2 Unix SMB/CIFS implementation.
3 NT Domain Authentication SMB / MSRPC client
4 Copyright (C) Andrew Tridgell 1992-2000
5 Copyright (C) Luke Kenneth Casson Leighton 1996-2000
6 Copyright (C) Tim Potter 2001
7 Copyright (C) Paul Ashton 1997.
8 Copyright (C) Jeremy Allison 1998.
9 Copyright (C) Andrew Bartlett 2001.
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 /* LSA Request Challenge. Sends our challenge to server, then gets
29 server response. These are used to generate the credentials. */
31 NTSTATUS cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal,
34 prs_struct qbuf, rbuf;
37 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
39 prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
40 prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
42 /* create and send a MSRPC command with api NET_REQCHAL */
44 DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n",
45 global_myname(), cli->desthost, credstr(clnt_chal->data)));
47 /* store the parameters */
48 init_q_req_chal(&q, cli->srv_name_slash, global_myname(), clnt_chal);
50 /* Marshall data and send request */
52 if (!net_io_q_req_chal("", &q, &qbuf, 0) ||
53 !rpc_api_pipe_req(cli, PI_NETLOGON, NET_REQCHAL, &qbuf, &rbuf)) {
57 /* Unmarhall response */
59 if (!net_io_r_req_chal("", &r, &rbuf, 0)) {
67 if (NT_STATUS_IS_OK(result)) {
68 memcpy(srv_chal, r.srv_chal.data, sizeof(srv_chal->data));
78 NTSTATUS rpccli_net_req_chal(struct rpc_pipe_client *cli,
79 const char *server_name,
80 const char *computer_name,
81 DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal)
83 prs_struct qbuf, rbuf;
86 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
88 prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->cli->mem_ctx, MARSHALL);
89 prs_init(&rbuf, 0, cli->cli->mem_ctx, UNMARSHALL);
91 /* create and send a MSRPC command with api NET_REQCHAL */
93 DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s\n",
94 computer_name, server_name));
96 /* store the parameters */
97 init_q_req_chal(&q, server_name, computer_name, clnt_chal);
99 /* Marshall data and send request */
101 if (!net_io_q_req_chal("", &q, &qbuf, 0) ||
102 !rpc_api_pipe_req_int(cli, NET_REQCHAL, &qbuf, &rbuf)) {
106 /* Unmarhall response */
108 if (!net_io_r_req_chal("", &r, &rbuf, 0)) {
116 if (NT_STATUS_IS_OK(result)) {
117 memcpy(srv_chal, r.srv_chal.data, sizeof(srv_chal->data));
127 /****************************************************************************
130 Send the client credential, receive back a server credential.
131 Ensure that the server credential returned matches the session key
132 encrypt of the server challenge originally received. JRA.
133 ****************************************************************************/
135 NTSTATUS cli_net_auth2(struct cli_state *cli,
137 uint32 *neg_flags, DOM_CHAL *srv_chal)
139 prs_struct qbuf, rbuf;
142 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
143 fstring machine_acct;
145 prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
146 prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
148 if ( sec_chan == SEC_CHAN_DOMAIN )
149 fstr_sprintf( machine_acct, "%s$", lp_workgroup() );
151 fstrcpy( machine_acct, cli->mach_acct );
153 /* create and send a MSRPC command with api NET_AUTH2 */
155 DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
156 cli->srv_name_slash, machine_acct, sec_chan, global_myname(),
157 credstr(cli->clnt_cred.challenge.data), *neg_flags));
159 /* store the parameters */
161 init_q_auth_2(&q, cli->srv_name_slash, machine_acct,
162 sec_chan, global_myname(), &cli->clnt_cred.challenge,
165 /* turn parameters into data stream */
167 if (!net_io_q_auth_2("", &q, &qbuf, 0) ||
168 !rpc_api_pipe_req(cli, PI_NETLOGON, NET_AUTH2, &qbuf, &rbuf)) {
172 /* Unmarshall response */
174 if (!net_io_r_auth_2("", &r, &rbuf, 0)) {
180 if (NT_STATUS_IS_OK(result)) {
184 * Check the returned value using the initial
185 * server received challenge.
189 if (cred_assert( &r.srv_chal, cli->sess_key, srv_chal,
193 * Server replied with bad credential. Fail.
