From 57c493a832b37503587de7fa9d3acb0ebaf1ed6a Mon Sep 17 00:00:00 2001
From: David Disseldorp <ddiss@samba.org>
Date: Fri, 16 Jan 2015 16:21:23 +0100
Subject: [PATCH 1/2] libsmb: provide authinfo domain for DFS referral auth

libsmbclient uses the smbc_init->smbc_get_auth_data_fn() provided
workgroup/domain in initial connections, but then switches to the
default smb.conf workgroup/domain when handling DFS referrals.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11059

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6c9de0cd056afc0b478c02f1bdb0e06532388037)
[ddiss@samba.org: reworked cli_session_setup() & cli_init_creds() calls]
---
 source3/libsmb/clidfs.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 23e1471..ff1560d 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -97,6 +97,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
 	char *newserver, *newshare;
 	const char *username;
 	const char *password;
+	const char *domain;
 	NTSTATUS status;
 
 	/* make a copy so we don't modify the global string 'service' */
@@ -189,11 +190,15 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
 
 	username = get_cmdline_auth_info_username(auth_info);
 	password = get_cmdline_auth_info_password(auth_info);
+	domain = get_cmdline_auth_info_domain(auth_info);
+	if ((domain == NULL) || (domain[0] == '\0')) {
+		domain = lp_workgroup();
+	}
 
 	if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
 					       password, strlen(password),
 					       password, strlen(password),
-					       lp_workgroup()))) {
+					       domain))) {
 		/* If a password was not supplied then
 		 * try again with a null username. */
 		if (password[0] || !username[0] ||
@@ -212,7 +217,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
 		d_printf("Anonymous login successful\n");
 		status = cli_init_creds(c, "", lp_workgroup(), "");
 	} else {
-		status = cli_init_creds(c, username, lp_workgroup(), password);
+		status = cli_init_creds(c, username, domain, password);
 	}
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -243,7 +248,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
 				force_encrypt,
 				username,
 				password,
-				lp_workgroup())) {
+				domain)) {
 		cli_shutdown(c);
 		return do_connect(ctx, newserver,
 				newshare, auth_info, false,
@@ -265,7 +270,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
 		status = cli_cm_force_encryption(c,
 					username,
 					password,
-					lp_workgroup(),
+					domain,
 					sharename);
 		if (!NT_STATUS_IS_OK(status)) {
 			cli_shutdown(c);
-- 
2.1.2


From 76daa1083851d01da2aa605bf6886333ec55d37f Mon Sep 17 00:00:00 2001
From: David Disseldorp <ddiss@samba.org>
Date: Mon, 19 Jan 2015 13:39:35 +0100
Subject: [PATCH 2/2] libsmb: provide authinfo domain for encrypted session
 referrals

6c9de0cd056afc0b478c02f1bdb0e06532388037 requires this extra change.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11059

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 21 04:29:06 CET 2015 on sn-devel-104

(cherry picked from commit 6da86012a2ca521efe0cf1bf05fcd04c3099b190)
---
 source3/libsmb/clidfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index ff1560d..76df7aa 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -1063,7 +1063,7 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
 		status = cli_cm_force_encryption(cli,
 					username,
 					password,
-					lp_workgroup(),
+					domain,
 					"IPC$");
 		if (!NT_STATUS_IS_OK(status)) {
 			return false;
-- 
2.1.2