summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2007-12-11 13:05:44 +0100
committerMichael Adam <obnox@samba.org>2007-12-13 10:15:17 +0100
commitf793c99ca54d62cb8142607e8449f5b5b3a5e79d (patch)
treef079aec566a4692d613b6fd27f3d8782f0a3d582 /source3/winbindd
parent5d9c97703432bbca7d45948708b5b21a3718559a (diff)
downloadsamba-f793c99ca54d62cb8142607e8449f5b5b3a5e79d.tar.gz
samba-f793c99ca54d62cb8142607e8449f5b5b3a5e79d.tar.bz2
samba-f793c99ca54d62cb8142607e8449f5b5b3a5e79d.zip
Let get_trust_pw() determine the machine_account_name to use.
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd_cm.c22
1 files changed, 3 insertions, 19 deletions
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index d5c8b9955f..adb9d11edc 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2235,27 +2235,11 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
neg_flags |= NETLOGON_NEG_SCHANNEL;
}
- if (!get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
- cli_rpc_pipe_close(netlogon_pipe);
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- }
-
- /* if we are a DC and this is a trusted domain, then we need to use our
- domain name in the net_req_auth2() request */
-
- if ( IS_DC
- && !strequal(domain->name, lp_workgroup())
- && lp_allow_trusted_domains() )
+ if (!get_trust_pw(domain->name, mach_pwd, &account_name,
+ &sec_chan_type))
{
- account_name = lp_workgroup();
- } else {
- account_name = domain->primary ?
- global_myname() : domain->name;
- }
-
- if (account_name == NULL) {
cli_rpc_pipe_close(netlogon_pipe);
- return NT_STATUS_NO_MEMORY;
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
result = rpccli_netlogon_setup_creds(