1/*
2 *  Unix SMB/CIFS implementation.
3 *  Periodic Trust account password changing.
4 *  Copyright (C) Andrew Tridgell              1992-1997,
5 *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 *  Copyright (C) Paul Ashton                       1997.
7 *  Copyright (C) Jeremy Allison                    1998.
8 *  Copyright (C) Andrew Bartlett                   2001.
9 *
10 *  This program is free software; you can redistribute it and/or modify
11 *  it under the terms of the GNU General Public License as published by
12 *  the Free Software Foundation; either version 2 of the License, or
13 *  (at your option) any later version.
14 *
15 *  This program is distributed in the hope that it will be useful,
16 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
17 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18 *  GNU General Public License for more details.
19 *
20 *  You should have received a copy of the GNU General Public License
21 *  along with this program; if not, write to the Free Software
22 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25#include "includes.h"
26
27/************************************************************************
28 Change the trust account password for a domain.
29************************************************************************/
30
31NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine)
32{
33	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
34	struct in_addr pdc_ip;
35	fstring dc_name;
36	struct cli_state *cli;
37
38	DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n",
39		domain));
40
41	if (remote_machine == NULL || !strcmp(remote_machine, "*")) {
42		/* Use the PDC *only* for this */
43
44		if ( !get_pdc_ip(domain, &pdc_ip) ) {
45			DEBUG(0,("Can't get IP for PDC for domain %s\n", domain));
46			goto failed;
47		}
48
49		if ( !name_status_find( domain, 0x1b, 0x20, pdc_ip, dc_name) )
50			goto failed;
51	} else {
52		/* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
53		fstrcpy( dc_name, remote_machine );
54	}
55
56	/* if this next call fails, then give up.  We can't do
57	   password changes on BDC's  --jerry */
58
59	if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name,
60					   NULL, 0,
61					   "IPC$", "IPC",
62					   "", "",
63					   "", 0, Undefined, NULL))) {
64		DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name));
65		nt_status = NT_STATUS_UNSUCCESSFUL;
66		goto failed;
67	}
68
69	/*
70	 * Ok - we have an anonymous connection to the IPC$ share.
71	 * Now start the NT Domain stuff :-).
72	 */
73
74	if(cli_nt_session_open(cli, PI_NETLOGON) == False) {
75		DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n",
76			dc_name, cli_errstr(cli)));
77		cli_nt_session_close(cli);
78		cli_ulogoff(cli);
79		cli_shutdown(cli);
80		nt_status = NT_STATUS_UNSUCCESSFUL;
81		goto failed;
82	}
83
84	nt_status = trust_pw_find_change_and_store_it(cli, cli->mem_ctx, domain);
85
86	cli_nt_session_close(cli);
87	cli_ulogoff(cli);
88	cli_shutdown(cli);
89
90failed:
91	if (!NT_STATUS_IS_OK(nt_status)) {
92		DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n",
93			timestring(False), domain));
94	}
95	else
96		DEBUG(5,("change_trust_account_password: sucess!\n"));
97
98	return nt_status;
99}
100