Changeset 204 for branches/samba-3.2.x/source/libsmb/trusts_util.c
- Timestamp:
- May 20, 2009, 6:46:53 PM (16 years ago)
- File:
-
- 1 edited
-
branches/samba-3.2.x/source/libsmb/trusts_util.c (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.2.x/source/libsmb/trusts_util.c
r133 r204 32 32 static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 33 33 const unsigned char orig_trust_passwd_hash[16], 34 const char *new_trust_pwd_cleartext, 34 35 const unsigned char new_trust_passwd_hash[16], 35 36 uint32 sec_channel_type) 36 37 { 37 38 NTSTATUS result; 38 39 /* Check if the netlogon pipe is open using schannel. If so we 40 already have valid creds. If not we must set them up. */ 41 42 if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { 43 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 44 45 result = rpccli_netlogon_setup_creds(cli, 46 cli->cli->desthost, /* server name */ 47 lp_workgroup(), /* domain */ 48 global_myname(), /* client name */ 49 global_myname(), /* machine account name */ 50 orig_trust_passwd_hash, 51 sec_channel_type, 52 &neg_flags); 53 54 if (!NT_STATUS_IS_OK(result)) { 55 DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", 56 nt_errstr(result))); 57 return result; 39 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 40 41 result = rpccli_netlogon_setup_creds(cli, 42 cli->cli->desthost, /* server name */ 43 lp_workgroup(), /* domain */ 44 global_myname(), /* client name */ 45 global_myname(), /* machine account name */ 46 orig_trust_passwd_hash, 47 sec_channel_type, 48 &neg_flags); 49 50 if (!NT_STATUS_IS_OK(result)) { 51 DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", 52 nt_errstr(result))); 53 return result; 54 } 55 56 if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) { 57 58 struct netr_Authenticator clnt_creds, srv_cred; 59 struct netr_CryptPassword new_password; 60 struct samr_CryptPassword password_buf; 61 62 netlogon_creds_client_step(cli->dc, &clnt_creds); 63 64 encode_pw_buffer(password_buf.data, new_trust_pwd_cleartext, STR_UNICODE); 65 66 SamOEMhash(password_buf.data, cli->dc->sess_key, 516); 67 memcpy(new_password.data, password_buf.data, 512); 68 new_password.length = IVAL(password_buf.data, 512); 69 70 result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx, 71 cli->dc->remote_machine, 72 cli->dc->mach_acct, 73 sec_channel_type, 74 global_myname(), 75 &clnt_creds, 76 &srv_cred, 77 &new_password); 78 79 /* Always check returned credentials. */ 80 if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { 81 DEBUG(0,("rpccli_netr_ServerPasswordSet2: " 82 "credentials chain check failed\n")); 83 return NT_STATUS_ACCESS_DENIED; 58 84 } 59 } 60 61 { 85 86 } else { 87 62 88 struct netr_Authenticator clnt_creds, srv_cred; 63 89 struct samr_Password new_password; … … 119 145 E_md4hash(new_trust_passwd, new_trust_passwd_hash); 120 146 121 nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash, 122 new_trust_passwd_hash, sec_channel_type); 147 nt_status = just_change_the_password(cli, mem_ctx, 148 orig_trust_passwd_hash, 149 new_trust_passwd, 150 new_trust_passwd_hash, 151 sec_channel_type); 123 152 124 153 if (NT_STATUS_IS_OK(nt_status)) {
Note:
See TracChangeset
for help on using the changeset viewer.
