From 4a6d1318bd9123f5a9c1d72721a9175320356fbe Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 1 Jan 2002 03:10:32 +0000 Subject: A farily large commit: - Move rpc_client/cli_trust.c to smbd/change_trust_pw.c - It hasn't been used by anything else since smbpasswd lost its -j - Add a TALLOC_CTX to the auth subsytem. These are only valid for the length of the calls to the individual modules, if you want a longer context hide it in your private data. Similarly, all returns (like the server_info) should still be malloced. - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new libsmb domain logon code. Also rework much of the code to use some better helper functions for the connection - getting us much better error returns (the new code is NTSTATUS). The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for the LUID feilds is sufficient, or if we should do random LUIDs as per the old code. Similarly, I'll move winbind over to this when I get a chance. This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in rpc_client, at least as far as smbd is concerned. While I've given this a basic rundown, any testing is as always appriciated. Andrew Bartlett (This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837) --- source3/smbd/change_trust_pw.c | 152 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 152 insertions(+) create mode 100644 source3/smbd/change_trust_pw.c (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c new file mode 100644 index 0000000000..8a16793843 --- /dev/null +++ b/source3/smbd/change_trust_pw.c @@ -0,0 +1,152 @@ +/* + * Unix SMB/Netbios implementation. + * Version 3.0 + * Periodic Trust account password changing. + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997. + * Copyright (C) Jeremy Allison 1998. + * Copyright (C) Andrew Bartlett 2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +extern pstring global_myname; + +/********************************************************* + Change the domain password on the PDC. +**********************************************************/ + +static NTSTATUS modify_trust_password( char *domain, char *remote_machine, + unsigned char orig_trust_passwd_hash[16]) +{ + struct cli_state *cli; + DOM_SID domain_sid; + struct in_addr dest_ip; + NTSTATUS nt_status; + + /* + * Ensure we have the domain SID for this domain. + */ + + if (!secrets_fetch_domain_sid(domain, &domain_sid)) { + DEBUG(0, ("domain_client_validate: unable to fetch domain sid.\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + if(!resolve_name( remote_machine, &dest_ip, 0x20)) { + DEBUG(0,("modify_trust_password: Can't resolve address for %s\n", remote_machine)); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname, remote_machine, + &dest_ip, 0, + "IPC$", "IPC", + "", "", + "", 0))) { + DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine)); + return NT_STATUS_UNSUCCESSFUL; + } + + /* + * Ok - we have an anonymous connection to the IPC$ share. + * Now start the NT Domain stuff :-). + */ + + if(cli_nt_session_open(cli, PIPE_NETLOGON) == False) { + DEBUG(0,("modify_trust_password: unable to open the domain client session to \ +machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli))); + cli_nt_session_close(cli); + cli_ulogoff(cli); + cli_shutdown(cli); + return NT_STATUS_UNSUCCESSFUL; + } + + nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx, + orig_trust_passwd_hash); + + cli_nt_session_close(cli); + cli_ulogoff(cli); + cli_shutdown(cli); + return nt_status; +} + +/************************************************************************ + Change the trust account password for a domain. +************************************************************************/ + +NTSTATUS change_trust_account_password( char *domain, char *remote_machine_list) +{ + fstring remote_machine; + unsigned char old_trust_passwd_hash[16]; + time_t lct; + NTSTATUS res = NT_STATUS_UNSUCCESSFUL; + + if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) { + DEBUG(0,("change_trust_account_password: unable to read the machine \ +account password for domain %s.\n", domain)); + return NT_STATUS_UNSUCCESSFUL; + } + + while(remote_machine_list && + next_token(&remote_machine_list, remote_machine, + LIST_SEP, sizeof(remote_machine))) { + strupper(remote_machine); + if(strequal(remote_machine, "*")) { + + /* + * We have been asked to dynamcially determine the IP addresses of the PDC. + */ + + struct in_addr *ip_list = NULL; + int count = 0; + int i; + + /* Use the PDC *only* for this. */ + if(!get_dc_list(True, domain, &ip_list, &count)) + continue; + + /* + * Try and connect to the PDC/BDC list in turn as an IP + * address used as a string. + */ + + for(i = 0; i < count; i++) { + fstring dc_name; + if(!lookup_dc_name(global_myname, domain, &ip_list[i], dc_name)) + continue; + if(NT_STATUS_IS_OK(res = modify_trust_password( domain, dc_name, + old_trust_passwd_hash))) + break; + } + + SAFE_FREE(ip_list); + + } else { + res = modify_trust_password( domain, remote_machine, + old_trust_passwd_hash); + } + + } + + if (!NT_STATUS_IS_OK(res)) { + DEBUG(0,("%s : change_trust_account_password: Failed to change password for \ +domain %s.