summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h2
-rw-r--r--source3/rpc_client/cli_netlogon.c223
-rw-r--r--source3/rpc_client/cli_pipe.c20
3 files changed, 115 insertions, 130 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 7673fc2ed5..9fd3694818 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -793,7 +793,7 @@ void SMBOWFencrypt_ntv2(const uchar kr[16],
char resp_buf[16]);
void SMBgenclientchals(char *lm_cli_chal,
char *nt_cli_chal, int *nt_cli_chal_len,
- const char *srv, const char *domain);
+ const char *srv, const char *dom);
void ntv2_owf_gen(const uchar owf[16],
const char *user_n,
const char *domain_n,
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index d385011bac..c7483677f0 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -549,140 +549,115 @@ static BOOL modify_trust_password( char *domain, char *remote_machine,
unsigned char new_trust_passwd_hash[16],
uint16 sec_chan)
{
- uint16 nt_pipe_fnum;
- struct cli_state cli;
- struct nmb_name calling, called;
+ uint16 nt_pipe_fnum;
+ struct cli_state cli;
+ struct nmb_name calling, called;
- ZERO_STRUCT(cli);
- if(cli_initialise(&cli) == False) {
- DEBUG(0,("modify_trust_password: unable to initialize client connection.\n"));
- return False;
- }
+ make_nmb_name(&calling, global_myname , 0x0 , scope);
+ make_nmb_name(&called , remote_machine, 0x20, scope);
- if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) {
- DEBUG(0,("modify_trust_password: Can't resolve address for %s\n", remote_machine));
- return False;
- }
+ ZERO_STRUCT(cli);
+ if(cli_initialise(&cli) == NULL)
+ {
+ DEBUG(0,("modify_trust_password: unable to initialize client \
+connection.\n"));
+ return False;
+ }
- if (ismyip(cli.dest_ip)) {
- DEBUG(0,("modify_trust_password: Machine %s is one of our addresses. Cannot add \
-to ourselves.\n", remote_machine));
- return False;
- }
+ if(!resolve_name( remote_machine, &cli.dest_ip, 0x20))
+ {
+ DEBUG(0,("modify_trust_password: Can't resolve address for \
+%s\n", remote_machine));
+ return False;
+ }
- if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) {
- fstring errstr;
- cli_safe_errstr(&cli, errstr, sizeof(errstr));
- DEBUG(0,("modify_trust_password: unable to connect to SMB server on \
-machine %s. Error was : %s.\n", remote_machine, errstr ));
- return False;
- }
-
-
- make_nmb_name(&calling, global_myname , 0x0 , scope);
- make_nmb_name(&called , remote_machine, 0x20, scope);
+ if (ismyip(cli.dest_ip))
+ {
+ DEBUG(0,("modify_trust_password: Machine %s is one of our \
+addresses. Cannot add to ourselves.\n", remote_machine));
+ return False;
+ }
- if (!cli_session_request(&cli, &calling, &called))
+ cli.protocol = PROTOCOL_NT1;
+
+ if (!cli_establish_connection(&cli, remote_machine, &cli.dest_ip,
+ &calling, &called,
+ "IPC$", "IPC", False, True))
{
- fstring errstr;
- cli_safe_errstr(&cli, errstr, sizeof(errstr));
- DEBUG(0,("modify_trust_password: machine %s rejected the session setup. \
-Error was : %s.\n", remote_machine, errstr ));
- cli_shutdown(&cli);
- return False;
- }
+ fstring errstr;
+ cli_safe_errstr(&cli, errstr, sizeof(errstr));
+ DEBUG(0,("modify_trust_password: machine %s rejected the SMB \
+session. Error was : %s.\n", remote_machine, errstr ));
+ cli_shutdown(&cli);
+ return False;
+ }
- cli.protocol = PROTOCOL_NT1;
-
- if (!cli_negprot(&cli)) {
- fstring errstr;
- cli_safe_errstr(&cli, errstr, sizeof(errstr));
- DEBUG(0,("modify_trust_password: machine %s rejected the negotiate protocol. \
-Error was : %s.\n", remote_machine, errstr ));
- cli_shutdown(&cli);
- return False;
- }
- if (cli.protocol != PROTOCOL_NT1) {
- DEBUG(0,("modify_trust_password: machine %s didn't negotiate NT protocol.\n",
- remote_machine));
- cli_shutdown(&cli);
- return False;
- }
-
- /*
- * Do an anonymous session setup.
