winbindd: Fix crash in cm_connect_sam()

Fix segv when talking to parent DC (joined to child domain).

The root cause was

(a) storing the parent domain in the cli_state struct caused
    the NTLMSSP pipe bind to fail which made us fallover to
    the schannel code path
(b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning
    NULL even though the function indicated success.
(This used to be commit 5ce4a2ae6697970ea37d0078a506615b4b7a9a9c)

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 69e95b1c05476290ee3d5e19b43c1c0327ed6888..6db45f72c3163040e7845aab507a9e9c15a34617 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -875,7 +875,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
                        result = ads_ntstatus(ads_status);
                        if (NT_STATUS_IS_OK(result)) {
                                /* Ensure creds are stored for NTLMSSP authenticated pipe access. */
-                               cli_init_creds(*cli, machine_account, domain->name, machine_password);
+                               cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
                                goto session_setup_done;
                        }
                }
@@ -900,7 +900,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
                result = ads_ntstatus(ads_status);
                if (NT_STATUS_IS_OK(result)) {
                        /* Ensure creds are stored for NTLMSSP authenticated pipe access. */
-                       cli_init_creds(*cli, machine_account, domain->name, machine_password);
+                       cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
                        goto session_setup_done;
                }
        }
@@ -1927,6 +1927,10 @@ static bool cm_get_schannel_dcinfo(struct winbindd_domain *domain,
        /* Return a pointer to the struct dcinfo from the
           netlogon pipe. */
 
+       if (!domain->conn.netlogon_pipe->dc) {
+               return false;
+       }
+
        *ppdc = domain->conn.netlogon_pipe->dc;
        return True;
 }
@@ -1953,6 +1957,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                goto done;
        }
 
+
        /*
         * No SAMR pipe yet. Attempt to get an NTLMSSP SPNEGO authenticated
         * sign and sealed pipe using the machine account password by