2 Unix SMB/CIFS implementation.
3 NT Domain Authentication SMB / MSRPC client
4 Copyright (C) Andrew Tridgell 1992-2000
5 Copyright (C) Jeremy Allison 1998.
6 Largely re-written by Jeremy Allison (C) 2005.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 /* LSA Request Challenge. Sends our challenge to server, then gets
25 server response. These are used to generate the credentials.
26 The sent and received challenges are stored in the netlog pipe
27 private data. Only call this via rpccli_netlogon_setup_creds(). JRA.
30 static NTSTATUS rpccli_net_req_chal(struct rpc_pipe_client *cli,
32 const char *server_name,
33 const char *clnt_name,
34 const DOM_CHAL *clnt_chal_in,
35 DOM_CHAL *srv_chal_out)
37 prs_struct qbuf, rbuf;
40 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
42 /* create and send a MSRPC command with api NET_REQCHAL */
44 DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s\n",
45 clnt_name, server_name));
47 /* store the parameters */
48 init_q_req_chal(&q, server_name, clnt_name, clnt_chal_in);
50 /* Marshall data and send request */
51 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_REQCHAL,
56 NT_STATUS_UNSUCCESSFUL);
62 if (NT_STATUS_IS_OK(result)) {
63 /* Store the returned server challenge. */
64 *srv_chal_out = r.srv_chal;
71 /****************************************************************************
74 Send the client credential, receive back a server credential.
75 Ensure that the server credential returned matches the session key
76 encrypt of the server challenge originally received. JRA.
77 ****************************************************************************/
79 NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
81 uint32 *neg_flags, DOM_CHAL *srv_chal)
83 prs_struct qbuf, rbuf;
86 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
89 if ( sec_chan == SEC_CHAN_DOMAIN )
90 fstr_sprintf( machine_acct, "%s$", lp_workgroup() );
92 fstrcpy( machine_acct, cli->mach_acct );
94 /* create and send a MSRPC command with api NET_AUTH2 */
96 DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
97 cli->srv_name_slash, machine_acct, sec_chan, global_myname(),
98 credstr(cli->clnt_cred.challenge.data), *neg_flags));
100 /* store the parameters */
102 init_q_auth_2(&q, cli->srv_name_slash, machine_acct,
103 sec_chan, global_myname(), &cli->clnt_cred.challenge,
106 /* turn parameters into data stream */
108 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH2,
113 NT_STATUS_UNSUCCESSFUL);
117 if (NT_STATUS_IS_OK(result)) {
121 * Check the returned value using the initial
122 * server received challenge.
126 if (cred_assert( &r.srv_chal, cli->sess_key, srv_chal, zerotime) == 0) {
129 * Server replied with bad credential. Fail.
131 DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
132 password ?).\n", cli->cli->desthost ));
133 return NT_STATUS_ACCESS_DENIED;
135 *neg_flags = r.srv_flgs.neg_flags;
142 /****************************************************************************
145 Send the client credential, receive back a server credential.
146 The caller *must* ensure that the server credential returned matches the session key
147 encrypt of the server challenge originally received. JRA.
148 ****************************************************************************/
150 static NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
152 const char *server_name,
153 const char *account_name,
154 uint16 sec_chan_type,
155 const char *computer_name,
156 uint32 *neg_flags_inout,
157 const DOM_CHAL *clnt_chal_in,
158 DOM_CHAL *srv_chal_out)
160 prs_struct qbuf, rbuf;
163 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
165 /* create and send a MSRPC command with api NET_AUTH2 */
167 DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n",
168 server_name, account_name, sec_chan_type, computer_name,
171 /* store the parameters */
173 init_q_auth_2(&q, server_name, account_name, sec_chan_type,
174 computer_name, clnt_chal_in, *neg_flags_inout);
176 /* turn parameters into data stream */
178 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH2,
183 NT_STATUS_UNSUCCESSFUL);
187 if (NT_STATUS_IS_OK(result)) {
188 *srv_chal_out = r.srv_chal;
189 *neg_flags_inout = r.srv_flgs.neg_flags;
195 #if 0 /* not currebntly used */
196 /****************************************************************************
199 Send the client credential, receive back a server credential.
200 The caller *must* ensure that the server credential returned matches the session key
201 encrypt of the server challenge originally received. JRA.
