[SCM] Samba Shared Repository - branch master updated -
e194ded26e716fad510191f85e67ff1d775bdcb8
Günther Deschner
gd at samba.org
Sun Sep 21 20:36:07 GMT 2008
The branch, master has been updated
via e194ded26e716fad510191f85e67ff1d775bdcb8 (commit)
via 6f9a83505fced805f5a4d4827ddf7300eda6aaa0 (commit)
via ca56c02d4bdfa26f5eda16c5621dcac67d7458ef (commit)
via 1f9624175ab35fe5c4012e931a165d422bf26fdb (commit)
from 2331c96d28fe713d37b421924e610eef80cc8d91 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e194ded26e716fad510191f85e67ff1d775bdcb8
Author: Günther Deschner <gd at samba.org>
Date: Sun Sep 21 18:57:26 2008 +0200
netlogon: move password change code out to rpccli_netlogon_set_trust_password.
Guenther
commit 6f9a83505fced805f5a4d4827ddf7300eda6aaa0
Author: Günther Deschner <gd at samba.org>
Date: Sat Sep 20 18:20:29 2008 +0200
netlogon: refactor just_change_the_password a bit.
Guenther
commit ca56c02d4bdfa26f5eda16c5621dcac67d7458ef
Author: Günther Deschner <gd at samba.org>
Date: Sat Sep 20 17:01:20 2008 +0200
netlogon: use init_netr_CryptPassword in "just_change_the_password"
Guenther
commit 1f9624175ab35fe5c4012e931a165d422bf26fdb
Author: Günther Deschner <gd at samba.org>
Date: Sat Sep 20 17:00:30 2008 +0200
netlogon: add init_netr_CryptPassword.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 9 +++
source3/libsmb/trusts_util.c | 108 ++----------------------------------
source3/rpc_client/cli_netlogon.c | 91 ++++++++++++++++++++++++++++++
source3/rpc_client/init_netlogon.c | 17 ++++++
4 files changed, 122 insertions(+), 103 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 2901911..194548c 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -7049,6 +7049,12 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
DATA_BLOB lm_response,
DATA_BLOB nt_response,
struct netr_SamInfo3 **info3);
+NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ const unsigned char orig_trust_passwd_hash[16],
+ const char *new_trust_pwd_cleartext,
+ const unsigned char new_trust_passwd_hash[16],
+ uint32_t sec_channel_type);
/* The following definitions come from rpc_client/cli_pipe.c */
@@ -7427,6 +7433,9 @@ void init_netr_PasswordInfo(struct netr_PasswordInfo *r,
const char *workstation,
struct samr_Password lmpassword,
struct samr_Password ntpassword);
+void init_netr_CryptPassword(const char *pwd,
+ unsigned char session_key[16],
+ struct netr_CryptPassword *pwd_buf);
/* The following definitions come from rpc_client/init_samr.c */
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 08a4993..2f336f1 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -22,104 +22,6 @@
/*********************************************************
Change the domain password on the PDC.
-
- Just changes the password betwen the two values specified.
-
- Caller must have the cli connected to the netlogon pipe
- already.
-**********************************************************/
-
-static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- const unsigned char orig_trust_passwd_hash[16],
- const char *new_trust_pwd_cleartext,
- const unsigned char new_trust_passwd_hash[16],
- uint32 sec_channel_type)
-{
- NTSTATUS result;
- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-
- result = rpccli_netlogon_setup_creds(cli,
- cli->desthost, /* server name */
- lp_workgroup(), /* domain */
- global_myname(), /* client name */
- global_myname(), /* machine account name */
- orig_trust_passwd_hash,
- sec_channel_type,
- &neg_flags);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
- nt_errstr(result)));
- return result;
- }
-
- if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
-
- struct netr_Authenticator clnt_creds, srv_cred;
- struct netr_CryptPassword new_password;
- struct samr_CryptPassword password_buf;
-
- netlogon_creds_client_step(cli->dc, &clnt_creds);
-
- encode_pw_buffer(password_buf.data, new_trust_pwd_cleartext, STR_UNICODE);
-
- SamOEMhash(password_buf.data, cli->dc->sess_key, 516);
- memcpy(new_password.data, password_buf.data, 512);
- new_password.length = IVAL(password_buf.data, 512);
-
- result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
- cli->dc->remote_machine,
- cli->dc->mach_acct,
- sec_channel_type,
- global_myname(),
- &clnt_creds,
- &srv_cred,
- &new_password);
-
- /* Always check returned credentials. */
- if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
- DEBUG(0,("rpccli_netr_ServerPasswordSet2: "
- "credentials chain check failed\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- } else {
-
- struct netr_Authenticator clnt_creds, srv_cred;
- struct samr_Password new_password;
-
- netlogon_creds_client_step(cli->dc, &clnt_creds);
-
- cred_hash3(new_password.hash,
- new_trust_passwd_hash,
- cli->dc->sess_key, 1);
-
- result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
- cli->dc->remote_machine,
- cli->dc->mach_acct,
- sec_channel_type,
- global_myname(),
- &clnt_creds,
- &srv_cred,
- &new_password);
-
- /* Always check returned credentials. */
- if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
- DEBUG(0,("rpccli_netr_ServerPasswordSet: "
- "credentials chain check failed\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
- }
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(0,("just_change_the_password: unable to change password (%s)!\n",
- nt_errstr(result)));
- }
- return result;
-}
-
-/*********************************************************
- Change the domain password on the PDC.
