s3-winbindd: set the can_do_validation6 also for trusted domain

The flag can_do_validation6 was only set for the domain to which
winbindd is the member. Setting this flag in other domains (trusted
domain) if it's active directory domain is a good idea as it allow to do
level 6 validation also when winbindd is querying them directly.
(cherry picked from commit 05036fab0a9847219c73c0abd931a39fba0bccfd)

Address bug #8599 (WINBINDD_PAM_AUTH_CRAP returns invalid user session key).
(cherry picked from commit 01747a5554839f21992b8845328c4b08c3dd8ff8)
(cherry picked from commit 6c1501a8efd49efb7b9f5c75963c2f1124e7e258)

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index cc3e3edd89916211bfca05099d90cd1d3f56c4dd..a63c3f553ea568e1dff85992fb44232b7e3f220e 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1766,6 +1766,8 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
                                 "running active directory.\n", domain->name, 
                                 domain->active_directory ? "" : "NOT "));
 
+                       domain->can_do_ncacn_ip_tcp = domain->active_directory;
+                       domain->can_do_validation6 = domain->active_directory;
 
                        domain->initialized = True;