search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
include/dlinklist.h: Added '{' '}' around DLIST_PROMOTE so it can be used as a single
[Samba.git] / source / rpc_client / cli_netlogon.c
blob63461c5023e8d527e0d6b48cd4ddb8d0096d170c
1 /*
2 * Unix SMB/Netbios implementation.
3 * Version 1.9.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-1997,
6 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
7 * Copyright (C) Paul Ashton 1997.
8 * Copyright (C) Jeremy Allison 1998.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25
26 #ifdef SYSLOG
27 #undef SYSLOG
28 #endif
29
30 #include "includes.h"
31
32 extern int DEBUGLEVEL;
33 extern pstring global_myname;
34 extern fstring global_myworkgroup;
35
36 /****************************************************************************
37 Generate the next creds to use.
38 ****************************************************************************/
39
40 static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred)
41 {
42 /*
43 * Create the new client credentials.
44 */
45
46 cli->clnt_cred.timestamp.time = time(NULL);
47
48 memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred));
49
50 /* Calculate the new credentials. */
51 cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
52 new_clnt_cred->timestamp, &(new_clnt_cred->challenge));
53
54 }
55
56 #if UNUSED_CODE
57 /****************************************************************************
58 do a LSA Logon Control2
59 ****************************************************************************/
60 BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint32 status_level)
61 {
62 prs_struct rbuf;
63 prs_struct buf;
64 NET_Q_LOGON_CTRL2 q_l;
65 BOOL ok = False;
66
67 prs_init(&buf , 1024, 4, cli->mem_ctx, False);
68 prs_init(&rbuf, 0, 4, cli->mem_ctx, True );
69
70 /* create and send a MSRPC command with api NET_LOGON_CTRL2 */
71
72 DEBUG(4,("do_net_logon_ctrl2 from %s status level:%x\n",
73 global_myname, status_level));
74
75 /* store the parameters */
76 init_q_logon_ctrl2(&q_l, cli->srv_name_slash, status_level);
77
78 /* turn parameters into data stream */
79 if(!net_io_q_logon_ctrl2("", &q_l, &buf, 0)) {
80 DEBUG(0,("cli_net_logon_ctrl2: Error : failed to marshall NET_Q_LOGON_CTRL2 struct.\n"));
81 prs_mem_free(&buf);
82 prs_mem_free(&rbuf);
83 return False;
84 }
85
86 /* send the data on \PIPE\ */
87 if (rpc_api_pipe_req(cli, NET_LOGON_CTRL2, &buf, &rbuf))
88 {
89 NET_R_LOGON_CTRL2 r_l;
90
91 /*
92 * Unmarshall the return buffer.
93 */
94 ok = net_io_r_logon_ctrl2("", &r_l, &rbuf, 0);
95
96 if (ok && r_l.status != 0)
97 {
98 /* report error code */
99 DEBUG(0,("do_net_logon_ctrl2: Error %s\n", get_nt_error_msg(r_l.status)));
100 cli->nt_error = r_l.status;
101 ok = False;
102 }
103 }
104
105 prs_mem_free(&buf);
106 prs_mem_free(&rbuf);
107
108 return ok;
109 }
110 #endif
111
112 /****************************************************************************
113 LSA Authenticate 2
114
115 Send the client credential, receive back a server credential.
116 Ensure that the server credential returned matches the session key
117 encrypt of the server challenge originally received. JRA.
