mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Revert "s3: Attempt to fix machine password change"
This reverts commit 20a8ea91e1
.
Ooops, this should not have been committed.
This commit is contained in:
parent
5bafaa73f6
commit
872f9c4f91
@ -147,7 +147,6 @@ struct rpc_pipe_client {
|
||||
|
||||
/* The following is only non-null on a netlogon client pipe. */
|
||||
struct netlogon_creds_CredentialState *dc;
|
||||
uint32_t auth_neg_flags;
|
||||
|
||||
/* Used by internal rpc_pipe_client */
|
||||
pipes_struct *pipes_struct;
|
||||
|
@ -5240,14 +5240,7 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
|
||||
const unsigned char orig_trust_passwd_hash[16],
|
||||
const char *new_trust_pwd_cleartext,
|
||||
const unsigned char new_trust_passwd_hash[16],
|
||||
uint32_t sec_channel_type,
|
||||
uint32_t neg_flags);
|
||||
NTSTATUS rpccli_netlogon_auth_set_trust_password(struct rpc_pipe_client *cli,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const unsigned char orig_trust_passwd_hash[16],
|
||||
const char *new_trust_pwd_cleartext,
|
||||
const unsigned char new_trust_passwd_hash[16],
|
||||
uint32_t sec_channel_type);
|
||||
uint32_t sec_channel_type);
|
||||
|
||||
/* The following definitions come from rpc_client/cli_pipe.c */
|
||||
|
||||
|
@ -788,10 +788,11 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
|
||||
|
||||
E_md4hash(trust_passwd, orig_trust_passwd_hash);
|
||||
|
||||
status = rpccli_netlogon_auth_set_trust_password(
|
||||
pipe_hnd, mem_ctx, orig_trust_passwd_hash,
|
||||
r->in.machine_password, new_trust_passwd_hash,
|
||||
r->in.secure_channel_type);
|
||||
status = rpccli_netlogon_set_trust_password(pipe_hnd, mem_ctx,
|
||||
orig_trust_passwd_hash,
|
||||
r->in.machine_password,
|
||||
new_trust_passwd_hash,
|
||||
r->in.secure_channel_type);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
@ -46,9 +46,11 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
|
||||
|
||||
E_md4hash(new_trust_passwd, new_trust_passwd_hash);
|
||||
|
||||
nt_status = rpccli_netlogon_auth_set_trust_password(
|
||||
cli, mem_ctx, orig_trust_passwd_hash, new_trust_passwd,
|
||||
new_trust_passwd_hash, sec_channel_type);
|
||||
nt_status = rpccli_netlogon_set_trust_password(cli, mem_ctx,
|
||||
orig_trust_passwd_hash,
|
||||
new_trust_passwd,
|
||||
new_trust_passwd_hash,
|
||||
sec_channel_type);
|
||||
|
||||
if (NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n",
|
||||
|
@ -512,12 +512,27 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
|
||||
const unsigned char orig_trust_passwd_hash[16],
|
||||
const char *new_trust_pwd_cleartext,
|
||||
const unsigned char new_trust_passwd_hash[16],
|
||||
uint32_t sec_channel_type,
|
||||
uint32_t neg_flags)
|
||||
uint32_t sec_channel_type)
|
||||
{
|
||||
NTSTATUS result;
|
||||
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
|
||||
struct netr_Authenticator clnt_creds, srv_cred;
|
||||
|
||||
result = rpccli_netlogon_setup_creds(cli,
|
||||
cli->desthost, /* server name */
|
||||
lp_workgroup(), /* domain */
|
||||
global_myname(), /* client name */
|
||||
global_myname(), /* machine account name */
|
||||
orig_trust_passwd_hash,
|
||||
sec_channel_type,
|
||||
&neg_flags);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n",
|
||||
nt_errstr(result)));
|
||||
return result;
|
||||
}
|
||||
|
||||
netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
|
||||
|
||||
if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
|
||||
@ -571,35 +586,3 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
|
||||
return result;
|
||||
}
|
||||
|
||||
NTSTATUS rpccli_netlogon_auth_set_trust_password(struct rpc_pipe_client *cli,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const unsigned char orig_trust_passwd_hash[16],
|
||||
