diff options
Diffstat (limited to 'source/rpc_client/cli_trust.c')
-rw-r--r-- | source/rpc_client/cli_trust.c | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/source/rpc_client/cli_trust.c b/source/rpc_client/cli_trust.c index 440cc5143a2..c910e2f334a 100644 --- a/source/rpc_client/cli_trust.c +++ b/source/rpc_client/cli_trust.c @@ -35,6 +35,17 @@ static BOOL modify_trust_password( char *domain, char *remote_machine, unsigned char new_trust_passwd_hash[16]) { struct cli_state cli; + NTSTATUS result; + DOM_SID domain_sid; + + /* + * Ensure we have the domain SID for this domain. + */ + + if (!secrets_fetch_domain_sid(domain, &domain_sid)) { + DEBUG(0, ("domain_client_validate: unable to fetch domain sid.\n")); + return False; + } ZERO_STRUCT(cli); if(cli_initialise(&cli) == NULL) { @@ -115,13 +126,6 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); * Now start the NT Domain stuff :-). */ - if(cli_lsa_get_domain_sid(&cli, remote_machine) == False) { - DEBUG(0,("modify_trust_password: unable to obtain domain sid from %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); - cli_ulogoff(&cli); - cli_shutdown(&cli); - return False; - } - if(cli_nt_session_open(&cli, PIPE_NETLOGON) == False) { DEBUG(0,("modify_trust_password: unable to open the domain client session to \ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); @@ -131,9 +135,11 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); return False; } - if(cli_nt_setup_creds(&cli, orig_trust_passwd_hash) == False) { + result = cli_nt_setup_creds(&cli, orig_trust_passwd_hash); + + if (!NT_STATUS_IS_OK(result)) { DEBUG(0,("modify_trust_password: unable to setup the PDC credentials to machine \ -%s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); +%s. Error was : %s.\n", remote_machine, get_nt_error_msg(result))); cli_nt_session_close(&cli); cli_ulogoff(&cli); cli_shutdown(&cli); @@ -207,15 +213,14 @@ account password for domain %s.\n", domain)); for(i = 0; i < count; i++) { fstring dc_name; - if(!lookup_pdc_name(global_myname, domain, &ip_list[i], dc_name)) + if(!lookup_dc_name(global_myname, domain, &ip_list[i], dc_name)) continue; if((res = modify_trust_password( domain, dc_name, old_trust_passwd_hash, new_trust_passwd_hash))) break; } - if(ip_list != NULL) - free((char *)ip_list); + SAFE_FREE(ip_list); } else { res = modify_trust_password( domain, remote_machine, |