s3-netlogon: implement remote trust account changing in netr_LogonControl2Ex() and...
authorGünther Deschner <gd@samba.org>
Wed, 7 Oct 2009 22:38:53 +0000 (00:38 +0200)
committerGünther Deschner <gd@samba.org>
Tue, 3 Nov 2009 23:55:09 +0000 (00:55 +0100)
Guenther

source3/rpc_server/srv_netlog_nt.c

index 491754f76a77891140dc4659a6940b81951551c0..15ea5ff0424ba48d46ccd2545faf614cbbd08ebe 100644 (file)
@@ -95,6 +95,37 @@ WERROR _netr_LogonControl2(pipes_struct *p,
        return _netr_LogonControl2Ex(p, &l);
 }
 
+/*************************************************************************
+ *************************************************************************/
+
+static bool wb_change_trust_creds(const char *domain, WERROR *tc_status)
+{
+       wbcErr result;
+       struct wbcAuthErrorInfo *error = NULL;
+
+       result = wbcChangeTrustCredentials(domain, &error);
+       switch (result) {
+       case WBC_ERR_WINBIND_NOT_AVAILABLE:
+               return false;
+       case WBC_ERR_DOMAIN_NOT_FOUND:
+               *tc_status = WERR_NO_SUCH_DOMAIN;
+               return true;
+       case WBC_ERR_SUCCESS:
+               *tc_status = WERR_OK;
+               return true;
+       default:
+               break;
+       }
+
+       if (error && error->nt_status != 0) {
+               *tc_status = ntstatus_to_werror(NT_STATUS(error->nt_status));
+       } else {
+               *tc_status = WERR_TRUST_FAILURE;
+       }
+       wbcFreeMemory(error);
+       return true;
+}
+
 /****************************************************************
  _netr_LogonControl2Ex
 ****************************************************************/
@@ -174,6 +205,16 @@ WERROR _netr_LogonControl2Ex(pipes_struct *p,
 
                break;
 
+       case NETLOGON_CONTROL_CHANGE_PASSWORD:
+               if (!r->in.data || !r->in.data->domain) {
+                       return WERR_NOT_SUPPORTED;
+               }
+
+               if (!wb_change_trust_creds(r->in.data->domain, &tc_status)) {
+                       return WERR_NOT_SUPPORTED;
+               }
+               break;
+
        default:
                /* no idea what this should be */
                DEBUG(0,("%s: unimplemented function level [%d]\n",