diff options
-rw-r--r-- | source3/include/proto.h | 2 | ||||
-rw-r--r-- | source3/rpc_client/cli_netlogon.c | 223 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 20 |
3 files changed, 115 insertions, 130 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 7673fc2ed5..9fd3694818 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -793,7 +793,7 @@ void SMBOWFencrypt_ntv2(const uchar kr[16], char resp_buf[16]); void SMBgenclientchals(char *lm_cli_chal, char *nt_cli_chal, int *nt_cli_chal_len, - const char *srv, const char *domain); + const char *srv, const char *dom); void ntv2_owf_gen(const uchar owf[16], const char *user_n, const char *domain_n, diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index d385011bac..c7483677f0 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -549,140 +549,115 @@ static BOOL modify_trust_password( char *domain, char *remote_machine, unsigned char new_trust_passwd_hash[16], uint16 sec_chan) { - uint16 nt_pipe_fnum; - struct cli_state cli; - struct nmb_name calling, called; + uint16 nt_pipe_fnum; + struct cli_state cli; + struct nmb_name calling, called; - ZERO_STRUCT(cli); - if(cli_initialise(&cli) == False) { - DEBUG(0,("modify_trust_password: unable to initialize client connection.\n")); - return False; - } + make_nmb_name(&calling, global_myname , 0x0 , scope); + make_nmb_name(&called , remote_machine, 0x20, scope); - if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) { - DEBUG(0,("modify_trust_password: Can't resolve address for %s\n", remote_machine)); - return False; - } + ZERO_STRUCT(cli); + if(cli_initialise(&cli) == NULL) + { + DEBUG(0,("modify_trust_password: unable to initialize client \ +connection.\n")); + return False; + } - if (ismyip(cli.dest_ip)) { - DEBUG(0,("modify_trust_password: Machine %s is one of our addresses. Cannot add \ -to ourselves.\n", remote_machine)); - return False; - } + if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) + { + DEBUG(0,("modify_trust_password: Can't resolve address for \ +%s\n", remote_machine)); + return False; + } - if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) { - fstring errstr; - cli_safe_errstr(&cli, errstr, sizeof(errstr)); - DEBUG(0,("modify_trust_password: unable to connect to SMB server on \ -machine %s. Error was : %s.\n", remote_machine, errstr )); - return False; - } - - - make_nmb_name(&calling, global_myname , 0x0 , scope); - make_nmb_name(&called , remote_machine, 0x20, scope); + if (ismyip(cli.dest_ip)) + { + DEBUG(0,("modify_trust_password: Machine %s is one of our \ +addresses. Cannot add to ourselves.\n", remote_machine)); + return False; + } - if (!cli_session_request(&cli, &calling, &called)) + cli.protocol = PROTOCOL_NT1; + + if (!cli_establish_connection(&cli, remote_machine, &cli.dest_ip, + &calling, &called, + "IPC$", "IPC", False, True)) { - fstring errstr; - cli_safe_errstr(&cli, errstr, sizeof(errstr)); - DEBUG(0,("modify_trust_password: machine %s rejected the session setup. \ -Error was : %s.\n", remote_machine, errstr )); - cli_shutdown(&cli); - return False; - } + fstring errstr; + cli_safe_errstr(&cli, errstr, sizeof(errstr)); + DEBUG(0,("modify_trust_password: machine %s rejected the SMB \ +session. Error was : %s.\n", remote_machine, errstr )); + cli_shutdown(&cli); + return False; + } - cli.protocol = PROTOCOL_NT1; - - if (!cli_negprot(&cli)) { - fstring errstr; - cli_safe_errstr(&cli, errstr, sizeof(errstr)); - DEBUG(0,("modify_trust_password: machine %s rejected the negotiate protocol. \ -Error was : %s.\n", remote_machine, errstr )); - cli_shutdown(&cli); - return False; - } - if (cli.protocol != PROTOCOL_NT1) { - DEBUG(0,("modify_trust_password: machine %s didn't negotiate NT protocol.\n", - remote_machine)); - cli_shutdown(&cli); - return False; - } - - /* - * Do an anonymous session setup. - */ - - if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) { - fstring errstr; - cli_safe_errstr(&cli, errstr, sizeof(errstr)); - DEBUG(0,("modify_trust_password: machine %s rejected the session setup. \ -Error was : %s.\n", remote_machine, errstr )); - cli_shutdown(&cli); - return False; - } - - if (!(cli.sec_mode & 1)) { - DEBUG(0,("modify_trust_password: machine %s isn't in user level security mode\n", - remote_machine)); - cli_shutdown(&cli); - return False; - } - - if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) { - fstring errstr; - cli_safe_errstr(&cli, errstr, sizeof(errstr)); - DEBUG(0,("modify_trust_password: machine %s rejected the tconX on the IPC$ share. \ -Error was : %s.\n", remote_machine, errstr )); - cli_shutdown(&cli); - return False; - } - /* - * Ok - we have an anonymous connection to the IPC$ share. - * Now start the NT Domain stuff :-). - */ - - if(cli_nt_session_open(&cli, PIPE_NETLOGON, &nt_pipe_fnum) == False) { - fstring errstr; - cli_safe_errstr(&cli, errstr, sizeof(errstr)); - DEBUG(0,("modify_trust_password: unable to open the domain client session to \ -machine %s. Error was : %s.