s3:libnet: use rpccli_{create,setup}_netlogon_creds() in libnet_join_joindomain_rpc_unsecure

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

source3/libnet/libnet_join.c

@@ -817,14 +817,17 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
 						    struct libnet_JoinCtx *r,
 						    struct cli_state *cli)
 {
-	struct rpc_pipe_client *pipe_hnd = NULL;
-	unsigned char orig_trust_passwd_hash[16];
-	unsigned char new_trust_passwd_hash[16];
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct rpc_pipe_client *netlogon_pipe = NULL;
+	struct netlogon_creds_cli_context *netlogon_creds = NULL;
+	struct samr_Password current_nt_hash;
+	const char *account_name = NULL;
 	NTSTATUS status;
 
 	status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
-					  &pipe_hnd);
+					  &netlogon_pipe);
 	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
 		return status;
 	}
 
@@ -832,24 +835,57 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
 		r->in.machine_password = generate_random_password(mem_ctx,
 				DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH,
 				DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
-		NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password);
+		if (r->in.machine_password == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
 	}
 
-	E_md4hash(r->in.machine_password, new_trust_passwd_hash);
-
 	/* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */
-	E_md4hash(r->in.admin_password, orig_trust_passwd_hash);
+	E_md4hash(r->in.admin_password, current_nt_hash.hash);
 
-	status = rpccli_netlogon_set_trust_password(pipe_hnd, mem_ctx,
-						    r->in.machine_name,
-						    orig_trust_passwd_hash,
-						    r->in.machine_password,
-						    new_trust_passwd_hash,
-						    r->in.secure_channel_type);
+	account_name = talloc_asprintf(frame, "%s$",
+				       r->in.machine_name);
+	if (account_name == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
 
+	status = rpccli_create_netlogon_creds(netlogon_pipe->desthost,
+					      r->in.domain_name,
+					      account_name,
+					      r->in.secure_channel_type,
+					      r->in.msg_ctx,
+					      frame,
+					      &netlogon_creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
 		return status;
 	}
 
+	status = rpccli_setup_netlogon_creds(cli,
+					     netlogon_creds,
+					     true, /* force_reauth */
+					     current_nt_hash,
+					     NULL); /* previous_nt_hash */
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	status = netlogon_creds_cli_ServerPasswordSet(netlogon_creds,
+						      netlogon_pipe->binding_handle,
+						      r->in.machine_password,
+						      NULL); /* new_version */
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
 /****************************************************************
  Do the domain join
 ****************************************************************/