s3:winbindd: fix the valid usage anonymous smb authentication

If we are in a situation where we don't have credentials to contact the
remote domain or against an NT4 with the following settings:

  workgroup = NT4DOM
  security = domain
  require strong key = no
  client use spnego = no
  client ipc signing = auto

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit c97a29bdfdc0020ec0113073580da56f2d35edc1)

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index bbc5ae54b60481a5a37ff8f33ee5935a8d074b5a..6669dc2e4e0b0028d735ce9a1c6525d20edcf7db 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1096,6 +1096,10 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
                }
        }
 
+       if (cli_credentials_is_anonymous(creds)) {
+               goto anon_fallback;
+       }
+
        krb5_state = cli_credentials_get_kerberos_state(creds);
 
        machine_krb5_principal = cli_credentials_get_principal(creds,
@@ -1167,10 +1171,6 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
            || NT_STATUS_EQUAL(result, NT_STATUS_NO_LOGON_SERVERS)
            || NT_STATUS_EQUAL(result, NT_STATUS_LOGON_FAILURE))
        {
-               if (cli_credentials_is_anonymous(creds)) {
-                       goto done;
-               }
-
                if (!cm_is_ipc_credentials(creds)) {
                        goto ipc_fallback;
                }
@@ -1196,7 +1196,6 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
        }
 
        if (cli_credentials_is_anonymous(creds)) {
-               TALLOC_FREE(creds);
                goto anon_fallback;
        }
 
@@ -1243,6 +1242,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
        goto done;
 
  anon_fallback:
+       TALLOC_FREE(creds);
 
        if (smb_sign_client_connections == SMB_SIGNING_REQUIRED) {
                goto done;