mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s3-netlogon: allow to change any type of trust account password in trust_pw_find_change_and_store_it().
Guenther
This commit is contained in:
parent
4423173b08
commit
aa8c142b5e
@ -37,6 +37,14 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
|
||||
char *new_trust_passwd;
|
||||
NTSTATUS nt_status;
|
||||
|
||||
switch (sec_channel_type) {
|
||||
case SEC_CHAN_WKSTA:
|
||||
case SEC_CHAN_DOMAIN:
|
||||
break;
|
||||
default:
|
||||
return NT_STATUS_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
/* Create a random machine account password */
|
||||
new_trust_passwd = generate_random_str(mem_ctx, DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
|
||||
|
||||
@ -61,8 +69,33 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
|
||||
* Return the result of trying to write the new password
|
||||
* back into the trust account file.
|
||||
*/
|
||||
if (!secrets_store_machine_password(new_trust_passwd, domain, sec_channel_type)) {
|
||||
nt_status = NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
switch (sec_channel_type) {
|
||||
|
||||
case SEC_CHAN_WKSTA:
|
||||
if (!secrets_store_machine_password(new_trust_passwd, domain, sec_channel_type)) {
|
||||
nt_status = NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
break;
|
||||
|
||||
case SEC_CHAN_DOMAIN: {
|
||||
char *pwd;
|
||||
struct dom_sid sid;
|
||||
time_t pass_last_set_time;
|
||||
|
||||
/* we need to get the sid first for the
|
||||
* pdb_set_trusteddom_pw call */
|
||||
|
||||
if (!pdb_get_trusteddom_pw(domain, &pwd, &sid, &pass_last_set_time)) {
|
||||
nt_status = NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
|
||||
}
|
||||
if (!pdb_set_trusteddom_pw(domain, new_trust_passwd, &sid)) {
|
||||
nt_status = NT_STATUS_INTERNAL_DB_CORRUPTION;
|
||||
}
|
||||
break;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -81,16 +114,16 @@ NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli,
|
||||
{
|
||||
unsigned char old_trust_passwd_hash[16];
|
||||
uint32 sec_channel_type = 0;
|
||||
const char *account_name;
|
||||
|
||||
if (!secrets_fetch_trust_account_password(domain,
|
||||
old_trust_passwd_hash,
|
||||
NULL, &sec_channel_type)) {
|
||||
if (!get_trust_pw_hash(domain, old_trust_passwd_hash, &account_name,
|
||||
&sec_channel_type)) {
|
||||
DEBUG(0, ("could not fetch domain secrets for domain %s!\n", domain));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
return trust_pw_change_and_store_it(cli, mem_ctx, domain,
|
||||
global_myname(),
|
||||
account_name,
|
||||
old_trust_passwd_hash,
|
||||
sec_channel_type);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user