From: Michael Adam <obnox@samba.org>
Date: Mon, 26 May 2008 10:22:53 +0000 (+0200)
Subject: passdb: add comment explaining logic in get_trust_pw_clear().
X-Git-Tag: samba-3.3.0pre1~1124
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5f197c659e9c8a573ba5032c7f90c816df45770c;p=thirdparty%2Fsamba.git

passdb: add comment explaining logic in get_trust_pw_clear().

Michael
---

diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c
index 874355da67a..d69da8f32e7 100644
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@@ -1568,8 +1568,22 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
 		return true;
 	}
 
-	/* Here we are a domain member server.  We can only be a member
-	   of one domain so ignore the request domain and assume our own */
+	/*
+	 * Since we can only be member of one single domain, we are now
+	 * in a member situation:
+	 *
+	 *  -  Either we are a DC (selfjoined) and the domain is our
+	 *     own domain.
+	 *  -  Or we are on a member and the domain is our own or some
+	 *     other (potentially trusted) domain.
+	 *
+	 * In both cases, we can only get the machine account password
+	 * for our own domain to connect to our own dc. (For a member,
+	 * request to trusted domains are performed through our dc.)
+	 *
+	 * So we simply use our own domain name to retrieve the
+	 * machine account passowrd and ignore the request domain here.
+	 */
 
 	pwd = secrets_fetch_machine_password(lp_workgroup(), &last_set_time, channel);