s3:winbindd: fix the valid usage anonymous smb authentication

If we are in a situation where we don't have credentials to contact the
remote domain or against an NT4 with the following settings:

  workgroup = NT4DOM
  security = domain
  require strong key = no
  client use spnego = no
  client ipc signing = auto

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit c97a29bdfdc0020ec0113073580da56f2d35edc1)

1 files changed, 5 insertions, 5 deletions

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index bbc5ae54b60..6669dc2e4e0 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1096,6 +1096,10 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
 		}
 	}
 
+	if (cli_credentials_is_anonymous(creds)) {
+		goto anon_fallback;
+	}
+
 	krb5_state = cli_credentials_get_kerberos_state(creds);
 
 	machine_krb5_principal = cli_credentials_get_principal(creds,
@@ -1167,10 +1171,6 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
 	    || NT_STATUS_EQUAL(result, NT_STATUS_NO_LOGON_SERVERS)
 	    || NT_STATUS_EQUAL(result, NT_STATUS_LOGON_FAILURE))
 	{
-		if (cli_credentials_is_anonymous(creds)) {
-			goto done;
-		}
-
 		if (!cm_is_ipc_credentials(creds)) {
 			goto ipc_fallback;
 		}
@@ -1196,7 +1196,6 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
 	}
 
 	if (cli_credentials_is_anonymous(creds)) {
-		TALLOC_FREE(creds);
 		goto anon_fallback;
 	}
 
@@ -1243,6 +1242,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
 	goto done;
 
  anon_fallback:
+	TALLOC_FREE(creds);
 
 	if (smb_sign_client_connections == SMB_SIGNING_REQUIRED) {
 		goto done;