118 ****************************************************************************/
119
120 BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan,
121 uint32 neg_flags, DOM_CHAL *srv_chal)
122 {
123 prs_struct rbuf;
124 prs_struct buf;
125 NET_Q_AUTH_2 q_a;
126 BOOL ok = False;
127
128 prs_init(&buf , 1024, 4, cli->mem_ctx, False);
129 prs_init(&rbuf, 0, 4, cli->mem_ctx, True );
130
131 /* create and send a MSRPC command with api NET_AUTH2 */
132
133 DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
134 cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname,
135 credstr(cli->clnt_cred.challenge.data), neg_flags));
136
137 /* store the parameters */
138 init_q_auth_2(&q_a, cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname,
139 &cli->clnt_cred.challenge, neg_flags);
140
141 /* turn parameters into data stream */
142 if(!net_io_q_auth_2("", &q_a, &buf, 0)) {
143 DEBUG(0,("cli_net_auth2: Error : failed to marshall NET_Q_AUTH_2 struct.\n"));
144 prs_mem_free(&buf);
145 prs_mem_free(&rbuf);
146 return False;
147 }
148
149 /* send the data on \PIPE\ */
150 if (rpc_api_pipe_req(cli, NET_AUTH2, &buf, &rbuf))
151 {
152 NET_R_AUTH_2 r_a;
153
154 ok = net_io_r_auth_2("", &r_a, &rbuf, 0);
155
156 if (ok && r_a.status != 0)
157 {
158 /* report error code */
159 DEBUG(0,("cli_net_auth2: Error %s\n", get_nt_error_msg(r_a.status)));
160 cli->nt_error = r_a.status;
161 ok = False;
162 }
163
164 if (ok)
165 {
166 /*
167 * Check the returned value using the initial
168 * server received challenge.
169 */
170 UTIME zerotime;
171
172 zerotime.time = 0;
173 if(cred_assert( &r_a.srv_chal, cli->sess_key, srv_chal, zerotime) == 0) {
174 /*
175 * Server replied with bad credential. Fail.
176 */
177 DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
178 password ?).\n", cli->desthost ));
179 ok = False;
180 }
181 }
182
183 #if 0
184 /*
185 * Try commenting this out to see if this makes the connect
186 * work for a NT 3.51 PDC. JRA.
187 */
188
189 if (ok && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags)
190 {
191 /* report different neg_flags */
192 DEBUG(0,("cli_net_auth2: error neg_flags (q,r) differ - (%x,%x)\n",
193 q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags));
194 ok = False;
195 }
196 #endif
197
198 }
199
200 prs_mem_free(&buf);
201 prs_mem_free(&rbuf);
202
203 return ok;
204 }
205
206 /****************************************************************************
207 LSA Request Challenge. Sends our challenge to server, then gets
208 server response. These are used to generate the credentials.
209 ****************************************************************************/
210
211 BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal)
212 {
213 prs_struct rbuf;
214 prs_struct buf;
215 NET_Q_REQ_CHAL q_c;
216 BOOL valid_chal = False;
217
218 prs_init(&buf , 1024, 4, cli->mem_ctx, False);
219 prs_init(&rbuf, 0, 4, cli->mem_ctx, True );
220
221 /* create and send a MSRPC command with api NET_REQCHAL */
222
223 DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n",
224 cli->desthost, global_myname, credstr(clnt_chal->data)));
225
226 /* store the parameters */
227 init_q_req_chal(&q_c, cli->srv_name_slash, global_myname, clnt_chal);
228
229 /* turn parameters into data stream */
230 if(!net_io_q_req_chal("", &q_c, &buf, 0)) {
231 DEBUG(0,("cli_net_req_chal: Error : failed to marshall NET_Q_REQ_CHAL struct.\n"));
232 prs_mem_free(&buf);
233 prs_mem_free(&rbuf);
234 return False;
235 }
236
237 /* send the data on \PIPE\ */
238 if (rpc_api_pipe_req(cli, NET_REQCHAL, &buf, &rbuf))
239 {
240 NET_R_REQ_CHAL r_c;
241 BOOL ok;
242
243 ok = net_io_r_req_chal("", &r_c, &rbuf, 0);
244
245 if (ok && r_c.status != 0)
246 {
247 /* report error code */
248 DEBUG(0,("cli_net_req_chal: Error %s\n", get_nt_error_msg(r_c.status)));
249 cli->nt_error = r_c.status;
250 ok = False;
251 }
252
253 if (ok)
254 {
255 /* ok, at last: we're happy. return the challenge */
256 memcpy(srv_chal, r_c.srv_chal.data, sizeof(srv_chal->data));
257 valid_chal = True;
258 }
259 }
260
261 prs_mem_free(&buf);
262 prs_mem_free(&rbuf);
263
264 return valid_chal;
