1/* 2 * Unix SMB/CIFS implementation. 3 * Periodic Trust account password changing. 4 * Copyright (C) Andrew Tridgell 1992-1997, 5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, 6 * Copyright (C) Paul Ashton 1997. 7 * Copyright (C) Jeremy Allison 1998. 8 * Copyright (C) Andrew Bartlett 2001. 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 */ 24 25#include "includes.h" 26 27/************************************************************************ 28 Change the trust account password for a domain. 29************************************************************************/ 30 31NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) 32{ 33 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; 34 struct in_addr pdc_ip; 35 fstring dc_name; 36 struct cli_state *cli; 37 38 DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n", 39 domain)); 40 41 if (remote_machine == NULL || !strcmp(remote_machine, "*")) { 42 /* Use the PDC *only* for this */ 43 44 if ( !get_pdc_ip(domain, &pdc_ip) ) { 45 DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); 46 goto failed; 47 } 48 49 if ( !name_status_find( domain, 0x1b, 0x20, pdc_ip, dc_name) ) 50 goto failed; 51 } else { 52 /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ 53 fstrcpy( dc_name, remote_machine ); 54 } 55 56 /* if this next call fails, then give up. We can't do 57 password changes on BDC's --jerry */ 58 59 if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name, 60 NULL, 0, 61 "IPC$", "IPC", 62 "", "", 63 "", 0, Undefined, NULL))) { 64 DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name)); 65 nt_status = NT_STATUS_UNSUCCESSFUL; 66 goto failed; 67 } 68 69 /* 70 * Ok - we have an anonymous connection to the IPC$ share. 71 * Now start the NT Domain stuff :-). 72 */ 73 74 if(cli_nt_session_open(cli, PI_NETLOGON) == False) { 75 DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", 76 dc_name, cli_errstr(cli))); 77 cli_nt_session_close(cli); 78 cli_ulogoff(cli); 79 cli_shutdown(cli); 80 nt_status = NT_STATUS_UNSUCCESSFUL; 81 goto failed; 82 } 83 84 nt_status = trust_pw_find_change_and_store_it(cli, cli->mem_ctx, domain); 85 86 cli_nt_session_close(cli); 87 cli_ulogoff(cli); 88 cli_shutdown(cli); 89 90failed: 91 if (!NT_STATUS_IS_OK(nt_status)) { 92 DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", 93 timestring(False), domain)); 94 } 95 else 96 DEBUG(5,("change_trust_account_password: sucess!\n")); 97 98 return nt_status; 99} 100