summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_server/srv_netlog_nt.c66
1 files changed, 55 insertions, 11 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index ce0a3fa255..0b476e1cae 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -491,7 +491,8 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
NETLOGON_NEG_FULL_SYNC_REPL |
NETLOGON_NEG_MULTIPLE_SIDS |
NETLOGON_NEG_REDO |
- NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
+ NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+ NETLOGON_NEG_PASSWORD_SET2;
/* Ensure we support strong (128-bit) keys. */
if (in_neg_flags & NETLOGON_NEG_STRONG_KEYS) {
@@ -824,6 +825,59 @@ NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
return status;
}
+/****************************************************************
+ _netr_ServerPasswordSet2
+****************************************************************/
+
+NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
+ struct netr_ServerPasswordSet2 *r)
+{
+ NTSTATUS status;
+ struct netlogon_creds_CredentialState *creds;
+ struct samu *sampass;
+ DATA_BLOB plaintext;
+ struct samr_CryptPassword password_buf;
+
+ become_root();
+ status = netr_creds_server_step_check(p, p->mem_ctx,
+ r->in.computer_name,
+ r->in.credential,
+ r->out.return_authenticator,
+ &creds);
+ unbecome_root();
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2,("_netr_ServerPasswordSet2: netlogon_creds_server_step "
+ "failed. Rejecting auth request from client %s machine account %s\n",
+ r->in.computer_name, creds->computer_name));
+ TALLOC_FREE(creds);
+ return status;
+ }
+
+ memcpy(password_buf.data, r->in.new_password->data, 512);
+ SIVAL(password_buf.data, 512, r->in.new_password->length);
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+
+ if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) {
+ return NT_STATUS_WRONG_PASSWORD;
+ }
+
+ status = netr_find_machine_account(p->mem_ctx,
+ creds->account_name,
+ &sampass);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = netr_set_machine_account_password(sampass,
+ sampass,
+ &plaintext,
+ NULL,
+ NULL);
+ TALLOC_FREE(sampass);
+ return status;
+}
+
/*************************************************************************
_netr_LogonSamLogoff
*************************************************************************/
@@ -1370,16 +1424,6 @@ NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
/****************************************************************
****************************************************************/
-NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
- struct netr_ServerPasswordSet2 *r)
-{
- p->rng_fault_state = true;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
WERROR _netr_ServerPasswordGet(pipes_struct *p,
struct netr_ServerPasswordGet *r)
{