From: Günther Deschner <gd@samba.org>
Date: Tue, 31 May 2016 16:47:34 +0000 (+0200)
Subject: s3:libnet: accept empty realm for AD domains when only security=domain is set.
X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=234a470f198f8f09f46aaeaf58f966faccedef18;p=amitay%2Fsamba.git

s3:libnet: accept empty realm for AD domains when only security=domain is set.

Initial patch from Matt Rogers @ RedHat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977

Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jun 15 20:28:31 CEST 2016 on sn-devel-144
---

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index c00718306e2..abb9cff1a5b 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2367,9 +2367,26 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
 			W_ERROR_HAVE_NO_MEMORY(wrong_conf);
 		}
 
+		/*
+		 * We should generate the warning for the special case when
+		 * domain is AD, "security = domain" and the realm parameter is
+		 * not set.
+		 */
+		if (lp_security() == SEC_DOMAIN &&
+		    r->out.domain_is_ad &&
+		    !valid_realm) {
+			libnet_join_set_error_string(mem_ctx, r,
+				"Warning: when joining AD domains with security=domain, "
+				"\"realm\" should be defined in the configuration (%s) "
+				"and configuration modification was not requested",
+				wrong_conf);
+			return WERR_OK;
+		}
+
 		libnet_join_set_error_string(mem_ctx, r,
 			"Invalid configuration (%s) and configuration modification "
 			"was not requested", wrong_conf);
+
 		return WERR_CAN_NOT_COMPLETE;
 	}