3 files changed, 18 insertions, 5 deletions

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index d8aea624be..1d79cbd5d0 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -200,14 +200,11 @@ static int negprot_spnego(char *p)
 	if (lp_security() != SEC_ADS) {
 		blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
 	} else {
-		ADS_STRUCT *ads;
-		ads = ads_init_simple();
 		/* win2000 uses host$@REALM, which we will probably use eventually,
 		   but for now this works */
-		asprintf(&principal, "HOST/%s@%s", guid, ads->realm);
+		asprintf(&principal, "HOST/%s@%s", guid, lp_realm());
 		blob = spnego_gen_negTokenInit(guid, OIDs_krb5, principal);
 		free(principal);
-		ads_destroy(&ads);
 	}
 	memcpy(p, blob.data, blob.length);
 	len = blob.length;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 1eef3d98e8..d173fec00e 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -364,6 +364,10 @@ static BOOL open_sockets_smbd(BOOL is_daemon,const char *smb_ports)
 				set_socket_options(smbd_server_fd(),"SO_KEEPALIVE");
 				set_socket_options(smbd_server_fd(),user_socket_options);
 				
+				/* this is needed so that we get decent entries
+				   in smbstatus for port 445 connects */
+				fstrcpy(remote_machine, get_socket_addr(smbd_server_fd()));
+				
 				/* Reset global variables in util.c so
 				   that client substitutions will be
 				   done correctly in the process.  */
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index a00554e638..2e9e54b8d9 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -122,6 +122,12 @@ static int reply_spnego_kerberos(connection_struct *conn,
 
 	ads = ads_init_simple();
 
+	if (!ads) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	ads->auth.realm = strdup(lp_realm());
+
 	ret = ads_verify_ticket(ads, &ticket, &client, &auth_data);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(1,("Failed to verify incoming ticket!\n"));	
@@ -139,7 +145,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 	}
 
 	*p = 0;
-	if (strcasecmp(p+1, ads->realm) != 0) {
+	if (strcasecmp(p+1, ads->auth.realm) != 0) {
 		DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
 		if (!lp_allow_trusted_domains()) {
 			return ERROR_NT(NT_STATUS_LOGON_FAILURE);
@@ -379,6 +385,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 	uint32 auth_flags = AUTH_FLAG_NONE;
 	auth_usersupplied_info *user_info = NULL;
 	auth_serversupplied_info *server_info = NULL;
+	extern fstring remote_machine;
 
 	/* we must have setup the auth context by now */
 	if (!ntlmssp_auth_context) {
@@ -413,6 +420,11 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 	DEBUG(3,("Got user=[%s] workgroup=[%s] machine=[%s] len1=%d len2=%d\n",
 		 user, workgroup, machine, lmhash.length, nthash.length));
 
+	/* the client has given us its machine name (which we otherwise would not get on port 445).
+	   we need to possibly reload smb.conf if smb.conf includes depend on the machine name */
+	fstrcpy(remote_machine, machine);
+	reload_services(True);
+
 #if 0
 	file_save("nthash1.dat", nthash.data, nthash.length);
 	file_save("lmhash1.dat", lmhash.data, lmhash.length);