mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
r11492: Fix bug #3224 (I hope). Correctly use machine_account_name
and client_name when doing netlogon credential setup. Jeremy.
This commit is contained in:
parent
3ba5d02cff
commit
37e6ef9389
@ -131,9 +131,10 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
|
||||
}
|
||||
|
||||
result = rpccli_netlogon_setup_creds(netlogon_pipe,
|
||||
dc_name,
|
||||
domain,
|
||||
global_myname(),
|
||||
dc_name, /* server name */
|
||||
domain, /* domain */
|
||||
global_myname(), /* client name */
|
||||
global_myname(), /* machine account name */
|
||||
machine_pwd,
|
||||
sec_chan_type,
|
||||
&neg_flags);
|
||||
|
@ -44,9 +44,10 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
|
||||
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
|
||||
|
||||
result = rpccli_netlogon_setup_creds(cli,
|
||||
cli->cli->desthost,
|
||||
lp_workgroup(),
|
||||
global_myname(),
|
||||
cli->cli->desthost, /* server name */
|
||||
lp_workgroup(), /* domain */
|
||||
global_myname(), /* client name */
|
||||
global_myname(), /* machine account name */
|
||||
orig_trust_passwd_hash,
|
||||
sec_channel_type,
|
||||
&neg_flags);
|
||||
|
@ -1352,10 +1352,11 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
result = rpccli_netlogon_setup_creds
|
||||
(netlogon_pipe,
|
||||
result = rpccli_netlogon_setup_creds(
|
||||
netlogon_pipe,
|
||||
domain->dcname, /* server name. */
|
||||
domain->name, /* domain name */
|
||||
global_myname(), /* client name */
|
||||
account_name, /* machine account */
|
||||
mach_pwd, /* machine password */
|
||||
sec_chan_type, /* from get_trust_pw */
|
||||
|
@ -254,6 +254,7 @@ static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli,
|
||||
NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
|
||||
const char *server_name,
|
||||
const char *domain,
|
||||
const char *clnt_name,
|
||||
const char *machine_account,
|
||||
const unsigned char machine_pwd[16],
|
||||
uint32 sec_chan_type,
|
||||
@ -291,7 +292,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
|
||||
result = rpccli_net_req_chal(cli,
|
||||
cli->mem_ctx,
|
||||
dc->remote_machine,
|
||||
machine_account,
|
||||
clnt_name,
|
||||
&clnt_chal_send,
|
||||
&srv_chal_recv);
|
||||
|
||||
@ -315,7 +316,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
|
||||
dc->remote_machine,
|
||||
dc->mach_acct,
|
||||
sec_chan_type,
|
||||
machine_account,
|
||||
clnt_name,
|
||||
neg_flags_inout,
|
||||
&clnt_chal_send, /* input. */
|
||||
&srv_chal_recv); /* output */
|
||||
|
@ -2409,7 +2409,7 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ( IS_DC ) {
|
||||
if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
|
||||
fstrcpy( machine_account, lp_workgroup() );
|
||||
} else {
|
||||
/* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
|
||||
@ -2421,9 +2421,10 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
|
||||
}
|
||||
|
||||
*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
|
||||
cli->desthost,
|
||||
domain,
|
||||
machine_account,
|
||||
cli->desthost, /* server name */
|
||||
domain, /* domain */
|
||||
global_myname(), /* client name */
|
||||
machine_account, /* machine account name */
|
||||
machine_pwd,
|
||||
sec_chan_type,
|
||||
&neg_flags);
|
||||
@ -2531,7 +2532,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ( IS_DC ) {
|
||||
/* if we are a DC and this is a trusted domain, then we need to use our
|
||||
domain name in the net_req_auth2() request */
|
||||
|
||||
if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
|
||||
fstrcpy( machine_account, lp_workgroup() );
|
||||
} else {
|
||||
/* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
|
||||
@ -2543,9 +2547,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_
|
||||
}
|
||||
|
||||
*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
|
||||
cli->desthost,
|
||||
domain,
|
||||
machine_account,
|
||||
cli->desthost, /* server name */
|
||||
domain, /* domain */
|
||||
global_myname(), /* client name */
|
||||
machine_account, /* machine account name */
|
||||
machine_pwd,
|
||||
sec_chan_type,
|
||||
&neg_flags);
|
||||
|
@ -573,9 +573,10 @@ static NTSTATUS do_cmd(struct cli_state *cli,
|
||||
}
|
||||
|
||||
ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
|
||||
cli->desthost,
|
||||
lp_workgroup(),
|
||||
global_myname(),
|
||||
cli->desthost, /* server name */
|
||||
lp_workgroup(), /* domain */
|
||||
global_myname(), /* client name */
|
||||
global_myname(), /* machine account name */
|
||||
trust_password,
|
||||
sec_channel_type,
|
||||
&neg_flags);
|
||||
|
@ -303,9 +303,10 @@ int net_rpc_join_newstyle(int argc, const char **argv)
|
||||
}
|
||||
|
||||
result = rpccli_netlogon_setup_creds(pipe_hnd,
|
||||
cli->desthost,
|
||||
domain,
|
||||
global_myname(),
|
||||
cli->desthost, /* server name */
|
||||
domain, /* domain */
|
||||
global_myname(), /* client name */
|
||||
global_myname(), /* machine account name */
|
||||
md4_trust_password,
|
||||
sec_channel_type,
|
||||
&neg_flags);
|
||||
|
Loading…
Reference in New Issue
Block a user