From: Stefan Metzmacher Date: Wed, 22 Feb 2017 18:18:04 +0000 (+0100) Subject: s3:winbindd: fix the valid usage anonymous smb authentication X-Git-Tag: samba-4.4.10~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad3da42c92b2c16f836087364b19ef350ec26424;p=thirdparty%2Fsamba.git s3:winbindd: fix the valid usage anonymous smb authentication If we are in a situation where we don't have credentials to contact the remote domain or against an NT4 with the following settings: workgroup = NT4DOM security = domain require strong key = no client use spnego = no client ipc signing = auto BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587 Signed-off-by: Stefan Metzmacher (similar to commit c97a29bdfdc0020ec0113073580da56f2d35edc1) --- diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index bbc5ae54b60..6669dc2e4e0 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1096,6 +1096,10 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, } } + if (cli_credentials_is_anonymous(creds)) { + goto anon_fallback; + } + krb5_state = cli_credentials_get_kerberos_state(creds); machine_krb5_principal = cli_credentials_get_principal(creds, @@ -1167,10 +1171,6 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, || NT_STATUS_EQUAL(result, NT_STATUS_NO_LOGON_SERVERS) || NT_STATUS_EQUAL(result, NT_STATUS_LOGON_FAILURE)) { - if (cli_credentials_is_anonymous(creds)) { - goto done; - } - if (!cm_is_ipc_credentials(creds)) { goto ipc_fallback; } @@ -1196,7 +1196,6 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, } if (cli_credentials_is_anonymous(creds)) { - TALLOC_FREE(creds); goto anon_fallback; } @@ -1243,6 +1242,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, goto done; anon_fallback: + TALLOC_FREE(creds); if (smb_sign_client_connections == SMB_SIGNING_REQUIRED) { goto done;