\n", timestring(False), domain)); + } + + return res; +} -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/smbd/change_trust_pw.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 8a16793843..0d80d5718f 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -1,6 +1,5 @@ /* - * Unix SMB/Netbios implementation. - * Version 3.0 + * Unix SMB/CIFS implementation. * Periodic Trust account password changing. * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/smbd/change_trust_pw.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 0d80d5718f..0c468699b4 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -35,7 +35,6 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine, { struct cli_state *cli; DOM_SID domain_sid; - struct in_addr dest_ip; NTSTATUS nt_status; /* @@ -43,17 +42,12 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine, */ if (!secrets_fetch_domain_sid(domain, &domain_sid)) { - DEBUG(0, ("domain_client_validate: unable to fetch domain sid.\n")); + DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n")); return NT_STATUS_UNSUCCESSFUL; } - if(!resolve_name( remote_machine, &dest_ip, 0x20)) { - DEBUG(0,("modify_trust_password: Can't resolve address for %s\n", remote_machine)); - return NT_STATUS_UNSUCCESSFUL; - } - if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname, remote_machine, - &dest_ip, 0, + NULL, 0, "IPC$", "IPC", "", "", "", 0))) { -- cgit From 36ef82a52953384acedbd51f54ded9357fa8ca3e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 4 Oct 2002 04:10:23 +0000 Subject: merge of new client side support the Win2k LSARPC UUID in rpcbind from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e) --- source3/smbd/change_trust_pw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 0c468699b4..4b2944a96f 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -60,7 +60,7 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine, * Now start the NT Domain stuff :-). */ - if(cli_nt_session_open(cli, PIPE_NETLOGON) == False) { + if(cli_nt_session_open(cli, PI_NETLOGON) == False) { DEBUG(0,("modify_trust_password: unable to open the domain client session to \ machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli))); cli_nt_session_close(cli); -- cgit From c53eb2ed540e79d6deae5f41e17febc5bf5dbf57 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 17 Oct 2002 17:10:24 +0000 Subject: Added new error codes. Fix up connection code to retry in the same way that app-head does. Jeremy. (This used to be commit ec7953f20145799f6286a295472df4826bfdfb8f) --- source3/smbd/change_trust_pw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 4b2944a96f..5da735e875 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -50,7 +50,7 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine, NULL, 0, "IPC$", "IPC", "", "", - "", 0))) { + "", 0, NULL))) { DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine)); return NT_STATUS_UNSUCCESSFUL; } -- cgit From ab1cf8d1cf447e85063b43b65fa05c8b4bfde2a9 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 6 Nov 2002 05:14:15 +0000 Subject: Merge of get_dc_list() api change from HEAD. (This used to be commit 6ba7847ce2756fde94e530fd0bf2a055f3e27373) --- source3/smbd/change_trust_pw.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 5da735e875..7cb9084072 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -105,12 +105,11 @@ account password for domain %s.\n", domain)); * We have been asked to dynamcially determine the IP addresses of the PDC. */ - struct in_addr *ip_list = NULL; - int count = 0; - int i; + struct in_addr pdc_ip; + fstring dc_name; /* Use the PDC *only* for this. */ - if(!get_dc_list(True, domain, &ip_list, &count)) + if(!get_pdc_ip(domain, &pdc_ip)) continue; /* @@ -118,16 +117,11 @@ account password for domain %s.\n", domain)); * address used as a string. */ - for(i = 0; i < count; i++) { - fstring dc_name; - if(!lookup_dc_name(global_myname, domain, &ip_list[i], dc_name)) + if(!lookup_dc_name(global_myname, domain, &pdc_ip, dc_name)) continue; if(NT_STATUS_IS_OK(res = modify_trust_password( domain, dc_name, old_trust_passwd_hash))) break; - } - - SAFE_FREE(ip_list); } else { res = modify_trust_password( domain, remote_machine, -- cgit From 2f194322d419350f35a48dff750066894d68eccf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 12 Nov 2002 23:20:50 +0000 Subject: Removed global_myworkgroup, global_myname, global_myscope. Added liberal dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89) --- source3/smbd/change_trust_pw.