net_ads: fill ads->auth.realm from c->creds

We get the realm we use for authentication needs to
the realm belonging to the username we use.

We derive the username from c->creds, so we need to
do the same for the realm.

Otherwise we try to authenticate as the wrong user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0ef53b948e13eb36b536228cccd89aa4c2adbb90)

2 files changed, 9 insertions, 2 deletions

diff --git a/selftest/knownfail.d/samba4.blackbox.net_ads_search_server_P b/selftest/knownfail.d/samba4.blackbox.net_ads_search_server_P
deleted file mode 100644
index 7f06e3fe738..00000000000
--- a/selftest/knownfail.d/samba4.blackbox.net_ads_search_server_P
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.blackbox.net_ads_search_server_P.trust
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 09f7f0b4a39..dd9341f3637 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -710,7 +710,15 @@ retry:
 			TALLOC_FREE(ads);
 			return ADS_ERROR(LDAP_NO_MEMORY);
 		}
-       }
+	} else if (ads->auth.realm == NULL) {
+		const char *c_realm = cli_credentials_get_realm(c->creds);
+
+		ads->auth.realm = talloc_strdup(ads, c_realm);
+		if (ads->auth.realm == NULL) {
+			TALLOC_FREE(ads);
+			return ADS_ERROR(LDAP_NO_MEMORY);
+		}
+	}
 
 	status = ads_connect(ads);