From 2dc76cc84c1d2edde7eea3d39412e3b41b631137 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 6 Mar 2024 21:55:24 +0100 Subject: [PATCH] s3:ntlm_auth: explicitly include default krb5 ccache if no explicit username/password are given Before this silently happened because the gse_krb5 module just used the default ccache, but that will change soon. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/utils/ntlm_auth.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 6660a31673a..946754d26d2 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1467,7 +1467,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, static char *want_feature_list = NULL; static DATA_BLOB session_key; - + bool include_krb5_default_ccache = false; TALLOC_CTX *mem_ctx; mem_ctx = talloc_named(NULL, 0, "manage_gensec_request internal mem_ctx"); @@ -1551,6 +1551,9 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, * NTLMSSP_CLIENT_1 for now. */ use_cached_creds = false; + if (opt_username == NULL && state->set_password == NULL) { + include_krb5_default_ccache = true; + } FALL_THROUGH; case NTLMSSP_CLIENT_1: /* setup the client side */ @@ -1602,6 +1605,21 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, GENSEC_FEATURE_NTLM_CCACHE); } else if (state->set_password) { cli_credentials_set_password(creds, state->set_password, CRED_SPECIFIED); + } else if (include_krb5_default_ccache) { + const char *error_string = NULL; + int rc; + + rc = cli_credentials_set_ccache(creds, + lp_ctx, + NULL, + CRED_SPECIFIED, + &error_string); + if (rc != 0) { + fprintf(stderr, + "Warning reading default " + "krb5 credentials cache: %s\n", + error_string); + } } else { cli_credentials_set_password_callback(creds, get_password); } -- 2.47.3