s3:libsmb: pass the optional dest_realm via the cli_credentials

'dest_realm' is only valid in the winbindd use case, where we also have
the account in that realm.

We need to ask the DC to which KDC the principal belongs to, in order to
get the potential trust referrals right.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 114aad61cda8fbc6bc6d6bf41ac561de2d7d0f57..67fb3a550ff1ac9039c3aef9571cb6bd3059b329 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -560,6 +560,7 @@ static struct tevent_req *cli_session_setup_gensec_send(
        struct cli_session_setup_gensec_state *state;
        NTSTATUS status;
        const DATA_BLOB *b = NULL;
+       const char *dest_realm = NULL;
 
        req = tevent_req_create(mem_ctx, &state,
                                struct cli_session_setup_gensec_state);
@@ -572,6 +573,12 @@ static struct tevent_req *cli_session_setup_gensec_send(
        talloc_set_destructor(
                state, cli_session_setup_gensec_state_destructor);
 
+       /*
+        * dest_realm is only valid in the winbindd use case,
+        * where we also have the account in that realm.
+        */
+       dest_realm = cli_state_remote_realm(cli);
+
        if (user == NULL || strlen(user) == 0) {
                if (pass != NULL && strlen(pass) == 0) {
                        /*
@@ -614,6 +621,17 @@ static struct tevent_req *cli_session_setup_gensec_send(
                return tevent_req_post(req, ev);
        }
 
+       if (dest_realm != NULL) {
+               bool ok;
+
+               ok = cli_credentials_set_realm(state->auth_generic->credentials,
+                                              dest_realm, CRED_SPECIFIED);
+               if (!ok) {
+                       tevent_req_oom(req);
+                       return tevent_req_post(req, ev);
+               }
+       }
+
        if (cli->pw_nt_hash) {
                struct samr_Password nt_hash;
                size_t converted;