r7454: couple of winbindd fixes

* make sure to use our domain as the account name in the net_req_auth2()
  request when running on a Samba DC
* make sure to lookup the correct domain (not default to ours) when getting an async
  getpwnam() call
(This used to be commit c9c3e3c122a6a04847c448d298b6f1adb4f35a60)

4 files changed, 17 insertions, 9 deletions

diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index c3a27a7deb4..a13a293e7af 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -252,7 +252,7 @@ static struct winbindd_dispatch_table dispatch_table[] = {
 	/* PAM auth functions */
 
 	{ WINBINDD_PAM_AUTH, winbindd_pam_auth, "PAM_AUTH" },
-	{ WINBINDD_PAM_AUTH_CRAP, winbindd_crap_auth, "AUTH_CRAP" },
+	{ WINBINDD_PAM_AUTH_CRAP, winbindd_pam_auth_crap, "AUTH_CRAP" },
 	{ WINBINDD_PAM_CHAUTHTOK, winbindd_pam_chauthtok, "CHAUTHTOK" },
 
 	/* Enumeration functions */
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index a6f09f4bf29..6400b23f9ff 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -1158,9 +1158,17 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
 	generate_random_buffer(clnt_chal.data, 8);
 
 	server_name = talloc_asprintf(mem_ctx, "\\\\%s", domain->dcname);
-	account_name = talloc_asprintf(mem_ctx, "%s$",
-				       domain->primary ?
-				       global_myname() : domain->name);
+
+	/* if we are a DC and this is a trusted domain, then we need to use our
+	   domain name in the net_req_auth2() request */
+
+	if ( IS_DC ) {
+		account_name = talloc_asprintf( mem_ctx, "%s$", lp_workgroup() );
+	}
+	else {
+		account_name = talloc_asprintf(mem_ctx, "%s$", 
+			domain->primary ?  global_myname() : domain->name);
+	}
 
 	if ((server_name == NULL) || (account_name == NULL))
 		return NT_STATUS_NO_MEMORY;
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 97dc35c0e7e..47affa66fbd 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -500,7 +500,7 @@ done:
  Challenge Response Authentication Protocol 
 **********************************************************************/
 
-enum winbindd_result winbindd_crap_auth(struct winbindd_cli_state *state)
+enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
 {
 	struct winbindd_domain *domain = NULL;
 	const char *domain_name = NULL;
diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c
index d1927939932..d8d7dbb5023 100644
--- a/source3/nsswitch/winbindd_user.c
+++ b/source3/nsswitch/winbindd_user.c
@@ -324,7 +324,7 @@ enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
 	
 	/* Get info for the domain */
 
-	domain = find_lookup_domain_from_name(domname);
+	domain = find_domain_from_name(domname);
 
 	if (domain == NULL) {
 		DEBUG(7, ("could not find domain entry for domain %s\n",
@@ -332,9 +332,9 @@ enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
 		return WINBINDD_ERROR;
 	}
 
-	if ( domain->primary && lp_winbind_trusted_domains_only()) {
-		DEBUG(7,("winbindd_getpwnam: My domain -- rejecting "
-			 "getgroups() for %s\\%s.\n", domname, username));
+	if ( strequal(domname, lp_workgroup()) && lp_winbind_trusted_domains_only() ) {
+		DEBUG(7,("winbindd_getpwnam: My domain -- rejecting getpwnam() for %s\\%s.\n", 
+			domname, username));
 		return WINBINDD_ERROR;
 	}