s4:libnet Allow 'net password change' to work on expired passwords

We need to pass down flags to the DCE/RPC layer to allow fallback to
anonymous connections, as we can't log in with an expired password.

The anonymous connection can then change the password with SAMR.

Andrew Bartlett

1 files changed, 2 insertions, 2 deletions

diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c
index 0f9fbe0abc..1b1f039004 100644
--- a/source4/librpc/rpc/dcerpc_connect.c
+++ b/source4/librpc/rpc/dcerpc_connect.c
@@ -130,10 +130,10 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT
 	 * provide proper credentials - user supplied, but allow a
 	 * fallback to anonymous if this is an schannel connection
 	 * (might be NT4 not allowing machine logins at session
-	 * setup).
+	 * setup) or if asked to do so by the caller (perhaps a SAMR password change?)
 	 */
 	s->conn.in.credentials = s->io.creds;
-	if (s->io.binding->flags & DCERPC_SCHANNEL) {
+	if (s->io.binding->flags & (DCERPC_SCHANNEL|DCERPC_ANON_FALLBACK)) {
 		conn->in.fallback_to_anonymous  = true;
 	} else {
 		conn->in.fallback_to_anonymous  = false;