Let get_trust_pw() determine the machine_account_name to use.

Up to now each caller used its own logic.

This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.

I hope I have not missed an important point here!

Michael
(This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)

1 files changed, 5 insertions, 2 deletions

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 7cddabbbbd..b428723a06 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -127,8 +127,11 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
 		uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
 		uint32 sec_chan_type = 0;
 		unsigned char machine_pwd[16];
+		const char *account_name;
 
-		if (!get_trust_pw(domain, machine_pwd, &sec_chan_type)) {
+		if (!get_trust_pw(domain, machine_pwd, &account_name,
+				  &sec_chan_type))
+		{
 			DEBUG(0, ("connect_to_domain_password_server: could not fetch "
 			"trust account password for domain '%s'\n",
 				domain));
@@ -142,7 +145,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
 					dc_name, /* server name */
 					domain, /* domain */
 					global_myname(), /* client name */
-					global_myname(), /* machine account name */
+					account_name, /* machine account name */
 					machine_pwd,
 					sec_chan_type,
 					&neg_flags);