195 DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
196 password ?).\n", cli->desthost ));
197 result = NT_STATUS_ACCESS_DENIED;
200 *neg_flags = r.srv_flgs.neg_flags;
210 NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
211 const char *server_name,
212 const char *account_name,
213 uint16 sec_chan_type,
214 const char *computer_name,
215 const DOM_CHAL *credentials,
219 prs_struct qbuf, rbuf;
222 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
224 prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
225 prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
227 /* create and send a MSRPC command with api NET_AUTH2 */
229 DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n",
230 server_name, account_name, sec_chan_type, computer_name,
233 /* store the parameters */
235 init_q_auth_2(&q, server_name, account_name, sec_chan_type,
236 computer_name, credentials, *neg_flags);
238 /* turn parameters into data stream */
240 if (!net_io_q_auth_2("", &q, &qbuf, 0) ||
241 !rpc_api_pipe_req_int(cli, NET_AUTH2, &qbuf, &rbuf)) {
245 /* Unmarshall response */
247 if (!net_io_r_auth_2("", &r, &rbuf, 0)) {
253 if (NT_STATUS_IS_OK(result)) {
254 *srv_chal = r.srv_chal;
255 *neg_flags = r.srv_flgs.neg_flags;
265 /****************************************************************************
268 Send the client credential, receive back a server credential.
269 Ensure that the server credential returned matches the session key
270 encrypt of the server challenge originally received. JRA.
271 ****************************************************************************/
273 NTSTATUS cli_net_auth3(struct cli_state *cli,
275 uint32 *neg_flags, DOM_CHAL *srv_chal)
277 prs_struct qbuf, rbuf;
280 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
282 prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
283 prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
285 /* create and send a MSRPC command with api NET_AUTH2 */
287 DEBUG(4,("cli_net_auth3: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
288 cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname(),
289 credstr(cli->clnt_cred.challenge.data), *neg_flags));
291 /* store the parameters */
292 init_q_auth_3(&q, cli->srv_name_slash, cli->mach_acct,
293 sec_chan, global_myname(), &cli->clnt_cred.challenge,
296 /* turn parameters into data stream */
298 if (!net_io_q_auth_3("", &q, &qbuf, 0) ||
299 !rpc_api_pipe_req(cli, PI_NETLOGON, NET_AUTH3, &qbuf, &rbuf)) {
303 /* Unmarshall response */
305 if (!net_io_r_auth_3("", &r, &rbuf, 0)) {
311 if (NT_STATUS_IS_OK(result)) {
315 * Check the returned value using the initial
316 * server received challenge.
320 if (cred_assert( &r.srv_chal, cli->sess_key, srv_chal,
324 * Server replied with bad credential. Fail.
326 DEBUG(0,("cli_net_auth3: server %s replied with bad credential (bad machine \
327 password ?).\n", cli->desthost ));
328 result = NT_STATUS_ACCESS_DENIED;
331 *neg_flags = r.srv_flgs.neg_flags;
341 /* Initialize domain session credentials */
343 NTSTATUS cli_nt_setup_creds(struct cli_state *cli,
345 const unsigned char mach_pwd[16], uint32 *neg_flags, int level)
352 /******************* Request Challenge ********************/
354 generate_random_buffer(clnt_chal.data, 8);
356 /* send a client challenge; receive a server challenge */
357 result = cli_net_req_chal(cli, &clnt_chal, &srv_chal);
359 if (!NT_STATUS_IS_OK(result)) {
360 DEBUG(0,("cli_nt_setup_creds: request challenge failed\n"));
364 /**************** Long-term Session key **************/
366 /* calculate the session key */
367 cred_session_key(&clnt_chal, &srv_chal, mach_pwd,
369 memset((char *)cli->sess_key+8, '\0', 8);
371 /******************* Authenticate 2/3 ********************/
373 /* calculate auth-2/3 credentials */
375 cred_create(cli->sess_key, &clnt_chal, zerotime, &cli->clnt_cred.challenge);
378 * Send client auth-2/3 challenge.
379 * Receive an auth-2/3 challenge response and check it.
