s3:libsmb: don't rely on gensec_session_key() to work on an unfinished authentication
authorStefan Metzmacher <metze@samba.org>
Wed, 10 May 2017 14:17:48 +0000 (16:17 +0200)
committerAndrew Bartlett <abartlet@samba.org>
Sun, 21 May 2017 19:05:08 +0000 (21:05 +0200)
If smbXcli_session_is_guest() returns true, we should handle the authentication
as anonymous and don't touch the gensec context anymore.

Note that smbXcli_session_is_guest() always returns false, if signing is
required!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source3/libsmb/cliconnect.c

index 93f873079db223edf8680fa9fd485b87321c51c3..a28a5824dc2764ebc29c8d331a2e110f028606d9 100644 (file)
@@ -1070,13 +1070,16 @@ static void cli_session_setup_gensec_remote_done(struct tevent_req *subreq)
                         * We can't finish the gensec handshake, we don't
                         * have a negotiated session key.
                         *
-                        * So just pretend we are completely done.
+                        * So just pretend we are completely done,
+                        * we need to continue as anonymous from this point,
+                        * as we can't get a session key.
                         *
                         * Note that smbXcli_session_is_guest()
                         * always returns false if we require signing.
                         */
                        state->blob_in = data_blob_null;
                        state->local_ready = true;
+                       state->is_anonymous = true;
                }
 
                state->remote_ready = true;