s3:winbindd: use GENSEC_FEATURE_NO_DELEGATION for trust credentials for netlogon

author Stefan Metzmacher <metze@samba.org>

Wed, 27 Nov 2024 09:59:58 +0000 (10:59 +0100)

committer Stefan Metzmacher <metze@samba.org>

Mon, 13 Jan 2025 23:40:30 +0000 (23:40 +0000)
author Stefan Metzmacher <metze@samba.org>
Wed, 27 Nov 2024 09:59:58 +0000 (10:59 +0100)
committer Stefan Metzmacher <metze@samba.org>
Mon, 13 Jan 2025 23:40:30 +0000 (23:40 +0000)
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c

index 2a2eb3da72b02a07df001875dc34d14d71c156c7..a967abae18129dc704fbe260ccf0385358debe76 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -655,6 +655,12 @@ NTSTATUS winbindd_get_trust_credentials(struct winbindd_domain *domain,
                 goto ipc_fallback;
         }
  
+       if (netlogon) {
+               cli_credentials_add_gensec_features(creds,
+                                                   GENSEC_FEATURE_NO_DELEGATION,
+                                                   CRED_SPECIFIED);
+       }
+
         if (creds_domain != domain) {
                 /*
                  * We can only use schannel against a direct trust
author	Stefan Metzmacher <metze@samba.org>
	Wed, 27 Nov 2024 09:59:58 +0000 (10:59 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Mon, 13 Jan 2025 23:40:30 +0000 (23:40 +0000)