r11492: Fix bug #3224 (I hope). Correctly use machine_account_name
authorJeremy Allison <jra@samba.org>
Fri, 4 Nov 2005 00:03:55 +0000 (00:03 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 16:05:18 +0000 (11:05 -0500)
and client_name when doing netlogon credential setup.
Jeremy.

source/auth/auth_domain.c
source/libsmb/trusts_util.c
source/nsswitch/winbindd_cm.c
source/rpc_client/cli_netlogon.c
source/rpc_client/cli_pipe.c
source/rpcclient/rpcclient.c
source/utils/net_rpc_join.c

index 6e053b317e3859100e95f26a653fd3ac8e51e197..8d29367835b0f2b14a66258ebf986ccf56af9f99 100644 (file)
@@ -131,9 +131,10 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
                }
 
                result = rpccli_netlogon_setup_creds(netlogon_pipe,
-                                       dc_name,
-                                       domain,
-                                       global_myname(),
+                                       dc_name, /* server name */
+                                       domain, /* domain */
+                                       global_myname(), /* client name */
+                                       global_myname(), /* machine account name */
                                        machine_pwd,
                                        sec_chan_type,
                                        &neg_flags);
index 87d20107fab73c5537e5faa9ce3241ed2e3b4859..9d94c1d00a1e813fa5a4795d6be77647f5366076 100644 (file)
@@ -44,9 +44,10 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
                uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
 
                result = rpccli_netlogon_setup_creds(cli, 
-                                       cli->cli->desthost,
-                                       lp_workgroup(),
-                                       global_myname(),
+                                       cli->cli->desthost, /* server name */
+                                       lp_workgroup(), /* domain */
+                                       global_myname(), /* client name */
+                                       global_myname(), /* machine account name */
                                        orig_trust_passwd_hash,
                                        sec_channel_type,
                                        &neg_flags);
index baef9c71ab7997a164f55b316979321d97819a0f..77278e8c34d82c9460c663a14fada6c6fded38ca 100644 (file)
@@ -1352,10 +1352,11 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
                return NT_STATUS_NO_MEMORY;
        }
 
-       result = rpccli_netlogon_setup_creds
-               (netlogon_pipe,
+       result = rpccli_netlogon_setup_creds(
+                netlogon_pipe,
                 domain->dcname, /* server name. */
                 domain->name,   /* domain name */
+                global_myname(), /* client name */
                 account_name,   /* machine account */
                 mach_pwd,       /* machine password */
                 sec_chan_type,  /* from get_trust_pw */
index ee45331975ce30e9dc0e1cb7eb4b10191c0f6d27..85b557471b5e5876b78fb1394154716f7d6bcce8 100644 (file)
@@ -254,6 +254,7 @@ static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
                                const char *server_name,
                                const char *domain,
+                               const char *clnt_name,
                                const char *machine_account,
                                const unsigned char machine_pwd[16],
                                uint32 sec_chan_type,
@@ -291,7 +292,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
        result = rpccli_net_req_chal(cli,
                                cli->mem_ctx,
                                dc->remote_machine,
-                               machine_account,
+                               clnt_name,
                                &clnt_chal_send,
                                &srv_chal_recv);
 
@@ -315,7 +316,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
                        dc->remote_machine,
                        dc->mach_acct,
                        sec_chan_type,
-                       machine_account,
+                       clnt_name,
                        neg_flags_inout,
                        &clnt_chal_send, /* input. */
                        &srv_chal_recv); /* output */
index bed1ef843a55b9088391569a88e1d9df167caa99..7965aee8074fad093918687a133dfa2ba4e0d17d 100644 (file)
@@ -2409,7 +2409,7 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
                return NULL;
        }
 
-       if ( IS_DC ) {
+        if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
                fstrcpy( machine_account, lp_workgroup() );
         } else {
                 /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
@@ -2421,9 +2421,10 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
         }
 
        *perr = rpccli_netlogon_setup_creds(netlogon_pipe,
-                                       cli->desthost,
-                                       domain,
-                                       machine_account,
+                                       cli->desthost, /* server name */
+                                       domain,        /* domain */
+                                       global_myname(), /* client name */
+                                       machine_account, /* machine account name */
                                        machine_pwd,
                                        sec_chan_type,
                                        &neg_flags);
@@ -2531,7 +2532,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_
                return NULL;
        }
 
-       if ( IS_DC ) {
+        /* if we are a DC and this is a trusted domain, then we need to use our
+           domain name in the net_req_auth2() request */
+
+        if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
                fstrcpy( machine_account, lp_workgroup() );
         } else {
                 /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
@@ -2543,9 +2547,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_
         }
 
        *perr = rpccli_netlogon_setup_creds(netlogon_pipe,
-                                       cli->desthost,
-                                       domain,
-                                       machine_account,
+                                       cli->desthost,     /* server name */
+                                       domain,            /* domain */
+                                       global_myname(),   /* client name */
+                                       machine_account,   /* machine account name */
                                        machine_pwd,
                                        sec_chan_type,
                                        &neg_flags);
index 630add0e9bd12e925531f028cd3d568d37bc3309..46f2df29d33db494aa496e5b4b202bf45f09e9aa 100644 (file)
@@ -573,9 +573,10 @@ static NTSTATUS do_cmd(struct cli_state *cli,
                        }
                
                        ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
-                                               cli->desthost,
-                                               lp_workgroup(),
-                                               global_myname(),
+                                               cli->desthost,   /* server name */
+                                               lp_workgroup(),  /* domain */
+                                               global_myname(), /* client name */
+                                               global_myname(), /* machine account name */
                                                trust_password,
                                                sec_channel_type,
                                                &neg_flags);
index 6b762563b3b2ae8e4fc247d296af7e34e1196b9d..12e51a85d172756e0a2e70a529e9009ff012c736 100644 (file)
@@ -303,9 +303,10 @@ int net_rpc_join_newstyle(int argc, const char **argv)
        }
 
        result = rpccli_netlogon_setup_creds(pipe_hnd,
-                                       cli->desthost,
-                                       domain,
-                                       global_myname(),
+                                       cli->desthost, /* server name */
+                                       domain,        /* domain */
+                                       global_myname(), /* client name */
+                                       global_myname(), /* machine account name */
                                         md4_trust_password,
                                         sec_channel_type,
                                         &neg_flags);