202 ****************************************************************************/
204 static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli,
206 const char *server_name,
207 const char *account_name,
208 uint16 sec_chan_type,
209 const char *computer_name,
210 uint32 *neg_flags_inout,
211 const DOM_CHAL *clnt_chal_in,
212 DOM_CHAL *srv_chal_out)
214 prs_struct qbuf, rbuf;
217 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
219 /* create and send a MSRPC command with api NET_AUTH2 */
221 DEBUG(4,("cli_net_auth3: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
222 server_name, account_name, sec_chan_type, computer_name,
223 credstr(clnt_chal_in->data), *neg_flags_inout));
225 /* store the parameters */
226 init_q_auth_3(&q, server_name, account_name, sec_chan_type,
227 computer_name, clnt_chal_in, *neg_flags_inout);
229 /* turn parameters into data stream */
231 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH3,
236 NT_STATUS_UNSUCCESSFUL);
238 if (NT_STATUS_IS_OK(result)) {
239 *srv_chal_out = r.srv_chal;
240 *neg_flags_inout = r.srv_flgs.neg_flags;
245 #endif /* not currebntly used */
247 /****************************************************************************
248 Wrapper function that uses the auth and auth2 calls to set up a NETLOGON
249 credentials chain. Stores the credentials in the struct dcinfo in the
250 netlogon pipe struct.
251 ****************************************************************************/
253 NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
254 const char *server_name,
256 const char *clnt_name,
257 const char *machine_account,
258 const unsigned char machine_pwd[16],
259 uint32 sec_chan_type,
260 uint32 *neg_flags_inout)
262 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
263 DOM_CHAL clnt_chal_send;
264 DOM_CHAL srv_chal_recv;
267 SMB_ASSERT(cli->pipe_idx == PI_NETLOGON);
271 return NT_STATUS_INVALID_PARAMETER;
274 /* Ensure we don't reuse any of this state. */
277 /* Store the machine account password we're going to use. */
278 memcpy(dc->mach_pw, machine_pwd, 16);
280 fstrcpy(dc->remote_machine, "\\\\");
281 fstrcat(dc->remote_machine, server_name);
283 fstrcpy(dc->domain, domain);
285 fstr_sprintf( dc->mach_acct, "%s$", machine_account);
287 /* Create the client challenge. */
288 generate_random_buffer(clnt_chal_send.data, 8);
290 /* Get the server challenge. */
291 result = rpccli_net_req_chal(cli,
298 if (!NT_STATUS_IS_OK(result)) {
302 /* Calculate the session key and client credentials */
303 creds_client_init(*neg_flags_inout,
311 * Send client auth-2 challenge and receive server repy.
314 result = rpccli_net_auth2(cli,
321 &clnt_chal_send, /* input. */
322 &srv_chal_recv); /* output */
324 if (!NT_STATUS_IS_OK(result)) {
329 * Check the returned value using the initial
330 * server received challenge.
333 if (!creds_client_check(dc, &srv_chal_recv)) {
335 * Server replied with bad credential. Fail.
337 DEBUG(0,("rpccli_netlogon_setup_creds: server %s "
338 "replied with bad credential\n",
339 cli->cli->desthost ));
340 return NT_STATUS_ACCESS_DENIED;
343 DEBUG(5,("rpccli_netlogon_setup_creds: server %s credential "
344 "chain established.\n",
345 cli->cli->desthost ));
350 /* Logon Control 2 */
352 NTSTATUS rpccli_netlogon_logon_ctrl2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
355 prs_struct qbuf, rbuf;
358 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
364 /* Initialise input parameters */
366 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
367 init_net_q_logon_ctrl2(&q, server, query_level);
369 /* Marshall data and send request */
