s3:libnet: use rpccli_{create,setup}_netlogon_creds() in libnet_join_joindomain_rpc_u...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 6e653c3586d6625992ad0aa749c55d76d9117290..a87eb382d6bf2ff6dea2307f091b7c84592a0e31 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -817,14 +817,17 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
                                                    struct libnet_JoinCtx *r,
                                                    struct cli_state *cli)
 {
-       struct rpc_pipe_client *pipe_hnd = NULL;
-       unsigned char orig_trust_passwd_hash[16];
-       unsigned char new_trust_passwd_hash[16];
+       TALLOC_CTX *frame = talloc_stackframe();
+       struct rpc_pipe_client *netlogon_pipe = NULL;
+       struct netlogon_creds_cli_context *netlogon_creds = NULL;
+       struct samr_Password current_nt_hash;
+       const char *account_name = NULL;
        NTSTATUS status;
 
        status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
-                                         &pipe_hnd);
+                                         &netlogon_pipe);
        if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(frame);
                return status;
        }
 
@@ -832,22 +835,55 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
                r->in.machine_password = generate_random_password(mem_ctx,
                                DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH,
                                DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
-               NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password);
+               if (r->in.machine_password == NULL) {
+                       TALLOC_FREE(frame);
+                       return NT_STATUS_NO_MEMORY;
+               }
        }
 
-       E_md4hash(r->in.machine_password, new_trust_passwd_hash);
-
        /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */
-       E_md4hash(r->in.admin_password, orig_trust_passwd_hash);
+       E_md4hash(r->in.admin_password, current_nt_hash.hash);
 
-       status = rpccli_netlogon_set_trust_password(pipe_hnd, mem_ctx,
-                                                   r->in.machine_name,
-                                                   orig_trust_passwd_hash,
-                                                   r->in.machine_password,
-                                                   new_trust_passwd_hash,
-                                                   r->in.secure_channel_type);
+       account_name = talloc_asprintf(frame, "%s$",
+                                      r->in.machine_name);
+       if (account_name == NULL) {
+               TALLOC_FREE(frame);
+               return NT_STATUS_NO_MEMORY;
+       }
 
-       return status;
+       status = rpccli_create_netlogon_creds(netlogon_pipe->desthost,
+                                             r->in.domain_name,
+                                             account_name,
+                                             r->in.secure_channel_type,
+                                             r->in.msg_ctx,
+                                             frame,
+                                             &netlogon_creds);
+       if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(frame);
+               return status;
+       }
+
+       status = rpccli_setup_netlogon_creds(cli,
+                                            netlogon_creds,
+                                            true, /* force_reauth */
+                                            current_nt_hash,
+                                            NULL); /* previous_nt_hash */
+       if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(frame);
+               return status;
+       }
+
+       status = netlogon_creds_cli_ServerPasswordSet(netlogon_creds,
+                                                     netlogon_pipe->binding_handle,
+                                                     r->in.machine_password,
+                                                     NULL); /* new_version */
+       if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(frame);
+               return status;
+       }
+
+       TALLOC_FREE(frame);
+       return NT_STATUS_OK;
 }
 
 /****************************************************************