2001-05-17 06:52:45 +04:00
/*
* Unix SMB / Netbios implementation .
* Version 1.9 .
* RPC Pipe client / server routines
* Copyright ( C ) Andrew Tridgell 1992 - 1997 ,
* Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1997 ,
* Copyright ( C ) Paul Ashton 1997.
* Copyright ( C ) Jeremy Allison 1998.
2001-12-05 14:00:26 +03:00
* Copyright ( C ) Andrew Bartlett 2001.
2001-05-17 06:52:45 +04:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
extern pstring global_myname ;
/*********************************************************
Change the domain password on the PDC .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2001-12-05 14:00:26 +03:00
static NTSTATUS modify_trust_password ( char * domain , char * remote_machine ,
unsigned char orig_trust_passwd_hash [ 16 ] )
2001-05-17 06:52:45 +04:00
{
2001-12-05 14:00:26 +03:00
struct cli_state * cli ;
2001-11-16 21:32:32 +03:00
DOM_SID domain_sid ;
2001-12-05 14:00:26 +03:00
struct in_addr dest_ip ;
NTSTATUS nt_status ;
2001-11-16 21:32:32 +03:00
/*
* Ensure we have the domain SID for this domain .
*/
if ( ! secrets_fetch_domain_sid ( domain , & domain_sid ) ) {
DEBUG ( 0 , ( " domain_client_validate: unable to fetch domain sid. \n " ) ) ;
2001-12-05 14:00:26 +03:00
return NT_STATUS_UNSUCCESSFUL ;
2001-11-16 21:32:32 +03:00
}
2001-05-17 06:52:45 +04:00
2001-12-05 14:00:26 +03:00
if ( ! resolve_name ( remote_machine , & dest_ip , 0x20 ) ) {
DEBUG ( 0 , ( " modify_trust_password: Can't resolve address for %s \n " , remote_machine ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
2001-05-17 06:52:45 +04:00
}
2001-12-05 14:00:26 +03:00
if ( ! NT_STATUS_IS_OK ( cli_full_connection ( & cli , global_myname , remote_machine ,
& dest_ip , 0 ,
" IPC$ " , " IPC " ,
" " , " " ,
" " , 0 ) ) ) {
DEBUG ( 0 , ( " modify_trust_password: Connection to %s failed! \n " , remote_machine ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
2001-05-17 06:52:45 +04:00
}
2001-12-05 14:00:26 +03:00
2001-05-17 06:52:45 +04:00
/*
* Ok - we have an anonymous connection to the IPC $ share .
* Now start the NT Domain stuff : - ) .
*/
2001-12-05 14:00:26 +03:00
if ( cli_nt_session_open ( cli , PIPE_NETLOGON ) = = False ) {
2001-05-17 06:52:45 +04:00
DEBUG ( 0 , ( " modify_trust_password: unable to open the domain client session to \
2001-12-05 14:00:26 +03:00
machine % s . Error was : % s . \ n " , remote_machine, cli_errstr(cli)));
cli_nt_session_close ( cli ) ;
cli_ulogoff ( cli ) ;
cli_shutdown ( cli ) ;
return NT_STATUS_UNSUCCESSFUL ;
2001-05-17 06:52:45 +04:00
}
2001-12-05 14:00:26 +03:00
nt_status = trust_pw_change_and_store_it ( cli , cli - > mem_ctx ,
2001-12-08 14:18:56 +03:00
orig_trust_passwd_hash ) ;
2001-12-05 14:00:26 +03:00
cli_nt_session_close ( cli ) ;
cli_ulogoff ( cli ) ;
cli_shutdown ( cli ) ;
return nt_status ;
2001-05-17 06:52:45 +04:00
}
/************************************************************************
Change the trust account password for a domain .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2001-12-05 14:00:26 +03:00
NTSTATUS change_trust_account_password ( char * domain , char * remote_machine_list )
2001-05-17 06:52:45 +04:00
{
fstring remote_machine ;
unsigned char old_trust_passwd_hash [ 16 ] ;
time_t lct ;
2001-12-05 14:00:26 +03:00
NTSTATUS res = NT_STATUS_UNSUCCESSFUL ;
2001-05-17 06:52:45 +04:00
if ( ! secrets_fetch_trust_account_password ( domain , old_trust_passwd_hash , & lct ) ) {
DEBUG ( 0 , ( " change_trust_account_password: unable to read the machine \
account password for domain % s . \ n " , domain));
2001-12-05 14:00:26 +03:00
return NT_STATUS_UNSUCCESSFUL ;
2001-05-17 06:52:45 +04:00
}
while ( remote_machine_list & &
next_token ( & remote_machine_list , remote_machine ,
LIST_SEP , sizeof ( remote_machine ) ) ) {
strupper ( remote_machine ) ;
if ( strequal ( remote_machine , " * " ) ) {
/*
* We have been asked to dynamcially determine the IP addresses of the PDC .
*/
struct in_addr * ip_list = NULL ;
int count = 0 ;
int i ;
/* Use the PDC *only* for this. */
if ( ! get_dc_list ( True , domain , & ip_list , & count ) )
continue ;
/*
* Try and connect to the PDC / BDC list in turn as an IP
* address used as a string .
*/
for ( i = 0 ; i < count ; i + + ) {
fstring dc_name ;
2001-11-29 08:50:32 +03:00
if ( ! lookup_dc_name ( global_myname , domain , & ip_list [ i ] , dc_name ) )
2001-05-17 06:52:45 +04:00
continue ;
2001-12-05 14:00:26 +03:00
if ( NT_STATUS_IS_OK ( res = modify_trust_password ( domain , dc_name ,
old_trust_passwd_hash ) ) )
2001-05-17 06:52:45 +04:00
break ;
}
2001-09-17 13:41:30 +04:00
SAFE_FREE ( ip_list ) ;
2001-05-17 06:52:45 +04:00
} else {
2001-12-05 14:00:26 +03:00
res = modify_trust_password ( domain , remote_machine ,
old_trust_passwd_hash ) ;
2001-05-17 06:52:45 +04:00
}
}
2001-12-05 14:00:26 +03:00
if ( ! NT_STATUS_IS_OK ( res ) ) {
DEBUG ( 0 , ( " %s : change_trust_account_password: Failed to change password for \
2001-05-17 06:52:45 +04:00
domain % s . \ n " , timestring(False), domain));
2001-12-05 14:00:26 +03:00
}
return res ;
2001-05-17 06:52:45 +04:00
}