const char *new_trust_pwd_cleartext,
|
||||
const unsigned char new_trust_passwd_hash[16],
|
||||
uint32_t sec_channel_type)
|
||||
{
|
||||
NTSTATUS result;
|
||||
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
|
||||
|
||||
result = rpccli_netlogon_setup_creds(cli,
|
||||
cli->desthost, /* server name */
|
||||
lp_workgroup(), /* domain */
|
||||
global_myname(), /* client name */
|
||||
global_myname(), /* machine account name */
|
||||
orig_trust_passwd_hash,
|
||||
sec_channel_type,
|
||||
&neg_flags);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup creds (%s)!\n",
|
||||
nt_errstr(result)));
|
||||
return result;
|
||||
}
|
||||
|
||||
return rpccli_netlogon_set_trust_password(cli, mem_ctx,
|
||||
orig_trust_passwd_hash,
|
||||
new_trust_pwd_cleartext,
|
||||
new_trust_passwd_hash,
|
||||
sec_channel_type,
|
||||
neg_flags);
|
||||
}
|
||||
|
@ -2470,8 +2470,6 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
|
||||
return !NT_STATUS_IS_OK(result) ? result : NT_STATUS_PIPE_NOT_AVAILABLE;
|
||||
}
|
||||
|
||||
conn->netlogon_pipe->auth_neg_flags = neg_flags;
|
||||
|
||||
/*
|
||||
* Try NetSamLogonEx for AD domains
|
||||
*/
|
||||
|
@ -30,7 +30,6 @@
|
||||
#include "includes.h"
|
||||
#include "winbindd.h"
|
||||
#include "../../nsswitch/libwbclient/wbc_async.h"
|
||||
#include "../libcli/auth/libcli_auth.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_WINBIND
|
||||
@ -1062,12 +1061,9 @@ static void machine_password_change_handler(struct event_context *ctx,
|
||||
struct winbindd_child *child =
|
||||
(struct winbindd_child *)private_data;
|
||||
struct rpc_pipe_client *netlogon_pipe = NULL;
|
||||
TALLOC_CTX *frame;
|
||||
NTSTATUS result;
|
||||
struct timeval next_change;
|
||||
uint8_t old_trust_passwd_hash[16];
|
||||
uint8_t new_trust_passwd_hash[16];
|
||||
char *new_trust_passwd;
|
||||
uint32_t sec_channel_type = 0;
|
||||
|
||||
DEBUG(10,("machine_password_change_handler called\n"));
|
||||
|
||||
@ -1093,42 +1089,22 @@ static void machine_password_change_handler(struct event_context *ctx,
|
||||
return;
|
||||
}
|
||||
|
||||
if (!secrets_fetch_trust_account_password(
|
||||
child->domain->name, old_trust_passwd_hash, NULL,
|
||||
&sec_channel_type)) {
|
||||
DEBUG(0, ("could not fetch domain secrets for domain %s!\n",
|
||||
child->domain->name));
|
||||
return;
|
||||
}
|
||||
frame = talloc_stackframe();
|
||||
|
||||
new_trust_passwd = generate_random_str(
|
||||
talloc_tos(), DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
|
||||
if (new_trust_passwd == NULL) {
|
||||
DEBUG(0, ("talloc_strdup failed\n"));
|
||||
return;
|
||||
}
|
||||
|
||||
E_md4hash(new_trust_passwd, new_trust_passwd_hash);
|
||||
|
||||
result = rpccli_netlogon_set_trust_password(
|
||||
netlogon_pipe, talloc_tos(), old_trust_passwd_hash,
|
||||
new_trust_passwd, new_trust_passwd_hash, sec_channel_type,
|
||||
netlogon_pipe->auth_neg_flags);
|
||||
result = trust_pw_find_change_and_store_it(netlogon_pipe,
|
||||
frame,
|
||||
child->domain->name);
|
||||
TALLOC_FREE(frame);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(10,("machine_password_change_handler: "
|
||||
"failed to change machine password: %s\n",
|
||||
nt_errstr(result)));
|
||||
/*
|
||||
* Don't try a second time, this will very likely also
|
||||
* fail.
|
||||
*/
|
||||
return;
|
||||
} else {
|
||||
DEBUG(10,("machine_password_change_handler: "
|
||||
"successfully changed machine password\n"));
|
||||
}
|
||||
|
||||
DEBUG(3,("machine_password_change_handler: Changed password at %s.\n",
|
||||
current_timestring(debug_ctx(), False)));
|
||||
|
||||
child->machine_password_change_event = event_add_timed(winbind_event_context(), NULL,
|
||||
next_change,
|
||||
machine_password_change_handler,
|
||||
|
Loading…
Reference in New Issue
Block a user