diff options
author | Andrew Bartlett <abartlet@samba.org> | 2007-04-17 03:49:46 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:50:58 -0500 |
commit | d7fe1f182b042696c39df6a36d5e0af72be4e48f (patch) | |
tree | 83f8e57fd7577dbba6d97cda88aeb16a91f0ae1e | |
parent | c2688ec22872006c1cdae3c4899153448a0f05ea (diff) | |
download | samba-d7fe1f182b042696c39df6a36d5e0af72be4e48f.tar.gz samba-d7fe1f182b042696c39df6a36d5e0af72be4e48f.tar.bz2 samba-d7fe1f182b042696c39df6a36d5e0af72be4e48f.zip |
r22294: Lock the delegated credentials to being kerberos only, we just don't
have the data for anything else.
Andrew Bartlett
(This used to be commit 9e0c0cd0ff678388436430bb1ba4eb7595cbefbd)
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 11f94b7708..82a79e1945 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -1339,6 +1339,8 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } cli_credentials_set_conf(session_info->credentials); + /* Just so we don't segfault trying to get at a username */ + cli_credentials_set_anonymous(session_info->credentials); ret = cli_credentials_set_client_gss_creds(session_info->credentials, gensec_gssapi_state->delegated_cred_handle, @@ -1347,6 +1349,10 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi talloc_free(mem_ctx); return NT_STATUS_NO_MEMORY; } + + /* This credential handle isn't useful for password authentication, so ensure nobody tries to do that */ + cli_credentials_set_kerberos_state(session_info->credentials, CRED_MUST_USE_KERBEROS); + /* It has been taken from this place... */ gensec_gssapi_state->delegated_cred_handle = GSS_C_NO_CREDENTIAL; } |