summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2004-01-15 06:55:10 +0000
committerGerald Carter <jerry@samba.org>2004-01-15 06:55:10 +0000
commit919c261a490460a2e2189903139c0d4ad36a7aab (patch)
tree986367da8203da0e82f2a7286f9d3bf6c9ba122f /source3
parentc92a776bcf4210ad2073aa0d76e88b6fe82dc2a3 (diff)
downloadsamba-919c261a490460a2e2189903139c0d4ad36a7aab.tar.gz
samba-919c261a490460a2e2189903139c0d4ad36a7aab.tar.bz2
samba-919c261a490460a2e2189903139c0d4ad36a7aab.zip
BUG 936: fix bind credentials for schannel binds in smbd (and add a comment to winbindd_cm about this
(This used to be commit 5134c6bcbc5180431e95a30559c453f3744fd427)
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_domain.c13
-rw-r--r--source3/nsswitch/winbindd_cm.c6
2 files changed, 12 insertions, 7 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 0bf2031a37..73e0ae7949 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -41,7 +41,8 @@ extern BOOL global_machine_password_needs_changing;
**/
static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
- const char *dc_name, struct in_addr dc_ip,
+ const char *domain, const char *dc_name,
+ struct in_addr dc_ip,
const char *setup_creds_as,
uint16 sec_chan,
const unsigned char *trust_passwd,
@@ -111,6 +112,10 @@ machine %s. Error was : %s.\n", dc_name, cli_errstr(*cli)));
return NT_STATUS_NO_MEMORY;
}
+ /* This must be the remote domain (not ours) for schannel */
+
+ fstrcpy( (*cli)->domain, domain );
+
result = cli_nt_establish_netlogon(*cli, sec_chan, trust_passwd);
if (!NT_STATUS_IS_OK(result)) {
@@ -162,8 +167,8 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
/* rety loop for robustness */
for (i = 0; !NT_STATUS_IS_OK(nt_status) && retry && (i < 3); i++) {
- nt_status = connect_to_domain_password_server(&cli, dc_name, dc_ip, setup_creds_as,
- sec_chan, trust_passwd, &retry);
+ nt_status = connect_to_domain_password_server(&cli, domain, dc_name,
+ dc_ip, setup_creds_as, sec_chan, trust_passwd, &retry);
}
if ( !NT_STATUS_IS_OK(nt_status) ) {
@@ -297,7 +302,7 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
/* we need our DC to send the net_sam_logon() request to */
if ( !get_dc_name(domain, NULL, dc_name, &dc_ip) ) {
- DEBUG(5,("check_trustdomain_security: unable to locate a DC for domain %s\n",
+ DEBUG(5,("check_ntdomain_security: unable to locate a DC for domain %s\n",
user_info->domain.str));
return NT_STATUS_NO_LOGON_SERVERS;
}
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 44fc06fe54..29b856ec45 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -509,7 +509,7 @@ void set_dc_type_and_flags( struct winbindd_domain *domain )
done:
- /* close the connection; no other cals use this pipe and it is called only
+ /* close the connection; no other calls use this pipe and it is called only
on reestablishing the domain list --jerry */
if ( conn.cli )
@@ -686,9 +686,9 @@ NTSTATUS cm_get_netlogon_cli(struct winbindd_domain *domain,
if ( sec_channel_type == SEC_CHAN_DOMAIN )
fstr_sprintf(conn->cli->mach_acct, "%s$", lp_workgroup());
-
+ /* This must be the remote domain (not ours) for schannel */
+
fstrcpy( conn->cli->domain, domain->name);
-
result = cli_nt_establish_netlogon(conn->cli, sec_channel_type, trust_passwd);