samba-cvs.cvs
[Top] [All Lists]

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0

Subject: [SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4437-g9f168f5
From: Günther Deschner
Date: Tue, 18 Nov 2008 19:21:59 -0600 CST
The branch, v3-3-test has been updated
       via  9f168f594e25857bd71bbc97dab25ae6d2884e95 (commit)
       via  6690cd1e8f2a77dda1bf5ee453ef98856b1a3233 (commit)
       via  004b8be2d7630f910bda08df9c361a5f289b7c34 (commit)
       via  90d0328bd7b7cb841aafd65ad0af36182ba692ee (commit)
      from  d10490248f387a55fa6ff712dd5cb092434ddeb4 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit 9f168f594e25857bd71bbc97dab25ae6d2884e95
Author: Günther Deschner <gd@xxxxxxxxx>
Date:   Sun Sep 21 18:57:26 2008 +0200

    netlogon: move password change code out to 
rpccli_netlogon_set_trust_password.
    
    Guenther

commit 6690cd1e8f2a77dda1bf5ee453ef98856b1a3233
Author: Günther Deschner <gd@xxxxxxxxx>
Date:   Sat Sep 20 18:20:29 2008 +0200

    netlogon: refactor just_change_the_password a bit.
    
    Guenther

commit 004b8be2d7630f910bda08df9c361a5f289b7c34
Author: Günther Deschner <gd@xxxxxxxxx>
Date:   Sat Sep 20 17:01:20 2008 +0200

    netlogon: use init_netr_CryptPassword in "just_change_the_password"
    
    Guenther

commit 90d0328bd7b7cb841aafd65ad0af36182ba692ee
Author: Günther Deschner <gd@xxxxxxxxx>
Date:   Sat Sep 20 17:00:30 2008 +0200

    netlogon: add init_netr_CryptPassword.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source/include/proto.h            |    9 +++
 source/libsmb/trusts_util.c       |  108 ++-----------------------------------
 source/rpc_client/cli_netlogon.c  |   91 +++++++++++++++++++++++++++++++
 source/rpc_client/init_netlogon.c |   17 ++++++
 4 files changed, 122 insertions(+), 103 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/include/proto.h b/source/include/proto.h
index 2e46bca..f93870d 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -7045,6 +7045,12 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct 
rpc_pipe_client *cli,
                                              DATA_BLOB lm_response,
                                              DATA_BLOB nt_response,
                                              struct netr_SamInfo3 **info3);
+NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
+                                           TALLOC_CTX *mem_ctx,
+                                           const unsigned char 
orig_trust_passwd_hash[16],
+                                           const char *new_trust_pwd_cleartext,
+                                           const unsigned char 
new_trust_passwd_hash[16],
+                                           uint32_t sec_channel_type);
 
 /* The following definitions come from rpc_client/cli_pipe.c  */
 
@@ -7421,6 +7427,9 @@ void init_netr_PasswordInfo(struct netr_PasswordInfo *r,
                            const char *workstation,
                            struct samr_Password lmpassword,
                            struct samr_Password ntpassword);
+void init_netr_CryptPassword(const char *pwd,
+                            unsigned char session_key[16],
+                            struct netr_CryptPassword *pwd_buf);
 
 /* The following definitions come from rpc_client/init_samr.c  */
 
diff --git a/source/libsmb/trusts_util.c b/source/libsmb/trusts_util.c
index 08a4993..2f336f1 100644
--- a/source/libsmb/trusts_util.c
+++ b/source/libsmb/trusts_util.c
@@ -22,104 +22,6 @@
 
