summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-06-18 12:33:46 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-06-18 13:49:30 +1000
commit58e8db912d2213a594714ac29866396098662557 (patch)
tree1fba34e4ef93aa73e9839ad876460e6aa157a2fb /source4/librpc
parent19413c52495877d54c90c60229568d0077fda30b (diff)
downloadsamba-58e8db912d2213a594714ac29866396098662557.tar.gz
samba-58e8db912d2213a594714ac29866396098662557.tar.bz2
samba-58e8db912d2213a594714ac29866396098662557.zip
s4:libnet Allow 'net password change' to work on expired passwords
We need to pass down flags to the DCE/RPC layer to allow fallback to anonymous connections, as we can't log in with an expired password. The anonymous connection can then change the password with SAMR. Andrew Bartlett
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/rpc/dcerpc.h2
-rw-r--r--source4/librpc/rpc/dcerpc_connect.c4
2 files changed, 4 insertions, 2 deletions
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 7f573f0e84..ea92bcc93a 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -142,6 +142,8 @@ struct dcerpc_pipe {
#define DCERPC_SCHANNEL (1<<9)
+#define DCERPC_ANON_FALLBACK (1<<10)
+
/* use a 128 bit session key */
#define DCERPC_SCHANNEL_128 (1<<12)
diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c
index 0f9fbe0abc..1b1f039004 100644
--- a/source4/librpc/rpc/dcerpc_connect.c
+++ b/source4/librpc/rpc/dcerpc_connect.c
@@ -130,10 +130,10 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT
* provide proper credentials - user supplied, but allow a
* fallback to anonymous if this is an schannel connection
* (might be NT4 not allowing machine logins at session
- * setup).
+ * setup) or if asked to do so by the caller (perhaps a SAMR password change?)
*/
s->conn.in.credentials = s->io.creds;
- if (s->io.binding->flags & DCERPC_SCHANNEL) {
+ if (s->io.binding->flags & (DCERPC_SCHANNEL|DCERPC_ANON_FALLBACK)) {
conn->in.fallback_to_anonymous = true;
} else {
conn->in.fallback_to_anonymous = false;