git.samba.org - nivanova/samba-autobuild/.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Thu, 15 Dec 2016 10:04:02 +0000 (11:04 +0100)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 20 Dec 2016 00:11:24 +0000 (01:11 +0100)
commit	dab9456cfc4f42e4a7d95443e02460e59816ecbd
tree	e13f74fc9b8f47ab3f17348690a60eb93945f48d	tree
parent	7c344fbbe0568734beb982bb6e0f3c81e6eb5843	commit \| diff

auth/credentials: handle situations without a configured (default) realm

We should not have cli_credentials_get_realm() return "" without a
configured (default) realm in smb.conf.
Note that the existing tests with creds.get_realm() == lp.get("realm")
also work with "" as string.

At the same time we should never let cli_credentials_get_principal()
return "@REALM.EXAMPLE.COM" nor "username@".

If cli_credentials_parse_string() gets "OTHERDOMAIN\username"
we must not use cli_credentials_get_realm() to generate
a principal unless cli_credentials_get_domain() returns
also "OTHERDOMAIN". What we need to do is using
username@OTHERDOMAIN as principal, whild we still
use cli_credentials_get_realm to get a default kdc,
(which may route us to the correct kdc with WRONG_REALM
messages).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/credentials/credentials.c		diff \| blob \| history
python/samba/tests/credentials.py		diff \| blob \| history