diff options
| author | Jeremy Allison <jra@samba.org> | 2005-11-04 00:03:55 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:05:18 -0500 |
| commit | 5678e4abb04e546735bff4907854ca32094a5b71 (patch) | |
| tree | 239c2ef051fe584ca38e893c6e237e0547810239 /source3/rpc_client | |
| parent | e12eb25793606e4dba7d0d24cd4959209f5d8a30 (diff) | |
| download | samba-5678e4abb04e546735bff4907854ca32094a5b71.tar.gz samba-5678e4abb04e546735bff4907854ca32094a5b71.tar.bz2 samba-5678e4abb04e546735bff4907854ca32094a5b71.zip | |
r11492: Fix bug #3224 (I hope). Correctly use machine_account_name
and client_name when doing netlogon credential setup.
Jeremy.
(This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
Diffstat (limited to 'source3/rpc_client')
| -rw-r--r-- | source3/rpc_client/cli_netlogon.c | 5 | ||||
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 21 |
2 files changed, 16 insertions, 10 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index ee45331975..85b557471b 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -254,6 +254,7 @@ static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli, NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, const char *server_name, const char *domain, + const char *clnt_name, const char *machine_account, const unsigned char machine_pwd[16], uint32 sec_chan_type, @@ -291,7 +292,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, result = rpccli_net_req_chal(cli, cli->mem_ctx, dc->remote_machine, - machine_account, + clnt_name, &clnt_chal_send, &srv_chal_recv); @@ -315,7 +316,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, dc->remote_machine, dc->mach_acct, sec_chan_type, - machine_account, + clnt_name, neg_flags_inout, &clnt_chal_send, /* input. */ &srv_chal_recv); /* output */ diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index bed1ef843a..7965aee807 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2409,7 +2409,7 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli, return NULL; } - if ( IS_DC ) { + if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) { fstrcpy( machine_account, lp_workgroup() ); } else { /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */ @@ -2421,9 +2421,10 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli, } *perr = rpccli_netlogon_setup_creds(netlogon_pipe, - cli->desthost, - domain, - machine_account, + cli->desthost, /* server name */ + domain, /* domain */ + global_myname(), /* client name */ + machine_account, /* machine account name */ machine_pwd, sec_chan_type, &neg_flags); @@ -2531,7 +2532,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_ return NULL; } - if ( IS_DC ) { + /* if we are a DC and this is a trusted domain, then we need to use our + domain name in the net_req_auth2() request */ + + if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) { fstrcpy( machine_account, lp_workgroup() ); } else { /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */ @@ -2543,9 +2547,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_ } *perr = rpccli_netlogon_setup_creds(netlogon_pipe, - cli->desthost, - domain, - machine_account, + cli->desthost, /* server name */ + domain, /* domain */ + global_myname(), /* client name */ + machine_account, /* machine account name */ machine_pwd, sec_chan_type, &neg_flags); |