265 }
266
267 /***************************************************************************
268 LSA Server Password Set.
269 ****************************************************************************/
270
271 BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16])
272 {
273 prs_struct rbuf;
274 prs_struct buf;
275 DOM_CRED new_clnt_cred;
276 NET_Q_SRV_PWSET q_s;
277 BOOL ok = False;
278 uint16 sec_chan_type = 2;
279
280 gen_next_creds( cli, &new_clnt_cred);
281
282 prs_init(&buf , 1024, 4, cli->mem_ctx, False);
283 prs_init(&rbuf, 0, 4, cli->mem_ctx, True );
284
285 /* create and send a MSRPC command with api NET_SRV_PWSET */
286
287 DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x\n",
288 cli->srv_name_slash, cli->mach_acct, sec_chan_type, global_myname,
289 credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time));
290
291 /* store the parameters */
292 init_q_srv_pwset(&q_s, cli->srv_name_slash, cli->mach_acct, sec_chan_type,
293 global_myname, &new_clnt_cred, (char *)hashed_mach_pwd);
294
295 /* turn parameters into data stream */
296 if(!net_io_q_srv_pwset("", &q_s, &buf, 0)) {
297 DEBUG(0,("cli_net_srv_pwset: Error : failed to marshall NET_Q_SRV_PWSET struct.\n"));
298 prs_mem_free(&buf);
299 prs_mem_free(&rbuf);
300 return False;
301 }
302
303 /* send the data on \PIPE\ */
304 if (rpc_api_pipe_req(cli, NET_SRVPWSET, &buf, &rbuf))
305 {
306 NET_R_SRV_PWSET r_s;
307
308 ok = net_io_r_srv_pwset("", &r_s, &rbuf, 0);
309
310 if (ok && r_s.status != 0)
311 {
312 /* report error code */
313 DEBUG(0,("cli_net_srv_pwset: %s\n", get_nt_error_msg(r_s.status)));
314 cli->nt_error = r_s.status;
315 ok = False;
316 }
317
318 /* Update the credentials. */
319 if (ok && !clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_cred)))
320 {
321 /*
322 * Server replied with bad credential. Fail.
323 */
324 DEBUG(0,("cli_net_srv_pwset: server %s replied with bad credential (bad machine \
325 password ?).\n", cli->desthost ));
326 ok = False;
327 }
328 }
329
330 prs_mem_free(&buf);
331 prs_mem_free(&rbuf);
332
333 return ok;
