Patch for bug #8156 - net ads join fails to use the user's kerberos ticket.

If kerberos_get_realm_from_hostname() or kerberos_get_default_realm_from_ccache() fails due to
 a misconfigured krb5.conf, try the "realm =" from smb.conf as a fallcback before going back to
 NTLMSSP (which we'll do anyway).

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat May 21 00:58:09 CEST 2011 on sn-devel-104

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index fca6c3a31256a2263086adf7801d8a7a515e6431..69d5ce62476201f966fe2e35b9c71b26d08646f5 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1871,6 +1871,9 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                        host = strchr_m(cli->desthost, '.');
                        if (dest_realm) {
                                realm = SMB_STRDUP(dest_realm);
+                               if (!realm) {
+                                       return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+                               }
                                strupper_m(realm);
                        } else {
                                if (host) {
@@ -1882,19 +1885,33 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                                }
                        }
 
-                       if (realm && *realm) {
-                               principal = talloc_asprintf(talloc_tos(),
-                                                           "cifs/%s@%s",
-                                                           cli->desthost,
-                                                           realm);
-                               if (!principal) {
-                                       SAFE_FREE(realm);
+                       if (realm == NULL || *realm == '\0') {
+                               realm = SMB_STRDUP(lp_realm());
+                               if (!realm) {
                                        return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
                                }
-                               DEBUG(3,("cli_session_setup_spnego: guessed "
-                                       "server principal=%s\n",
-                                       principal ? principal : "<null>"));
+                               strupper_m(realm);
+                               DEBUG(3,("cli_session_setup_spnego: cannot "
+                                       "get realm from dest_realm %s, "
+                                       "desthost %s. Using default "
+                                       "smb.conf realm %s\n",
+                                       dest_realm ? dest_realm : "<null>",
+                                       cli->desthost,
+                                       realm));
                        }
+
+                       principal = talloc_asprintf(talloc_tos(),
+                                                   "cifs/%s@%s",
+                                                   cli->desthost,
+                                                   realm);
+                       if (!principal) {
+                               SAFE_FREE(realm);
+                               return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+                       }
+                       DEBUG(3,("cli_session_setup_spnego: guessed "
+                               "server principal=%s\n",
+                               principal ? principal : "<null>"));
+
                        SAFE_FREE(realm);
                }