383 result = cli_net_auth2(cli, sec_chan, neg_flags, &srv_chal);
386 result = cli_net_auth3(cli, sec_chan, neg_flags, &srv_chal);
389 DEBUG(1,("cli_nt_setup_creds: unsupported auth level: %d\n", level));
393 if (!NT_STATUS_IS_OK(result))
394 DEBUG(3,("cli_nt_setup_creds: auth%d challenge failed %s\n", level, nt_errstr(result)));
399 /* Logon Control 2 */
401 NTSTATUS cli_netlogon_logon_ctrl2(struct cli_state *cli, TALLOC_CTX *mem_ctx,
404 prs_struct qbuf, rbuf;
407 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
412 /* Initialise parse structures */
414 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
415 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
417 /* Initialise input parameters */
419 init_net_q_logon_ctrl2(&q, cli->srv_name_slash, query_level);
421 /* Marshall data and send request */
423 if (!net_io_q_logon_ctrl2("", &q, &qbuf, 0) ||
424 !rpc_api_pipe_req(cli, PI_NETLOGON, NET_LOGON_CTRL2, &qbuf, &rbuf)) {
425 result = NT_STATUS_UNSUCCESSFUL;
429 /* Unmarshall response */
431 if (!net_io_r_logon_ctrl2("", &r, &rbuf, 0)) {
432 result = NT_STATUS_UNSUCCESSFUL;
447 NTSTATUS rpccli_netlogon_getdcname(struct rpc_pipe_client *cli,
448 TALLOC_CTX *mem_ctx, const char *mydcname,
449 const char *domainname, fstring newdcname)
451 prs_struct qbuf, rbuf;
454 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
459 /* Initialise parse structures */
461 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
462 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
464 /* Initialise input parameters */
466 init_net_q_getdcname(&q, mydcname, domainname);
468 /* Marshall data and send request */
470 if (!net_io_q_getdcname("", &q, &qbuf, 0) ||
471 !rpc_api_pipe_req_int(cli, NET_GETDCNAME, &qbuf, &rbuf)) {
472 result = NT_STATUS_UNSUCCESSFUL;
476 /* Unmarshall response */
478 if (!net_io_r_getdcname("", &r, &rbuf, 0)) {
479 result = NT_STATUS_UNSUCCESSFUL;
485 if (NT_STATUS_IS_OK(result))
486 rpcstr_pull_unistr2_fstring(newdcname, &r.uni_dcname);
495 NTSTATUS cli_netlogon_getdcname(struct cli_state *cli, TALLOC_CTX *mem_ctx,
496 const char *domainname, fstring dcname)
498 return rpccli_netlogon_getdcname(&cli->pipes[PI_NETLOGON], mem_ctx,
499 cli->srv_name_slash, domainname,
503 /****************************************************************************
504 Generate the next creds to use.
505 ****************************************************************************/
507 static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred)
510 * Create the new client credentials.
513 cli->clnt_cred.timestamp.time = time(NULL);
515 memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred));
517 /* Calculate the new credentials. */
518 cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
519 new_clnt_cred->timestamp, &(new_clnt_cred->challenge));
522 /* Sam synchronisation */
524 NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_CRED *ret_creds,
525 uint32 database_id, uint32 next_rid, uint32 *num_deltas,
526 SAM_DELTA_HDR **hdr_deltas,
527 SAM_DELTA_CTR **deltas)
529 prs_struct qbuf, rbuf;
532 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
538 /* Initialise parse structures */
540 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
541 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
543 /* Initialise input parameters */
545 gen_next_creds(cli, &clnt_creds);
547 init_net_q_sam_sync(&q, cli->srv_name_slash, cli->clnt_name_slash + 2,
548 &clnt_creds, ret_creds, database_id, next_rid);
550 /* Marshall data and send request */
