From 6690cd1e8f2a77dda1bf5ee453ef98856b1a3233 Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Sat, 20 Sep 2008 18:20:29 +0200
Subject: [PATCH] netlogon: refactor just_change_the_password a bit.

Guenther
---
 source/libsmb/trusts_util.c | 38 ++++++++++++++++----------------------
 1 file changed, 16 insertions(+), 22 deletions(-)

diff --git a/source/libsmb/trusts_util.c b/source/libsmb/trusts_util.c
index 9265c60665d..7897d517178 100644
--- a/source/libsmb/trusts_util.c
+++ b/source/libsmb/trusts_util.c
@@ -37,6 +37,7 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
 {
 	NTSTATUS result;
 	uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+	struct netr_Authenticator clnt_creds, srv_cred;
 
 	result = rpccli_netlogon_setup_creds(cli,
 					     cli->desthost, /* server name */
@@ -53,13 +54,12 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
 		return result;
 	}
 
+	netlogon_creds_client_step(cli->dc, &clnt_creds);
+
 	if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
 
-		struct netr_Authenticator clnt_creds, srv_cred;
 		struct netr_CryptPassword new_password;
 
-		netlogon_creds_client_step(cli->dc, &clnt_creds);
-
 		init_netr_CryptPassword(new_trust_pwd_cleartext,
 					cli->dc->sess_key,
 					&new_password);
@@ -72,21 +72,15 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
 							&clnt_creds,
 							&srv_cred,
 							&new_password);
-
-		/* Always check returned credentials. */
-		if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
-			DEBUG(0,("rpccli_netr_ServerPasswordSet2: "
-				"credentials chain check failed\n"));
-			return NT_STATUS_ACCESS_DENIED;
+		if (!NT_STATUS_IS_OK(result)) {
+			DEBUG(0,("rpccli_netr_ServerPasswordSet2 failed: %s\n",
+				nt_errstr(result)));
+			return result;
 		}
-
 	} else {
 
-		struct netr_Authenticator clnt_creds, srv_cred;
 		struct samr_Password new_password;
 
-		netlogon_creds_client_step(cli->dc, &clnt_creds);
-
 		cred_hash3(new_password.hash,
 			   new_trust_passwd_hash,
 			   cli->dc->sess_key, 1);
@@ -99,19 +93,19 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
 						       &clnt_creds,
 						       &srv_cred,
 						       &new_password);
-
-		/* Always check returned credentials. */
-		if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
-			DEBUG(0,("rpccli_netr_ServerPasswordSet: "
-				"credentials chain check failed\n"));
-			return NT_STATUS_ACCESS_DENIED;
+		if (!NT_STATUS_IS_OK(result)) {
+			DEBUG(0,("rpccli_netr_ServerPasswordSet failed: %s\n",
+				nt_errstr(result)));
+			return result;
 		}
 	}
 
-	if (!NT_STATUS_IS_OK(result)) {
-		DEBUG(0,("just_change_the_password: unable to change password (%s)!\n",
-			 nt_errstr(result)));
+	/* Always check returned credentials. */
+	if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
+		DEBUG(0,("credentials chain check failed\n"));
+		return NT_STATUS_ACCESS_DENIED;
 	}
+
 	return result;
 }
 
-- 
2.11.4.GIT