diff options
author | Andreas Schneider <asn@samba.org> | 2017-07-11 09:41:08 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-07-25 09:14:19 +0200 |
commit | d6518d74dda517c84f7a4a2fe3ad37857fb9d7b0 (patch) | |
tree | 04d4290428a9746f355d5694e5f06461fce48582 /source3/client | |
parent | 7a73a130d55d3369f2d465f8268fca65de29fd37 (diff) | |
download | samba-d6518d74dda517c84f7a4a2fe3ad37857fb9d7b0.tar.gz |
s3:client: Only use kerberos if credential cache exists in smbspool
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/client')
-rw-r--r-- | source3/client/smbspool.c | 64 |
1 files changed, 58 insertions, 6 deletions
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c index 71c026119ad..3b732c99234 100644 --- a/source3/client/smbspool.c +++ b/source3/client/smbspool.c @@ -25,6 +25,7 @@ #include "includes.h" #include "system/filesys.h" #include "system/passwd.h" +#include "system/kerberos.h" #include "libsmb/libsmb.h" #include "lib/param/param.h" @@ -481,6 +482,45 @@ smb_complete_connection(const char *myname, return cli; } +static bool kerberos_ccache_is_valid(void) { + krb5_context ctx; + const char *ccache_name = NULL; + krb5_ccache ccache = NULL; + krb5_error_code code; + + code = krb5_init_context(&ctx); + if (code != 0) { + return false; + } + + ccache_name = krb5_cc_default_name(ctx); + if (ccache_name == NULL) { + return false; + } + + code = krb5_cc_resolve(ctx, ccache_name, &ccache); + if (code != 0) { + krb5_free_context(ctx); + return false; + } else { + krb5_principal default_princ = NULL; + + code = krb5_cc_get_principal(ctx, + ccache, + &default_princ); + if (code != 0) { + krb5_cc_close(ctx, ccache); + krb5_free_context(ctx); + return false; + } + krb5_free_principal(ctx, default_princ); + } + krb5_cc_close(ctx, ccache); + krb5_free_context(ctx); + + return true; +} + /* * 'smb_connect()' - Return a connection to a server. */ @@ -512,15 +552,27 @@ smb_connect(const char *workgroup, /* I - Workgroup */ * behavior with 3.0.14a */ - if (username && *username && !getenv("KRB5CCNAME")) { - cli = smb_complete_connection(myname, server, port, username, - password, workgroup, share, 0, need_auth); - if (cli) { - fputs("DEBUG: Connected with username/password...\n", stderr); - return (cli); + if (username != NULL && username[0] != '\0') { + if (kerberos_ccache_is_valid()) { + goto kerberos_auth; } } + cli = smb_complete_connection(myname, + server, + port, + username, + password, + workgroup, + share, + 0, + need_auth); + if (cli != NULL) { + fputs("DEBUG: Connected with username/password...\n", stderr); + return (cli); + } + +kerberos_auth: /* * Try to use the user kerberos credentials (if any) to authenticate */ |