diff options
Diffstat (limited to 'source3/libnet')
| -rw-r--r-- | source3/libnet/libnet_join.c | 66 |
1 files changed, 51 insertions, 15 deletions
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6e653c3586..a87eb382d6 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -817,14 +817,17 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r, struct cli_state *cli) { - struct rpc_pipe_client *pipe_hnd = NULL; - unsigned char orig_trust_passwd_hash[16]; - unsigned char new_trust_passwd_hash[16]; + TALLOC_CTX *frame = talloc_stackframe(); + struct rpc_pipe_client *netlogon_pipe = NULL; + struct netlogon_creds_cli_context *netlogon_creds = NULL; + struct samr_Password current_nt_hash; + const char *account_name = NULL; NTSTATUS status; status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, - &pipe_hnd); + &netlogon_pipe); if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); return status; } @@ -832,22 +835,55 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, r->in.machine_password = generate_random_password(mem_ctx, DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH, DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password); + if (r->in.machine_password == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } } - E_md4hash(r->in.machine_password, new_trust_passwd_hash); - /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */ - E_md4hash(r->in.admin_password, orig_trust_passwd_hash); + E_md4hash(r->in.admin_password, current_nt_hash.hash); - status = rpccli_netlogon_set_trust_password(pipe_hnd, mem_ctx, - r->in.machine_name, - orig_trust_passwd_hash, - r->in.machine_password, - new_trust_passwd_hash, - r->in.secure_channel_type); + account_name = talloc_asprintf(frame, "%s$", + r->in.machine_name); + if (account_name == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } - return status; + status = rpccli_create_netlogon_creds(netlogon_pipe->desthost, + r->in.domain_name, + account_name, + r->in.secure_channel_type, + r->in.msg_ctx, + frame, + &netlogon_creds); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + + status = rpccli_setup_netlogon_creds(cli, + netlogon_creds, + true, /* force_reauth */ + current_nt_hash, + NULL); /* previous_nt_hash */ + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + + status = netlogon_creds_cli_ServerPasswordSet(netlogon_creds, + netlogon_pipe->binding_handle, + r->in.machine_password, + NULL); /* new_version */ + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + + TALLOC_FREE(frame); + return NT_STATUS_OK; } /**************************************************************** |