From 687e4eba3cced6015fdcaac2c6ba675cdebc1273 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 30 Jan 2010 19:24:28 -0800 Subject: Fix bug #7079 - cliconnect gets realm wrong with trusted domains. Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy. --- source3/libsmb/cliconnect.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) (limited to 'source3/libsmb') diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 31f848cb00..a81cb06839 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1287,6 +1287,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, host = strchr_m(cli->desthost, '.'); if (host) { + /* We had a '.' in the name. */ machine = SMB_STRNDUP(cli->desthost, host - cli->desthost); } else { @@ -1300,11 +1301,29 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, realm = SMB_STRDUP(dest_realm); strupper_m(realm); } else { - realm = kerberos_get_default_realm_from_ccache(); + if (host) { + /* DNS name. */ + realm = kerberos_get_realm_from_hostname(cli->desthost); + } else { + /* NetBIOS name - use our realm. */ + realm = kerberos_get_default_realm_from_ccache(); + } } + if (realm && *realm) { - principal = talloc_asprintf(NULL, "%s$@%s", - machine, realm); + if (host) { + /* DNS name. */ + principal = talloc_asprintf(talloc_tos(), + "cifs/%s@%s", + cli->desthost, + realm); + } else { + /* NetBIOS name, use machine account. */ + principal = talloc_asprintf(talloc_tos(), + "%s$@%s", + machine, + realm); + } if (!principal) { SAFE_FREE(machine); SAFE_FREE(realm); -- cgit