From 58e8db912d2213a594714ac29866396098662557 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 18 Jun 2009 12:33:46 +1000 Subject: s4:libnet Allow 'net password change' to work on expired passwords We need to pass down flags to the DCE/RPC layer to allow fallback to anonymous connections, as we can't log in with an expired password. The anonymous connection can then change the password with SAMR. Andrew Bartlett --- source4/librpc/rpc/dcerpc.h | 2 ++ source4/librpc/rpc/dcerpc_connect.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/librpc') diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 7f573f0e84..ea92bcc93a 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -142,6 +142,8 @@ struct dcerpc_pipe { #define DCERPC_SCHANNEL (1<<9) +#define DCERPC_ANON_FALLBACK (1<<10) + /* use a 128 bit session key */ #define DCERPC_SCHANNEL_128 (1<<12) diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 0f9fbe0abc..1b1f039004 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -130,10 +130,10 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT * provide proper credentials - user supplied, but allow a * fallback to anonymous if this is an schannel connection * (might be NT4 not allowing machine logins at session - * setup). + * setup) or if asked to do so by the caller (perhaps a SAMR password change?) */ s->conn.in.credentials = s->io.creds; - if (s->io.binding->flags & DCERPC_SCHANNEL) { + if (s->io.binding->flags & (DCERPC_SCHANNEL|DCERPC_ANON_FALLBACK)) { conn->in.fallback_to_anonymous = true; } else { conn->in.fallback_to_anonymous = false; -- cgit