- */
-
- if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
- fstring errstr;
- cli_safe_errstr(&cli, errstr, sizeof(errstr));
- DEBUG(0,("modify_trust_password: machine %s rejected the session setup. \
-Error was : %s.\n", remote_machine, errstr ));
- cli_shutdown(&cli);
- return False;
- }
-
- if (!(cli.sec_mode & 1)) {
- DEBUG(0,("modify_trust_password: machine %s isn't in user level security mode\n",
- remote_machine));
- cli_shutdown(&cli);
- return False;
- }
-
- if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
- fstring errstr;
- cli_safe_errstr(&cli, errstr, sizeof(errstr));
- DEBUG(0,("modify_trust_password: machine %s rejected the tconX on the IPC$ share. \
-Error was : %s.\n", remote_machine, errstr ));
- cli_shutdown(&cli);
- return False;
- }
- /*
- * Ok - we have an anonymous connection to the IPC$ share.
- * Now start the NT Domain stuff :-).
- */
-
- if(cli_nt_session_open(&cli, PIPE_NETLOGON, &nt_pipe_fnum) == False) {
- fstring errstr;
- cli_safe_errstr(&cli, errstr, sizeof(errstr));
- DEBUG(0,("modify_trust_password: unable to open the domain client session to \
-machine %s. Error was : %s.\n", remote_machine, errstr ));
- cli_nt_session_close(&cli, nt_pipe_fnum);
- cli_ulogoff(&cli);
- cli_shutdown(&cli);
- return False;
- }
-
- if(cli_nt_setup_creds(&cli, nt_pipe_fnum,
- cli.mach_acct, orig_trust_passwd_hash, sec_chan) == False) {
- fstring errstr;
- cli_safe_errstr(&cli, errstr, sizeof(errstr));
- DEBUG(0,("modify_trust_password: unable to setup the PDC credentials to machine \
-%s. Error was : %s.\n", remote_machine, errstr ));
- cli_nt_session_close(&cli, nt_pipe_fnum);
- cli_ulogoff(&cli);
- cli_shutdown(&cli);
- return False;
- }
-
- if( cli_nt_srv_pwset( &cli, nt_pipe_fnum, new_trust_passwd_hash, sec_chan ) == False) {
- fstring errstr;
- cli_safe_errstr(&cli, errstr, sizeof(errstr));
- DEBUG(0,("modify_trust_password: unable to change password for machine %s in domain \
-%s to Domain controller %s. Error was %s.\n", global_myname, domain, remote_machine,
- errstr ));
- cli_nt_session_close(&cli, nt_pipe_fnum);
- cli_ulogoff(&cli);
- cli_shutdown(&cli);
- return False;
- }
+ if (cli.protocol != PROTOCOL_NT1)
+ {
+ DEBUG(0,("modify_trust_password: machine %s didn't negotiate \
+NT protocol.\n", remote_machine));
+ cli_shutdown(&cli);
+ return False;
+ }
- cli_nt_session_close(&cli, nt_pipe_fnum);
- cli_ulogoff(&cli);
- cli_shutdown(&cli);
+ if (!(IS_BITS_SET_ALL(cli.sec_mode, 1)))
+ {
+ DEBUG(0,("modify_trust_password: machine %s isn't in user \
+level security mode\n", remote_machine));
+ cli_shutdown(&cli);
+ return False;
+ }
+
+ /*
+ * Ok - we have an anonymous connection to the IPC$ share.
+ * Now start the NT Domain stuff :-).