371 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_LOGON_CTRL2,
374 net_io_q_logon_ctrl2,
375 net_io_r_logon_ctrl2,
376 NT_STATUS_UNSUCCESSFUL);
382 static WERROR pull_domain_controller_info_from_getdcname_reply(TALLOC_CTX *mem_ctx,
383 struct DS_DOMAIN_CONTROLLER_INFO **info_out,
384 NET_R_DSR_GETDCNAME *r)
386 struct DS_DOMAIN_CONTROLLER_INFO *info;
388 info = TALLOC_ZERO_P(mem_ctx, struct DS_DOMAIN_CONTROLLER_INFO);
393 if (&r->uni_dc_unc) {
396 tmp = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_unc);
398 return WERR_GENERAL_FAILURE;
400 if (*tmp == '\\') tmp += 1;
401 if (*tmp == '\\') tmp += 1;
403 info->domain_controller_name = talloc_strdup(mem_ctx, tmp);
404 if (info->domain_controller_name == NULL) {
405 return WERR_GENERAL_FAILURE;
409 if (&r->uni_dc_address) {
412 tmp = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_address);
414 return WERR_GENERAL_FAILURE;
416 if (*tmp == '\\') tmp += 1;
417 if (*tmp == '\\') tmp += 1;
419 info->domain_controller_address = talloc_strdup(mem_ctx, tmp);
420 if (info->domain_controller_address == NULL) {
421 return WERR_GENERAL_FAILURE;
425 info->domain_controller_address_type = r->dc_address_type;
427 info->domain_guid = (struct GUID *)talloc_memdup(
428 mem_ctx, &r->domain_guid, sizeof(struct GUID));
429 if (!info->domain_guid) {
430 return WERR_GENERAL_FAILURE;
433 if (&r->uni_domain_name) {
434 info->domain_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_domain_name);
435 if (!info->domain_name) {
436 return WERR_GENERAL_FAILURE;
440 if (&r->uni_forest_name) {
441 info->dns_forest_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_forest_name);
442 if (!info->dns_forest_name) {
443 return WERR_GENERAL_FAILURE;
447 info->flags = r->dc_flags;
449 if (&r->uni_dc_site_name) {
450 info->dc_site_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_site_name);
451 if (!info->dc_site_name) {
452 return WERR_GENERAL_FAILURE;
456 if (&r->uni_client_site_name) {
457 info->client_site_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_client_site_name);
458 if (!info->client_site_name) {
459 return WERR_GENERAL_FAILURE;
470 WERROR rpccli_netlogon_dsr_getdcname(struct rpc_pipe_client *cli,
472 const char *server_name,
473 const char *domain_name,
474 struct GUID *domain_guid,
475 struct GUID *site_guid,
477 struct DS_DOMAIN_CONTROLLER_INFO **info_out)
479 prs_struct qbuf, rbuf;
480 NET_Q_DSR_GETDCNAME q;
481 NET_R_DSR_GETDCNAME r;
487 /* Initialize input parameters */
489 tmp_str = talloc_asprintf(mem_ctx, "\\\\%s", server_name);
490 if (tmp_str == NULL) {
494 init_net_q_dsr_getdcname(&q, tmp_str, domain_name, domain_guid,
497 /* Marshall data and send request */
499 CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETDCNAME,
502 net_io_q_dsr_getdcname,
503 net_io_r_dsr_getdcname,
504 WERR_GENERAL_FAILURE);
506 if (!W_ERROR_IS_OK(r.result)) {
510 r.result = pull_domain_controller_info_from_getdcname_reply(mem_ctx, info_out, &r);
511 if (!W_ERROR_IS_OK(r.result)) {
518 /* Sam synchronisation */
520 NTSTATUS rpccli_netlogon_sam_sync(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
521 uint32 database_id, uint32 next_rid, uint32 *num_deltas,
522 SAM_DELTA_HDR **hdr_deltas,
523 SAM_DELTA_CTR **deltas)
525 prs_struct qbuf, rbuf;
528 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
535 ZERO_STRUCT(ret_creds);
537 /* Initialise input parameters */
539 creds_client_step(cli->dc, &clnt_creds);
541 init_net_q_sam_sync(&q, cli->dc->remote_machine, global_myname(),
542 &clnt_creds, &ret_creds, database_id, next_rid);
