2001-05-17 02:52:45 +00:00
/*
2002-01-30 06:08:46 +00:00
* Unix SMB / CIFS implementation .
2002-01-01 03:10:32 +00:00
* Periodic Trust account password changing .
2001-05-17 02:52:45 +00:00
* Copyright ( C ) Andrew Tridgell 1992 - 1997 ,
* Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1997 ,
* Copyright ( C ) Paul Ashton 1997.
* Copyright ( C ) Jeremy Allison 1998.
2001-12-05 11:00:26 +00:00
* Copyright ( C ) Andrew Bartlett 2001.
2001-05-17 02:52:45 +00:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
* the Free Software Foundation ; either version 3 of the License , or
2001-05-17 02:52:45 +00:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 05:23:25 +00:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2001-05-17 02:52:45 +00:00
*/
# include "includes.h"
2003-04-21 14:09:03 +00:00
/************************************************************************
Change the trust account password for a domain .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2001-05-17 02:52:45 +00:00
2003-04-21 14:09:03 +00:00
NTSTATUS change_trust_account_password ( const char * domain , const char * remote_machine )
2001-05-17 02:52:45 +00:00
{
2003-04-21 14:09:03 +00:00
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL ;
2007-10-24 14:16:54 -07:00
struct sockaddr_storage pdc_ss ;
2003-04-21 14:09:03 +00:00
fstring dc_name ;
2005-09-30 17:13:37 +00:00
struct cli_state * cli = NULL ;
struct rpc_pipe_client * netlogon_pipe = NULL ;
2001-11-16 18:32:32 +00:00
2003-08-26 03:13:39 +00:00
DEBUG ( 5 , ( " change_trust_account_password: Attempting to change trust account password in domain %s.... \n " ,
domain ) ) ;
2003-04-21 14:09:03 +00:00
if ( remote_machine = = NULL | | ! strcmp ( remote_machine , " * " ) ) {
/* Use the PDC *only* for this */
2007-10-24 14:16:54 -07:00
if ( ! get_pdc_ip ( domain , & pdc_ss ) ) {
2003-04-21 14:09:03 +00:00
DEBUG ( 0 , ( " Can't get IP for PDC for domain %s \n " , domain ) ) ;
goto failed ;
}
2001-11-16 18:32:32 +00:00
2007-10-24 14:16:54 -07:00
if ( ! name_status_find ( domain , 0x1b , 0x20 , & pdc_ss , dc_name ) )
2003-04-21 14:09:03 +00:00
goto failed ;
2003-09-10 18:34:57 +00:00
} else {
/* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
2003-04-21 14:09:03 +00:00
fstrcpy ( dc_name , remote_machine ) ;
}
/* if this next call fails, then give up. We can't do
password changes on BDC ' s - - jerry */
2003-09-10 18:34:57 +00:00
if ( ! NT_STATUS_IS_OK ( cli_full_connection ( & cli , global_myname ( ) , dc_name ,
2002-07-15 10:35:28 +00:00
NULL , 0 ,
2001-12-05 11:00:26 +00:00
" IPC$ " , " IPC " ,
" " , " " ,
2003-09-10 18:34:57 +00:00
" " , 0 , Undefined , NULL ) ) ) {
DEBUG ( 0 , ( " modify_trust_password: Connection to %s failed! \n " , dc_name ) ) ;
2003-04-21 14:09:03 +00:00
nt_status = NT_STATUS_UNSUCCESSFUL ;
goto failed ;
2002-12-04 20:57:48 +00:00
}
2001-12-05 11:00:26 +00:00
2002-12-04 20:57:48 +00:00
/*
* Ok - we have an anonymous connection to the IPC $ share .
* Now start the NT Domain stuff : - ) .
*/
2005-09-30 17:13:37 +00:00
/* Shouldn't we open this with schannel ? JRA. */
netlogon_pipe = cli_rpc_pipe_open_noauth ( cli , PI_NETLOGON , & nt_status ) ;
if ( ! netlogon_pipe ) {
2002-12-04 20:57:48 +00:00
DEBUG ( 0 , ( " modify_trust_password: unable to open the domain client session to machine %s. Error was : %s. \n " ,
2005-09-30 17:13:37 +00:00
dc_name , nt_errstr ( nt_status ) ) ) ;
2002-12-04 20:57:48 +00:00
cli_shutdown ( cli ) ;
2006-07-11 18:01:26 +00:00
cli = NULL ;
2003-04-21 14:09:03 +00:00
goto failed ;
2002-12-04 20:57:48 +00:00
}
2007-11-29 13:24:54 -08:00
nt_status = trust_pw_find_change_and_store_it ( netlogon_pipe , netlogon_pipe - > mem_ctx , domain ) ;
2001-12-05 11:00:26 +00:00
2002-12-04 20:57:48 +00:00
cli_shutdown ( cli ) ;
2006-07-11 18:01:26 +00:00
cli = NULL ;
2002-12-04 20:57:48 +00:00
failed :
2003-04-21 14:09:03 +00:00
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
2002-12-04 20:57:48 +00:00
DEBUG ( 0 , ( " %s : change_trust_account_password: Failed to change password for domain %s. \n " ,
2006-07-11 18:01:26 +00:00
current_timestring ( False ) , domain ) ) ;
2002-12-04 20:57:48 +00:00
}
2003-08-26 03:13:39 +00:00
else
DEBUG ( 5 , ( " change_trust_account_password: sucess! \n " ) ) ;
2001-12-05 11:00:26 +00:00
2003-04-21 14:09:03 +00:00
return nt_status ;
2001-05-17 02:52:45 +00:00
}