summaryrefslogtreecommitdiff
path: root/source3/libsmb/trusts_util.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb/trusts_util.c')
-rw-r--r--source3/libsmb/trusts_util.c113
1 files changed, 7 insertions, 106 deletions
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 08a49930b4..f0595695d2 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -22,104 +22,6 @@
/*********************************************************
Change the domain password on the PDC.
-
- Just changes the password betwen the two values specified.
-
- Caller must have the cli connected to the netlogon pipe
- already.
-**********************************************************/
-
-static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- const unsigned char orig_trust_passwd_hash[16],
- const char *new_trust_pwd_cleartext,
- const unsigned char new_trust_passwd_hash[16],
- uint32 sec_channel_type)
-{
- NTSTATUS result;
- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-
- result = rpccli_netlogon_setup_creds(cli,
- cli->desthost, /* server name */
- lp_workgroup(), /* domain */
- global_myname(), /* client name */
- global_myname(), /* machine account name */
- orig_trust_passwd_hash,
- sec_channel_type,
- &neg_flags);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
- nt_errstr(result)));
- return result;
- }
-
- if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
-
- struct netr_Authenticator clnt_creds, srv_cred;
- struct netr_CryptPassword new_password;
- struct samr_CryptPassword password_buf;
-
- netlogon_creds_client_step(cli->dc, &clnt_creds);
-
- encode_pw_buffer(password_buf.data, new_trust_pwd_cleartext, STR_UNICODE);
-
- SamOEMhash(password_buf.data, cli->dc->sess_key, 516);
- memcpy(new_password.data, password_buf.data, 512);
- new_password.length = IVAL(password_buf.data, 512);
-
- result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
- cli->dc->remote_machine,
- cli->dc->mach_acct,
- sec_channel_type,
- global_myname(),
- &clnt_creds,
- &srv_cred,
- &new_password);
-
- /* Always check returned credentials. */
- if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
- DEBUG(0,("rpccli_netr_ServerPasswordSet2: "
- "credentials chain check failed\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- } else {
-
- struct netr_Authenticator clnt_creds, srv_cred;
- struct samr_Password new_password;
-
- netlogon_creds_client_step(cli->dc, &clnt_creds);
-
- cred_hash3(new_password.hash,
- new_trust_passwd_hash,
- cli->dc->sess_key, 1);
-
- result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
- cli->dc->remote_machine,
- cli->dc->mach_acct,
- sec_channel_type,
- global_myname(),
- &clnt_creds,
- &srv_cred,
- &new_password);
-
- /* Always check returned credentials. */
- if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
- DEBUG(0,("rpccli_netr_ServerPasswordSet: "
- "credentials chain check failed\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
- }
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(0,("just_change_the_password: unable to change password (%s)!\n",
- nt_errstr(result)));
- }
- return result;
-}
-
-/*********************************************************
- Change the domain password on the PDC.
Store the password ourselves, but use the supplied password
Caller must have already setup the connection to the NETLOGON pipe
**********************************************************/
@@ -131,24 +33,23 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
{
unsigned char new_trust_passwd_hash[16];
char *new_trust_passwd;
- char *str;
NTSTATUS nt_status;
/* Create a random machine account password */
- str = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+ new_trust_passwd = generate_random_str(mem_ctx, DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
- if ((new_trust_passwd = talloc_strdup(mem_ctx, str)) == NULL) {
+ if (new_trust_passwd == NULL) {
DEBUG(0, ("talloc_strdup failed\n"));
return NT_STATUS_NO_MEMORY;
}
E_md4hash(new_trust_passwd, new_trust_passwd_hash);
- nt_status = just_change_the_password(cli, mem_ctx,
- orig_trust_passwd_hash,
- new_trust_passwd,
- new_trust_passwd_hash,
- sec_channel_type);
+ nt_status = rpccli_netlogon_set_trust_password(cli, mem_ctx,
+ orig_trust_passwd_hash,
+ new_trust_passwd,
+ new_trust_passwd_hash,
+ sec_channel_type);
if (NT_STATUS_IS_OK(nt_status)) {
DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n",