2 * Unix SMB/CIFS implementation.
3 * Periodic Trust account password changing.
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1998.
8 * Copyright (C) Andrew Bartlett 2001.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 /*********************************************************
28 Change the domain password on the PDC.
29 **********************************************************/
31 static NTSTATUS modify_trust_password( const char *domain, const char *remote_machine,
32 unsigned char orig_trust_passwd_hash[16])
34 struct cli_state *cli;
39 * Ensure we have the domain SID for this domain.
42 if (!secrets_fetch_domain_sid(domain, &domain_sid)) {
43 DEBUG(0, ("modify_trust_password: unable to fetch domain sid.\n"));
44 return NT_STATUS_UNSUCCESSFUL;
47 if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), remote_machine,
52 DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine));
53 return NT_STATUS_UNSUCCESSFUL;
57 * Ok - we have an anonymous connection to the IPC$ share.
58 * Now start the NT Domain stuff :-).
61 if(cli_nt_session_open(cli, PI_NETLOGON) == False) {
62 DEBUG(0,("modify_trust_password: unable to open the domain client session to \
63 machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli)));
64 cli_nt_session_close(cli);
67 return NT_STATUS_UNSUCCESSFUL;
70 nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx,
71 orig_trust_passwd_hash);
73 cli_nt_session_close(cli);
79 /************************************************************************
80 Change the trust account password for a domain.
81 ************************************************************************/
83 NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine_list)
85 fstring remote_machine;
86 unsigned char old_trust_passwd_hash[16];
88 NTSTATUS res = NT_STATUS_UNSUCCESSFUL;
90 if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) {
91 DEBUG(0,("change_trust_account_password: unable to read the machine \
92 account password for domain %s.\n", domain));
93 return NT_STATUS_UNSUCCESSFUL;
96 while(remote_machine_list &&
97 next_token(&remote_machine_list, remote_machine,
98 LIST_SEP, sizeof(remote_machine))) {
99 strupper(remote_machine);
100 if(strequal(remote_machine, "*")) {
103 * We have been asked to dynamcially determine the IP addresses of the PDC.
106 struct in_addr pdc_ip;
109 /* Use the PDC *only* for this. */
110 if(!get_pdc_ip(domain, &pdc_ip))
114 * Try and connect to the PDC/BDC list in turn as an IP
115 * address used as a string.
118 if(!lookup_dc_name(global_myname(), domain, &pdc_ip, dc_name))
120 if(NT_STATUS_IS_OK(res = modify_trust_password( domain, dc_name,
121 old_trust_passwd_hash)))
124 res = modify_trust_password( domain, remote_machine,
125 old_trust_passwd_hash);
130 if (!NT_STATUS_IS_OK(res)) {
131 DEBUG(0,("%s : change_trust_account_password: Failed to change password for \
132 domain %s.\n", timestring(False), domain));