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 7cb9084072..e4a7fbae6b 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -24,13 +24,11 @@ #include "includes.h" -extern pstring global_myname; - /********************************************************* Change the domain password on the PDC. **********************************************************/ -static NTSTATUS modify_trust_password( char *domain, char *remote_machine, +static NTSTATUS modify_trust_password( const char *domain, const char *remote_machine, unsigned char orig_trust_passwd_hash[16]) { struct cli_state *cli; @@ -46,7 +44,7 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine, return NT_STATUS_UNSUCCESSFUL; } - if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname, remote_machine, + if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine, NULL, 0, "IPC$", "IPC", "", "", @@ -82,7 +80,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli))); Change the trust account password for a domain. ************************************************************************/ -NTSTATUS change_trust_account_password( char *domain, char *remote_machine_list) +NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine_list) { fstring remote_machine; unsigned char old_trust_passwd_hash[16]; @@ -117,7 +115,7 @@ account password for domain %s.\n", domain)); * address used as a string. */ - if(!lookup_dc_name(global_myname, domain, &pdc_ip, dc_name)) + if(!lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name)) continue; if(NT_STATUS_IS_OK(res = modify_trust_password( domain, dc_name, old_trust_passwd_hash))) -- cgit From f3e3a56ea9085b186af24b0b4e911863fd9ceacc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 29 Nov 2002 02:58:59 +0000 Subject: Merge a bunch of trivial changes from HEAD. The difference remaining should actual functional differences between HEAD and 3.0. - Mostly reformatting - Removal of unecessary #include "smb.h" - Merge of dyn_DRIVERFILE removal - Silly bug fix for python code (This used to be commit d3998307adc50ba50defe610cb656c73799ae3b9) --- source3/smbd/change_trust_pw.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index e4a7fbae6b..28a004eba8 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -120,7 +120,6 @@ account password for domain %s.\n", domain)); if(NT_STATUS_IS_OK(res = modify_trust_password( domain, dc_name, old_trust_passwd_hash))) break; - } else { res = modify_trust_password( domain, remote_machine, old_trust_passwd_hash); -- cgit From 612e1ffdba747c969525be760f8783c946960812 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 4 Dec 2002 20:57:48 +0000 Subject: merges from HEAD - change_trust_account_password() must always talk to PDC (This used to be commit af2fa4385015dce8dedafe80e02a0115892e508e) --- source3/smbd/change_trust_pw.c | 162 ++++++++++++++++++++--------------------- 1 file changed, 77 insertions(+), 85 deletions(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 28a004eba8..a140978733 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -31,106 +31,98 @@ static NTSTATUS modify_trust_password( const char *domain, const char *remote_machine, unsigned char orig_trust_passwd_hash[16]) { - struct cli_state *cli; - DOM_SID domain_sid; - NTSTATUS nt_status; + struct cli_state *cli; + DOM_SID domain_sid; + NTSTATUS nt_status; - /* - * Ensure we have the domain SID for this domain. - */ + /* + * Ensure we have the domain SID for this domain. + */ - if (!secrets_fetch_domain_sid(domain, &domain_sid)) { - DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n")); - return NT_STATUS_UNSUCCESSFUL; - } + if (!secrets_fetch_domain_sid(domain, &domain_sid)) { + DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n")); + return NT_STATUS_UNSUCCESSFUL; + } - if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine, + if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine, NULL, 0, "IPC$", "IPC", "", "", - "", 0, NULL))) { - DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine)); - return NT_STATUS_UNSUCCESSFUL; - } + "", 0, NULL))) + { + DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine)); + return NT_STATUS_UNSUCCESSFUL; + } - /* - * Ok - we have an anonymous connection to the IPC$ share. - * Now start the NT Domain stuff :-). - */ - - if(cli_nt_session_open(cli, PI_NETLOGON) == False) { - DEBUG(0,("modify_trust_password: unable to open the domain client session to \ -machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli))); - cli_nt_session_close(cli); - cli_ulogoff(cli); - cli_shutdown(cli); - return NT_STATUS_UNSUCCESSFUL; - } - - nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx, + /* + * Ok - we have an anonymous connection to the IPC$ share. + * Now