334 }
335
336 /***************************************************************************
337 LSA SAM Logon - interactive or network.
338 ****************************************************************************/
339
340 BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr,
341 NET_USER_INFO_3 *user_info3)
342 {
343 DOM_CRED new_clnt_cred;
344 DOM_CRED dummy_rtn_creds;
345 prs_struct rbuf;
346 prs_struct buf;
347 uint16 validation_level = 3;
348 NET_Q_SAM_LOGON q_s;
349 BOOL ok = False;
350
351 gen_next_creds( cli, &new_clnt_cred);
352
353 prs_init(&buf , 1024, 4, cli->mem_ctx, False);
354 prs_init(&rbuf, 0, 4, cli->mem_ctx, True );
355
356 /* create and send a MSRPC command with api NET_SAMLOGON */
357
358 DEBUG(4,("cli_net_sam_logon: srv:%s mc:%s clnt %s %x ll: %d\n",
359 cli->srv_name_slash, global_myname,
360 credstr(new_clnt_cred.challenge.data), cli->clnt_cred.timestamp.time,
361 ctr->switch_value));
362
363 memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
364 dummy_rtn_creds.timestamp.time = time(NULL);
365
366 /* store the parameters */
367 q_s.validation_level = validation_level;
368 init_sam_info(&q_s.sam_id, cli->srv_name_slash, global_myname,
369 &new_clnt_cred, &dummy_rtn_creds, ctr->switch_value, ctr);
370
371 /* turn parameters into data stream */
372 if(!net_io_q_sam_logon("", &q_s, &buf, 0)) {
373 DEBUG(0,("cli_net_sam_logon: Error : failed to marshall NET_Q_SAM_LOGON struct.\n"));
374 prs_mem_free(&buf);
375 prs_mem_free(&rbuf);
376 return False;
377 }
378
379 /* send the data on \PIPE\ */
380 if (rpc_api_pipe_req(cli, NET_SAMLOGON, &buf, &rbuf))
381 {
382 NET_R_SAM_LOGON r_s;
383
384 r_s.user = user_info3;
385
386 ok = net_io_r_sam_logon("", &r_s, &rbuf, 0);
387
388 if (ok && r_s.status != 0)
389 {
390 /* report error code */
391 DEBUG(0,("cli_net_sam_logon: %s\n", get_nt_error_msg(r_s.status)));
392 cli->nt_error = r_s.status;
393 ok = False;
394 }
395
396 /* Update the credentials. */
397 if (ok && !clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)))
398 {
399 /*
400 * Server replied with bad credential. Fail.
401 */
402 DEBUG(0,("cli_net_sam_logon: server %s replied with bad credential (bad machine \
403 password ?).\n", cli->desthost ));
404 ok = False;
405 }
406
407 if (ok && r_s.switch_value != 3)
408 {
409 /* report different switch_value */
410 DEBUG(0,("cli_net_sam_logon: switch_value of 3 expected %x\n",
411 r_s.switch_value));
412 ok = False;
413 }
414 }
415
416 prs_mem_free(&buf);
417 prs_mem_free(&rbuf);
418
419 return ok;
420 }
421
422 /***************************************************************************
423 LSA SAM Logoff.
424
425 This currently doesnt work correctly as the domain controller
426 returns NT_STATUS_INVALID_INFO_CLASS - we obviously need to
427 send a different info level. Right now though, I'm not sure
428 what that needs to be (I need to see one on the wire before
429 I can be sure). JRA.
430 ****************************************************************************/
431 BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr)
432 {
433 DOM_CRED new_clnt_cred;
434 DOM_CRED dummy_rtn_creds;
435 prs_struct rbuf;
436 prs_struct buf;
437 NET_Q_SAM_LOGOFF q_s;
438 BOOL ok = False;
439
440 gen_next_creds( cli, &new_clnt_cred);
441
442 prs_init(&buf , 1024, 4, cli->mem_ctx, False);
443 prs_init(&rbuf, 0, 4, cli->mem_ctx, True );
444
445 /* create and send a MSRPC command with api NET_SAMLOGOFF */
446
447 DEBUG(4,("cli_net_sam_logoff: srv:%s mc:%s clnt %s %x ll: %d\n",
448 cli->srv_name_slash, global_myname,
449 credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time,
450 ctr->switch_value));
451
452 memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
453
454 init_sam_info(&q_s.sam_id, cli->srv_name_slash, global_myname,
455 &new_clnt_cred, &dummy_rtn_creds, ctr->switch_value, ctr);
456
457 /* turn parameters into data stream */
458 if(!net_io_q_sam_logoff("", &q_s, &buf, 0)) {
459 DEBUG(0,("cli_net_sam_logoff: Error : failed to marshall NET_Q_SAM_LOGOFF struct.\n"));
460 prs_mem_free(&buf);
461 prs_mem_free(&rbuf);
462 return False;
463 }
464
465 /* send the data on \PIPE\ */
466 if (rpc_api_pipe_req(cli, NET_SAMLOGOFF, &buf, &rbuf))
467 {
468 NET_R_SAM_LOGOFF r_s;
469
470 ok = net_io_r_sam_logoff("", &r_s, &rbuf, 0);
471
472 if (ok && r_s.status != 0)
473 {
474 /* report error code */
475 DEBUG(0,("cli_net_sam_logoff: %s\n", get_nt_error_msg(r_s.status)));
476 cli->nt_error = r_s.status;
477 ok = False;
478 }
479
480 /* Update the credentials. */
481 if (ok && !clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)))
482 {
483 /*
484 * Server replied with bad credential. Fail.
