diff options
author | Gerald Carter <jerry@samba.org> | 2005-09-30 17:13:37 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:04:48 -0500 |
commit | 54abd2aa66069e6baf7769c496f46d9dba18db39 (patch) | |
tree | 9cf8e88168011797319ba9e9866749201b1eac1e /source3/libsmb/trusts_util.c | |
parent | 4a2cc231d22a82ed21771a72508f15d21ed63227 (diff) | |
download | samba-54abd2aa66069e6baf7769c496f46d9dba18db39.tar.gz samba-54abd2aa66069e6baf7769c496f46d9dba18db39.tar.bz2 samba-54abd2aa66069e6baf7769c496f46d9dba18db39.zip |
r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
Diffstat (limited to 'source3/libsmb/trusts_util.c')
-rw-r--r-- | source3/libsmb/trusts_util.c | 47 |
1 files changed, 30 insertions, 17 deletions
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index aab0d7d151..50fa613e72 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -29,22 +29,36 @@ Caller must have the cli connected to the netlogon pipe already. **********************************************************/ -static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_ctx, + +static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, unsigned char orig_trust_passwd_hash[16], unsigned char new_trust_passwd_hash[16], uint32 sec_channel_type) { NTSTATUS result; - /* ensure that schannel uses the right domain */ - fstrcpy(cli->domain, lp_workgroup()); - if (! NT_STATUS_IS_OK(result = cli_nt_establish_netlogon(cli, sec_channel_type, orig_trust_passwd_hash))) { - DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", - nt_errstr(result))); - return result; + /* Check if the netlogon pipe is open using schannel. If so we + already have valid creds. If not we must set them up. */ + + if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; + + result = rpccli_netlogon_setup_creds(cli, + cli->cli->desthost, + lp_workgroup(), + global_myname(), + orig_trust_passwd_hash, + sec_channel_type, + &neg_flags); + + if (!NT_STATUS_IS_OK(result)) { + DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", + nt_errstr(result))); + return result; + } } - - result = cli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash); + + result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash); if (!NT_STATUS_IS_OK(result)) { DEBUG(0,("just_change_the_password: unable to change password (%s)!\n", @@ -59,7 +73,7 @@ static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_ Caller must have already setup the connection to the NETLOGON pipe **********************************************************/ -NTSTATUS trust_pw_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *domain, unsigned char orig_trust_passwd_hash[16], uint32 sec_channel_type) @@ -99,7 +113,7 @@ NTSTATUS trust_pw_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx already setup the connection to the NETLOGON pipe **********************************************************/ -NTSTATUS trust_pw_find_change_and_store_it(struct cli_state *cli, +NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *domain) { @@ -116,7 +130,6 @@ NTSTATUS trust_pw_find_change_and_store_it(struct cli_state *cli, return trust_pw_change_and_store_it(cli, mem_ctx, domain, old_trust_passwd_hash, sec_channel_type); - } /********************************************************************* @@ -133,6 +146,7 @@ BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, struct in_addr dc_ip; uint32 enum_ctx = 0; struct cli_state *cli = NULL; + struct rpc_pipe_client *lsa_pipe; BOOL retry; *domain_names = NULL; @@ -156,21 +170,21 @@ BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, /* open the LSARPC_PIPE */ - if ( !cli_nt_session_open( cli, PI_LSARPC ) ) { - result = NT_STATUS_UNSUCCESSFUL; + lsa_pipe = cli_rpc_pipe_open_noauth( cli, PI_LSARPC, &result ); + if ( !lsa_pipe) { goto done; } /* get a handle */ - result = cli_lsa_open_policy(cli, mem_ctx, True, + result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True, POLICY_VIEW_LOCAL_INFORMATION, &pol); if ( !NT_STATUS_IS_OK(result) ) goto done; /* Lookup list of trusted domains */ - result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx, + result = rpccli_lsa_enum_trust_dom(lsa_pipe, mem_ctx, &pol, &enum_ctx, num_domains, domain_names, sids); if ( !NT_STATUS_IS_OK(result) ) goto done; @@ -184,4 +198,3 @@ done: return NT_STATUS_IS_OK(result); } - |