_creds(&cli, "", "", NULL);
+ cli_init_creds(cli, "", "", NULL);
result = NT_STATUS_UNSUCCESSFUL;
/* OK, this is ugly, but... try an anonymous pipe. */
- pipe_hnd = cli_rpc_pipe_open_noauth(&cli, PI_SAMR, &result);
+ pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &result);
if ( pipe_hnd &&
(NT_STATUS_IS_OK(result = rpccli_samr_chgpasswd_user(pipe_hnd,
- cli.mem_ctx,
+ cli->mem_ctx,
user_name,
new_passwd,
old_passwd)))) {
/* Great - it all worked! */
- cli_shutdown(&cli);
+ cli_shutdown(cli);
return NT_STATUS_OK;
} else {
if (!(NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)
@@ -211,7 +217,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
slprintf(err_str, err_str_len-1,
"machine %s rejected the (anonymous) password change: Error was : %s.\n",
remote_machine, get_friendly_nt_error_msg(result));
- cli_shutdown(&cli);
+ cli_shutdown(cli);
return result;
}
@@ -220,24 +226,24 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
if (lp_client_lanman_auth()) {
/* Use the old RAP method. */
- if (cli_oem_change_password(&cli, user_name, new_passwd, old_passwd)) {
+ if (cli_oem_change_password(cli, user_name, new_passwd, old_passwd)) {
/* SAMR failed, but the old LanMan protocol worked! */
- cli_shutdown(&cli);
+ cli_shutdown(cli);
return NT_STATUS_OK;
}
slprintf(err_str, err_str_len-1,
"machine %s rejected the password change: Error was : %s.\n",
- remote_machine, cli_errstr(&cli) );
- result = cli_nt_error(&cli);
- cli_shutdown(&cli);
+ remote_machine, cli_errstr(cli) );
+ result = cli_nt_error(cli);
+ cli_shutdown(cli);
return result;
} else {
slprintf(err_str, err_str_len-1,
"SAMR connection to machine %s failed. Error was %s, "
"but LANMAN password changed are disabled\n",
nt_errstr(result), remote_machine);
- cli_shutdown(&cli);
+ cli_shutdown(cli);
return NT_STATUS_UNSUCCESSFUL;
}
}