s3-winbindd: libwbclient: implement secure channel verification for specific domains in wbcCheckTrustCredentials().

Guenther

2 files changed, 14 insertions, 5 deletions

diff --git a/source3/winbindd/winbindd_check_machine_acct.c b/source3/winbindd/winbindd_check_machine_acct.c
index e3505cb352..610e9edfaa 100644
--- a/source3/winbindd/winbindd_check_machine_acct.c
+++ b/source3/winbindd/winbindd_check_machine_acct.c
@@ -42,7 +42,16 @@ struct tevent_req *winbindd_check_machine_acct_send(TALLOC_CTX *mem_ctx,
 		return NULL;
 	}
 
-	domain = find_our_domain();
+	if (request->domain_name[0] == '0') {
+		/* preserve old behavior, when no domain name is given */
+		domain = find_our_domain();
+	} else {
+		domain = find_domain_from_name(request->domain_name);
+	}
+	if (domain == NULL) {
+		tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN);
+		return tevent_req_post(req, ev);
+	}
 	if (domain->internal) {
 		/*
 		 * Internal domains are passdb based, we can always
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 179a771066..337486107f 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -437,13 +437,13 @@ again:
 	/* Pass back result code - zero for success, other values for
 	   specific failures. */
 
-	DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(status) ?
-                  "good" : "bad"));
+	DEBUG(3,("domain %s secret is %s\n", domain->name,
+		NT_STATUS_IS_OK(status) ? "good" : "bad"));
 
  done:
 	DEBUG(NT_STATUS_IS_OK(status) ? 5 : 2,
-	      ("Checking the trust account password returned %s\n",
-	       nt_errstr(status)));
+	      ("Checking the trust account password for domain %s returned %s\n",
+	       domain->name, nt_errstr(status)));
 
 	return status;
 }