libads: add ADS_AUTH_USER_CREDS to avoid magic overwriting of usernames.

Guenther
(This used to be commit b5aaf5aa0f280f69e05b613271c96473a79b812e)

2 files changed, 15 insertions, 8 deletions

diff --git a/source3/include/ads.h b/source3/include/ads.h
index d5ce88babe..d4551765aa 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -320,14 +320,15 @@ typedef void **ADS_MODLIST;
 #define ADS_DNS_FOREST     0x80000000  /* DnsForestName is a DNS name */
 
 /* ads auth control flags */
-#define ADS_AUTH_DISABLE_KERBEROS 0x01
-#define ADS_AUTH_NO_BIND          0x02
-#define ADS_AUTH_ANON_BIND        0x04
-#define ADS_AUTH_SIMPLE_BIND      0x08
-#define ADS_AUTH_ALLOW_NTLMSSP    0x10
-#define ADS_AUTH_SASL_SIGN        0x20
-#define ADS_AUTH_SASL_SEAL        0x40
-#define ADS_AUTH_SASL_FORCE       0x80
+#define ADS_AUTH_DISABLE_KERBEROS 0x0001
+#define ADS_AUTH_NO_BIND          0x0002
+#define ADS_AUTH_ANON_BIND        0x0004
+#define ADS_AUTH_SIMPLE_BIND      0x0008
+#define ADS_AUTH_ALLOW_NTLMSSP    0x0010
+#define ADS_AUTH_SASL_SIGN        0x0020
+#define ADS_AUTH_SASL_SEAL        0x0040
+#define ADS_AUTH_SASL_FORCE       0x0080
+#define ADS_AUTH_USER_CREDS       0x0100
 
 /* Kerberos environment variable names */
 #define KRB5_ENV_CCNAME "KRB5CCNAME"
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index c4135f24a1..31e5af4224 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -323,6 +323,11 @@ int ads_kinit_password(ADS_STRUCT *ads)
 	const char *account_name;
 	fstring acct_name;
 
+	if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
+		account_name = ads->auth.user_name;
+		goto got_accountname;
+	}
+
 	if ( IS_DC ) {
 		/* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
 		account_name = lp_workgroup();
@@ -338,6 +343,7 @@ int ads_kinit_password(ADS_STRUCT *ads)
 			account_name = ads->auth.user_name;
 	}
 
+ got_accountname:
 	if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
 		return KRB5_CC_NOMEM;
 	}