sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code

s3:pdb_samba_dsdb: use SEC_CHAN_DNS_DOMAIN in pdb_samba_dsdb_get_trusteddom_creds()

Browse Source 
If both ends have a dns domain, we can use SEC_CHAN_DNS_DOMAIN in order to match
a Windows DC.

For kerberos we still need to use MY_NETBIOS_DOMAIN$@REMOTE_REALM.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2014-12-16 15:57:49 +00:00
parent 7387678ff5
commit 05eb7b52cd
1 changed files with 33 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
source3/passdb/pdb_samba_dsdb.c
View File

@ -2296,8 +2296,10 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m,
bool ok;
const char *my_netbios_name = NULL;
const char *my_netbios_domain = NULL;
const char *my_dns_domain = NULL;
const char *netbios_domain = NULL;
char *account_name = NULL;
char *principal_name = NULL;
const char *dns_domain = NULL;
status = sam_get_results_trust(state->ldb, tmp_ctx, domain,
@ -2389,6 +2391,7 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m,
my_netbios_name = lpcfg_netbios_name(state->lp_ctx);
my_netbios_domain = lpcfg_workgroup(state->lp_ctx);
my_dns_domain = lpcfg_dnsdomain(state->lp_ctx);
creds = cli_credentials_init(tmp_ctx);
if (creds == NULL) {
@ -2413,13 +2416,28 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m,
return NT_STATUS_NO_MEMORY;
}
if (my_dns_domain != NULL && dns_domain != NULL) {
cli_credentials_set_secure_channel_type(creds, SEC_CHAN_DNS_DOMAIN);
account_name = talloc_asprintf(tmp_ctx, "%s.", my_dns_domain);
if (account_name == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
principal_name = talloc_asprintf(tmp_ctx, "%s$@%s", my_netbios_domain,
cli_credentials_get_realm(creds));
if (principal_name == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
} else {
cli_credentials_set_secure_channel_type(creds, SEC_CHAN_DOMAIN);
account_name = talloc_asprintf(tmp_ctx, "%s$", my_netbios_domain);
if (account_name == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
principal_name = NULL;
}
ok = cli_credentials_set_username(creds, account_name, CRED_SPECIFIED);
if (!ok) {
@ -2427,6 +2445,15 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m,
return NT_STATUS_NO_MEMORY;
}
if (principal_name != NULL) {
ok = cli_credentials_set_principal(creds, principal_name,
CRED_SPECIFIED);
if (!ok) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
}
if (password_nt.length == 16) {
struct samr_Password nt_hash;