552 if (!net_io_q_sam_sync("", &q, &qbuf, 0) ||
553 !rpc_api_pipe_req(cli, PI_NETLOGON, NET_SAM_SYNC, &qbuf, &rbuf)) {
554 result = NT_STATUS_UNSUCCESSFUL;
558 /* Unmarshall response */
560 if (!net_io_r_sam_sync("", cli->sess_key, &r, &rbuf, 0)) {
561 result = NT_STATUS_UNSUCCESSFUL;
568 *num_deltas = r.num_deltas2;
569 *hdr_deltas = r.hdr_deltas;
572 memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds));
581 /* Sam synchronisation */
583 NTSTATUS cli_netlogon_sam_deltas(struct cli_state *cli, TALLOC_CTX *mem_ctx,
584 uint32 database_id, UINT64_S seqnum,
586 SAM_DELTA_HDR **hdr_deltas,
587 SAM_DELTA_CTR **deltas)
589 prs_struct qbuf, rbuf;
592 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
598 /* Initialise parse structures */
600 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
601 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
603 /* Initialise input parameters */
605 gen_next_creds(cli, &clnt_creds);
607 init_net_q_sam_deltas(&q, cli->srv_name_slash,
608 cli->clnt_name_slash + 2, &clnt_creds,
609 database_id, seqnum);
611 /* Marshall data and send request */
613 if (!net_io_q_sam_deltas("", &q, &qbuf, 0) ||
614 !rpc_api_pipe_req(cli, PI_NETLOGON, NET_SAM_DELTAS, &qbuf, &rbuf)) {
615 result = NT_STATUS_UNSUCCESSFUL;
619 /* Unmarshall response */
621 if (!net_io_r_sam_deltas("", cli->sess_key, &r, &rbuf, 0)) {
622 result = NT_STATUS_UNSUCCESSFUL;
629 *num_deltas = r.num_deltas2;
630 *hdr_deltas = r.hdr_deltas;
640 /* Logon domain user */
642 NTSTATUS cli_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx,
644 const char *username, const char *password,
647 prs_struct qbuf, rbuf;
650 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
651 DOM_CRED clnt_creds, dummy_rtn_creds;
653 NET_USER_INFO_3 user;
654 int validation_level = 3;
658 ZERO_STRUCT(dummy_rtn_creds);
660 /* Initialise parse structures */
662 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
663 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
665 /* Initialise input parameters */
667 gen_next_creds(cli, &clnt_creds);
669 q.validation_level = validation_level;
671 if (ret_creds == NULL)
672 ret_creds = &dummy_rtn_creds;
674 ctr.switch_value = logon_type;
676 switch (logon_type) {
677 case INTERACTIVE_LOGON_TYPE: {
678 unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
680 nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
682 init_id_info1(&ctr.auth.id1, lp_workgroup(),
684 0xdead, 0xbeef, /* LUID? */
685 username, cli->clnt_name_slash,
686 (const char *)cli->sess_key, lm_owf_user_pwd,
691 case NET_LOGON_TYPE: {
693 unsigned char local_lm_response[24];
694 unsigned char local_nt_response[24];
696 generate_random_buffer(chal, 8);
698 SMBencrypt(password, chal, local_lm_response);
699 SMBNTencrypt(password, chal, local_nt_response);
701 init_id_info2(&ctr.auth.id2, lp_workgroup(),
703 0xdead, 0xbeef, /* LUID? */
704 username, cli->clnt_name_slash, chal,
705 local_lm_response, 24, local_nt_response, 24);
709 DEBUG(0, ("switch value %d not supported\n",
714 init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname(),
715 &clnt_creds, ret_creds, logon_type,
718 /* Marshall data and send request */
720 if (!net_io_q_sam_logon("", &q, &qbuf, 0) ||
721 !rpc_api_pipe_req(cli, PI_NETLOGON, NET_SAMLOGON, &qbuf, &rbuf)) {
725 /* Unmarshall response */
729 if (!net_io_r_sam_logon("", &r, &rbuf, 0)) {
736 memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds));
747 * Logon domain user with an 'network' SAM logon
749 * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller.
