diff options
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/trusts_util.c | 38 |
1 files changed, 16 insertions, 22 deletions
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index 9265c60665..7897d51717 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -37,6 +37,7 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX { NTSTATUS result; uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + struct netr_Authenticator clnt_creds, srv_cred; result = rpccli_netlogon_setup_creds(cli, cli->desthost, /* server name */ @@ -53,13 +54,12 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX return result; } + netlogon_creds_client_step(cli->dc, &clnt_creds); + if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) { - struct netr_Authenticator clnt_creds, srv_cred; struct netr_CryptPassword new_password; - netlogon_creds_client_step(cli->dc, &clnt_creds); - init_netr_CryptPassword(new_trust_pwd_cleartext, cli->dc->sess_key, &new_password); @@ -72,21 +72,15 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX &clnt_creds, &srv_cred, &new_password); - - /* Always check returned credentials. */ - if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { - DEBUG(0,("rpccli_netr_ServerPasswordSet2: " - "credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0,("rpccli_netr_ServerPasswordSet2 failed: %s\n", + nt_errstr(result))); + return result; } - } else { - struct netr_Authenticator clnt_creds, srv_cred; struct samr_Password new_password; - netlogon_creds_client_step(cli->dc, &clnt_creds); - cred_hash3(new_password.hash, new_trust_passwd_hash, cli->dc->sess_key, 1); @@ -99,19 +93,19 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX &clnt_creds, &srv_cred, &new_password); - - /* Always check returned credentials. */ - if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { - DEBUG(0,("rpccli_netr_ServerPasswordSet: " - "credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0,("rpccli_netr_ServerPasswordSet failed: %s\n", + nt_errstr(result))); + return result; } } - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0,("just_change_the_password: unable to change password (%s)!\n", - nt_errstr(result))); + /* Always check returned credentials. */ + if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; } + return result; } |