start the NT Domain stuff :-). + */ + + if(cli_nt_session_open(cli, PI_NETLOGON) == False) { + DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", + remote_machine, cli_errstr(cli))); + cli_nt_session_close(cli); + cli_ulogoff(cli); + cli_shutdown(cli); + return NT_STATUS_UNSUCCESSFUL; + } + + nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx, orig_trust_passwd_hash); - cli_nt_session_close(cli); - cli_ulogoff(cli); - cli_shutdown(cli); - return nt_status; + cli_nt_session_close(cli); + cli_ulogoff(cli); + cli_shutdown(cli); + + return nt_status; } /************************************************************************ Change the trust account password for a domain. ************************************************************************/ -NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine_list) +NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) { - fstring remote_machine; - unsigned char old_trust_passwd_hash[16]; - time_t lct; - NTSTATUS res = NT_STATUS_UNSUCCESSFUL; - - if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) { - DEBUG(0,("change_trust_account_password: unable to read the machine \ -account password for domain %s.\n", domain)); - return NT_STATUS_UNSUCCESSFUL; - } - - while(remote_machine_list && - next_token(&remote_machine_list, remote_machine, - LIST_SEP, sizeof(remote_machine))) { - strupper(remote_machine); - if(strequal(remote_machine, "*")) { - - /* - * We have been asked to dynamcially determine the IP addresses of the PDC. - */ - - struct in_addr pdc_ip; - fstring dc_name; - - /* Use the PDC *only* for this. */ - if(!get_pdc_ip(domain, &pdc_ip)) - continue; - - /* - * Try and connect to the PDC/BDC list in turn as an IP - * address used as a string. - */ - - if(!lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name)) - continue; - if(NT_STATUS_IS_OK(res = modify_trust_password( domain, dc_name, - old_trust_passwd_hash))) - break; - } else { - res = modify_trust_password( domain, remote_machine, - old_trust_passwd_hash); - } - - } - - if (!NT_STATUS_IS_OK(res)) { - DEBUG(0,("%s : change_trust_account_password: Failed to change password for \ -domain %s.\n", timestring(False), domain)); - } + unsigned char old_trust_passwd_hash[16]; + time_t lct; + NTSTATUS res = NT_STATUS_UNSUCCESSFUL; + struct in_addr pdc_ip; + fstring dc_name; + + + if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) { + DEBUG(0,("change_trust_account_password: unable to read the machine account password for domain %s.\n", + domain)); + return NT_STATUS_UNSUCCESSFUL; + } + + if (remote_machine == NULL || !strcmp(remote_machine, "*")) { + /* Use the PDC *only* for this */ + + if ( !get_pdc_ip(domain, &pdc_ip) ) { + DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); + goto failed; + } + + if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) ) + goto failed; + } + /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ + else { + fstrcpy( dc_name, remote_machine ); + } + + /* if this next call fails, then give up. We can't do + password changes on BDC's --jerry */ + + res = modify_trust_password(domain, dc_name, old_trust_passwd_hash); + +failed: + if (!NT_STATUS_IS_OK(res)) { + DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", + timestring(False), domain)); + } - return res; + return res; } -- cgit From f071020f5e49837154581c97c5af5f84d0e2de89 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 21 Apr 2003 14:09:03 +0000 Subject: Merge from HEAD - save the type of channel used to contact the DC. This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a) --- source3/smbd/change_trust_pw.c | 95 ++++++++++++++---------------------------- 1 file changed, 32 insertions(+), 63 deletions(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index a140978733..8aff96d0d6 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -24,26 +24,36 @@ #include "includes.h" -/********************************************************* - Change the domain password on the PDC. -**********************************************************/ +/************************************************************************ + Change the trust account password for a domain. +************************************************************************/ -static NTSTATUS modify_trust_password( const char *domain, const char *remote_machine, - unsigned char orig_trust_passwd_hash[16]) +NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) { + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct in_addr pdc_ip; + fstring dc_name; struct cli_state *cli; - DOM_SID domain_sid; - NTSTATUS nt_status; - /* - * Ensure we have the domain SID for this domain. - */ + if (remote_machine == NULL || !strcmp(remote_machine, "*")) { + /* Use the PDC *only* for this */ + + if ( !get_pdc_ip(domain, &pdc_ip) ) { + DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); + goto failed; + } - if (!secrets_fetch_domain_sid(domain, &domain_sid)) { - DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n")); - return NT_STATUS_UNSUCCESSFUL; + if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) ) + goto failed; } - + /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ + else { + fstrcpy( dc_name, remote_machine ); + } + + /* if this next call fails, then give up. We can't do + password changes on BDC's --jerry */ + if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine, NULL, 0, "IPC$", "IPC", @@ -51,7 +61,8 @@ static NTSTATUS modify_trust_password( const char *domain, const char *remote_ma "", 0, NULL))) { DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine)); - return NT_STATUS_UNSUCCESSFUL; + nt_status = NT_STATUS_UNSUCCESSFUL; + goto failed; } /* @@ -65,64 +76,22 @@ static NTSTATUS modify_trust_password( const char *domain, const char *remote_ma cli_nt_session_close(cli); cli_ulogoff(cli); cli_shutdown(cli); - return NT_STATUS_UNSUCCESSFUL; + nt_status = NT_STATUS_UNSUCCESSFUL; + goto failed; } - nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx, - orig_trust_passwd_hash); + nt_status = trust_pw_find_change_and_store_it(cli, cli->mem_ctx, + domain); cli_nt_session_close(cli); cli_ulogoff(cli); cli_shutdown(cli); - return nt_status; -} - -/************************************************************************ - Change the trust account password for a domain. -************************************************************************/ - -NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) -{ - unsigned char old_trust_passwd_hash[16]; - time_t lct; - NTSTATUS res = NT_STATUS_UNSUCCESSFUL; - struct in_addr pdc_ip; - fstring dc_name; - - - if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) { - DEBUG(0,("change_trust_account_password: unable to read the machine account password for domain %s.\n", - domain)); - return NT_STATUS_UNSUCCESSFUL; - } - - if (remote_machine == NULL || !strcmp(remote_machine, "*")) { - /* Use the PDC *only* for this */ - - if ( !get_pdc_ip(domain, &pdc_ip) ) { - DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); - goto failed; - } - - if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) ) - goto failed; - } - /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ - else { - fstrcpy( dc_name, remote_machine ); - } - - /* if this next call fails, then give up. We can't do - password changes on BDC's --jerry */ - - res = modify_trust_password(domain, dc_name, old_trust_passwd_hash); - failed: - if (!NT_STATUS_IS_OK(res)) { + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", timestring(False), domain)); } - return res; + return nt_status; } -- cgit From f51d769dd303027a3dbf46fc89a482933988e866 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 25 Jun 2003 17:41:05 +0000 Subject: large change: *) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091) --- source3/smbd/change_trust_pw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 8aff96d0d6..4993e285ca 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -43,7 +43,7 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m goto failed; } - if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) ) + if ( !name_status_find( domain, 0x1b, 0x20, pdc_ip, dc_name) ) goto failed; } /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ -- cgit From 29ca70cd34d3ba927ea1a9915ebd247f64965bd5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 30 Jul 2003 23:49:29 +0000 Subject: Add a command line option (-S on|off|required) to enable signing on client connections. Overrides smb.conf parameter if set. Jeremy. (This used to be commit 879309671df6b530e0bff69559422a417da4a307) --- source3/smbd/change_trust_pw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 4993e285ca..2eff77b1f7 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -58,7 +58,7 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m NULL, 0, "IPC$", "IPC", "", "", - "", 0, NULL))) + "", 0, Undefined, NULL))) { DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine)); nt_status = NT_STATUS_UNSUCCESSFUL; -- cgit From 399ac9a7031a5c52377832330ac36a58e8047112 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 26 Aug 2003 03:13:39 +0000 Subject: adding some debugs while tracking down a bug (This used to be commit 627ff578613b8762415cc03cbbaff68e70f96dbf) --- source3/smbd/change_trust_pw.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 2eff77b1f7..80c9fcb258 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -35,6 +35,9 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m fstring dc_name; struct cli_state *cli; + DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n", + domain)); + if (remote_machine == NULL || !strcmp(remote_machine, "*")) { /* Use the PDC *only* for this */ @@ -92,6 +95,8 @@ failed: DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", timestring(False), domain)); } + else + DEBUG(5,("change_trust_account_password: sucess!