752 NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
754 const char *server_name_slash,
755 DOM_CRED *clnt_creds,
757 const char *username,
759 const char *workstation,
761 DATA_BLOB lm_response,
762 DATA_BLOB nt_response,
763 NET_USER_INFO_3 *info3,
764 const uint8 *session_key)
766 prs_struct qbuf, rbuf;
769 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
770 DOM_CRED dummy_rtn_creds;
772 int validation_level = 3;
773 char *workstation_name_slash;
774 uint8 netlogon_sess_key[16];
775 static uint8 zeros[16];
780 ZERO_STRUCT(dummy_rtn_creds);
782 workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
783 if (!workstation_name_slash) {
784 DEBUG(0, ("talloc_asprintf failed!\n"));
785 return NT_STATUS_NO_MEMORY;
788 /* Initialise parse structures */
790 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
791 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
793 /* Initialise input parameters */
795 q.validation_level = validation_level;
797 if (ret_creds == NULL)
798 ret_creds = &dummy_rtn_creds;
800 ctr.switch_value = NET_LOGON_TYPE;
802 init_id_info2(&ctr.auth.id2, domain,
804 0xdead, 0xbeef, /* LUID? */
805 username, workstation_name_slash, (const uchar*)chal,
806 lm_response.data, lm_response.length, nt_response.data, nt_response.length);
808 init_sam_info(&q.sam_id, server_name_slash, global_myname(),
809 clnt_creds, ret_creds, NET_LOGON_TYPE,
812 /* Marshall data and send request */
814 if (!net_io_q_sam_logon("", &q, &qbuf, 0) ||
815 !rpc_api_pipe_req_int(cli, NET_SAMLOGON, &qbuf, &rbuf)) {
819 /* Unmarshall response */
823 if (!net_io_r_sam_logon("", &r, &rbuf, 0)) {
827 ZERO_STRUCT(netlogon_sess_key);
828 memcpy(netlogon_sess_key, session_key, 8);
830 if (memcmp(zeros, info3->user_sess_key, 16) != 0) {
831 SamOEMhash(info3->user_sess_key, netlogon_sess_key, 16);
833 memset(info3->user_sess_key, '\0', 16);
836 if (memcmp(zeros, info3->lm_sess_key, 8) != 0) {
837 SamOEMhash(info3->lm_sess_key, netlogon_sess_key, 8);
839 memset(info3->lm_sess_key, '\0', 8);
842 memset(&info3->acct_flags, '\0', 4);
843 for (i=0; i < 7; i++) {
844 memset(&info3->unknown[i], '\0', 4);
850 memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds));
859 NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli,
862 const char *username,
864 const char *workstation,
866 DATA_BLOB lm_response,
867 DATA_BLOB nt_response,
868 NET_USER_INFO_3 *info3)
872 gen_next_creds(cli, &clnt_creds);
874 return rpccli_netlogon_sam_network_logon(&cli->pipes[PI_NETLOGON],
875 mem_ctx, cli->srv_name_slash,
878 domain, workstation, chal,
879 lm_response, nt_response,
880 info3, cli->sess_key);
883 /***************************************************************************
884 LSA Server Password Set.
885 ****************************************************************************/
887 NTSTATUS cli_net_srv_pwset(struct cli_state *cli, TALLOC_CTX *mem_ctx,
888 const char *machine_name, uint8 hashed_mach_pwd[16])
892 DOM_CRED new_clnt_cred;
894 uint16 sec_chan_type = 2;
897 gen_next_creds( cli, &new_clnt_cred);
899 prs_init(&qbuf , 1024, mem_ctx, MARSHALL);
900 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
902 DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x\n",
903 cli->srv_name_slash, cli->mach_acct, sec_chan_type, machine_name,
904 credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time));
906 /* store the parameters */
907 init_q_srv_pwset(&q_s, cli->srv_name_slash, (const char *)cli->sess_key,
908 cli->mach_acct, sec_chan_type, machine_name,
909 &new_clnt_cred, hashed_mach_pwd);
911 /* turn parameters into data stream */
912 if(!net_io_q_srv_pwset("", &q_s, &qbuf, 0)) {
913 DEBUG(0,("cli_net_srv_pwset: Error : failed to marshall NET_Q_SRV_PWSET struct.\n"));
914 nt_status = NT_STATUS_UNSUCCESSFUL;
918 /* send the data on \PIPE\ */
919 if (rpc_api_pipe_req(cli, PI_NETLOGON, NET_SRVPWSET, &qbuf, &rbuf))
923 if (!net_io_r_srv_pwset("", &r_s, &rbuf, 0)) {
924 nt_status = NT_STATUS_UNSUCCESSFUL;
928 nt_status = r_s.status;
930 if (!NT_STATUS_IS_OK(r_s.status))
932 /* report error code */
933 DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(nt_status)));
936 /* Update the credentials. */
937 if (!clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_cred)))
940 * Server replied with bad credential. Fail.
942 DEBUG(0,("cli_net_srv_pwset: server %s replied with bad credential (bad machine \
943 password ?).\n", cli->desthost ));
944 nt_status = NT_STATUS_UNSUCCESSFUL;