s3:ntlm_auth: explicitly include default krb5 ccache if no explicit username/password...

author Stefan Metzmacher <metze@samba.org>

Wed, 6 Mar 2024 20:55:24 +0000 (21:55 +0100)

committer Stefan Metzmacher <metze@samba.org>

Tue, 14 May 2024 10:18:31 +0000 (10:18 +0000)
author Stefan Metzmacher <metze@samba.org>
Wed, 6 Mar 2024 20:55:24 +0000 (21:55 +0100)
committer Stefan Metzmacher <metze@samba.org>
Tue, 14 May 2024 10:18:31 +0000 (10:18 +0000)
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c

index 6660a31673af3180330431086fb6b4afa59e4752..946754d26d269c46cb5ce172412b2ff74e7be3f2 100644 (file)
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1467,7 +1467,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
  
         static char *want_feature_list = NULL;
         static DATA_BLOB session_key;
-
+       bool include_krb5_default_ccache = false;
         TALLOC_CTX *mem_ctx;
  
         mem_ctx = talloc_named(NULL, 0, "manage_gensec_request internal mem_ctx");
@@ -1551,6 +1551,9 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                          * NTLMSSP_CLIENT_1 for now.
                          */
                         use_cached_creds = false;
+                       if (opt_username == NULL && state->set_password == NULL) {
+                               include_krb5_default_ccache = true;
+                       }
                         FALL_THROUGH;
                 case NTLMSSP_CLIENT_1:
                         /* setup the client side */
@@ -1602,6 +1605,21 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                                                     GENSEC_FEATURE_NTLM_CCACHE);
                         } else if (state->set_password) {
                                 cli_credentials_set_password(creds, state->set_password, CRED_SPECIFIED);
+                       } else if (include_krb5_default_ccache) {
+                               const char *error_string = NULL;
+                               int rc;
+
+                               rc = cli_credentials_set_ccache(creds,
+                                                               lp_ctx,
+                                                               NULL,
+                                                               CRED_SPECIFIED,
+                                                               &error_string);
+                               if (rc != 0) {
+                                       fprintf(stderr,
+                                               "Warning reading default "
+                                               "krb5 credentials cache: %s\n",
+                                               error_string);
+                               }
                         } else {
                                 cli_credentials_set_password_callback(creds, get_password);
                         }
author	Stefan Metzmacher <metze@samba.org>
	Wed, 6 Mar 2024 20:55:24 +0000 (21:55 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 14 May 2024 10:18:31 +0000 (10:18 +0000)