+ */
+
+ if (!cli_nt_session_open(&cli, PIPE_NETLOGON, &nt_pipe_fnum))
+ {
+ fstring errstr;
+ cli_safe_errstr(&cli, errstr, sizeof(errstr));
+ DEBUG(0,("modify_trust_password: unable to open the domain \
+client session to server %s. Error was : %s.\n", remote_machine, errstr ));
+ cli_nt_session_close(&cli, nt_pipe_fnum);
+ cli_ulogoff(&cli);
+ cli_shutdown(&cli);
+ return False;
+ }
+
+ if (!cli_nt_setup_creds(&cli, nt_pipe_fnum,
+ cli.mach_acct, orig_trust_passwd_hash, sec_chan))
+ {
+ fstring errstr;
+ cli_safe_errstr(&cli, errstr, sizeof(errstr));
+ DEBUG(0,("modify_trust_password: unable to setup the PDC \
+credentials to server %s. Error was : %s.\n", remote_machine, errstr ));
+ cli_nt_session_close(&cli, nt_pipe_fnum);
+ cli_ulogoff(&cli);
+ cli_shutdown(&cli);
+ return False;
+ }
+
+ if (!cli_nt_srv_pwset( &cli, nt_pipe_fnum, new_trust_passwd_hash,
+ sec_chan ) )
+ {
+ fstring errstr;
+ cli_safe_errstr(&cli, errstr, sizeof(errstr));
+ DEBUG(0,("modify_trust_password: unable to change password for \
+workstation %s in domain %s to Domain controller %s. Error was %s.\n",
+ global_myname, domain, remote_machine, errstr ));
+ cli_nt_session_close(&cli, nt_pipe_fnum);
+ cli_ulogoff(&cli);
+ cli_shutdown(&cli);
+ return False;
+ }
- return True;
+ cli_nt_session_close(&cli, nt_pipe_fnum);
+ cli_ulogoff(&cli);
+ cli_shutdown(&cli);
+
+ return True;
}
/************************************************************************
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 3ced236281..54ddac6f78 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -293,7 +293,9 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 nt_pipe_fnum, uint16 cmd,
pp_ret_params, p_ret_params_len, /* return params, len */
pp_ret_data, p_ret_data_len)) /* return data, len */
{
- DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", cli_errstr(cli)));
+ fstring errstr;
+ cli_safe_errstr(cli, errstr, sizeof(errstr));
+ DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", errstr));
return False;
}
@@ -1043,8 +1045,10 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, uint16* nt_pipe
{
if ((fnum = cli_nt_create(cli, &(pipe_name[5]))) == -1)
{
+ fstring errstr;
+ cli_safe_errstr(cli, errstr, sizeof(errstr));
DEBUG(0,("cli_nt_session_open: cli_nt_create failed on pipe %s to machine %s. Error was %s\n",
- &(pipe_name[5]), cli->desthost, cli_errstr(cli)));
+ &(pipe_name[5]), cli->desthost, errstr));
return False;
}
@@ -1054,8 +1058,10 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, uint16* nt_pipe
{
if ((fnum = cli_open(cli, pipe_name, O_CREAT|O_RDWR, DENY_NONE)) == -1)
{
+ fstring errstr;
+ cli_safe_errstr(cli, errstr, sizeof(errstr));
DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n",
- pipe_name, cli->desthost, cli_errstr(cli)));
+ pipe_name, cli->desthost, errstr));
return False;
}
@@ -1064,8 +1070,10 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, uint16* nt_pipe
/**************** Set Named Pipe State ***************/
if (!rpc_pipe_set_hnd_state(cli, *nt_pipe_fnum, pipe_name, 0x4300))
{
+ fstring errstr;
+ cli_safe_errstr(cli, errstr, sizeof(errstr));
DEBUG(0,("cli_nt_session_open: pipe hnd state failed. Error was %s\n",
- cli_errstr(cli)));
+ errstr));
cli_close(cli, *nt_pipe_fnum);
return False;
}
@@ -1078,8 +1086,10 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, uint16* nt_pipe
&abstract, &transfer,
global_myname))
{
+ fstring errstr;
+ cli_safe_errstr(cli, errstr, sizeof(errstr));
DEBUG(0,("cli_nt_session_open: rpc bind failed. Error was %s\n",
- cli_errstr(cli)));
+ errstr));
cli_close(cli, *nt_pipe_fnum);
return False;
}