diff options
Diffstat (limited to 'source3/rpc_client/cli_netlogon.c')
| -rw-r--r-- | source3/rpc_client/cli_netlogon.c | 111 |
1 files changed, 101 insertions, 10 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index df87ed13d1..5f115e537b 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -146,7 +146,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; struct netr_Authenticator clnt_creds; struct netr_Authenticator ret_creds; - union netr_LogonInfo *logon; + union netr_LogonLevel *logon; union netr_Validation validation; uint8_t authoritative; int validation_level = 3; @@ -156,7 +156,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, ZERO_STRUCT(ret_creds); ZERO_STRUCT(zeros); - logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonInfo); + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel); if (!logon) { return NT_STATUS_NO_MEMORY; } @@ -172,7 +172,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, netlogon_creds_client_step(cli->dc, &clnt_creds); switch (logon_type) { - case INTERACTIVE_LOGON_TYPE: { + case NetlogonInteractiveInformation: { struct netr_PasswordInfo *password_info; @@ -231,7 +231,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, break; } - case NET_LOGON_TYPE: { + case NetlogonNetworkInformation: { struct netr_NetworkInfo *network_info; uint8 chal[8]; unsigned char local_lm_response[24]; @@ -327,7 +327,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, uint8 zeros[16]; struct netr_Authenticator clnt_creds; struct netr_Authenticator ret_creds; - union netr_LogonInfo *logon = NULL; + union netr_LogonLevel *logon = NULL; struct netr_NetworkInfo *network_info; uint8_t authoritative; union netr_Validation validation; @@ -342,7 +342,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, ZERO_STRUCT(lm); ZERO_STRUCT(nt); - logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonInfo); + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel); if (!logon) { return NT_STATUS_NO_MEMORY; } @@ -398,7 +398,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, global_myname(), &clnt_creds, &ret_creds, - NET_LOGON_TYPE, + NetlogonNetworkInformation, logon, validation_level, &validation, @@ -447,7 +447,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, const char *workstation_name_slash; const char *server_name_slash; uint8 zeros[16]; - union netr_LogonInfo *logon = NULL; + union netr_LogonLevel *logon = NULL; struct netr_NetworkInfo *network_info; uint8_t authoritative; union netr_Validation validation; @@ -462,7 +462,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, ZERO_STRUCT(lm); ZERO_STRUCT(nt); - logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonInfo); + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel); if (!logon) { return NT_STATUS_NO_MEMORY; } @@ -514,7 +514,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, result = rpccli_netr_LogonSamLogonEx(cli, mem_ctx, server_name_slash, global_myname(), - NET_LOGON_TYPE, + NetlogonNetworkInformation, logon, validation_level, &validation, @@ -538,3 +538,94 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, return result; } + +/********************************************************* + Change the domain password on the PDC. + + Just changes the password betwen the two values specified. + + Caller must have the cli connected to the netlogon pipe + already. +**********************************************************/ + +NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const unsigned char orig_trust_passwd_hash[16], + const char *new_trust_pwd_cleartext, + const unsigned char new_trust_passwd_hash[16], + uint32_t sec_channel_type) +{ + NTSTATUS result; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + struct netr_Authenticator clnt_creds, srv_cred; + + result = rpccli_netlogon_setup_creds(cli, + cli->desthost, /* server name */ + lp_workgroup(), /* domain */ + global_myname(), /* client name */ + global_myname(), /* machine account name */ + orig_trust_passwd_hash, + sec_channel_type, + &neg_flags); + + if (!NT_STATUS_IS_OK(result)) { + DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n", + nt_errstr(result))); + return result; + } + + netlogon_creds_client_step(cli->dc, &clnt_creds); + + if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) { + + struct netr_CryptPassword new_password; + + init_netr_CryptPassword(new_trust_pwd_cleartext, + cli->dc->sess_key, + &new_password); + + result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx, + cli->dc->remote_machine, + cli->dc->mach_acct, + sec_channel_type, + global_myname(), + &clnt_creds, + &srv_cred, + &new_password); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0,("rpccli_netr_ServerPasswordSet2 failed: %s\n", + nt_errstr(result))); + return result; + } + } else { + + struct samr_Password new_password; + + cred_hash3(new_password.hash, + new_trust_passwd_hash, + cli->dc->sess_key, 1); + + result = rpccli_netr_ServerPasswordSet(cli, mem_ctx, + cli->dc->remote_machine, + cli->dc->mach_acct, + sec_channel_type, + global_myname(), + &clnt_creds, + &srv_cred, + &new_password); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0,("rpccli_netr_ServerPasswordSet failed: %s\n", + nt_errstr(result))); + return result; + } + } + + /* Always check returned credentials. */ + if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + + return result; +} + |