Patch for bug #8156 - net ads join fails to use the user's kerberos ticket.

If kerberos_get_realm_from_hostname() or kerberos_get_default_realm_from_ccache() fails due to
 a misconfigured krb5.conf, try the "realm =" from smb.conf as a fallcback before going back to
 NTLMSSP (which we'll do anyway).
(cherry picked from commit ccab9efb653cfacdd357986f7a8a85c17df7abbb)

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 760681062aec77891460158d0e61a90b95c72030..e858280cd95c56cab054a985479b2275313deb48 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1074,6 +1074,9 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                        host = strchr_m(cli->desthost, '.');
                        if (dest_realm) {
                                realm = SMB_STRDUP(dest_realm);
+                               if (!realm) {
+                                       return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+                               }
                                strupper_m(realm);
                        } else {
                                if (host) {
@@ -1085,19 +1088,33 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
                                }
                        }
 
-                       if (realm && *realm) {
-                               principal = talloc_asprintf(talloc_tos(),
-                                                           "cifs/%s@%s",
-                                                           cli->desthost,
-                                                           realm);
-                               if (!principal) {
-                                       SAFE_FREE(realm);
+                       if (realm == NULL || *realm == '\0') {
+                               realm = SMB_STRDUP(lp_realm());
+                               if (!realm) {
                                        return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
                                }
-                               DEBUG(3,("cli_session_setup_spnego: guessed "
-                                       "server principal=%s\n",
-                                       principal ? principal : "<null>"));
+                               strupper_m(realm);
+                               DEBUG(3,("cli_session_setup_spnego: cannot "
+                                       "get realm from dest_realm %s, "
+                                       "desthost %s. Using default "
+                                       "smb.conf realm %s\n",
+                                       dest_realm ? dest_realm : "<null>",
+                                       cli->desthost,
+                                       realm));
                        }
+
+                       principal = talloc_asprintf(talloc_tos(),
+                                                   "cifs/%s@%s",
+                                                   cli->desthost,
+                                                   realm);
+                       if (!principal) {
+                               SAFE_FREE(realm);
+                               return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+                       }
+                       DEBUG(3,("cli_session_setup_spnego: guessed "
+                               "server principal=%s\n",
+                               principal ? principal : "<null>"));
+
                        SAFE_FREE(realm);
                }