svn commit: samba r11493 - in trunk/source: auth libsmb nsswitch
rpc_client rpcclient utils
jra at samba.org
jra at samba.org
Fri Nov 4 00:04:01 GMT 2005
Author: jra
Date: 2005-11-04 00:03:59 +0000 (Fri, 04 Nov 2005)
New Revision: 11493
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11493
Log:
Fix bug #3224 (I hope). Correctly use machine_account_name
and client_name when doing netlogon credential setup.
Jeremy.
Modified:
trunk/source/auth/auth_domain.c
trunk/source/libsmb/trusts_util.c
trunk/source/nsswitch/winbindd_cm.c
trunk/source/rpc_client/cli_netlogon.c
trunk/source/rpc_client/cli_pipe.c
trunk/source/rpcclient/rpcclient.c
trunk/source/utils/net_rpc_join.c
Changeset:
Modified: trunk/source/auth/auth_domain.c
===================================================================
--- trunk/source/auth/auth_domain.c 2005-11-04 00:03:55 UTC (rev 11492)
+++ trunk/source/auth/auth_domain.c 2005-11-04 00:03:59 UTC (rev 11493)
@@ -131,9 +131,10 @@
}
result = rpccli_netlogon_setup_creds(netlogon_pipe,
- dc_name,
- domain,
- global_myname(),
+ dc_name, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
machine_pwd,
sec_chan_type,
&neg_flags);
Modified: trunk/source/libsmb/trusts_util.c
===================================================================
--- trunk/source/libsmb/trusts_util.c 2005-11-04 00:03:55 UTC (rev 11492)
+++ trunk/source/libsmb/trusts_util.c 2005-11-04 00:03:59 UTC (rev 11493)
@@ -44,9 +44,10 @@
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
result = rpccli_netlogon_setup_creds(cli,
- cli->cli->desthost,
- lp_workgroup(),
- global_myname(),
+ cli->cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
orig_trust_passwd_hash,
sec_channel_type,
&neg_flags);
Modified: trunk/source/nsswitch/winbindd_cm.c
===================================================================
--- trunk/source/nsswitch/winbindd_cm.c 2005-11-04 00:03:55 UTC (rev 11492)
+++ trunk/source/nsswitch/winbindd_cm.c 2005-11-04 00:03:59 UTC (rev 11493)
@@ -1352,10 +1352,11 @@
return NT_STATUS_NO_MEMORY;
}
- result = rpccli_netlogon_setup_creds
- (netlogon_pipe,
+ result = rpccli_netlogon_setup_creds(
+ netlogon_pipe,
domain->dcname, /* server name. */
domain->name, /* domain name */
+ global_myname(), /* client name */
account_name, /* machine account */
mach_pwd, /* machine password */
sec_chan_type, /* from get_trust_pw */
Modified: trunk/source/rpc_client/cli_netlogon.c
===================================================================
--- trunk/source/rpc_client/cli_netlogon.c 2005-11-04 00:03:55 UTC (rev 11492)
+++ trunk/source/rpc_client/cli_netlogon.c 2005-11-04 00:03:59 UTC (rev 11493)
@@ -254,6 +254,7 @@
NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
const char *server_name,
const char *domain,
+ const char *clnt_name,
const char *machine_account,
const unsigned char machine_pwd[16],
uint32 sec_chan_type,
@@ -291,7 +292,7 @@
result = rpccli_net_req_chal(cli,
cli->mem_ctx,
dc->remote_machine,
- machine_account,
+ clnt_name,
&clnt_chal_send,
&srv_chal_recv);
@@ -315,7 +316,7 @@
dc->remote_machine,
dc->mach_acct,
sec_chan_type,
- machine_account,
+ clnt_name,
neg_flags_inout,
&clnt_chal_send, /* input. */
&srv_chal_recv); /* output */
Modified: trunk/source/rpc_client/cli_pipe.c
===================================================================
--- trunk/source/rpc_client/cli_pipe.c 2005-11-04 00:03:55 UTC (rev 11492)
+++ trunk/source/rpc_client/cli_pipe.c 2005-11-04 00:03:59 UTC (rev 11493)
@@ -2409,7 +2409,7 @@
return NULL;
}
- if ( IS_DC ) {
+ if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
fstrcpy( machine_account, lp_workgroup() );
} else {
/* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
@@ -2421,9 +2421,10 @@
}
*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
- cli->desthost,
- domain,
- machine_account,
+ cli->desthost, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ machine_account, /* machine account name */
machine_pwd,
sec_chan_type,
&neg_flags);
@@ -2531,7 +2532,10 @@
return NULL;
}
- if ( IS_DC ) {
+ /* if we are a DC and this is a trusted domain, then we need to use our
+ domain name in the net_req_auth2() request */
+
+ if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
fstrcpy( machine_account, lp_workgroup() );
} else {
/* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
@@ -2543,9 +2547,10 @@
}
*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
- cli->desthost,
- domain,
- machine_account,
+ cli->desthost, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ machine_account, /* machine account name */
machine_pwd,
sec_chan_type,
&neg_flags);
Modified: trunk/source/rpcclient/rpcclient.c
===================================================================
--- trunk/source/rpcclient/rpcclient.c 2005-11-04 00:03:55 UTC (rev 11492)
+++ trunk/source/rpcclient/rpcclient.c 2005-11-04 00:03:59 UTC (rev 11493)
@@ -575,9 +575,10 @@
}
ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
- cli->desthost,
- lp_workgroup(),
- global_myname(),
+ cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
trust_password,
sec_channel_type,
&neg_flags);
Modified: trunk/source/utils/net_rpc_join.c
===================================================================
--- trunk/source/utils/net_rpc_join.c 2005-11-04 00:03:55 UTC (rev 11492)
+++ trunk/source/utils/net_rpc_join.c 2005-11-04 00:03:59 UTC (rev 11493)
@@ -303,9 +303,10 @@
}
result = rpccli_netlogon_setup_creds(pipe_hnd,
- cli->desthost,
- domain,
- global_myname(),
+ cli->desthost, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
md4_trust_password,
sec_channel_type,
&neg_flags);
More information about the samba-cvs
mailing list