summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-10-06 17:46:25 +0200
committerGünther Deschner <gd@samba.org>2009-10-07 11:18:18 +0200
commit3c3725a340ffe20ab679cf2f9d41ccd0b51b4b3a (patch)
treed8dbd9fa27bef00663db089f5b42fda36551e5a2
parent7b3501200c55d7844c4d697456dbfa2b86cfdcc8 (diff)
downloadsamba-3c3725a340ffe20ab679cf2f9d41ccd0b51b4b3a.tar.gz
samba-3c3725a340ffe20ab679cf2f9d41ccd0b51b4b3a.tar.bz2
samba-3c3725a340ffe20ab679cf2f9d41ccd0b51b4b3a.zip
s3-winbindd: libwbclient: implement secure channel verification for specific domains in wbcCheckTrustCredentials().
Guenther
-rw-r--r--source3/winbindd/winbindd_check_machine_acct.c11
-rw-r--r--source3/winbindd/winbindd_dual_srv.c8
2 files changed, 14 insertions, 5 deletions
diff --git a/source3/winbindd/winbindd_check_machine_acct.c b/source3/winbindd/winbindd_check_machine_acct.c
index e3505cb352..610e9edfaa 100644
--- a/source3/winbindd/winbindd_check_machine_acct.c
+++ b/source3/winbindd/winbindd_check_machine_acct.c
@@ -42,7 +42,16 @@ struct tevent_req *winbindd_check_machine_acct_send(TALLOC_CTX *mem_ctx,
return NULL;
}
- domain = find_our_domain();
+ if (request->domain_name[0] == '0') {
+ /* preserve old behavior, when no domain name is given */
+ domain = find_our_domain();
+ } else {
+ domain = find_domain_from_name(request->domain_name);
+ }
+ if (domain == NULL) {
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN);
+ return tevent_req_post(req, ev);
+ }
if (domain->internal) {
/*
* Internal domains are passdb based, we can always
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 179a771066..337486107f 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -437,13 +437,13 @@ again:
/* Pass back result code - zero for success, other values for
specific failures. */
- DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(status) ?
- "good" : "bad"));
+ DEBUG(3,("domain %s secret is %s\n", domain->name,
+ NT_STATUS_IS_OK(status) ? "good" : "bad"));
done:
DEBUG(NT_STATUS_IS_OK(status) ? 5 : 2,
- ("Checking the trust account password returned %s\n",
- nt_errstr(status)));
+ ("Checking the trust account password for domain %s returned %s\n",
+ domain->name, nt_errstr(status)));
return status;
}