From 5678e4abb04e546735bff4907854ca32094a5b71 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 4 Nov 2005 00:03:55 +0000
Subject: r11492: Fix bug #3224 (I hope). Correctly use machine_account_name
 and client_name when doing netlogon credential setup. Jeremy. (This used to
 be commit 37e6ef9389041f58eada167239fd022f01c5fecb)

---
 source3/auth/auth_domain.c        |  7 ++++---
 source3/libsmb/trusts_util.c      |  7 ++++---
 source3/nsswitch/winbindd_cm.c    |  5 +++--
 source3/rpc_client/cli_netlogon.c |  5 +++--
 source3/rpc_client/cli_pipe.c     | 21 +++++++++++++--------
 source3/rpcclient/rpcclient.c     |  7 ++++---
 source3/utils/net_rpc_join.c      |  7 ++++---
 7 files changed, 35 insertions(+), 24 deletions(-)

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 6e053b317e..8d29367835 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -131,9 +131,10 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
 		}
 
 		result = rpccli_netlogon_setup_creds(netlogon_pipe,
-					dc_name,
-					domain,
-					global_myname(),
+					dc_name, /* server name */
+					domain, /* domain */
+					global_myname(), /* client name */
+					global_myname(), /* machine account name */
 					machine_pwd,
 					sec_chan_type,
 					&neg_flags);
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 87d20107fa..9d94c1d00a 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -44,9 +44,10 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
 		uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
 
 		result = rpccli_netlogon_setup_creds(cli, 
-					cli->cli->desthost,
-					lp_workgroup(),
-					global_myname(),
+					cli->cli->desthost, /* server name */
+					lp_workgroup(), /* domain */
+					global_myname(), /* client name */
+					global_myname(), /* machine account name */
 					orig_trust_passwd_hash,
 					sec_channel_type,
 					&neg_flags);
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index baef9c71ab..77278e8c34 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -1352,10 +1352,11 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	result = rpccli_netlogon_setup_creds
-		(netlogon_pipe,
+	result = rpccli_netlogon_setup_creds(
+		 netlogon_pipe,
 		 domain->dcname, /* server name. */
 		 domain->name,   /* domain name */
+		 global_myname(), /* client name */
 		 account_name,   /* machine account */
 		 mach_pwd,       /* machine password */
 		 sec_chan_type,  /* from get_trust_pw */
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index ee45331975..85b557471b 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -254,6 +254,7 @@ static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 				const char *server_name,
 				const char *domain,
+				const char *clnt_name,
 				const char *machine_account,
 				const unsigned char machine_pwd[16],
 				uint32 sec_chan_type,
@@ -291,7 +292,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	result = rpccli_net_req_chal(cli,
 				cli->mem_ctx,
 				dc->remote_machine,
-				machine_account,
+				clnt_name,
 				&clnt_chal_send,
 				&srv_chal_recv);
 
@@ -315,7 +316,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 			dc->remote_machine,
 			dc->mach_acct,
 			sec_chan_type,
-			machine_account,
+			clnt_name,
 			neg_flags_inout,
 			&clnt_chal_send, /* input. */
 			&srv_chal_recv); /* output */
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index bed1ef843a..7965aee807 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2409,7 +2409,7 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
 		return NULL;
 	}
 
-	if ( IS_DC ) {
+        if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
 		fstrcpy( machine_account, lp_workgroup() );
         } else {
                 /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
@@ -2421,9 +2421,10 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
         }
 
 	*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
-					cli->desthost,
-					domain,
-					machine_account,
+					cli->desthost, /* server name */
+					domain,	       /* domain */
+					global_myname(), /* client name */
+					machine_account, /* machine account name */
 					machine_pwd,
 					sec_chan_type,
 					&neg_flags);
@@ -2531,7 +2532,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_
 		return NULL;
 	}
 
-	if ( IS_DC ) {
+        /* if we are a DC and this is a trusted domain, then we need to use our
+           domain name in the net_req_auth2() request */
+
+        if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
 		fstrcpy( machine_account, lp_workgroup() );
         } else {
                 /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
@@ -2543,9 +2547,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_
         }
 
 	*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
-					cli->desthost,
-					domain,
-					machine_account,
+					cli->desthost,     /* server name */
+					domain,            /* domain */
+					global_myname(),   /* client name */
+					machine_account,   /* machine account name */
 					machine_pwd,
 					sec_chan_type,
 					&neg_flags);
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 630add0e9b..46f2df29d3 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -573,9 +573,10 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 			}
 		
 			ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
-						cli->desthost,
-						lp_workgroup(),
-						global_myname(),
+						cli->desthost,   /* server name */
+						lp_workgroup(),  /* domain */
+						global_myname(), /* client name */
+						global_myname(), /* machine account name */
 						trust_password,
 						sec_channel_type,
 						&neg_flags);
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 6b762563b3..12e51a85d1 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -303,9 +303,10 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 	}
 
 	result = rpccli_netlogon_setup_creds(pipe_hnd,
-					cli->desthost,
-					domain,
-					global_myname(),
+					cli->desthost, /* server name */
+					domain,        /* domain */
+					global_myname(), /* client name */
+					global_myname(), /* machine account name */
                                         md4_trust_password,
                                         sec_channel_type,
                                         &neg_flags);
-- 
cgit