diff options
| -rw-r--r-- | source3/auth/auth_domain.c | 7 | ||||
| -rw-r--r-- | source3/libsmb/trusts_util.c | 7 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_cm.c | 5 | ||||
| -rw-r--r-- | source3/rpc_client/cli_netlogon.c | 5 | ||||
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 21 | ||||
| -rw-r--r-- | source3/rpcclient/rpcclient.c | 7 | ||||
| -rw-r--r-- | source3/utils/net_rpc_join.c | 7 |
7 files changed, 35 insertions, 24 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 6e053b317e..8d29367835 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -131,9 +131,10 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result))); } result = rpccli_netlogon_setup_creds(netlogon_pipe, - dc_name, - domain, - global_myname(), + dc_name, /* server name */ + domain, /* domain */ + global_myname(), /* client name */ + global_myname(), /* machine account name */ machine_pwd, sec_chan_type, &neg_flags); diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index 87d20107fa..9d94c1d00a 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -44,9 +44,10 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; result = rpccli_netlogon_setup_creds(cli, - cli->cli->desthost, - lp_workgroup(), - global_myname(), + cli->cli->desthost, /* server name */ + lp_workgroup(), /* domain */ + global_myname(), /* client name */ + global_myname(), /* machine account name */ orig_trust_passwd_hash, sec_channel_type, &neg_flags); diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index baef9c71ab..77278e8c34 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -1352,10 +1352,11 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, return NT_STATUS_NO_MEMORY; } - result = rpccli_netlogon_setup_creds - (netlogon_pipe, + result = rpccli_netlogon_setup_creds( + netlogon_pipe, domain->dcname, /* server name. */ domain->name, /* domain name */ + global_myname(), /* client name */ account_name, /* machine account */ mach_pwd, /* machine password */ sec_chan_type, /* from get_trust_pw */ diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index ee45331975..85b557471b 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -254,6 +254,7 @@ static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli, NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, const char *server_name, const char *domain, + const char *clnt_name, const char *machine_account, const unsigned char machine_pwd[16], uint32 sec_chan_type, @@ -291,7 +292,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, result = rpccli_net_req_chal(cli, cli->mem_ctx, dc->remote_machine, - machine_account, + clnt_name, &clnt_chal_send, &srv_chal_recv); @@ -315,7 +316,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, dc->remote_machine, dc->mach_acct, sec_chan_type, - machine_account, + clnt_name, neg_flags_inout, &clnt_chal_send, /* input. */ &srv_chal_recv); /* output */ diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index bed1ef843a..7965aee807 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2409,7 +2409,7 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli, return NULL; } - if ( IS_DC ) { + if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) { fstrcpy( machine_account, lp_workgroup() ); } else { /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */ @@ -2421,9 +2421,10 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli, } *perr = rpccli_netlogon_setup_creds(netlogon_pipe, - cli->desthost, - domain, - machine_account, + cli->desthost, /* server name */ + domain, /* domain */ + global_myname(), /* client name */ + machine_account, /* machine account name */ machine_pwd, sec_chan_type, &neg_flags); @@ -2531,7 +2532,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_ return NULL; } - if ( IS_DC ) { + /* if we are a DC and this is a trusted domain, then we need to use our + domain name in the net_req_auth2() request */ + + if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) { fstrcpy( machine_account, lp_workgroup() ); } else { /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */ @@ -2543,9 +2547,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_ } *perr = rpccli_netlogon_setup_creds(netlogon_pipe, - cli->desthost, - domain, - machine_account, + cli->desthost, /* server name */ + domain, /* domain */ + global_myname(), /* client name */ + machine_account, /* machine account name */ machine_pwd, sec_chan_type, &neg_flags); diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 630add0e9b..46f2df29d3 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -573,9 +573,10 @@ static NTSTATUS do_cmd(struct cli_state *cli, } ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe, - cli->desthost, - lp_workgroup(), - global_myname(), + cli->desthost, /* server name */ + lp_workgroup(), /* domain */ + global_myname(), /* client name */ + global_myname(), /* machine account name */ trust_password, sec_channel_type, &neg_flags); diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 6b762563b3..12e51a85d1 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -303,9 +303,10 @@ int net_rpc_join_newstyle(int argc, const char **argv) } result = rpccli_netlogon_setup_creds(pipe_hnd, - cli->desthost, - domain, - global_myname(), + cli->desthost, /* server name */ + domain, /* domain */ + global_myname(), /* client name */ + global_myname(), /* machine account name */ md4_trust_password, sec_channel_type, &neg_flags); |