summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-03-25 15:44:50 +0100
committerStefan Metzmacher <metze@samba.org>2011-05-18 07:46:38 +0200
commitc6836c8ede90a97a31c208a0057cffe78ed5a3d9 (patch)
tree6b30b3c463c0536c8390d68b4adc6d6c00e306d7
parent2c46585a428eb224755892884af6bcb0d16df463 (diff)
downloadsamba-c6836c8ede90a97a31c208a0057cffe78ed5a3d9.tar.gz
samba-c6836c8ede90a97a31c208a0057cffe78ed5a3d9.tar.bz2
samba-c6836c8ede90a97a31c208a0057cffe78ed5a3d9.zip
s4:gensec_gssapi: avoid delegation if s4u2self/proxy is used
metze
-rw-r--r--source4/auth/gensec/gensec_gssapi.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 4bdd7f88dc..47f47745a5 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -302,6 +302,10 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+ if (cli_credentials_get_impersonate_principal(creds)) {
+ gensec_gssapi_state->want_flags &= ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG);
+ }
+
gensec_gssapi_state->target_principal = gensec_get_target_principal(gensec_security);
if (gensec_gssapi_state->target_principal) {
name_type = GSS_C_NULL_OID;