diff options
author | Karolin Seeger <kseeger@samba.org> | 2008-08-27 10:36:20 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2008-08-27 10:36:20 +0200 |
commit | 5d0b8788dcecbe1565b3ef0200386308c63588db (patch) | |
tree | 163effa83953e4c906db05702bca14b12b14fdd7 | |
parent | a76f0528ebae537166177409279c0f438c059b40 (diff) | |
download | samba-5d0b8788dcecbe1565b3ef0200386308c63588db.tar.gz |
Revert "Fix Bug #5710 and make machine account password changing work again."
This reverts commit 6d42b1e372b67eba83dbd5200bfb131b74cac180.
-rw-r--r-- | source/libsmb/trusts_util.c | 75 |
1 files changed, 23 insertions, 52 deletions
diff --git a/source/libsmb/trusts_util.c b/source/libsmb/trusts_util.c index 0535d1b521e..c3f5f2538aa 100644 --- a/source/libsmb/trusts_util.c +++ b/source/libsmb/trusts_util.c @@ -31,60 +31,34 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const unsigned char orig_trust_passwd_hash[16], - const char *new_trust_pwd_cleartext, const unsigned char new_trust_passwd_hash[16], uint32 sec_channel_type) { NTSTATUS result; - uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; - result = rpccli_netlogon_setup_creds(cli, - cli->cli->desthost, /* server name */ - lp_workgroup(), /* domain */ - global_myname(), /* client name */ - global_myname(), /* machine account name */ - orig_trust_passwd_hash, - sec_channel_type, - &neg_flags); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", - nt_errstr(result))); - return result; - } - - if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) { - - struct netr_Authenticator clnt_creds, srv_cred; - struct netr_CryptPassword new_password; - struct samr_CryptPassword password_buf; - - netlogon_creds_client_step(cli->dc, &clnt_creds); - - encode_pw_buffer(password_buf.data, new_trust_pwd_cleartext, STR_UNICODE); - - SamOEMhash(password_buf.data, cli->dc->sess_key, 516); - memcpy(new_password.data, password_buf.data, 512); - new_password.length = IVAL(password_buf.data, 512); - - result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx, - cli->dc->remote_machine, - cli->dc->mach_acct, - sec_channel_type, - global_myname(), - &clnt_creds, - &srv_cred, - &new_password); - - /* Always check returned credentials. */ - if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { - DEBUG(0,("rpccli_netr_ServerPasswordSet2: " - "credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; + /* Check if the netlogon pipe is open using schannel. If so we + already have valid creds. If not we must set them up. */ + + if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + + result = rpccli_netlogon_setup_creds(cli, + cli->cli->desthost, /* server name */ + lp_workgroup(), /* domain */ + global_myname(), /* client name */ + global_myname(), /* machine account name */ + orig_trust_passwd_hash, + sec_channel_type, + &neg_flags); + + if (!NT_STATUS_IS_OK(result)) { + DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", + nt_errstr(result))); + return result; } + } - } else { - + { struct netr_Authenticator clnt_creds, srv_cred; struct samr_Password new_password; @@ -144,11 +118,8 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m E_md4hash(new_trust_passwd, new_trust_passwd_hash); - nt_status = just_change_the_password(cli, mem_ctx, - orig_trust_passwd_hash, - new_trust_passwd, - new_trust_passwd_hash, - sec_channel_type); + nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash, + new_trust_passwd_hash, sec_channel_type); if (NT_STATUS_IS_OK(nt_status)) { DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n", |