From b3a21474971d3ffd6135011daa5f2fe521f535d1 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Thu, 8 Oct 2009 00:38:53 +0200
Subject: s3-netlogon: implement remote trust account changing in
 netr_LogonControl2Ex() and friends.

Guenther
---
 source3/rpc_server/srv_netlog_nt.c | 41 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

(limited to 'source3/rpc_server/srv_netlog_nt.c')

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 491754f76a..15ea5ff042 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -95,6 +95,37 @@ WERROR _netr_LogonControl2(pipes_struct *p,
 	return _netr_LogonControl2Ex(p, &l);
 }
 
+/*************************************************************************
+ *************************************************************************/
+
+static bool wb_change_trust_creds(const char *domain, WERROR *tc_status)
+{
+	wbcErr result;
+	struct wbcAuthErrorInfo *error = NULL;
+
+	result = wbcChangeTrustCredentials(domain, &error);
+	switch (result) {
+	case WBC_ERR_WINBIND_NOT_AVAILABLE:
+		return false;
+	case WBC_ERR_DOMAIN_NOT_FOUND:
+		*tc_status = WERR_NO_SUCH_DOMAIN;
+		return true;
+	case WBC_ERR_SUCCESS:
+		*tc_status = WERR_OK;
+		return true;
+	default:
+		break;
+	}
+
+	if (error && error->nt_status != 0) {
+		*tc_status = ntstatus_to_werror(NT_STATUS(error->nt_status));
+	} else {
+		*tc_status = WERR_TRUST_FAILURE;
+	}
+	wbcFreeMemory(error);
+	return true;
+}
+
 /****************************************************************
  _netr_LogonControl2Ex
 ****************************************************************/
@@ -174,6 +205,16 @@ WERROR _netr_LogonControl2Ex(pipes_struct *p,
 
 		break;
 
+	case NETLOGON_CONTROL_CHANGE_PASSWORD:
+		if (!r->in.data || !r->in.data->domain) {
+			return WERR_NOT_SUPPORTED;
+		}
+
+		if (!wb_change_trust_creds(r->in.data->domain, &tc_status)) {
+			return WERR_NOT_SUPPORTED;
+		}
+		break;
+
 	default:
 		/* no idea what this should be */
 		DEBUG(0,("%s: unimplemented function level [%d]\n",
-- 
cgit