diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-06-18 12:33:46 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-06-18 13:49:30 +1000 |
commit | 58e8db912d2213a594714ac29866396098662557 (patch) | |
tree | 1fba34e4ef93aa73e9839ad876460e6aa157a2fb /source4/librpc | |
parent | 19413c52495877d54c90c60229568d0077fda30b (diff) | |
download | samba-58e8db912d2213a594714ac29866396098662557.tar.gz samba-58e8db912d2213a594714ac29866396098662557.tar.xz samba-58e8db912d2213a594714ac29866396098662557.zip |
s4:libnet Allow 'net password change' to work on expired passwords
We need to pass down flags to the DCE/RPC layer to allow fallback to
anonymous connections, as we can't log in with an expired password.
The anonymous connection can then change the password with SAMR.
Andrew Bartlett
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 2 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_connect.c | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 7f573f0e84f..ea92bcc93a4 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -142,6 +142,8 @@ struct dcerpc_pipe { #define DCERPC_SCHANNEL (1<<9) +#define DCERPC_ANON_FALLBACK (1<<10) + /* use a 128 bit session key */ #define DCERPC_SCHANNEL_128 (1<<12) diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 0f9fbe0abc0..1b1f039004f 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -130,10 +130,10 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT * provide proper credentials - user supplied, but allow a * fallback to anonymous if this is an schannel connection * (might be NT4 not allowing machine logins at session - * setup). + * setup) or if asked to do so by the caller (perhaps a SAMR password change?) */ s->conn.in.credentials = s->io.creds; - if (s->io.binding->flags & DCERPC_SCHANNEL) { + if (s->io.binding->flags & (DCERPC_SCHANNEL|DCERPC_ANON_FALLBACK)) { conn->in.fallback_to_anonymous = true; } else { conn->in.fallback_to_anonymous = false; |