sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-25 17:57:42 +03:00
Code

gensec_krb5: Match behaviour of gensec_gssapi for password-based keytabs

Browse Source 
This allows the winbind.pac.krb5 test to pass against the s3member environment, which uses the password from secrets.tdb.

Andrew Bartlett

Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andrew Bartlett 2014-12-18 11:03:44 +13:00
parent 64f5984273
commit 121bbc0184
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
source4/auth/gensec/gensec_krb5.c
View File

@ -591,6 +591,16 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
if (keytab->password_based || obtained < CRED_SPECIFIED) {
/*
* Use match-by-key in this case (matches
* cli_credentials_get_server_gss_creds()
* behaviour). No need to free the memory,
* this is handled with a talloc destructor.
*/
server_in_keytab = NULL;
}
/* Parse the GSSAPI wrapping, if it's there... (win2k3 allows it to be omited) */
if (gensec_krb5_state->gssapi
&& gensec_gssapi_parse_krb5_wrap(out_mem_ctx, &in, &unwrapped_in, tok_id)) {