From b72fc49f441c969a44b3325677cde55670416b24 Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Fri, 23 May 2008 15:19:58 -0500 Subject: Manually port Steven Dannenman fix for using the correct machine domain when looking up trust credentials in our tdb. commit fd0ae47046d37ec8297396a2733209c4d999ea91 Author: Steven Danneman Date: Thu May 8 13:34:49 2008 -0700 Use machine account and machine password from our domain when contacting trusted domains. (This used to be commit 69b37ae60757075a0712149c5f97f17ee22c2e41) --- source3/passdb/passdb.c | 6 +++--- source3/winbindd/winbindd_cm.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 46dab156ee..e3a3d3ca9e 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1560,10 +1560,10 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd, return true; } - /* Just get the account for the requested domain. In the future this - * might also cover to be member of more than one domain. */ + /* Here we are a domain member server. We can only be a member + of one domain so ignore the request domain and assume our own */ - pwd = secrets_fetch_machine_password(domain, &last_set_time, channel); + pwd = secrets_fetch_machine_password(lp_workgroup(), &last_set_time, channel); if (pwd != NULL) { *ret_pwd = pwd; diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 377b1b2d21..9bab80377a 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -706,12 +706,12 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain, return NT_STATUS_NO_MEMORY; } - /* this is at least correct when domain is our domain, - * which is the only case, when this is currently used: */ + /* For now assume our machine account only exists in our domain */ + if (machine_krb5_principal != NULL) { if (asprintf(machine_krb5_principal, "%s$@%s", - account_name, domain->alt_name) == -1) + account_name, lp_realm()) == -1) { return NT_STATUS_NO_MEMORY; } -- cgit