s3:libnet: accept empty realm for AD domains when only security=domain is set.

Initial patch from Matt Rogers @ RedHat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977

Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jun 15 20:28:31 CEST 2016 on sn-devel-144

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index c00718306e212f15da9fd052d10bfeb43e41ef70..abb9cff1a5bf76c1e058a3587bb2262d320a33ed 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2367,9 +2367,26 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
                        W_ERROR_HAVE_NO_MEMORY(wrong_conf);
                }
 
+               /*
+                * We should generate the warning for the special case when
+                * domain is AD, "security = domain" and the realm parameter is
+                * not set.
+                */
+               if (lp_security() == SEC_DOMAIN &&
+                   r->out.domain_is_ad &&
+                   !valid_realm) {
+                       libnet_join_set_error_string(mem_ctx, r,
+                               "Warning: when joining AD domains with security=domain, "
+                               "\"realm\" should be defined in the configuration (%s) "
+                               "and configuration modification was not requested",
+                               wrong_conf);
+                       return WERR_OK;
+               }
+
                libnet_join_set_error_string(mem_ctx, r,
                        "Invalid configuration (%s) and configuration modification "
                        "was not requested", wrong_conf);
+
                return WERR_CAN_NOT_COMPLETE;
        }