 /*********************************************************
  Change the domain password on the PDC.
-
- Just changes the password betwen the two values specified.
-
- Caller must have the cli connected to the netlogon pipe
- already.
-**********************************************************/
-
-static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, 
TALLOC_CTX *mem_ctx, 
-                                        const unsigned char 
orig_trust_passwd_hash[16],
-                                        const char *new_trust_pwd_cleartext,
-                                        const unsigned char 
new_trust_passwd_hash[16],
-                                        uint32 sec_channel_type)
-{
-       NTSTATUS result;
-       uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-
-       result = rpccli_netlogon_setup_creds(cli,
-                                            cli->desthost, /* server name */
-                                            lp_workgroup(), /* domain */
-                                            global_myname(), /* client name */
-                                            global_myname(), /* machine 
account name */
-                                            orig_trust_passwd_hash,
-                                            sec_channel_type,
-                                            &neg_flags);
-
-       if (!NT_STATUS_IS_OK(result)) {
-               DEBUG(3,("just_change_the_password: unable to setup creds 
(%s)!\n",
-                        nt_errstr(result)));
-               return result;
-       }
-
-       if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
-
-               struct netr_Authenticator clnt_creds, srv_cred;
-               struct netr_CryptPassword new_password;
-               struct samr_CryptPassword password_buf;
-
-               netlogon_creds_client_step(cli->dc, &clnt_creds);
-
-               encode_pw_buffer(password_buf.data, new_trust_pwd_cleartext, 
STR_UNICODE);
-
-               SamOEMhash(password_buf.data, cli->dc->sess_key, 516);
-               memcpy(new_password.data, password_buf.data, 512);
-               new_password.length = IVAL(password_buf.data, 512);
-
-               result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
-                                                      cli->dc->remote_machine,
-                                                      cli->dc->mach_acct,
-                                                      sec_channel_type,
-                                                      global_myname(),
-                                                      &clnt_creds,
-                                                      &srv_cred,
-                                                      &new_password);
-
-               /* Always check returned credentials. */
-               if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
-                       DEBUG(0,("rpccli_netr_ServerPasswordSet2: "
-                               "credentials chain check failed\n"));
-                       return NT_STATUS_ACCESS_DENIED;
-               }
-
-       } else {
-
-               struct netr_Authenticator clnt_creds, srv_cred;
-               struct samr_Password new_password;
-
-               netlogon_creds_client_step(cli->dc, &clnt_creds);
-
-               cred_hash3(new_password.hash,
-                          new_trust_passwd_hash,
-                          cli->dc->sess_key, 1);
-
-               result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
-                                                      cli->dc->remote_machine,
-                                                      cli->dc->mach_acct,
-                                                      sec_channel_type,
-                                                      global_myname(),
-                                                      &clnt_creds,
-                                                      &srv_cred,
-                                                      &new_password);
-
-               /* Always check returned credentials. */
-               if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
-                       DEBUG(0,("rpccli_netr_ServerPasswordSet: "
-                               "credentials chain check failed\n"));
-                       return NT_STATUS_ACCESS_DENIED;
-               }
-       }
-
-       if (!NT_STATUS_IS_OK(result)) {
-               DEBUG(0,("just_change_the_password: unable to change password 
(%s)!\n",
-                        nt_errstr(result)));
-       }
-       return result;
-}
-
-/*********************************************************
- Change the domain password on the PDC.
  Store the password ourselves, but use the supplied password
  Caller must have already setup the connection to the NETLOGON pipe
 **********************************************************/
@@ -144,11 +46,11 @@ NTSTATUS trust_pw_change_and_store_it(struct 
rpc_pipe_client *cli, TALLOC_CTX *m
        
        E_md4hash(new_trust_passwd, new_trust_passwd_hash);
 
-       nt_status = just_change_the_password(cli, mem_ctx,
-                                            orig_trust_passwd_hash,
-                                            new_trust_passwd,
-                                            new_trust_passwd_hash,
-                                            sec_channel_type);
+       nt_status = rpccli_netlogon_set_trust_password(cli, mem_ctx,
+                                                      orig_trust_passwd_hash,
+                                                      new_trust_passwd,
+                                                      new_trust_passwd_hash,
+                                                      sec_channel_type);
        
        if (NT_STATUS_IS_OK(nt_status)) {
                DEBUG(3,("%s : trust_pw_change_and_store_it: Changed 
password.\n", 
diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c
index df87ed1..23618ef 100644
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -538,3 +538,94 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct 
rpc_pipe_client *cli,
 
