summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald W. Carter <jerry@samba.org>2008-05-23 15:19:58 -0500
committerGerald W. Carter <jerry@samba.org>2008-05-23 15:19:58 -0500
commitb72fc49f441c969a44b3325677cde55670416b24 (patch)
tree7858a621b245c2cce1a66be86f37eb413876b652
parentad90333e8907a3efbc3e90d054bb8e12d442c8d3 (diff)
downloadsamba-b72fc49f441c969a44b3325677cde55670416b24.tar.gz
samba-b72fc49f441c969a44b3325677cde55670416b24.tar.bz2
samba-b72fc49f441c969a44b3325677cde55670416b24.zip
Manually port Steven Dannenman fix for using the correct machine domain when
looking up trust credentials in our tdb. commit fd0ae47046d37ec8297396a2733209c4d999ea91 Author: Steven Danneman <sdanneman@isilon.com> Date: Thu May 8 13:34:49 2008 -0700 Use machine account and machine password from our domain when contacting trusted domains. (This used to be commit 69b37ae60757075a0712149c5f97f17ee22c2e41)
-rw-r--r--source3/passdb/passdb.c6
-rw-r--r--source3/winbindd/winbindd_cm.c6
2 files changed, 6 insertions, 6 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 46dab156ee..e3a3d3ca9e 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1560,10 +1560,10 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
return true;
}
- /* Just get the account for the requested domain. In the future this
- * might also cover to be member of more than one domain. */
+ /* Here we are a domain member server. We can only be a member
+ of one domain so ignore the request domain and assume our own */
- pwd = secrets_fetch_machine_password(domain, &last_set_time, channel);
+ pwd = secrets_fetch_machine_password(lp_workgroup(), &last_set_time, channel);
if (pwd != NULL) {
*ret_pwd = pwd;
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 377b1b2d21..9bab80377a 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -706,12 +706,12 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
return NT_STATUS_NO_MEMORY;
}
- /* this is at least correct when domain is our domain,
- * which is the only case, when this is currently used: */
+ /* For now assume our machine account only exists in our domain */
+
if (machine_krb5_principal != NULL)
{
if (asprintf(machine_krb5_principal, "%s$@%s",
- account_name, domain->alt_name) == -1)
+ account_name, lp_realm()) == -1)
{
return NT_STATUS_NO_MEMORY;
}