From a460e6beef5b784d5ac37c398c91ac3e86dc432d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 28 Oct 2016 09:00:46 +0200 Subject: [PATCH] s3:libsmb: pass the optional dest_realm via the cli_credentials 'dest_realm' is only valid in the winbindd use case, where we also have the account in that realm. We need to ask the DC to which KDC the principal belongs to, in order to get the potential trust referrals right. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/libsmb/cliconnect.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 114aad61cda..67fb3a550ff 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -560,6 +560,7 @@ static struct tevent_req *cli_session_setup_gensec_send( struct cli_session_setup_gensec_state *state; NTSTATUS status; const DATA_BLOB *b = NULL; + const char *dest_realm = NULL; req = tevent_req_create(mem_ctx, &state, struct cli_session_setup_gensec_state); @@ -572,6 +573,12 @@ static struct tevent_req *cli_session_setup_gensec_send( talloc_set_destructor( state, cli_session_setup_gensec_state_destructor); + /* + * dest_realm is only valid in the winbindd use case, + * where we also have the account in that realm. + */ + dest_realm = cli_state_remote_realm(cli); + if (user == NULL || strlen(user) == 0) { if (pass != NULL && strlen(pass) == 0) { /* @@ -614,6 +621,17 @@ static struct tevent_req *cli_session_setup_gensec_send( return tevent_req_post(req, ev); } + if (dest_realm != NULL) { + bool ok; + + ok = cli_credentials_set_realm(state->auth_generic->credentials, + dest_realm, CRED_SPECIFIED); + if (!ok) { + tevent_req_oom(req); + return tevent_req_post(req, ev); + } + } + if (cli->pw_nt_hash) { struct samr_Password nt_hash; size_t converted; -- 2.34.1