/* The following is only non-null on a netlogon client pipe. */
struct netlogon_creds_CredentialState *dc;
- uint32_t auth_neg_flags;
/* Used by internal rpc_pipe_client */
pipes_struct *pipes_struct;
const unsigned char orig_trust_passwd_hash[16],
const char *new_trust_pwd_cleartext,
const unsigned char new_trust_passwd_hash[16],
- uint32_t sec_channel_type,
- uint32_t neg_flags);
-NTSTATUS rpccli_netlogon_auth_set_trust_password(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- const unsigned char orig_trust_passwd_hash[16],
- const char *new_trust_pwd_cleartext,
- const unsigned char new_trust_passwd_hash[16],
- uint32_t sec_channel_type);
+ uint32_t sec_channel_type);
/* The following definitions come from rpc_client/cli_pipe.c */
E_md4hash(trust_passwd, orig_trust_passwd_hash);
- status = rpccli_netlogon_auth_set_trust_password(
- pipe_hnd, mem_ctx, orig_trust_passwd_hash,
- r->in.machine_password, new_trust_passwd_hash,
- r->in.secure_channel_type);
+ status = rpccli_netlogon_set_trust_password(pipe_hnd, mem_ctx,
+ orig_trust_passwd_hash,
+ r->in.machine_password,
+ new_trust_passwd_hash,
+ r->in.secure_channel_type);
return status;
}
E_md4hash(new_trust_passwd, new_trust_passwd_hash);
- nt_status = rpccli_netlogon_auth_set_trust_password(
- cli, mem_ctx, orig_trust_passwd_hash, new_trust_passwd,
- new_trust_passwd_hash, sec_channel_type);
+ nt_status = rpccli_netlogon_set_trust_password(cli, mem_ctx,
+ orig_trust_passwd_hash,
+ new_trust_passwd,
+ new_trust_passwd_hash,
+ sec_channel_type);
if (NT_STATUS_IS_OK(nt_status)) {
DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n",
const unsigned char orig_trust_passwd_hash[16],
const char *new_trust_pwd_cleartext,
const unsigned char new_trust_passwd_hash[16],
- uint32_t sec_channel_type,
- uint32_t neg_flags)
+ uint32_t sec_channel_type)
{
NTSTATUS result;
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct netr_Authenticator clnt_creds, srv_cred;
+ result = rpccli_netlogon_setup_creds(cli,
+ cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
+ orig_trust_passwd_hash,
+ sec_channel_type,
+ &neg_flags);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n",
+ nt_errstr(result)));
+ return result;
+ }
+
netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
return result;
}
-NTSTATUS rpccli_netlogon_auth_set_trust_password(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- const unsigned char orig_trust_passwd_hash[16],
- const char *new_trust_pwd_cleartext,
- const unsigned char new_trust_passwd_hash[16],
- uint32_t sec_channel_type)
-{
- NTSTATUS result;
- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-
- result = rpccli_netlogon_setup_creds(cli,
- cli->desthost, /* server name */
- lp_workgroup(), /* domain */
- global_myname(), /* client name */
- global_myname(), /* machine account name */
- orig_trust_passwd_hash,
- sec_channel_type,
- &neg_flags);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n",
- nt_errstr(result)));
- return result;
- }
-
- return rpccli_netlogon_set_trust_password(cli, mem_ctx,
- orig_trust_passwd_hash,
- new_trust_pwd_cleartext,
- new_trust_passwd_hash,
- sec_channel_type,
- neg_flags);
-}
return !NT_STATUS_IS_OK(result) ? result : NT_STATUS_PIPE_NOT_AVAILABLE;
}
- conn->netlogon_pipe->auth_neg_flags = neg_flags;
-
/*
* Try NetSamLogonEx for AD domains
*/
#include "includes.h"
#include "winbindd.h"
#include "../../nsswitch/libwbclient/wbc_async.h"
-#include "../libcli/auth/libcli_auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
struct winbindd_child *child =
(struct winbindd_child *)private_data;
struct rpc_pipe_client *netlogon_pipe = NULL;
+ TALLOC_CTX *frame;
NTSTATUS result;
struct timeval next_change;
- uint8_t old_trust_passwd_hash[16];
- uint8_t new_trust_passwd_hash[16];
- char *new_trust_passwd;
- uint32_t sec_channel_type = 0;
DEBUG(10,("machine_password_change_handler called\n"));
return;
}
- if (!secrets_fetch_trust_account_password(
- child->domain->name, old_trust_passwd_hash, NULL,
- &sec_channel_type)) {
- DEBUG(0, ("could not fetch domain secrets for domain %s!\n",
- child->domain->name));
- return;
- }
-
- new_trust_passwd = generate_random_str(
- talloc_tos(), DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
- if (new_trust_passwd == NULL) {
- DEBUG(0, ("talloc_strdup failed\n"));
- return;
- }
+ frame = talloc_stackframe();
- E_md4hash(new_trust_passwd, new_trust_passwd_hash);
-
- result = rpccli_netlogon_set_trust_password(
- netlogon_pipe, talloc_tos(), old_trust_passwd_hash,
- new_trust_passwd, new_trust_passwd_hash, sec_channel_type,
- netlogon_pipe->auth_neg_flags);
+ result = trust_pw_find_change_and_store_it(netlogon_pipe,
+ frame,
+ child->domain->name);
+ TALLOC_FREE(frame);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("machine_password_change_handler: "
"failed to change machine password: %s\n",
nt_errstr(result)));
- /*
- * Don't try a second time, this will very likely also
- * fail.
- */
- return;
+ } else {
+ DEBUG(10,("machine_password_change_handler: "
+ "successfully changed machine password\n"));
}
- DEBUG(3,("machine_password_change_handler: Changed password at %s.\n",
- current_timestring(debug_ctx(), False)));
-
child->machine_password_change_event = event_add_timed(winbind_event_context(), NULL,
next_change,
machine_password_change_handler,