544 /* Marshall data and send request */
546 CLI_DO_RPC_COPY_SESS_KEY(cli, mem_ctx, PI_NETLOGON, NET_SAM_SYNC,
551 NT_STATUS_UNSUCCESSFUL);
556 *num_deltas = r.num_deltas2;
557 *hdr_deltas = r.hdr_deltas;
560 if (!NT_STATUS_IS_ERR(result)) {
561 /* Check returned credentials. */
562 if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
563 DEBUG(0,("cli_netlogon_sam_sync: credentials chain check failed\n"));
564 return NT_STATUS_ACCESS_DENIED;
571 /* Sam synchronisation */
573 NTSTATUS rpccli_netlogon_sam_deltas(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
574 uint32 database_id, uint64 seqnum,
576 SAM_DELTA_HDR **hdr_deltas,
577 SAM_DELTA_CTR **deltas)
579 prs_struct qbuf, rbuf;
582 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
588 /* Initialise input parameters */
590 creds_client_step(cli->dc, &clnt_creds);
592 init_net_q_sam_deltas(&q, cli->dc->remote_machine,
593 global_myname(), &clnt_creds,
594 database_id, seqnum);
596 /* Marshall data and send request */
598 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAM_DELTAS,
603 NT_STATUS_UNSUCCESSFUL);
608 *num_deltas = r.num_deltas2;
609 *hdr_deltas = r.hdr_deltas;
612 if (!NT_STATUS_IS_ERR(result)) {
613 /* Check returned credentials. */
614 if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
615 DEBUG(0,("cli_netlogon_sam_sync: credentials chain check failed\n"));
616 return NT_STATUS_ACCESS_DENIED;
623 /* Logon domain user */
625 NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
627 uint32 logon_parameters,
629 const char *username,
630 const char *password,
631 const char *workstation,
634 prs_struct qbuf, rbuf;
637 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
641 NET_USER_INFO_3 user;
642 int validation_level = 3;
643 fstring clnt_name_slash;
647 ZERO_STRUCT(ret_creds);
650 fstr_sprintf( clnt_name_slash, "\\\\%s", workstation );
652 fstr_sprintf( clnt_name_slash, "\\\\%s", global_myname() );
655 /* Initialise input parameters */
657 creds_client_step(cli->dc, &clnt_creds);
659 q.validation_level = validation_level;
661 ctr.switch_value = logon_type;
663 switch (logon_type) {
664 case INTERACTIVE_LOGON_TYPE: {
665 unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
667 nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
669 init_id_info1(&ctr.auth.id1, domain,
670 logon_parameters, /* param_ctrl */
671 0xdead, 0xbeef, /* LUID? */
672 username, clnt_name_slash,
673 (const char *)cli->dc->sess_key, lm_owf_user_pwd,
678 case NET_LOGON_TYPE: {
680 unsigned char local_lm_response[24];
681 unsigned char local_nt_response[24];
683 generate_random_buffer(chal, 8);
685 SMBencrypt(password, chal, local_lm_response);
686 SMBNTencrypt(password, chal, local_nt_response);
688 init_id_info2(&ctr.auth.id2, domain,
689 logon_parameters, /* param_ctrl */
690 0xdead, 0xbeef, /* LUID? */
691 username, clnt_name_slash, chal,
692 local_lm_response, 24, local_nt_response, 24);
696 DEBUG(0, ("switch value %d not supported\n",
698 return NT_STATUS_INVALID_INFO_CLASS;
703 init_sam_info(&q.sam_id, cli->dc->remote_machine, global_myname(),
704 &clnt_creds, &ret_creds, logon_type,
707 /* Marshall data and send request */
709 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON,
714 NT_STATUS_UNSUCCESSFUL);
720 if (r.buffer_creds) {
721 /* Check returned credentials if present. */
722 if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
723 DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n"));
724 return NT_STATUS_ACCESS_DENIED;
733 * Logon domain user with an 'network' SAM logon
735 * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller.