485 */
486 DEBUG(0,("cli_net_sam_logoff: server %s replied with bad credential (bad machine \
487 password ?).\n", cli->desthost ));
488 ok = False;
489 }
490 }
491
492 prs_mem_free(&buf);
493 prs_mem_free(&rbuf);
494
495 return ok;
496 }
497
498 /*********************************************************
499 Change the domain password on the PDC.
500 **********************************************************/
501
502 static BOOL modify_trust_password( char *domain, char *remote_machine,
503 unsigned char orig_trust_passwd_hash[16],
504 unsigned char new_trust_passwd_hash[16])
505 {
506 struct cli_state cli;
507
508 ZERO_STRUCT(cli);
509 if(cli_initialise(&cli) == False) {
510 DEBUG(0,("modify_trust_password: unable to initialize client connection.\n"));
511 return False;
512 }
513
514 if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) {
515 DEBUG(0,("modify_trust_password: Can't resolve address for %s\n", remote_machine));
516 cli_shutdown(&cli);
517 return False;
518 }
519
520 if (ismyip(cli.dest_ip)) {
521 DEBUG(0,("modify_trust_password: Machine %s is one of our addresses. Cannot add \
522 to ourselves.\n", remote_machine));
523 cli_shutdown(&cli);
524 return False;
525 }
526
527 if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) {
528 DEBUG(0,("modify_trust_password: unable to connect to SMB server on \
529 machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
530 cli_shutdown(&cli);
531 return False;
532 }
533
534 if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) {
535 DEBUG(0,("modify_trust_password: machine %s rejected the NetBIOS \
536 session request. Error was %s\n", remote_machine, cli_errstr(&cli) ));
537 cli_shutdown(&cli);
538 return False;
539 }
540
541 cli.protocol = PROTOCOL_NT1;
542
543 if (!cli_negprot(&cli)) {
544 DEBUG(0,("modify_trust_password: machine %s rejected the negotiate protocol. \
545 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
546 cli_shutdown(&cli);
547 return False;
548 }
549
550 if (cli.protocol != PROTOCOL_NT1) {
551 DEBUG(0,("modify_trust_password: machine %s didn't negotiate NT protocol.\n",
552 remote_machine));
553 cli_shutdown(&cli);
554 return False;
555 }
556
557 /*
558 * Do an anonymous session setup.
559 */
560
561 if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
562 DEBUG(0,("modify_trust_password: machine %s rejected the session setup. \
563 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
564 cli_shutdown(&cli);
565 return False;
566 }
567
568 if (!(cli.sec_mode & 1)) {
569 DEBUG(0,("modify_trust_password: machine %s isn't in user level security mode\n",
570 remote_machine));
571 cli_shutdown(&cli);
572 return False;
573 }
574
575 if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
576 DEBUG(0,("modify_trust_password: machine %s rejected the tconX on the IPC$ share. \
577 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
578 cli_shutdown(&cli);
579 return False;
580 }
581
582 /*
583 * Ok - we have an anonymous connection to the IPC$ share.
584 * Now start the NT Domain stuff :-).
