summaryrefslogtreecommitdiff
path: root/source3/rpc_client
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2008-09-21 18:57:26 +0200
committerGünther Deschner <gd@samba.org>2008-09-21 22:30:39 +0200
commite194ded26e716fad510191f85e67ff1d775bdcb8 (patch)
tree4ee8e23c9135dceec0ac657fd24c8dcf482fb3a0 /source3/rpc_client
parent6f9a83505fced805f5a4d4827ddf7300eda6aaa0 (diff)
downloadsamba-e194ded26e716fad510191f85e67ff1d775bdcb8.tar.gz
samba-e194ded26e716fad510191f85e67ff1d775bdcb8.tar.bz2
samba-e194ded26e716fad510191f85e67ff1d775bdcb8.zip
netlogon: move password change code out to rpccli_netlogon_set_trust_password.
Guenther
Diffstat (limited to 'source3/rpc_client')
-rw-r--r--source3/rpc_client/cli_netlogon.c91
1 files changed, 91 insertions, 0 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index df87ed13d1..23618efd9f 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -538,3 +538,94 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
return result;
}
+
+/*********************************************************
+ Change the domain password on the PDC.
+
+ Just changes the password betwen the two values specified.
+
+ Caller must have the cli connected to the netlogon pipe
+ already.
+**********************************************************/
+
+NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ const unsigned char orig_trust_passwd_hash[16],
+ const char *new_trust_pwd_cleartext,
+ const unsigned char new_trust_passwd_hash[16],
+ uint32_t sec_channel_type)
+{
+ NTSTATUS result;
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+ struct netr_Authenticator clnt_creds, srv_cred;
+
+ result = rpccli_netlogon_setup_creds(cli,
+ cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
+ orig_trust_passwd_hash,
+ sec_channel_type,
+ &neg_flags);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n",
+ nt_errstr(result)));
+ return result;
+ }
+
+ netlogon_creds_client_step(cli->dc, &clnt_creds);
+
+ if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
+
+ struct netr_CryptPassword new_password;
+
+ init_netr_CryptPassword(new_trust_pwd_cleartext,
+ cli->dc->sess_key,
+ &new_password);
+
+ result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
+ cli->dc->remote_machine,
+ cli->dc->mach_acct,
+ sec_channel_type,
+ global_myname(),
+ &clnt_creds,
+ &srv_cred,
+ &new_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0,("rpccli_netr_ServerPasswordSet2 failed: %s\n",
+ nt_errstr(result)));
+ return result;
+ }
+ } else {
+
+ struct samr_Password new_password;
+
+ cred_hash3(new_password.hash,
+ new_trust_passwd_hash,
+ cli->dc->sess_key, 1);
+
+ result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
+ cli->dc->remote_machine,
+ cli->dc->mach_acct,
+ sec_channel_type,
+ global_myname(),
+ &clnt_creds,
+ &srv_cred,
+ &new_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0,("rpccli_netr_ServerPasswordSet failed: %s\n",
+ nt_errstr(result)));
+ return result;
+ }
+ }
+
+ /* Always check returned credentials. */
+ if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
+ DEBUG(0,("credentials chain check failed\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ return result;
+}
+