s3/libsmb: block anon authentication fallback is use-kerberos = desired

When cli_credentials_get_kerberos_state returns CRED_USE_KERBEROS_REQUIRED
libsmbclient method SMBC_server_internal will still try to fallback to
anon NTLM. This patch prevents that.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15789
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Feb 17 16:06:18 UTC 2026 on atb-devel-224

diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 7b1def05f0b7980d257cc1ba6644140913680fb0..46887d9d33ea874c4aa9226715e505fe4908c663 100644 (file)
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -617,6 +617,8 @@ SMBC_server_internal(TALLOC_CTX *ctx,
                password_used = "";
 
                 if (smbc_getOptionNoAutoAnonymousLogin(context) ||
+                   cli_credentials_get_kerberos_state(creds) ==
+                           CRED_USE_KERBEROS_REQUIRED ||
                    !NT_STATUS_IS_OK(cli_session_setup_anon(c))) {
 
                         cli_shutdown(c);