From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 2 Mar 2023 13:46:25 +0000 (+0100)
Subject: net_ads: fill ads->auth.realm from c->creds
X-Git-Tag: talloc-2.4.1~1047
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0ef53b948e13eb36b536228cccd89aa4c2adbb90;p=thirdparty%2Fsamba.git

net_ads: fill ads->auth.realm from c->creds

We get the realm we use for authentication needs to
the realm belonging to the username we use.

We derive the username from c->creds, so we need to
do the same for the realm.

Otherwise we try to authenticate as the wrong user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/selftest/knownfail.d/samba4.blackbox.net_ads_search_server_P b/selftest/knownfail.d/samba4.blackbox.net_ads_search_server_P
deleted file mode 100644
index 7f06e3fe738..00000000000
--- a/selftest/knownfail.d/samba4.blackbox.net_ads_search_server_P
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.blackbox.net_ads_search_server_P.trust
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 2c5786a6e65..d1b2a25ca92 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -710,7 +710,15 @@ retry:
 			TALLOC_FREE(ads);
 			return ADS_ERROR(LDAP_NO_MEMORY);
 		}
-       }
+	} else if (ads->auth.realm == NULL) {
+		const char *c_realm = cli_credentials_get_realm(c->creds);
+
+		ads->auth.realm = talloc_strdup(ads, c_realm);
+		if (ads->auth.realm == NULL) {
+			TALLOC_FREE(ads);
+			return ADS_ERROR(LDAP_NO_MEMORY);
+		}
+	}
 
 	status = ads_connect(ads);