\n", remote_machine, errstr )); - cli_nt_session_close(&cli, nt_pipe_fnum); - cli_ulogoff(&cli); - cli_shutdown(&cli); - return False; - } - - if(cli_nt_setup_creds(&cli, nt_pipe_fnum, - cli.mach_acct, orig_trust_passwd_hash, sec_chan) == False) { - fstring errstr; - cli_safe_errstr(&cli, errstr, sizeof(errstr)); - DEBUG(0,("modify_trust_password: unable to setup the PDC credentials to machine \ -%s. Error was : %s.\n", remote_machine, errstr )); - cli_nt_session_close(&cli, nt_pipe_fnum); - cli_ulogoff(&cli); - cli_shutdown(&cli); - return False; - } - - if( cli_nt_srv_pwset( &cli, nt_pipe_fnum, new_trust_passwd_hash, sec_chan ) == False) { - fstring errstr; - cli_safe_errstr(&cli, errstr, sizeof(errstr)); - DEBUG(0,("modify_trust_password: unable to change password for machine %s in domain \ -%s to Domain controller %s. Error was %s.\n", global_myname, domain, remote_machine, - errstr )); - cli_nt_session_close(&cli, nt_pipe_fnum); - cli_ulogoff(&cli); - cli_shutdown(&cli); - return False; - } + if (cli.protocol != PROTOCOL_NT1) + { + DEBUG(0,("modify_trust_password: machine %s didn't negotiate \ +NT protocol.\n", remote_machine)); + cli_shutdown(&cli); + return False; + } - cli_nt_session_close(&cli, nt_pipe_fnum); - cli_ulogoff(&cli); - cli_shutdown(&cli); + if (!(IS_BITS_SET_ALL(cli.sec_mode, 1))) + { + DEBUG(0,("modify_trust_password: machine %s isn't in user \ +level security mode\n", remote_machine)); + cli_shutdown(&cli); + return False; + } + + /* + * Ok - we have an anonymous connection to the IPC$ share. + * Now start the NT Domain stuff :-). + */ + + if (!cli_nt_session_open(&cli, PIPE_NETLOGON, &nt_pipe_fnum)) + { + fstring errstr; + cli_safe_errstr(&cli, errstr, sizeof(errstr)); + DEBUG(0,("modify_trust_password: unable to open the domain \ +client session to server %s. Error was : %s.\n", remote_machine, errstr )); + cli_nt_session_close(&cli, nt_pipe_fnum); + cli_ulogoff(&cli); + cli_shutdown(&cli); + return False; + } + + if (!cli_nt_setup_creds(&cli, nt_pipe_fnum, + cli.mach_acct, orig_trust_passwd_hash, sec_chan)) + { + fstring errstr; + cli_safe_errstr(&cli, errstr, sizeof(errstr)); + DEBUG(0,("modify_trust_password: unable to setup the PDC \ +credentials to server %s. Error was : %s.\n", remote_machine, errstr )); + cli_nt_session_close(&cli, nt_pipe_fnum); + cli_ulogoff(&cli); + cli_shutdown(&cli); + return False; + } + + if (!cli_nt_srv_pwset( &cli, nt_pipe_fnum, new_trust_passwd_hash, + sec_chan ) ) + { + fstring errstr; + cli_safe_errstr(&cli, errstr, sizeof(errstr)); + DEBUG(0,("modify_trust_password: unable to change password for \ +workstation %s in domain %s to Domain controller %s. Error was %s.\n", + global_myname, domain, remote_machine, errstr )); + cli_nt_session_close(&cli, nt_pipe_fnum); + cli_ulogoff(&cli); + cli_shutdown(&cli); + return False; + } - return True; + cli_nt_session_close(&cli, nt_pipe_fnum); + cli_ulogoff(&cli); + cli_shutdown(&cli); + + return True; } /************************************************************************ diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 3ced236281..54ddac6f78 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -293,7 +293,9 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 nt_pipe_fnum, uint16 cmd, pp_ret_params, p_ret_params_len, /* return params, len */ pp_ret_data, p_ret_data_len)) /* return data, len */ { - DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", cli_errstr(cli))); + fstring errstr; + cli_safe_errstr(cli, errstr, sizeof(errstr)); + DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", errstr)); return False; } @@ -1043,8 +1045,10 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, uint16* nt_pipe { if ((fnum = cli_nt_create(cli, &(pipe_name[5]))) == -1) { + fstring errstr; + cli_safe_errstr(cli, errstr, sizeof(errstr)); DEBUG(0,("cli_nt_session_open: cli_nt_create failed on pipe %s to machine %s. Error was %s\n", - &(pipe_name[5]), cli->desthost, cli_errstr(cli))); + &(pipe_name[5]), cli->desthost, errstr)); return False; } @@ -1054,8 +1058,10 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, uint16* nt_pipe { if ((fnum = cli_open(cli, pipe_name, O_CREAT|O_RDWR, DENY_NONE)) == -1) { + fstring errstr; + cli_safe_errstr(cli, errstr, sizeof(errstr)); DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n", - pipe_name, cli->desthost, cli_errstr(cli))); + pipe_name, cli->desthost, errstr)); return False; } @@ -1064,8 +1070,10 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, uint16* nt_pipe /**************** Set Named Pipe State ***************/ if (!rpc_pipe_set_hnd_state(cli, *nt_pipe_fnum, pipe_name, 0x4300)) { + fstring errstr; + cli_safe_errstr(cli, errstr, sizeof(errstr)); DEBUG(0,("cli_nt_session_open: pipe hnd state failed. Error was %s\n", - cli_errstr(cli))); + errstr)); cli_close(cli, *nt_pipe_fnum); return False; } @@ -1078,8 +1086,10 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, uint16* nt_pipe &abstract, &transfer, global_myname)) { + fstring errstr; + cli_safe_errstr(cli, errstr, sizeof(errstr)); DEBUG(0,("cli_nt_session_open: rpc bind failed. Error was %s\n", - cli_errstr(cli))); + errstr)); cli_close(cli, *nt_pipe_fnum); return False; } |