2 files changed, 25 insertions, 16 deletions

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 9a03e1ba96..78d4da3a75 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -184,15 +184,19 @@ static int negprot_spnego(char *p)
 		return 16;
 	}
 #endif
-
-	/* win2000 uses host$@REALM, which we will probably use eventually,
-	   but for now this works */
-	asprintf(&principal, "HOST/%s@%s", guid, lp_realm());
-	blob = spnego_gen_negTokenInit(guid, 
-				       lp_security()==SEC_ADS ? OIDs_krb5 : OIDs_plain, 
-				       principal);
-	free(principal);
-
+	{
+		ADS_STRUCT *ads;
+		ads = ads_init(NULL, NULL, NULL);
+		
+		/* win2000 uses host$@REALM, which we will probably use eventually,
+		   but for now this works */
+		asprintf(&principal, "HOST/%s@%s", guid, ads->realm);
+		blob = spnego_gen_negTokenInit(guid, 
+					       lp_security()==SEC_ADS ? OIDs_krb5 : OIDs_plain, 
+					       principal);
+		free(principal);
+		ads_destroy(&ads);
+	}
 	memcpy(p, blob.data, blob.length);
 	len = blob.length;
 	data_blob_free(&blob);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 863a509042..35155c0dec 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -74,23 +74,25 @@ static int reply_spnego_kerberos(connection_struct *conn,
 				 DATA_BLOB *secblob)
 {
 	DATA_BLOB ticket;
-	char *realm, *client, *p;
+	char *client, *p;
 	const struct passwd *pw;
 	char *user;
 	int sess_vuid;
 	NTSTATUS ret;
 	DATA_BLOB auth_data;
 	auth_serversupplied_info *server_info = NULL;
-
-	realm = lp_realm();
+	ADS_STRUCT *ads;
 
 	if (!spnego_parse_krb5_wrap(*secblob, &ticket)) {
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
-	ret = ads_verify_ticket(&ticket, &client, &auth_data);
+	ads = ads_init(NULL, NULL, NULL);
+
+	ret = ads_verify_ticket(ads, &ticket, &client, &auth_data);
 	if (!NT_STATUS_IS_OK(ret)) {
-		DEBUG(1,("Failed to verify incoming ticket!\n"));
+		DEBUG(1,("Failed to verify incoming ticket!\n"));	
+		ads_destroy(&ads);
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
@@ -99,15 +101,18 @@ static int reply_spnego_kerberos(connection_struct *conn,
 	p = strchr_m(client, '@');
 	if (!p) {
 		DEBUG(3,("Doesn't look like a valid principal\n"));
+		ads_destroy(&ads);
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
 	*p = 0;
-	if (strcasecmp(p+1, realm) != 0) {
+	if (strcasecmp(p+1, ads->realm) != 0) {
 		DEBUG(3,("Ticket for incorrect realm %s\n", p+1));
+		ads_destroy(&ads);
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
-	
+	ads_destroy(&ads);
+
 	user = client;
 
 	/* the password is good - let them in */