Revert "Fix Bug #5710 and make machine account password changing work again."
authorKarolin Seeger <kseeger@samba.org>
Wed, 27 Aug 2008 08:36:20 +0000 (10:36 +0200)
committerKarolin Seeger <kseeger@samba.org>
Wed, 27 Aug 2008 08:36:20 +0000 (10:36 +0200)
This reverts commit 6d42b1e372b67eba83dbd5200bfb131b74cac180.

source/libsmb/trusts_util.c

index 0535d1b521ed91727c35a09fbfffd2a3ba6b455a..c3f5f2538aaa106aa52f442f6811573354b29cbc 100644 (file)
 
 static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
                                         const unsigned char orig_trust_passwd_hash[16],
-                                        const char *new_trust_pwd_cleartext,
                                         const unsigned char new_trust_passwd_hash[16],
                                         uint32 sec_channel_type)
 {
        NTSTATUS result;
-       uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
 
-       result = rpccli_netlogon_setup_creds(cli,
-                                            cli->cli->desthost, /* server name */
-                                            lp_workgroup(), /* domain */
-                                            global_myname(), /* client name */
-                                            global_myname(), /* machine account name */
-                                            orig_trust_passwd_hash,
-                                            sec_channel_type,
-                                            &neg_flags);
-
-       if (!NT_STATUS_IS_OK(result)) {
-               DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
-                        nt_errstr(result)));
-               return result;
-       }
-
-       if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
-
-               struct netr_Authenticator clnt_creds, srv_cred;
-               struct netr_CryptPassword new_password;
-               struct samr_CryptPassword password_buf;
-
-               netlogon_creds_client_step(cli->dc, &clnt_creds);
-
-               encode_pw_buffer(password_buf.data, new_trust_pwd_cleartext, STR_UNICODE);
-
-               SamOEMhash(password_buf.data, cli->dc->sess_key, 516);
-               memcpy(new_password.data, password_buf.data, 512);
-               new_password.length = IVAL(password_buf.data, 512);
-
-               result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
-                                                      cli->dc->remote_machine,
-                                                      cli->dc->mach_acct,
-                                                      sec_channel_type,
-                                                      global_myname(),
-                                                      &clnt_creds,
-                                                      &srv_cred,
-                                                      &new_password);
-
-               /* Always check returned credentials. */
-               if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
-                       DEBUG(0,("rpccli_netr_ServerPasswordSet2: "
-                               "credentials chain check failed\n"));
-                       return NT_STATUS_ACCESS_DENIED;
+       /* Check if the netlogon pipe is open using schannel. If so we
+          already have valid creds. If not we must set them up. */
+
+       if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
+               uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+
+               result = rpccli_netlogon_setup_creds(cli, 
+                                       cli->cli->desthost, /* server name */
+                                       lp_workgroup(), /* domain */
+                                       global_myname(), /* client name */
+                                       global_myname(), /* machine account name */
+                                       orig_trust_passwd_hash,
+                                       sec_channel_type,
+                                       &neg_flags);
+
+               if (!NT_STATUS_IS_OK(result)) {
+                       DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
+                                nt_errstr(result)));
+                       return result;
                }
+       }
 
-       } else {
-
+       {
                struct netr_Authenticator clnt_creds, srv_cred;
                struct samr_Password new_password;
 
@@ -144,11 +118,8 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
        
        E_md4hash(new_trust_passwd, new_trust_passwd_hash);
 
-       nt_status = just_change_the_password(cli, mem_ctx,
-                                            orig_trust_passwd_hash,
-                                            new_trust_passwd,
-                                            new_trust_passwd_hash,
-                                            sec_channel_type);
+       nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash,
+                                            new_trust_passwd_hash, sec_channel_type);
        
        if (NT_STATUS_IS_OK(nt_status)) {
                DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n",