*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
#include "includes.h"
-/*********************************************************
- Change the domain password on the PDC.
-**********************************************************/
-
-static NTSTATUS modify_trust_password( const char *domain, const char *remote_machine,
- unsigned char orig_trust_passwd_hash[16])
-{
- struct cli_state *cli;
- DOM_SID domain_sid;
- NTSTATUS nt_status;
-
- /*
- * Ensure we have the domain SID for this domain.
- */
-
- if (!secrets_fetch_domain_sid(domain, &domain_sid)) {
- DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine,
- NULL, 0,
- "IPC$", "IPC",
- "", "",
- "", 0, NULL)))
- {
- DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /*
- * Ok - we have an anonymous connection to the IPC$ share.
- * Now start the NT Domain stuff :-).
- */
-
- if(cli_nt_session_open(cli, PI_NETLOGON) == False) {
- DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n",
- remote_machine, cli_errstr(cli)));
- cli_nt_session_close(cli);
- cli_ulogoff(cli);
- cli_shutdown(cli);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx,
- orig_trust_passwd_hash);
-
- cli_nt_session_close(cli);
- cli_ulogoff(cli);
- cli_shutdown(cli);
-
- return nt_status;
-}
-
/************************************************************************
Change the trust account password for a domain.
************************************************************************/
NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine)
{
- unsigned char old_trust_passwd_hash[16];
- time_t lct;
- NTSTATUS res = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct in_addr pdc_ip;
fstring dc_name;
+ struct cli_state *cli = NULL;
+ struct rpc_pipe_client *netlogon_pipe = NULL;
-
- if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) {
- DEBUG(0,("change_trust_account_password: unable to read the machine account password for domain %s.\n",
- domain));
- return NT_STATUS_UNSUCCESSFUL;
- }
+ DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n",
+ domain));
if (remote_machine == NULL || !strcmp(remote_machine, "*")) {
/* Use the PDC *only* for this */
goto failed;
}
- if ( !lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name) )
+ if ( !name_status_find( domain, 0x1b, 0x20, pdc_ip, dc_name) )
goto failed;
- }
- /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
- else {
+ } else {
+ /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
fstrcpy( dc_name, remote_machine );
}
/* if this next call fails, then give up. We can't do
password changes on BDC's --jerry */
- res = modify_trust_password(domain, dc_name, old_trust_passwd_hash);
+ if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name,
+ NULL, 0,
+ "IPC$", "IPC",
+ "", "",
+ "", 0, Undefined, NULL))) {
+ DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name));
+ nt_status = NT_STATUS_UNSUCCESSFUL;
+ goto failed;
+ }
+
+ /*
+ * Ok - we have an anonymous connection to the IPC$ share.
+ * Now start the NT Domain stuff :-).
+ */
+
+ /* Shouldn't we open this with schannel ? JRA. */
+
+ netlogon_pipe = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &nt_status);
+ if (!netlogon_pipe) {
+ DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n",
+ dc_name, nt_errstr(nt_status)));
+ cli_shutdown(cli);
+ cli = NULL;
+ goto failed;
+ }
+
+ nt_status = trust_pw_find_change_and_store_it(netlogon_pipe, cli->mem_ctx, domain);
+
+ cli_shutdown(cli);
+ cli = NULL;
failed:
- if (!NT_STATUS_IS_OK(res)) {
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n",
- timestring(False), domain));
+ current_timestring(False), domain));
}
+ else
+ DEBUG(5,("change_trust_account_password: sucess!\n"));
- return res;
+ return nt_status;
}