summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-10-08 00:39:40 +0200
committerGünther Deschner <gd@samba.org>2009-10-13 10:21:42 +0200
commitaa8c142b5e1d126b9a5a8e4a6638bc785292fbc2 (patch)
tree83afe29f5f89f45cc9fc606b4f0137ba071394e6 /source3
parent4423173b08ebba1ff8494a4997e46e28525c1d7a (diff)
downloadsamba-aa8c142b5e1d126b9a5a8e4a6638bc785292fbc2.tar.gz
samba-aa8c142b5e1d126b9a5a8e4a6638bc785292fbc2.tar.bz2
samba-aa8c142b5e1d126b9a5a8e4a6638bc785292fbc2.zip
s3-netlogon: allow to change any type of trust account password in trust_pw_find_change_and_store_it().
Guenther
Diffstat (limited to 'source3')
-rw-r--r--source3/libsmb/trusts_util.c45
1 files changed, 39 insertions, 6 deletions
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index e201814163..1e2460cfcc 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -37,6 +37,14 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
char *new_trust_passwd;
NTSTATUS nt_status;
+ switch (sec_channel_type) {
+ case SEC_CHAN_WKSTA:
+ case SEC_CHAN_DOMAIN:
+ break;
+ default:
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
/* Create a random machine account password */
new_trust_passwd = generate_random_str(mem_ctx, DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
@@ -61,8 +69,33 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
* Return the result of trying to write the new password
* back into the trust account file.
*/
- if (!secrets_store_machine_password(new_trust_passwd, domain, sec_channel_type)) {
- nt_status = NT_STATUS_UNSUCCESSFUL;
+
+ switch (sec_channel_type) {
+
+ case SEC_CHAN_WKSTA:
+ if (!secrets_store_machine_password(new_trust_passwd, domain, sec_channel_type)) {
+ nt_status = NT_STATUS_UNSUCCESSFUL;
+ }
+ break;
+
+ case SEC_CHAN_DOMAIN: {
+ char *pwd;
+ struct dom_sid sid;
+ time_t pass_last_set_time;
+
+ /* we need to get the sid first for the
+ * pdb_set_trusteddom_pw call */
+
+ if (!pdb_get_trusteddom_pw(domain, &pwd, &sid, &pass_last_set_time)) {
+ nt_status = NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
+ }
+ if (!pdb_set_trusteddom_pw(domain, new_trust_passwd, &sid)) {
+ nt_status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ break;
+ }
+ default:
+ break;
}
}
@@ -81,16 +114,16 @@ NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli,
{
unsigned char old_trust_passwd_hash[16];
uint32 sec_channel_type = 0;
+ const char *account_name;
- if (!secrets_fetch_trust_account_password(domain,
- old_trust_passwd_hash,
- NULL, &sec_channel_type)) {
+ if (!get_trust_pw_hash(domain, old_trust_passwd_hash, &account_name,
+ &sec_channel_type)) {
DEBUG(0, ("could not fetch domain secrets for domain %s!\n", domain));
return NT_STATUS_UNSUCCESSFUL;
}
return trust_pw_change_and_store_it(cli, mem_ctx, domain,
- global_myname(),
+ account_name,
old_trust_passwd_hash,
sec_channel_type);
}