2001-05-17 06:52:45 +04:00
/*
2002-01-30 09:08:46 +03:00
* Unix SMB / CIFS implementation .
2002-01-01 06:10:32 +03:00
* Periodic Trust account password changing .
2001-05-17 06:52:45 +04:00
* Copyright ( C ) Andrew Tridgell 1992 - 1997 ,
* Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1997 ,
* Copyright ( C ) Paul Ashton 1997.
* Copyright ( C ) Jeremy Allison 1998.
2001-12-05 14:00:26 +03:00
* Copyright ( C ) Andrew Bartlett 2001.
2001-05-17 06:52:45 +04:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
/*********************************************************
Change the domain password on the PDC .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-11-13 02:20:50 +03:00
static NTSTATUS modify_trust_password ( const char * domain , const char * remote_machine ,
2001-12-05 14:00:26 +03:00
unsigned char orig_trust_passwd_hash [ 16 ] )
2001-05-17 06:52:45 +04:00
{
2001-12-05 14:00:26 +03:00
struct cli_state * cli ;
2001-11-16 21:32:32 +03:00
DOM_SID domain_sid ;
2001-12-05 14:00:26 +03:00
NTSTATUS nt_status ;
2001-11-16 21:32:32 +03:00
/*
* Ensure we have the domain SID for this domain .
*/
if ( ! secrets_fetch_domain_sid ( domain , & domain_sid ) ) {
2002-07-15 14:35:28 +04:00
DEBUG ( 0 , ( " modify_trust_password: unable to fetch domain sid. \n " ) ) ;
2001-12-05 14:00:26 +03:00
return NT_STATUS_UNSUCCESSFUL ;
2001-11-16 21:32:32 +03:00
}
2001-05-17 06:52:45 +04:00
2002-11-13 02:20:50 +03:00
if ( ! NT_STATUS_IS_OK ( cli_full_connection ( & cli , global_myname ( ) , remote_machine ,
2002-07-15 14:35:28 +04:00
NULL , 0 ,
2001-12-05 14:00:26 +03:00
" IPC$ " , " IPC " ,
" " , " " ,
2002-10-17 21:10:24 +04:00
" " , 0 , NULL ) ) ) {
2001-12-05 14:00:26 +03:00
DEBUG ( 0 , ( " modify_trust_password: Connection to %s failed! \n " , remote_machine ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
2001-05-17 06:52:45 +04:00
}
2001-12-05 14:00:26 +03:00
2001-05-17 06:52:45 +04:00
/*
* Ok - we have an anonymous connection to the IPC $ share .
* Now start the NT Domain stuff : - ) .
*/
2002-10-04 08:10:23 +04:00
if ( cli_nt_session_open ( cli , PI_NETLOGON ) = = False ) {
2001-05-17 06:52:45 +04:00
DEBUG ( 0 , ( " modify_trust_password: unable to open the domain client session to \
2001-12-05 14:00:26 +03:00
machine % s . Error was : % s . \ n " , remote_machine, cli_errstr(cli)));
cli_nt_session_close ( cli ) ;
cli_ulogoff ( cli ) ;
cli_shutdown ( cli ) ;
return NT_STATUS_UNSUCCESSFUL ;
2001-05-17 06:52:45 +04:00
}
2001-12-05 14:00:26 +03:00
nt_status = trust_pw_change_and_store_it ( cli , cli - > mem_ctx ,
2001-12-08 14:18:56 +03:00
orig_trust_passwd_hash ) ;
2001-12-05 14:00:26 +03:00
cli_nt_session_close ( cli ) ;
cli_ulogoff ( cli ) ;
cli_shutdown ( cli ) ;
return nt_status ;
2001-05-17 06:52:45 +04:00
}
/************************************************************************
Change the trust account password for a domain .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-11-13 02:20:50 +03:00
NTSTATUS change_trust_account_password ( const char * domain , const char * remote_machine_list )
2001-05-17 06:52:45 +04:00
{
fstring remote_machine ;
unsigned char old_trust_passwd_hash [ 16 ] ;
time_t lct ;
2001-12-05 14:00:26 +03:00
NTSTATUS res = NT_STATUS_UNSUCCESSFUL ;
2001-05-17 06:52:45 +04:00
if ( ! secrets_fetch_trust_account_password ( domain , old_trust_passwd_hash , & lct ) ) {
DEBUG ( 0 , ( " change_trust_account_password: unable to read the machine \
account password for domain % s . \ n " , domain));
2001-12-05 14:00:26 +03:00
return NT_STATUS_UNSUCCESSFUL ;
2001-05-17 06:52:45 +04:00
}
while ( remote_machine_list & &
next_token ( & remote_machine_list , remote_machine ,
LIST_SEP , sizeof ( remote_machine ) ) ) {
strupper ( remote_machine ) ;
if ( strequal ( remote_machine , " * " ) ) {
/*
* We have been asked to dynamcially determine the IP addresses of the PDC .
*/
2002-11-06 08:14:15 +03:00
struct in_addr pdc_ip ;
fstring dc_name ;
2001-05-17 06:52:45 +04:00
/* Use the PDC *only* for this. */
2002-11-06 08:14:15 +03:00
if ( ! get_pdc_ip ( domain , & pdc_ip ) )
2001-05-17 06:52:45 +04:00
continue ;
/*
* Try and connect to the PDC / BDC list in turn as an IP
* address used as a string .
*/
2002-11-13 02:20:50 +03:00
if ( ! lookup_dc_name ( global_myname ( ) , domain , & pdc_ip , dc_name ) )
2001-05-17 06:52:45 +04:00
continue ;
2001-12-05 14:00:26 +03:00
if ( NT_STATUS_IS_OK ( res = modify_trust_password ( domain , dc_name ,
old_trust_passwd_hash ) ) )
2001-05-17 06:52:45 +04:00
break ;
} else {
2001-12-05 14:00:26 +03:00
res = modify_trust_password ( domain , remote_machine ,
old_trust_passwd_hash ) ;
2001-05-17 06:52:45 +04:00
}
}
2001-12-05 14:00:26 +03:00
if ( ! NT_STATUS_IS_OK ( res ) ) {
DEBUG ( 0 , ( " %s : change_trust_account_password: Failed to change password for \
2001-05-17 06:52:45 +04:00
domain % s . \ n " , timestring(False), domain));
2001-12-05 14:00:26 +03:00
}
return res ;
2001-05-17 06:52:45 +04:00
}