\n")); return nt_status; } -- cgit From b5f07b9ca802747816c407e9c79bcfb4009d605f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 10 Sep 2003 18:34:57 +0000 Subject: Fix for bug #273 - smbd crash on machine account change. Someone only half changed the code to use dc_name instead of remote machine... Found via back trace from Dariush Forouher . Jeremy. (This used to be commit 963b24ac1a721a8b0d348b578f25b1d8cb7e2124) --- source3/smbd/change_trust_pw.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 80c9fcb258..1178400e4d 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -48,22 +48,20 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m if ( !name_status_find( domain, 0x1b, 0x20, pdc_ip, dc_name) ) goto failed; - } - /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ - else { + } else { + /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ fstrcpy( dc_name, remote_machine ); } /* if this next call fails, then give up. We can't do password changes on BDC's --jerry */ - if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine, + if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name, NULL, 0, "IPC$", "IPC", "", "", - "", 0, Undefined, NULL))) - { - DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine)); + "", 0, Undefined, NULL))) { + DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name)); nt_status = NT_STATUS_UNSUCCESSFUL; goto failed; } @@ -75,7 +73,7 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m if(cli_nt_session_open(cli, PI_NETLOGON) == False) { DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", - remote_machine, cli_errstr(cli))); + dc_name, cli_errstr(cli))); cli_nt_session_close(cli); cli_ulogoff(cli); cli_shutdown(cli); @@ -83,8 +81,7 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m goto failed; } - nt_status = trust_pw_find_change_and_store_it(cli, cli->mem_ctx, - domain); + nt_status = trust_pw_find_change_and_store_it(cli, cli->mem_ctx, domain); cli_nt_session_close(cli); cli_ulogoff(cli); -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/smbd/change_trust_pw.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 1178400e4d..738d12151d 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -33,7 +33,8 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct in_addr pdc_ip; fstring dc_name; - struct cli_state *cli; + struct cli_state *cli = NULL; + struct rpc_pipe_client *netlogon_pipe = NULL; DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n", domain)); @@ -71,20 +72,18 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m * Now start the NT Domain stuff :-). */ - if(cli_nt_session_open(cli, PI_NETLOGON) == False) { + /* Shouldn't we open this with schannel ? JRA. */ + + netlogon_pipe = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &nt_status); + if (!netlogon_pipe) { DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", - dc_name, cli_errstr(cli))); - cli_nt_session_close(cli); - cli_ulogoff(cli); + dc_name, nt_errstr(nt_status))); cli_shutdown(cli); - nt_status = NT_STATUS_UNSUCCESSFUL; goto failed; } - nt_status = trust_pw_find_change_and_store_it(cli, cli->mem_ctx, domain); + nt_status = trust_pw_find_change_and_store_it(netlogon_pipe, cli->mem_ctx, domain); - cli_nt_session_close(cli); - cli_ulogoff(cli); cli_shutdown(cli); failed: -- cgit From fbdcf2663b56007a438ac4f0d8d82436b1bfe688 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Jul 2006 18:01:26 +0000 Subject: r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8) --- source3/smbd/change_trust_pw.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 738d12151d..31f03cc7fa 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -79,17 +79,19 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", dc_name, nt_errstr(nt_status))); cli_shutdown(cli); + cli = NULL; goto failed; } nt_status = trust_pw_find_change_and_store_it(netlogon_pipe, cli->mem_ctx, domain); cli_shutdown(cli); + cli = NULL; failed: if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", - timestring(False), domain)); + current_timestring(False), domain)); } else DEBUG(5,("change_trust_account_password: sucess!\n")); -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/smbd/change_trust_pw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 31f03cc7fa..99dbebf47b 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -9,7 +9,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/smbd/change_trust_pw.