net_ads: fill ads->auth.realm from c->creds

We get the realm we use for authentication needs to
the realm belonging to the username we use.

We derive the username from c->creds, so we need to
do the same for the realm.

Otherwise we try to authenticate as the wrong user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0ef53b948e13eb36b536228cccd89aa4c2adbb90)

diff --git a/selftest/knownfail.d/samba4.blackbox.net_ads_search_server_P b/selftest/knownfail.d/samba4.blackbox.net_ads_search_server_P
deleted file mode 100644 (file)
index 7f06e3f..0000000
--- a/selftest/knownfail.d/samba4.blackbox.net_ads_search_server_P
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.blackbox.net_ads_search_server_P.trust

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 09f7f0b4a3943e83a4ca03c2626e136fe3f487a2..dd9341f36378fb12b5f438ebd5cb58883b5b418a 100644 (file)
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -710,7 +710,15 @@ retry:
                        TALLOC_FREE(ads);
                        return ADS_ERROR(LDAP_NO_MEMORY);
                }
-       }
+       } else if (ads->auth.realm == NULL) {
+               const char *c_realm = cli_credentials_get_realm(c->creds);
+
+               ads->auth.realm = talloc_strdup(ads, c_realm);
+               if (ads->auth.realm == NULL) {
+                       TALLOC_FREE(ads);
+                       return ADS_ERROR(LDAP_NO_MEMORY);
+               }
+       }
 
        status = ads_connect(ads);