        return result;
 }
+
+/*********************************************************
+ Change the domain password on the PDC.
+
+ Just changes the password betwen the two values specified.
+
+ Caller must have the cli connected to the netlogon pipe
+ already.
+**********************************************************/
+
+NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
+                                           TALLOC_CTX *mem_ctx,
+                                           const unsigned char 
orig_trust_passwd_hash[16],
+                                           const char *new_trust_pwd_cleartext,
+                                           const unsigned char 
new_trust_passwd_hash[16],
+                                           uint32_t sec_channel_type)
+{
+       NTSTATUS result;
+       uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+       struct netr_Authenticator clnt_creds, srv_cred;
+
+       result = rpccli_netlogon_setup_creds(cli,
+                                            cli->desthost, /* server name */
+                                            lp_workgroup(), /* domain */
+                                            global_myname(), /* client name */
+                                            global_myname(), /* machine 
account name */
+                                            orig_trust_passwd_hash,
+                                            sec_channel_type,
+                                            &neg_flags);
+
+       if (!NT_STATUS_IS_OK(result)) {
+               DEBUG(3,("rpccli_netlogon_set_trust_password: unable to setup 
creds (%s)!\n",
+                        nt_errstr(result)));
+               return result;
+       }
+
+       netlogon_creds_client_step(cli->dc, &clnt_creds);
+
+       if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
+
+               struct netr_CryptPassword new_password;
+
+               init_netr_CryptPassword(new_trust_pwd_cleartext,
+                                       cli->dc->sess_key,
+                                       &new_password);
+
+               result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
+                                                       cli->dc->remote_machine,
+                                                       cli->dc->mach_acct,
+                                                       sec_channel_type,
+                                                       global_myname(),
+                                                       &clnt_creds,
+                                                       &srv_cred,
+                                                       &new_password);
+               if (!NT_STATUS_IS_OK(result)) {
+                       DEBUG(0,("rpccli_netr_ServerPasswordSet2 failed: %s\n",
+                               nt_errstr(result)));
+                       return result;
+               }
+       } else {
+
+               struct samr_Password new_password;
+
+               cred_hash3(new_password.hash,
+                          new_trust_passwd_hash,
+                          cli->dc->sess_key, 1);
+
+               result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
+                                                      cli->dc->remote_machine,
+                                                      cli->dc->mach_acct,
+                                                      sec_channel_type,
+                                                      global_myname(),
+                                                      &clnt_creds,
+                                                      &srv_cred,
+                                                      &new_password);
+               if (!NT_STATUS_IS_OK(result)) {
+                       DEBUG(0,("rpccli_netr_ServerPasswordSet failed: %s\n",
+                               nt_errstr(result)));
+                       return result;
+               }
+       }
+
+       /* Always check returned credentials. */
+       if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
+               DEBUG(0,("credentials chain check failed\n"));
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
+       return result;
+}
+
diff --git a/source/rpc_client/init_netlogon.c 
b/source/rpc_client/init_netlogon.c
index 6184195..e4c39e7 100644
--- a/source/rpc_client/init_netlogon.c
+++ b/source/rpc_client/init_netlogon.c
@@ -391,3 +391,20 @@ void init_netr_PasswordInfo(struct netr_PasswordInfo *r,
        r->lmpassword = lmpassword;
        r->ntpassword = ntpassword;
 }
+
+/*************************************************************************
+ inits a netr_CryptPassword structure
+ *************************************************************************/
+
+void init_netr_CryptPassword(const char *pwd,
+                            unsigned char session_key[16],
+                            struct netr_CryptPassword *pwd_buf)
+{
+       struct samr_CryptPassword password_buf;
+
+       encode_pw_buffer(password_buf.data, pwd, STR_UNICODE);
+
+       SamOEMhash(password_buf.data, session_key, 516);
+       memcpy(pwd_buf->data, password_buf.data, 512);
+       pwd_buf->length = IVAL(password_buf.data, 512);
+}


-- 
Samba Shared Repository

<Prev in Thread] Current Thread [Next in Thread>
  • [SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4437-g9f168f5, Günther Deschner <=