winbindd: also apply schannel logic as an NT4 DC

This applies the same logic we already added in
06601b3a9293db35feda1b033fa864dc1a764164 for AD DCs wrt to IPC authentication
when running as an NT4 DC in cm_prepare_connection(). Similarily adjust the
check in cm_connect_lsa() added in 3e17a3b7cd4083299037ba9377931bea792b2d18 and
in cm_connect_netlogon_transport() added by
532a14dc684e7a6d8c584d5671a4ebbad00aa4fc for cm_connect_netlogon_transport().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index a89c0bdbca1fdd36151d805bc0c944903e458be0..1685edbabaa2aa29d66d0e846f6199370ec1e853 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -701,7 +701,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
 
        enum smb_signing_setting smb_sign_client_connections = lp_client_ipc_signing();
 
-       if (IS_AD_DC) {
+       if (IS_DC) {
                if (domain->secure_channel_type == SEC_CHAN_NULL) {
                        /*
                         * Make sure we don't even try to
@@ -809,7 +809,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
                try_ipc_auth = true;
        }
 
-       if (IS_AD_DC) {
+       if (IS_DC) {
                /*
                 * As AD DC we only use netlogon and lsa
                 * using schannel over an anonymous transport
@@ -2924,7 +2924,7 @@ retry:
 
        TALLOC_FREE(conn->lsa_pipe);
 
-       if (IS_AD_DC) {
+       if (IS_DC) {
                /*
                 * Make sure we only use schannel as AD DC.
                 */
@@ -3050,7 +3050,7 @@ retry:
                goto done;
        }
 
-       if (IS_AD_DC) {
+       if (IS_DC) {
                /*
                 * Make sure we only use schannel as AD DC.
                 */
@@ -3064,7 +3064,7 @@ retry:
 
  anonymous:
 
-       if (IS_AD_DC) {
+       if (IS_DC) {
                /*
                 * Make sure we only use schannel as AD DC.
                 */
@@ -3183,7 +3183,7 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
 
        *cli = NULL;
 
-       if (IS_AD_DC) {
+       if (IS_DC) {
                if (domain->secure_channel_type == SEC_CHAN_NULL) {
                        /*
                         * Make sure we don't even try to