Store the password ourselves, but use the supplied password
Caller must have already setup the connection to the NETLOGON pipe
**********************************************************/
@@ -144,11 +46,11 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
E_md4hash(new_trust_passwd, new_trust_passwd_hash);
- nt_status = just_change_the_password(cli, mem_ctx,
- orig_trust_passwd_hash,
- new_trust_passwd,
- new_trust_passwd_hash,
- sec_channel_type);
+ nt_status = rpccli_netlogon_set_trust_password(cli, mem_ctx,
+ orig_trust_passwd_hash,
+ new_trust_passwd,
+ new_trust_passwd_hash,
+ sec_channel_type);
if (NT_STATUS_IS_OK(nt_status)) {
DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n",
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index df87ed1..23618ef 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -538,3 +538,94 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
return result;
}
+
+/*********************************************************
+ Change the domain password on the PDC.
+
+ Just changes the password betwen the two values specified.
+
+ Caller must have the cli connected to the netlogon pipe
+ already.
+**********************************************************/
+
+NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ const unsigned char orig_trust_passwd_hash[16],
+ const char *new_trust_pwd_cleartext,
+ const unsigned char new_trust_passwd_hash[16],
+ uint32_t sec_channel_type)
+{
+ NTSTATUS result;
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+ struct netr_Authenticator clnt_creds, srv_cred;
+
+ result = rpccli_netlogon_setup_creds(cli,
+ cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
+ orig_trust_passwd_hash,
+ sec_channel_type,
+ &neg_flags);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n",
+ nt_errstr(result)));
+ return result;
+ }
+
+ netlogon_creds_client_step(cli->dc, &clnt_creds);
+
+ if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
+
+ struct netr_CryptPassword new_password;
+
+ init_netr_CryptPassword(new_trust_pwd_cleartext,
+ cli->dc->sess_key,
+ &new_password);
+
+ result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
+ cli->dc->remote_machine,
+ cli->dc->mach_acct,
+ sec_channel_type,
+ global_myname(),
+ &clnt_creds,
+ &srv_cred,
+ &new_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0,("rpccli_netr_ServerPasswordSet2 failed: %s\n",
+ nt_errstr(result)));
+ return result;
+ }
+ } else {
+
+ struct samr_Password new_password;
+
+ cred_hash3(new_password.hash,
+ new_trust_passwd_hash,
+ cli->dc->sess_key, 1);
+
+ result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
+ cli->dc->remote_machine,
+ cli->dc->mach_acct,
+ sec_channel_type,
+ global_myname(),
+ &clnt_creds,
+ &srv_cred,
+ &new_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0,("rpccli_netr_ServerPasswordSet failed: %s\n",
+ nt_errstr(result)));
+ return result;
+ }
+ }
+
+ /* Always check returned credentials. */
+ if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
+ DEBUG(0,("credentials chain check failed\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ return result;
+}
+
diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c
index 6184195..e4c39e7 100644
--- a/source3/rpc_client/init_netlogon.c
+++ b/source3/rpc_client/init_netlogon.c
@@ -391,3 +391,20 @@ void init_netr_PasswordInfo(struct netr_PasswordInfo *r,
r->lmpassword = lmpassword;
r->ntpassword = ntpassword;
}
+
+/*************************************************************************
+ inits a netr_CryptPassword structure
+ *************************************************************************/
+
+void init_netr_CryptPassword(const char *pwd,
+ unsigned char session_key[16],
+ struct netr_CryptPassword *pwd_buf)
+{
+ struct samr_CryptPassword password_buf;
+
+ encode_pw_buffer(password_buf.data, pwd, STR_UNICODE);
+
+ SamOEMhash(password_buf.data, session_key, 516);
+ memcpy(pwd_buf->data, password_buf.data, 512);
+ pwd_buf->length = IVAL(password_buf.data, 512);
+}
--
Samba Shared Repository
More information about the samba-cvs
mailing list