From 25ee2780979ddcd6200255f9e20209c71b2cb612 Mon Sep 17 00:00:00 2001
From: David Maloney <DMaloney@rapid7.com>
Date: Wed, 9 Jul 2014 17:46:56 -0500
Subject: [PATCH] strip vestigial realms

in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
---
 lib/metasploit/framework/login_scanner/base.rb               | 5 +++++
 .../metasploit/framework/login_scanner/login_scanner_base.rb | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/metasploit/framework/login_scanner/base.rb b/lib/metasploit/framework/login_scanner/base.rb
index f3351a1b31..d199dfaf12 100644
--- a/lib/metasploit/framework/login_scanner/base.rb
+++ b/lib/metasploit/framework/login_scanner/base.rb
@@ -101,10 +101,15 @@ module Metasploit
               yield credential
             elsif credential.realm.present? && self.class::REALM_KEY.blank?
               second_cred = credential.dup
+              # Strip the realm off here, as we don't want it
+              credential.realm = nil
+              credential.realm_key = nil
               yield credential
               # Some services can take a domain in the username like this even though
               # they do not explicitly take a domain as part of the protocol.
               second_cred.public = "#{second_cred.realm}\\#{second_cred.public}"
+              second_cred.realm = nil
+              second_cred.realm_key = nil
               yield second_cred
             else
               yield credential
diff --git a/spec/support/shared/examples/metasploit/framework/login_scanner/login_scanner_base.rb b/spec/support/shared/examples/metasploit/framework/login_scanner/login_scanner_base.rb
index 3aec4f4968..0b659a71ae 100644
--- a/spec/support/shared/examples/metasploit/framework/login_scanner/login_scanner_base.rb
+++ b/spec/support/shared/examples/metasploit/framework/login_scanner/login_scanner_base.rb
@@ -325,7 +325,10 @@ shared_examples_for 'Metasploit::Framework::LoginScanner::Base' do | has_realm_k
       context 'when login_scanner has no REALM_KEY' do
         context 'when the credential has a realm' do
           it 'yields the original credential as well as one with the realm in the public' do
-            second_cred = ad_cred.dup
+            first_cred  = ad_cred.dup
+            first_cred.realm = nil
+            first_cred.realm_key = nil
+            second_cred = first_cred.dup
             second_cred.public = "#{realm}\\#{public}"
             expect{ |b| login_scanner.each_cred_adjusted_for_realm(ad_cred, &b)}.to yield_successive_args(ad_cred,second_cred)
           end