diff options
| -rw-r--r-- | source3/Makefile.in | 2 | ||||
| -rw-r--r-- | source3/include/proto.h | 5 | ||||
| -rw-r--r-- | source3/libsmb/trusts_util.c | 74 | ||||
| -rw-r--r-- | source3/smbd/change_trust_pw.c | 102 |
4 files changed, 76 insertions, 107 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 07b07df759..905ab4cbf1 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -801,7 +801,7 @@ SMBD_OBJ_SRV = smbd/server_reload.o \ smbd/process.o smbd/service.o smbd/error.o \ printing/printfsp.o lib/sysquotas.o lib/sysquotas_linux.o \ lib/sysquotas_xfs.o lib/sysquotas_4A.o \ - smbd/change_trust_pw.o smbd/fake_file.o \ + smbd/fake_file.o \ smbd/quotas.o smbd/ntquotas.o $(AFS_OBJ) smbd/msdfs.o \ $(AFS_SETTOKEN_OBJ) smbd/aio.o smbd/statvfs.o \ smbd/dmapi.o smbd/signing.o \ diff --git a/source3/include/proto.h b/source3/include/proto.h index a65449558f..28feec34e2 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3256,6 +3256,7 @@ NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli, bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, char ***domain_names, uint32 *num_domains, struct dom_sid **sids ); +NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine); /* The following definitions come from libsmb/unexpected.c */ @@ -5378,10 +5379,6 @@ struct blocking_lock_record *blocking_lock_cancel_smb1(files_struct *fsp, unsigned char locktype, NTSTATUS err); -/* The following definitions come from smbd/change_trust_pw.c */ - -NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine); - /* The following definitions come from smbd/close.c */ void set_close_write_time(struct files_struct *fsp, struct timespec ts); diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index 3a2d6d70a1..2daacec912 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -23,6 +23,7 @@ #include "../librpc/gen_ndr/cli_lsa.h" #include "rpc_client/cli_lsarpc.h" #include "rpc_client/cli_netlogon.h" +#include "../librpc/gen_ndr/ndr_netlogon.h" /********************************************************* Change the domain password on the PDC. @@ -222,3 +223,76 @@ done: return NT_STATUS_IS_OK(result); } + +NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) +{ + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct sockaddr_storage pdc_ss; + fstring dc_name; + struct cli_state *cli = NULL; + struct rpc_pipe_client *netlogon_pipe = NULL; + + DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n", + domain)); + + if (remote_machine == NULL || !strcmp(remote_machine, "*")) { + /* Use the PDC *only* for this */ + + if ( !get_pdc_ip(domain, &pdc_ss) ) { + DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); + goto failed; + } + + if ( !name_status_find( domain, 0x1b, 0x20, &pdc_ss, dc_name) ) + goto failed; + } else { + /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ + fstrcpy( dc_name, remote_machine ); + } + + /* if this next call fails, then give up. We can't do + password changes on BDC's --jerry */ + + if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name, + NULL, 0, + "IPC$", "IPC", + "", "", + "", 0, Undefined, NULL))) { + DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name)); + nt_status = NT_STATUS_UNSUCCESSFUL; + goto failed; + } + + /* + * Ok - we have an anonymous connection to the IPC$ share. + * Now start the NT Domain stuff :-). + */ + + /* Shouldn't we open this with schannel ? JRA. */ + + nt_status = cli_rpc_pipe_open_noauth( + cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", + dc_name, nt_errstr(nt_status))); + cli_shutdown(cli); + cli = NULL; + goto failed; + } + + nt_status = trust_pw_find_change_and_store_it( + netlogon_pipe, netlogon_pipe, domain); + + cli_shutdown(cli); + cli = NULL; + +failed: + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", + current_timestring(talloc_tos(), False), domain)); + } + else + DEBUG(5,("change_trust_account_password: sucess!\n")); + + return nt_status; +} diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c deleted file mode 100644 index d02de7ae64..0000000000 --- a/source3/smbd/change_trust_pw.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * Periodic Trust account password changing. - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, - * Copyright (C) Paul Ashton 1997. - * Copyright (C) Jeremy Allison 1998. - * Copyright (C) Andrew Bartlett 2001. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -#include "includes.h" -#include "../librpc/gen_ndr/ndr_netlogon.h" - -/************************************************************************ - Change the trust account password for a domain. -************************************************************************/ - -NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct sockaddr_storage pdc_ss; - fstring dc_name; - struct cli_state *cli = NULL; - struct rpc_pipe_client *netlogon_pipe = NULL; - - DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n", - domain)); - - if (remote_machine == NULL || !strcmp(remote_machine, "*")) { - /* Use the PDC *only* for this */ - - if ( !get_pdc_ip(domain, &pdc_ss) ) { - DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); - goto failed; - } - - if ( !name_status_find( domain, 0x1b, 0x20, &pdc_ss, dc_name) ) - goto failed; - } else { - /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ - fstrcpy( dc_name, remote_machine ); - } - - /* if this next call fails, then give up. We can't do - password changes on BDC's --jerry */ - - if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name, - NULL, 0, - "IPC$", "IPC", - "", "", - "", 0, Undefined, NULL))) { - DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name)); - nt_status = NT_STATUS_UNSUCCESSFUL; - goto failed; - } - - /* - * Ok - we have an anonymous connection to the IPC$ share. - * Now start the NT Domain stuff :-). - */ - - /* Shouldn't we open this with schannel ? JRA. */ - - nt_status = cli_rpc_pipe_open_noauth( - cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", - dc_name, nt_errstr(nt_status))); - cli_shutdown(cli); - cli = NULL; - goto failed; - } - - nt_status = trust_pw_find_change_and_store_it( - netlogon_pipe, netlogon_pipe, domain); - - cli_shutdown(cli); - cli = NULL; - -failed: - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", - current_timestring(talloc_tos(), False), domain)); - } - else - DEBUG(5,("change_trust_account_password: sucess!\n")); - - return nt_status; -} |