From be771670eb331de55cab2e51d2de98d4edac9435 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 27 Apr 2022 12:45:04 +0200
Subject: [PATCH] s3:libads: let ads_sasl_spnego_bind() use
 cli_credentials_get_unparsed_name()

We should only operate on the creds structure and
avoid using ads->auth.{user_name,realm}.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/libads/sasl.c | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 989f970598d..3d0bac4c4a9 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -642,6 +642,7 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 	NTSTATUS nt_status;
 	ADS_STATUS status;
 	const char *mech = NULL;
+	const char *debug_username = NULL;
 	enum credentials_use_kerberos krb5_state;
 
 	status = ads_generate_service_principal(ads, &p);
@@ -655,6 +656,12 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 		goto done;
 	}
 
+	debug_username = cli_credentials_get_unparsed_name(creds, frame);
+	if (debug_username == NULL) {
+		status = ADS_ERROR_SYSTEM(errno);
+		goto done;
+	}
+
 	krb5_state = cli_credentials_get_kerberos_state(creds);
 
 #ifdef HAVE_KRB5
@@ -692,10 +699,9 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 			if (!ADS_ERR_OK(status)) {
 				DBG_ERR("kinit succeeded but "
 					"SPNEGO bind with Kerberos failed "
-					"for %s/%s - user[%s], realm[%s]: %s\n",
+					"for %s/%s - user[%s]: %s\n",
 					p.service, p.hostname,
-					ads->auth.user_name,
-					ads->auth.realm,
+					debug_username,
 					ads_errstr(status));
 			}
 		}
@@ -707,11 +713,10 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 		}
 
 		DBG_WARNING("SASL bind with Kerberos failed "
-			    "for %s/%s - user[%s], realm[%s]: %s, "
+			    "for %s/%s - user[%s]: %s, "
 			    "try to fallback to NTLMSSP\n",
 			    p.service, p.hostname,
-			    ads->auth.user_name,
-			    ads->auth.realm,
+			    debug_username,
 			    ads_errstr(status));
 	}
 #endif
@@ -744,10 +749,9 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 done:
 	if (!ADS_ERR_OK(status)) {
 		DEBUG(1,("ads_sasl_spnego_gensec_bind(%s) failed "
-			 "for %s/%s with user[%s] realm=[%s]: %s\n", mech,
+			 "for %s/%s with user[%s]: %s\n", mech,
 			  p.service, p.hostname,
-			  ads->auth.user_name,
-			  ads->auth.realm,
+			  debug_username,
 			  ads_errstr(status)));
 	}
 	ads_free_service_principal(&p);