From ea6fde0b7b986f029e2b314568ac6a102cfa33c7 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Thu, 21 Feb 2002 01:40:06 +0000
Subject: Check that the domain controllers returned by a WINS server are
 actually DCs for the domain they advertise to be.  Silly?  Yes but I have log
 files of a Microsoft WINS server sending the wrong result!  Winbindd gets
 really stuck when it latches onto a domain controller for a different domain.

Previously this check was slightly lower down in the call chain so wasn't
being made all the time.  CR#334
---
 source/libsmb/clidomain.c | 33 +++++++++++++++------------------
 1 file changed, 15 insertions(+), 18 deletions(-)

diff --git a/source/libsmb/clidomain.c b/source/libsmb/clidomain.c
index 75066942bf1..23b9ae566da 100644
--- a/source/libsmb/clidomain.c
+++ b/source/libsmb/clidomain.c
@@ -269,7 +269,7 @@ extern pstring global_myname;
 
 BOOL attempt_connect_dc(char *domain, struct in_addr dest_ip)
 {
-	fstring remote_machine;
+	fstring remote_machine, remote_domain;
 	struct cli_state cli;
 	uint16 fnum;
 	
@@ -292,6 +292,20 @@ BOOL attempt_connect_dc(char *domain, struct in_addr dest_ip)
 		return False;
 	}
 
+	/* Check that this DC is actually a controller for the domain we
+	   are interested in by looking up the #1c name. */
+
+	if (name_status_find(domain, 0x1c, 0x1c, dest_ip, remote_domain)) {
+		if (!strequal(remote_domain, domain)) {
+			DEBUG(1, ("attempt_connect_dc: %s not a member of domain %s, rather %s\n", remote_machine, domain, remote_domain));
+			return False;
+		}
+	} else {
+		DEBUG(1, ("attempt_connect_dc(): could not look up %s#1c\n", 
+			  remote_machine));
+		return False;
+	}
+
 	/* This is the wrong place for this check I think.  The correct
 	   place should be in the code that decides to use this server
 	   for authentication rather than attempting to connect to it to
@@ -533,23 +547,6 @@ BOOL get_any_dc_name(char *domain, fstring srv_name)
 				continue;
 			}
 
-			/* Check that this DC is actually a member of the
-			   domain we are interested in */
-
-			if (name_status_find(domain, 0x1c, 0x1c, dest_ip, the_domain)) {
-                                if (!strequal(the_domain, domain)) {
-                                        DEBUG(1, ("get_any_dc_name(): dc %s not a member of domain %s (%s)\n",
-                                                  remote_machine, domain, the_domain));
-                                        connected_ok = False;
-                                        continue;
-                                }
-			} else {
-                                DEBUG(1, ("get_any_dc_name(): %s not a dc\n",
-                                          remote_machine));
-                                connected_ok = False;
-                                continue;
-                        }
-
 			connected_ok = attempt_connect_dc(domain, dest_ip);
 		}
 	}
-- 
cgit