From 7e0314f6a29dd36e3911a21972aedb76270f1313 Mon Sep 17 00:00:00 2001
From: "Gerald (Jerry) Carter" <jerry@samba.org>
Date: Fri, 22 Aug 2008 10:17:04 -0500
Subject: winbindd: Fix crash in cm_connect_sam()

Fix segv when talking to parent DC (joined to child domain).

The root cause was

(a) storing the parent domain in the cli_state struct caused
    the NTLMSSP pipe bind to fail which made us fallover to
    the schannel code path
(b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning
    NULL even though the function indicated success.
(This used to be commit 5ce4a2ae6697970ea37d0078a506615b4b7a9a9c)
---
 source3/winbindd/winbindd_cm.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'source3/winbindd/winbindd_cm.c')

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 69e95b1c05..6db45f72c3 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -875,7 +875,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 			result = ads_ntstatus(ads_status);
 			if (NT_STATUS_IS_OK(result)) {
 				/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
-				cli_init_creds(*cli, machine_account, domain->name, machine_password);
+				cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
 				goto session_setup_done;
 			}
 		}
@@ -900,7 +900,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 		result = ads_ntstatus(ads_status);
 		if (NT_STATUS_IS_OK(result)) {
 			/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
-			cli_init_creds(*cli, machine_account, domain->name, machine_password);
+			cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
 			goto session_setup_done;
 		}
 	}
@@ -1927,6 +1927,10 @@ static bool cm_get_schannel_dcinfo(struct winbindd_domain *domain,
 	/* Return a pointer to the struct dcinfo from the
 	   netlogon pipe. */
 
+	if (!domain->conn.netlogon_pipe->dc) {
+		return false;
+	}
+
 	*ppdc = domain->conn.netlogon_pipe->dc;
 	return True;
 }
@@ -1953,6 +1957,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
+
 	/*
 	 * No SAMR pipe yet. Attempt to get an NTLMSSP SPNEGO authenticated
 	 * sign and sealed pipe using the machine account password by
-- 
cgit