diff options
| author | Samuel Cabrero <scabrero@suse.de> | 2019-03-27 17:07:05 +0100 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2019-04-29 18:10:09 +0000 |
| commit | 937ad9d2a00d1b993d37ff5801fd301eccd87556 (patch) | |
| tree | d7f1c62d0e724dedad89785561efb612aa57daa7 /auth | |
| parent | c12914c6697c70d5c15776537f7f331d306933bb (diff) | |
| download | samba-937ad9d2a00d1b993d37ff5801fd301eccd87556.tar.gz | |
credentials: Initialize krb5 client to retrieve creds from ccache
MIT kerberos require krb5_creds.client to be initialized to match
krb5_creds.server with the cached credentials.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'auth')
| -rw-r--r-- | auth/credentials/credentials_krb5.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index d8ca6d97115..901c573c655 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -406,6 +406,21 @@ _PUBLIC_ bool cli_credentials_failed_kerberos_login(struct cli_credentials *cred return false; } + /* MIT kerberos requires creds.client to match against cached + * credentials */ + ret = krb5_cc_get_principal(ccc->smb_krb5_context->krb5_context, + ccc->ccache, + &creds.client); + if (ret != 0) { + krb5_free_cred_contents(ccc->smb_krb5_context->krb5_context, + &creds); + DBG_ERR("krb5_cc_get_principal failed: %s\n", + smb_get_krb5_error_message( + ccc->smb_krb5_context->krb5_context, + ret, ccc)); + return false; + } + ret = krb5_cc_retrieve_cred(ccc->smb_krb5_context->krb5_context, ccc->ccache, KRB5_TC_MATCH_SRV_NAMEONLY, &creds, &creds2); if (ret != 0) { /* don't retry - we didn't find these credentials to remove */ |