svn commit: samba r25086 - in branches: SAMBA_3_2/source/nsswitch SAMBA_3_2_0/source/nsswitch

obnox at samba.org obnox at samba.org
Tue Sep 11 16:15:40 GMT 2007 

Author: obnox
Date: 2007-09-11 16:15:36 +0000 (Tue, 11 Sep 2007)
New Revision: 25086

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=25086

Log:
Fix interdomain trusts (this povides the fix expected in r22709):

Fix winbindd on a Samba DC talking to a trusted domain DC by
making it use the trusted domain password...

Michael

I hope this does not brake any other setup.


Modified:
   branches/SAMBA_3_2/source/nsswitch/winbindd_cm.c
   branches/SAMBA_3_2_0/source/nsswitch/winbindd_cm.c


Changeset:
Modified: branches/SAMBA_3_2/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_2/source/nsswitch/winbindd_cm.c	2007-09-11 16:09:36 UTC (rev 25085)
+++ branches/SAMBA_3_2/source/nsswitch/winbindd_cm.c	2007-09-11 16:15:36 UTC (rev 25086)
@@ -2161,7 +2161,7 @@
 		return NT_STATUS_OK;
 	}
 
-	if (domain->primary && !get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
+	if ((IS_DC || domain->primary) && !get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 	}
 
@@ -2171,7 +2171,7 @@
 		return result;
 	}
 
-	if ( !domain->primary ) {
+	if ((!IS_DC) && (!domain->primary)) {
 		/* Clear the schannel request bit and drop down */
 		neg_flags &= ~NETLOGON_NEG_SCHANNEL;		
 		goto no_schannel;

Modified: branches/SAMBA_3_2_0/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_2_0/source/nsswitch/winbindd_cm.c	2007-09-11 16:09:36 UTC (rev 25085)
+++ branches/SAMBA_3_2_0/source/nsswitch/winbindd_cm.c	2007-09-11 16:15:36 UTC (rev 25086)
@@ -2161,7 +2161,7 @@
 		return NT_STATUS_OK;
 	}
 
-	if (domain->primary && !get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
+	if ((IS_DC || domain->primary) && !get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 	}
 
@@ -2171,7 +2171,7 @@
 		return result;
 	}
 
-	if ( !domain->primary ) {
+	if ((!IS_DC) && (!domain->primary)) {
 		/* Clear the schannel request bit and drop down */
 		neg_flags &= ~NETLOGON_NEG_SCHANNEL;		
 		goto no_schannel;

More information about the samba-cvs mailing list