From fda9247770577a98606c91973f98a7e53123a40c Mon Sep 17 00:00:00 2001
From: "Gerald W. Carter" <jerry@samba.org>
Date: Fri, 25 Jan 2008 12:18:05 -0600
Subject: Use the correct domain name when looking up the trust password.

On a DC, we always use the domain name given.  On a domain member,
we use lp_workgroup().  This fixes a bug supporting trusted domains.
(This used to be commit 8b063a414149bdf401a8f854d55ed7dc6f94cb60)
---
 source3/winbindd/winbindd_cm.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 0c5fa0e48e..94910072c3 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -679,8 +679,22 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
 				char **machine_krb5_principal)
 {
 	const char *account_name;
+	const char *name = NULL;
+	
+	/* If we are a DC and this is not our own domain */
+
+	if (IS_DC) {
+		name = domain->name;
+	} else {
+		struct winbindd_domain *our_domain = find_our_domain();
 
-	if (!get_trust_pw_clear(domain->name, machine_password,
+		if (!our_domain)
+			return NT_STATUS_INVALID_SERVER_STATE;		
+		
+		name = our_domain->name;		
+	}	
+	
+	if (!get_trust_pw_clear(name, machine_password,
 				&account_name, NULL))
 	{
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-- 
cgit