36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
From 97d7bc19bb463cfbb9d45b69cec1e668eb15b4a1 Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <ab@samba.org>
|
|
Date: Thu, 7 May 2015 14:12:03 +0000
|
|
Subject: [PATCH] auth/credentials: if credentials have principal set, they are
|
|
not anonymous anymore
|
|
|
|
When dealing with Kerberos, we cannot consider credentials anonymous
|
|
if credentials were obtained properly.
|
|
|
|
Signed-off: Alexander Bokovoy <ab@samba.org>
|
|
---
|
|
auth/credentials/credentials.c | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
|
|
index 78b5955..b1ccc5a 100644
|
|
--- a/auth/credentials/credentials.c
|
|
+++ b/auth/credentials/credentials.c
|
|
@@ -921,6 +921,13 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
|
|
cred->machine_account_pending_lp_ctx);
|
|
}
|
|
|
|
+ if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
|
|
+ /* if principal is set, it's not anonymous */
|
|
+ if (cred->principal && cred->principal_obtained >= cred->username_obtained) {
|
|
+ return false;
|
|
+ }
|
|
+ }
|
|
+
|
|
username = cli_credentials_get_username(cred);
|
|
|
|
/* Yes, it is deliberate that we die if we have a NULL pointer
|
|
--
|
|
2.4.0
|
|
|