summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_domain.c7
-rw-r--r--source3/libsmb/trusts_util.c7
-rw-r--r--source3/nsswitch/winbindd_cm.c5
-rw-r--r--source3/rpc_client/cli_netlogon.c5
-rw-r--r--source3/rpc_client/cli_pipe.c21
-rw-r--r--source3/rpcclient/rpcclient.c7
-rw-r--r--source3/utils/net_rpc_join.c7
7 files changed, 35 insertions, 24 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 6e053b317e..8d29367835 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -131,9 +131,10 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
}
result = rpccli_netlogon_setup_creds(netlogon_pipe,
- dc_name,
- domain,
- global_myname(),
+ dc_name, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
machine_pwd,
sec_chan_type,
&neg_flags);
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 87d20107fa..9d94c1d00a 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -44,9 +44,10 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
result = rpccli_netlogon_setup_creds(cli,
- cli->cli->desthost,
- lp_workgroup(),
- global_myname(),
+ cli->cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
orig_trust_passwd_hash,
sec_channel_type,
&neg_flags);
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index baef9c71ab..77278e8c34 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -1352,10 +1352,11 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
return NT_STATUS_NO_MEMORY;
}
- result = rpccli_netlogon_setup_creds
- (netlogon_pipe,
+ result = rpccli_netlogon_setup_creds(
+ netlogon_pipe,
domain->dcname, /* server name. */
domain->name, /* domain name */
+ global_myname(), /* client name */
account_name, /* machine account */
mach_pwd, /* machine password */
sec_chan_type, /* from get_trust_pw */
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index ee45331975..85b557471b 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -254,6 +254,7 @@ static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli,
NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
const char *server_name,
const char *domain,
+ const char *clnt_name,
const char *machine_account,
const unsigned char machine_pwd[16],
uint32 sec_chan_type,
@@ -291,7 +292,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
result = rpccli_net_req_chal(cli,
cli->mem_ctx,
dc->remote_machine,
- machine_account,
+ clnt_name,
&clnt_chal_send,
&srv_chal_recv);
@@ -315,7 +316,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
dc->remote_machine,
dc->mach_acct,
sec_chan_type,
- machine_account,
+ clnt_name,
neg_flags_inout,
&clnt_chal_send, /* input. */
&srv_chal_recv); /* output */
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index bed1ef843a..7965aee807 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2409,7 +2409,7 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
return NULL;
}
- if ( IS_DC ) {
+ if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
fstrcpy( machine_account, lp_workgroup() );
} else {
/* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
@@ -2421,9 +2421,10 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
}
*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
- cli->desthost,
- domain,
- machine_account,
+ cli->desthost, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ machine_account, /* machine account name */
machine_pwd,
sec_chan_type,
&neg_flags);
@@ -2531,7 +2532,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_
return NULL;
}
- if ( IS_DC ) {
+ /* if we are a DC and this is a trusted domain, then we need to use our
+ domain name in the net_req_auth2() request */
+
+ if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
fstrcpy( machine_account, lp_workgroup() );
} else {
/* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
@@ -2543,9 +2547,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_
}
*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
- cli->desthost,
- domain,
- machine_account,
+ cli->desthost, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ machine_account, /* machine account name */
machine_pwd,
sec_chan_type,
&neg_flags);
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 630add0e9b..46f2df29d3 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -573,9 +573,10 @@ static NTSTATUS do_cmd(struct cli_state *cli,
}
ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
- cli->desthost,
- lp_workgroup(),
- global_myname(),
+ cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
trust_password,
sec_channel_type,
&neg_flags);
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 6b762563b3..12e51a85d1 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -303,9 +303,10 @@ int net_rpc_join_newstyle(int argc, const char **argv)
}
result = rpccli_netlogon_setup_creds(pipe_hnd,
- cli->desthost,
- domain,
- global_myname(),
+ cli->desthost, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
md4_trust_password,
sec_channel_type,
&neg_flags);