738 NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
740 uint32 logon_parameters,
742 const char *username,
744 const char *workstation,
746 DATA_BLOB lm_response,
747 DATA_BLOB nt_response,
748 NET_USER_INFO_3 *info3)
750 prs_struct qbuf, rbuf;
753 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
755 int validation_level = 3;
756 const char *workstation_name_slash;
757 const char *server_name_slash;
766 ZERO_STRUCT(ret_creds);
768 creds_client_step(cli->dc, &clnt_creds);
770 if (server[0] != '\\' && server[1] != '\\') {
771 server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server);
773 server_name_slash = server;
776 if (workstation[0] != '\\' && workstation[1] != '\\') {
777 workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
779 workstation_name_slash = workstation;
782 if (!workstation_name_slash || !server_name_slash) {
783 DEBUG(0, ("talloc_asprintf failed!\n"));
784 return NT_STATUS_NO_MEMORY;
787 /* Initialise input parameters */
789 q.validation_level = validation_level;
791 ctr.switch_value = NET_LOGON_TYPE;
793 init_id_info2(&ctr.auth.id2, domain,
794 logon_parameters, /* param_ctrl */
795 0xdead, 0xbeef, /* LUID? */
796 username, workstation_name_slash, (const uchar*)chal,
797 lm_response.data, lm_response.length, nt_response.data, nt_response.length);
799 init_sam_info(&q.sam_id, server_name_slash, global_myname(),
800 &clnt_creds, &ret_creds, NET_LOGON_TYPE,
805 /* Marshall data and send request */
807 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON,
812 NT_STATUS_UNSUCCESSFUL);
814 if (memcmp(zeros, info3->user_sess_key, 16) != 0) {
815 SamOEMhash(info3->user_sess_key, cli->dc->sess_key, 16);
817 memset(info3->user_sess_key, '\0', 16);
820 if (memcmp(zeros, info3->lm_sess_key, 8) != 0) {
821 SamOEMhash(info3->lm_sess_key, cli->dc->sess_key, 8);
823 memset(info3->lm_sess_key, '\0', 8);
826 for (i=0; i < 7; i++) {
827 memset(&info3->unknown[i], '\0', 4);
834 if (r.buffer_creds) {
835 /* Check returned credentials if present. */
836 if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
837 DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n"));
838 return NT_STATUS_ACCESS_DENIED;
845 NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
847 uint32 logon_parameters,
849 const char *username,
851 const char *workstation,
853 DATA_BLOB lm_response,
854 DATA_BLOB nt_response,
855 NET_USER_INFO_3 *info3)
857 prs_struct qbuf, rbuf;
858 NET_Q_SAM_LOGON_EX q;
859 NET_R_SAM_LOGON_EX r;
860 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
862 int validation_level = 3;
863 const char *workstation_name_slash;
864 const char *server_name_slash;
872 if (server[0] != '\\' && server[1] != '\\') {
873 server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server);
875 server_name_slash = server;
878 if (workstation[0] != '\\' && workstation[1] != '\\') {
879 workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
881 workstation_name_slash = workstation;
884 if (!workstation_name_slash || !server_name_slash) {
885 DEBUG(0, ("talloc_asprintf failed!\n"));
886 return NT_STATUS_NO_MEMORY;
889 /* Initialise input parameters */
891 q.validation_level = validation_level;
893 ctr.switch_value = NET_LOGON_TYPE;
895 init_id_info2(&ctr.auth.id2, domain,
896 logon_parameters, /* param_ctrl */
897 0xdead, 0xbeef, /* LUID? */
898 username, workstation_name_slash, (const uchar*)chal,
899 lm_response.data, lm_response.length, nt_response.data,
902 init_sam_info_ex(&q.sam_id, server_name_slash, global_myname(),
903 NET_LOGON_TYPE, &ctr);
907 /* Marshall data and send request */
909 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON_EX,
911 net_io_q_sam_logon_ex,
912 net_io_r_sam_logon_ex,
913 NT_STATUS_UNSUCCESSFUL);
915 if (memcmp(zeros, info3->user_sess_key, 16) != 0) {
916 SamOEMhash(info3->user_sess_key, cli->dc->sess_key, 16);
918 memset(info3->user_sess_key, '\0', 16);
921 if (memcmp(zeros, info3->lm_sess_key, 8) != 0) {
922 SamOEMhash(info3->lm_sess_key, cli->dc->sess_key, 8);
924 memset(info3->lm_sess_key, '\0', 8);
927 for (i=0; i < 7; i++) {
928 memset(&info3->unknown[i], '\0', 4);
938 /***************************************************************************
939 LSA Server Password Set.
940 ****************************************************************************/
942 NTSTATUS rpccli_net_srv_pwset(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
943 const char *machine_name, const uint8 hashed_mach_pwd[16])
950 uint16 sec_chan_type = 2;
953 creds_client_step(cli->dc, &clnt_creds);
955 DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s\n",
956 cli->dc->remote_machine, cli->dc->mach_acct, sec_chan_type, machine_name));
958 /* store the parameters */
959 init_q_srv_pwset(&q, cli->dc->remote_machine, (const char *)cli->dc->sess_key,
960 cli->dc->mach_acct, sec_chan_type, machine_name,
961 &clnt_creds, hashed_mach_pwd);
963 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SRVPWSET,
968 NT_STATUS_UNSUCCESSFUL);
972 if (!NT_STATUS_IS_OK(result)) {
973 /* report error code */
974 DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(result)));
977 /* Always check returned credentials. */
978 if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) {
979 DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n"));
980 return NT_STATUS_ACCESS_DENIED;