585 */
586
587 if(cli_lsa_get_domain_sid(&cli, remote_machine) == False) {
588 DEBUG(0,("modify_trust_password: unable to obtain domain sid from %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
589 cli_ulogoff(&cli);
590 cli_shutdown(&cli);
591 return False;
592 }
593
594 if(cli_nt_session_open(&cli, PIPE_NETLOGON) == False) {
595 DEBUG(0,("modify_trust_password: unable to open the domain client session to \
596 machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
597 cli_nt_session_close(&cli);
598 cli_ulogoff(&cli);
599 cli_shutdown(&cli);
600 return False;
601 }
602
603 if(cli_nt_setup_creds(&cli, orig_trust_passwd_hash) == False) {
604 DEBUG(0,("modify_trust_password: unable to setup the PDC credentials to machine \
605 %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
606 cli_nt_session_close(&cli);
607 cli_ulogoff(&cli);
608 cli_shutdown(&cli);
609 return False;
610 }
611
612 if( cli_nt_srv_pwset( &cli,new_trust_passwd_hash ) == False) {
613 DEBUG(0,("modify_trust_password: unable to change password for machine %s in domain \
614 %s to Domain controller %s. Error was %s.\n", global_myname, domain, remote_machine,
615 cli_errstr(&cli)));
616 cli_close(&cli, cli.nt_pipe_fnum);
617 cli_ulogoff(&cli);
618 cli_shutdown(&cli);
619 return False;
620 }
621
622 cli_nt_session_close(&cli);
623 cli_ulogoff(&cli);
624 cli_shutdown(&cli);
625
626 return True;
627 }
628
629 /************************************************************************
630 Change the trust account password for a domain.
631 The user of this function must have locked the trust password file for
632 update.
633 ************************************************************************/
634
635 BOOL change_trust_account_password( char *domain, char *remote_machine_list)
636 {
637 fstring remote_machine;
638 unsigned char old_trust_passwd_hash[16];
639 unsigned char new_trust_passwd_hash[16];
640 time_t lct;
641 BOOL res = False;
642
643 if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) {
644 DEBUG(0,("change_trust_account_password: unable to read the machine \
645 account password for domain %s.\n", domain));
646 return False;
647 }
648
649 /*
650 * Create the new (random) password.
651 */
652 generate_random_buffer( new_trust_passwd_hash, 16, True);
653
654 while(remote_machine_list &&
655 next_token(&remote_machine_list, remote_machine,
656 LIST_SEP, sizeof(remote_machine))) {
657 strupper(remote_machine);
658 if(strequal(remote_machine, "*")) {
659
660 /*
661 * We have been asked to dynamcially determine the IP addresses of the PDC.
662 */
663
664 struct in_addr *ip_list = NULL;
665 int count = 0;
666 int i;
667
668 if(!get_dc_list(domain, &ip_list, &count))
669 continue;
670
671 /*
672 * Try and connect to the PDC/BDC list in turn as an IP
673 * address used as a string.
674 */
675
676 for(i = 0; i < count; i++) {
677 fstring dc_name;
678 if(!lookup_pdc_name(global_myname, domain, &ip_list[i], dc_name))
679 continue;
680 if((res = modify_trust_password( domain, dc_name,
681 old_trust_passwd_hash, new_trust_passwd_hash)))
682 break;
683 }
684
685 if(ip_list != NULL)
686 free((char *)ip_list);
687
688 } else {
689 res = modify_trust_password( domain, remote_machine,
690 old_trust_passwd_hash, new_trust_passwd_hash);
691 }
692
693 if(res) {
694 DEBUG(0,("%s : change_trust_account_password: Changed password for \
695 domain %s.\n", timestring(False), domain));
696 /*
697 * Return the result of trying to write the new password
698 * back into the trust account file.
699 */
700 res = secrets_store_trust_account_password(domain, new_trust_passwd_hash);
701 memset(new_trust_passwd_hash, 0, 16);
702 memset(old_trust_passwd_hash, 0, 16);
703 return res;
704 }
705 }
706
707 memset(new_trust_passwd_hash, 0, 16);
708 memset(old_trust_passwd_hash, 0, 16);
709
710 DEBUG(0,("%s : change_trust_account_password: Failed to change password for \
711 domain %s.\n", timestring(False), domain));
712 return False;
713 }
Samba GIT mirror