summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2008-09-11 06:47:06 +0200
committerStefan Metzmacher <metze@samba.org>2008-09-23 11:30:02 +0200
commit588af6901b019d414f4319ea9a1f40cb3d0e140e (patch)
treec2388db173c96b400ebe2a5853133348fadcf637
parent02cffed79dc74541ac9e9c7835573e8dfad1bb05 (diff)
downloadsamba-588af6901b019d414f4319ea9a1f40cb3d0e140e.tar.gz
samba-588af6901b019d414f4319ea9a1f40cb3d0e140e.tar.bz2
samba-588af6901b019d414f4319ea9a1f40cb3d0e140e.zip
gensec_krb5: only give away the session key, when the authentication is done
metze
-rw-r--r--source4/auth/gensec/gensec_krb5.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 47df2ccfcc..1f54043038 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -515,6 +515,10 @@ static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security,
krb5_keyblock *skey;
krb5_error_code err = -1;
+ if (gensec_krb5_state->state_position != GENSEC_KRB5_DONE) {
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+
if (gensec_krb5_state->session_key.data) {
*session_key = gensec_krb5_state->session_key;
return NT_STATUS_OK;