s3:libsmb: Add dcerpc_samr_chgpasswd_user4 to remote_password_change()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 2137c183f0e051e5a974dc55616d662552787fb9..dff5ad1602f88df6a71db83e5b981c9b8c3f34be 100644 (file)
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -38,6 +38,7 @@ NTSTATUS remote_password_change(const char *remote_machine,
        struct cli_state *cli = NULL;
        struct cli_credentials *creds = NULL;
        struct rpc_pipe_client *pipe_hnd = NULL;
+       NTSTATUS status;
        NTSTATUS result;
        bool pass_must_change = False;
 
@@ -193,6 +194,45 @@ NTSTATUS remote_password_change(const char *remote_machine,
                }
        }
 
+       status = dcerpc_samr_chgpasswd_user4(pipe_hnd->binding_handle,
+                                            talloc_tos(),
+                                            pipe_hnd->srv_name_slash,
+                                            user_name,
+                                            old_passwd,
+                                            new_passwd,
+                                            &result);
+       if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
+               /* All good, password successfully changed. */
+               cli_shutdown(cli);
+               return NT_STATUS_OK;
+       }
+       if (!NT_STATUS_IS_OK(status)) {
+               if (NT_STATUS_EQUAL(status,
+                                   NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE) ||
+                   NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
+                   NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+                       /* DO NOT FALLBACK TO RC4 */
+                       if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+                               cli_shutdown(cli);
+                               return NT_STATUS_STRONG_CRYPTO_NOT_SUPPORTED;
+                       }
+               }
+       } else {
+               if (!NT_STATUS_IS_OK(result)) {
+                       int rc = asprintf(
+                               err_str,
+                               "machine %s rejected to change the password"
+                               "with error: %s",
+                               remote_machine,
+                               get_friendly_nt_error_msg(result));
+                       if (rc <= 0) {
+                               *err_str = NULL;
+                       }
+                       cli_shutdown(cli);
+                       return result;
+               }
+       }
+
        result = rpccli_samr_chgpasswd_user2(pipe_hnd, talloc_tos(),
                                             user_name, new_passwd, old_passwd);
        if (NT_STATUS_IS_OK(result)) {