s4:gensec_gssapi: avoid delegation if s4u2self/proxy is used

author Stefan Metzmacher <metze@samba.org>

Fri, 25 Mar 2011 14:44:50 +0000 (15:44 +0100)

committer Stefan Metzmacher <metze@samba.org>

Wed, 18 May 2011 05:46:38 +0000 (07:46 +0200)
author Stefan Metzmacher <metze@samba.org>
Fri, 25 Mar 2011 14:44:50 +0000 (15:44 +0100)
committer Stefan Metzmacher <metze@samba.org>
Wed, 18 May 2011 05:46:38 +0000 (07:46 +0200)
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c

index 4bdd7f88dc3d50cfbfdf92d97b3487b78b9defc4..47f47745a50d5293fab139d6969a79e6232a49b6 100644 (file)
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -302,6 +302,10 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
  
         gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
  
+       if (cli_credentials_get_impersonate_principal(creds)) {
+               gensec_gssapi_state->want_flags &= ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG);
+       }
+
         gensec_gssapi_state->target_principal = gensec_get_target_principal(gensec_security);
         if (gensec_gssapi_state->target_principal) {
                 name_type = GSS_C_NULL_OID;
author	Stefan Metzmacher <metze@samba.org>
	Fri, 25 Mar 2011 14:44:50 +0000 (15:44 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 18 May 2011 05:46:38 +0000 (07:46 +0200)