diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-03-25 15:44:50 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-05-18 07:46:38 +0200 |
commit | c6836c8ede90a97a31c208a0057cffe78ed5a3d9 (patch) | |
tree | 6b30b3c463c0536c8390d68b4adc6d6c00e306d7 | |
parent | 2c46585a428eb224755892884af6bcb0d16df463 (diff) | |
download | samba-c6836c8ede90a97a31c208a0057cffe78ed5a3d9.tar.gz samba-c6836c8ede90a97a31c208a0057cffe78ed5a3d9.tar.bz2 samba-c6836c8ede90a97a31c208a0057cffe78ed5a3d9.zip |
s4:gensec_gssapi: avoid delegation if s4u2self/proxy is used
metze
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 4bdd7f88dc..47f47745a5 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -302,6 +302,10 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state); + if (cli_credentials_get_impersonate_principal(creds)) { + gensec_gssapi_state->want_flags &= ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG); + } + gensec_gssapi_state->target_principal = gensec_get_target_principal(gensec_security); if (gensec_gssapi_state->target_principal) { name_type = GSS_C_NULL_OID; |