svn commit: samba r22294 - in
branches/SAMBA_4_0/source/auth/gensec: .
abartlet at samba.org
abartlet at samba.org
Tue Apr 17 03:49:46 GMT 2007
Author: abartlet
Date: 2007-04-17 03:49:46 +0000 (Tue, 17 Apr 2007)
New Revision: 22294
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22294
Log:
Lock the delegated credentials to being kerberos only, we just don't
have the data for anything else.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
===================================================================
--- branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2007-04-17 03:49:08 UTC (rev 22293)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2007-04-17 03:49:46 UTC (rev 22294)
@@ -1339,6 +1339,8 @@
}
cli_credentials_set_conf(session_info->credentials);
+ /* Just so we don't segfault trying to get at a username */
+ cli_credentials_set_anonymous(session_info->credentials);
ret = cli_credentials_set_client_gss_creds(session_info->credentials,
gensec_gssapi_state->delegated_cred_handle,
@@ -1347,6 +1349,10 @@
talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
+
+ /* This credential handle isn't useful for password authentication, so ensure nobody tries to do that */
+ cli_credentials_set_kerberos_state(session_info->credentials, CRED_MUST_USE_KERBEROS);
+
/* It has been taken from this place... */
gensec_gssapi_state->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
}
More information about the samba-cvs
mailing list