svn commit: samba r11492 - in branches/SAMBA_3_0/source: auth libsmb nsswitch rpc_client rpcclient utils

jra at samba.org jra at samba.org
Fri Nov 4 00:03:57 GMT 2005 

Author: jra
Date: 2005-11-04 00:03:55 +0000 (Fri, 04 Nov 2005)
New Revision: 11492

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11492

Log:
Fix bug #3224 (I hope). Correctly use machine_account_name
and client_name when doing netlogon credential setup.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/auth/auth_domain.c
   branches/SAMBA_3_0/source/libsmb/trusts_util.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
   branches/SAMBA_3_0/source/rpc_client/cli_netlogon.c
   branches/SAMBA_3_0/source/rpc_client/cli_pipe.c
   branches/SAMBA_3_0/source/rpcclient/rpcclient.c
   branches/SAMBA_3_0/source/utils/net_rpc_join.c


Changeset:
Modified: branches/SAMBA_3_0/source/auth/auth_domain.c
===================================================================
--- branches/SAMBA_3_0/source/auth/auth_domain.c	2005-11-03 20:26:24 UTC (rev 11491)
+++ branches/SAMBA_3_0/source/auth/auth_domain.c	2005-11-04 00:03:55 UTC (rev 11492)
@@ -131,9 +131,10 @@
 		}
 
 		result = rpccli_netlogon_setup_creds(netlogon_pipe,
-					dc_name,
-					domain,
-					global_myname(),
+					dc_name, /* server name */
+					domain, /* domain */
+					global_myname(), /* client name */
+					global_myname(), /* machine account name */
 					machine_pwd,
 					sec_chan_type,
 					&neg_flags);

Modified: branches/SAMBA_3_0/source/libsmb/trusts_util.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/trusts_util.c	2005-11-03 20:26:24 UTC (rev 11491)
+++ branches/SAMBA_3_0/source/libsmb/trusts_util.c	2005-11-04 00:03:55 UTC (rev 11492)
@@ -44,9 +44,10 @@
 		uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
 
 		result = rpccli_netlogon_setup_creds(cli, 
-					cli->cli->desthost,
-					lp_workgroup(),
-					global_myname(),
+					cli->cli->desthost, /* server name */
+					lp_workgroup(), /* domain */
+					global_myname(), /* client name */
+					global_myname(), /* machine account name */
 					orig_trust_passwd_hash,
 					sec_channel_type,
 					&neg_flags);

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c	2005-11-03 20:26:24 UTC (rev 11491)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c	2005-11-04 00:03:55 UTC (rev 11492)
@@ -1352,10 +1352,11 @@
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	result = rpccli_netlogon_setup_creds
-		(netlogon_pipe,
+	result = rpccli_netlogon_setup_creds(
+		 netlogon_pipe,
 		 domain->dcname, /* server name. */
 		 domain->name,   /* domain name */
+		 global_myname(), /* client name */
 		 account_name,   /* machine account */
 		 mach_pwd,       /* machine password */
 		 sec_chan_type,  /* from get_trust_pw */

Modified: branches/SAMBA_3_0/source/rpc_client/cli_netlogon.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_client/cli_netlogon.c	2005-11-03 20:26:24 UTC (rev 11491)
+++ branches/SAMBA_3_0/source/rpc_client/cli_netlogon.c	2005-11-04 00:03:55 UTC (rev 11492)
@@ -254,6 +254,7 @@
 NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 				const char *server_name,
 				const char *domain,
+				const char *clnt_name,
 				const char *machine_account,
 				const unsigned char machine_pwd[16],
 				uint32 sec_chan_type,
@@ -291,7 +292,7 @@
 	result = rpccli_net_req_chal(cli,
 				cli->mem_ctx,
 				dc->remote_machine,
-				machine_account,
+				clnt_name,
 				&clnt_chal_send,
 				&srv_chal_recv);
 
@@ -315,7 +316,7 @@
 			dc->remote_machine,
 			dc->mach_acct,
 			sec_chan_type,
-			machine_account,
+			clnt_name,
 			neg_flags_inout,
 			&clnt_chal_send, /* input. */
 			&srv_chal_recv); /* output */

Modified: branches/SAMBA_3_0/source/rpc_client/cli_pipe.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_client/cli_pipe.c	2005-11-03 20:26:24 UTC (rev 11491)
+++ branches/SAMBA_3_0/source/rpc_client/cli_pipe.c	2005-11-04 00:03:55 UTC (rev 11492)
@@ -2409,7 +2409,7 @@
 		return NULL;
 	}
 
-	if ( IS_DC ) {
+        if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
 		fstrcpy( machine_account, lp_workgroup() );
         } else {
                 /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
@@ -2421,9 +2421,10 @@
         }
 
 	*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
-					cli->desthost,
-					domain,
-					machine_account,
+					cli->desthost, /* server name */
+					domain,	       /* domain */
+					global_myname(), /* client name */
+					machine_account, /* machine account name */
 					machine_pwd,
 					sec_chan_type,
 					&neg_flags);
@@ -2531,7 +2532,10 @@
 		return NULL;
 	}
 
-	if ( IS_DC ) {
+        /* if we are a DC and this is a trusted domain, then we need to use our
+           domain name in the net_req_auth2() request */
+
+        if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
 		fstrcpy( machine_account, lp_workgroup() );
         } else {
                 /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
@@ -2543,9 +2547,10 @@
         }
 
 	*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
-					cli->desthost,
-					domain,
-					machine_account,
+					cli->desthost,     /* server name */
+					domain,            /* domain */
+					global_myname(),   /* client name */
+					machine_account,   /* machine account name */
 					machine_pwd,
 					sec_chan_type,
 					&neg_flags);

Modified: branches/SAMBA_3_0/source/rpcclient/rpcclient.c
===================================================================
--- branches/SAMBA_3_0/source/rpcclient/rpcclient.c	2005-11-03 20:26:24 UTC (rev 11491)
+++ branches/SAMBA_3_0/source/rpcclient/rpcclient.c	2005-11-04 00:03:55 UTC (rev 11492)
@@ -573,9 +573,10 @@
 			}
 		
 			ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
-						cli->desthost,
-						lp_workgroup(),
-						global_myname(),
+						cli->desthost,   /* server name */
+						lp_workgroup(),  /* domain */
+						global_myname(), /* client name */
+						global_myname(), /* machine account name */
 						trust_password,
 						sec_channel_type,
 						&neg_flags);

Modified: branches/SAMBA_3_0/source/utils/net_rpc_join.c
===================================================================
--- branches/SAMBA_3_0/source/utils/net_rpc_join.c	2005-11-03 20:26:24 UTC (rev 11491)
+++ branches/SAMBA_3_0/source/utils/net_rpc_join.c	2005-11-04 00:03:55 UTC (rev 11492)
@@ -303,9 +303,10 @@
 	}
 
 	result = rpccli_netlogon_setup_creds(pipe_hnd,
-					cli->desthost,
-					domain,
-					global_myname(),
+					cli->desthost, /* server name */
+					domain,        /* domain */
+					global_myname(), /* client name */
+					global_myname(), /* machine account name */
                                         md4_trust_password,
                                         sec_channel_type,
                                         &neg_flags);

More information about the samba-cvs mailing list