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 99dbebf47b..eb26e56ac5 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -18,8 +18,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ #include "includes.h" -- cgit From f88b7a076be74a29a3bf876b4e2705f4a1ecf42b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 24 Oct 2007 14:16:54 -0700 Subject: This is a large patch (sorry). Migrate from struct in_addr to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd) --- source3/smbd/change_trust_pw.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index eb26e56ac5..8ed0975781 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -30,7 +30,7 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct in_addr pdc_ip; + struct sockaddr_storage pdc_ss; fstring dc_name; struct cli_state *cli = NULL; struct rpc_pipe_client *netlogon_pipe = NULL; @@ -41,12 +41,12 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m if (remote_machine == NULL || !strcmp(remote_machine, "*")) { /* Use the PDC *only* for this */ - if ( !get_pdc_ip(domain, &pdc_ip) ) { + if ( !get_pdc_ip(domain, &pdc_ss) ) { DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); goto failed; } - if ( !name_status_find( domain, 0x1b, 0x20, pdc_ip, dc_name) ) + if ( !name_status_find( domain, 0x1b, 0x20, &pdc_ss, dc_name) ) goto failed; } else { /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ -- cgit From d2cf97aeba14a4d336fb57b01f19bd5a08dcb003 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 29 Nov 2007 13:24:54 -0800 Subject: Remove the explicit TALLOC_CTX * from cli_struct. Make us very explicit about how long a talloc ctx should last. Jeremy. (This used to be commit ba9e2be2b5a59684e854609f9d82ea1633448c62) --- source3/smbd/change_trust_pw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 8ed0975781..fc58e97ea7 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -82,7 +82,7 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m goto failed; } - nt_status = trust_pw_find_change_and_store_it(netlogon_pipe, cli->mem_ctx, domain); + nt_status = trust_pw_find_change_and_store_it(netlogon_pipe, netlogon_pipe->mem_ctx, domain); cli_shutdown(cli); cli = NULL; -- cgit From 9644b6cb50ec01c04a0d6ab17a8e39054fd8b0f8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 28 Mar 2008 15:49:13 +0100 Subject: Add a talloc context parameter to current_timestring() to fix memleaks. current_timestring used to return a string talloced to talloc_tos(). When called by DEBUG from a TALLOC_FREE, this produced messages "no talloc stackframe around, leaking memory". For example when used from net conf. This also adds a temporary talloc context to alloc_sub_basic(). For this purpose, the exit strategy is slightly altered: a common exit point is used for success and failure. Michael (This used to be commit 16b5800d4e3a8b88bac67b2550d14e0aaaa302a9) --- source3/smbd/change_trust_pw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index fc58e97ea7..4773eeff86 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -90,7 +90,7 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m failed: if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", - current_timestring(False), domain)); + current_timestring(debug_ctx(), False), domain)); } else DEBUG(5,("change_trust_account_password: sucess!\n")); -- cgit From b46d340fd5d7e88684ac77000e17c1899ff608b2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 19 Apr 2008 18:17:13 +0200 Subject: Refactoring: Make struct rpc_pipe_client its own talloc parent (This used to be commit a6d74a5a562b54f0b36934965f545fdeb1e8b34a) --- source3/smbd/change_trust_pw.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 4773eeff86..227b2d6899 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -82,7 +82,8 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m goto failed; } - nt_status = trust_pw_find_change_and_store_it(netlogon_pipe, netlogon_pipe->mem_ctx, domain); + nt_status = trust_pw_find_change_and_store_it( + netlogon_pipe, netlogon_pipe, domain); cli_shutdown(cli); cli = NULL; -- cgit From 1335da2a7cc639310e5d389e8e8dbe67c4e7ca25 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 20 Jul 2008 11:04:31 +0200 Subject: Refactoring: Change calling conventions for cli_rpc_pipe_open_noauth Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779) --- source3/smbd/change_trust_pw.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/smbd/change_trust_pw.c') diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 227b2d6899..72a72a78b5 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -73,8 +73,9 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m /* Shouldn't we open this with schannel ? JRA. */ - netlogon_pipe = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &nt_status); - if (!netlogon_pipe) { + nt_status = cli_rpc_pipe_open_noauth( + cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", dc_name, nt_errstr(nt_status))); cli_shutdown(cli); -- cgit