r7454: couple of winbindd fixes

* make sure to use our domain as the account name in the net_req_auth2()
  request when running on a Samba DC
* make sure to lookup the correct domain (not default to ours) when getting an async
  getpwnam() call

diff --git a/source/nsswitch/winbindd.c b/source/nsswitch/winbindd.c
index c3a27a7deb4d84f0c4bde462ef08e31ee31ee175..a13a293e7afbab6f9040b93ee798945608bbfb09 100644 (file)
--- a/source/nsswitch/winbindd.c
+++ b/source/nsswitch/winbindd.c
@@ -252,7 +252,7 @@ static struct winbindd_dispatch_table dispatch_table[] = {
        /* PAM auth functions */
 
        { WINBINDD_PAM_AUTH, winbindd_pam_auth, "PAM_AUTH" },
-       { WINBINDD_PAM_AUTH_CRAP, winbindd_crap_auth, "AUTH_CRAP" },
+       { WINBINDD_PAM_AUTH_CRAP, winbindd_pam_auth_crap, "AUTH_CRAP" },
        { WINBINDD_PAM_CHAUTHTOK, winbindd_pam_chauthtok, "CHAUTHTOK" },
 
        /* Enumeration functions */

diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c
index a6f09f4bf291c4aa044b3bb07dbdf0cec533e448..6400b23f9ff8f99f066758d5682b967da4208343 100644 (file)
--- a/source/nsswitch/winbindd_cm.c
+++ b/source/nsswitch/winbindd_cm.c
@@ -1158,9 +1158,17 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
        generate_random_buffer(clnt_chal.data, 8);
 
        server_name = talloc_asprintf(mem_ctx, "\\\\%s", domain->dcname);
-       account_name = talloc_asprintf(mem_ctx, "%s$",
-                                      domain->primary ?
-                                      global_myname() : domain->name);
+
+       /* if we are a DC and this is a trusted domain, then we need to use our
+          domain name in the net_req_auth2() request */
+
+       if ( IS_DC ) {
+               account_name = talloc_asprintf( mem_ctx, "%s$", lp_workgroup() );
+       }
+       else {
+               account_name = talloc_asprintf(mem_ctx, "%s$", 
+                       domain->primary ?  global_myname() : domain->name);
+       }
 
        if ((server_name == NULL) || (account_name == NULL))
                return NT_STATUS_NO_MEMORY;

diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c
index 97dc35c0e7e2ded1981898b3c597f35d7f549af0..47affa66fbdb681ec5815a71ed1646627197b962 100644 (file)
--- a/source/nsswitch/winbindd_pam.c
+++ b/source/nsswitch/winbindd_pam.c
@@ -500,7 +500,7 @@ done:
  Challenge Response Authentication Protocol 
 **********************************************************************/
 
-enum winbindd_result winbindd_crap_auth(struct winbindd_cli_state *state)
+enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
 {
        struct winbindd_domain *domain = NULL;
        const char *domain_name = NULL;

diff --git a/source/nsswitch/winbindd_user.c b/source/nsswitch/winbindd_user.c
index d19279399325984f672bf3e73347650e0df32a9b..d8d7dbb5023de28b67f8e8849d235d886b8d8919 100644 (file)
--- a/source/nsswitch/winbindd_user.c
+++ b/source/nsswitch/winbindd_user.c
@@ -324,7 +324,7 @@ enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
        
        /* Get info for the domain */
 
-       domain = find_lookup_domain_from_name(domname);
+       domain = find_domain_from_name(domname);
 
        if (domain == NULL) {
                DEBUG(7, ("could not find domain entry for domain %s\n",
@@ -332,9 +332,9 @@ enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
                return WINBINDD_ERROR;
        }
 
-       if ( domain->primary && lp_winbind_trusted_domains_only()) {
-               DEBUG(7,("winbindd_getpwnam: My domain -- rejecting "
-                        "getgroups() for %s\\%s.\n", domname, username));
+       if ( strequal(domname, lp_workgroup()) && lp_winbind_trusted_domains_only() ) {
+               DEBUG(7,("winbindd_getpwnam: My domain -- rejecting getpwnam() for %s\\%s.\n", 
+                       domname, username));
                return WINBINDD_ERROR;
        }