Skip to content

Commit

Permalink
Try krb5 first and fall back to ntlm if no creds are found.
Browse files Browse the repository at this point in the history 
If available and we have not specifically set security to KRB5
try KRB5 first and fall back to ntlmssp if no credentials were found.

Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
  • Loading branch information
@sahlberg
sahlberg committed Dec 28, 2024
1 parent 9576dd9 commit c9c398b
Showing 1 changed file with 13 additions and 9 deletions.
22 changes: 13 additions & 9 deletions lib/libsmb2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -944,22 +944,26 @@ negotiate_cb(struct smb2_context *smb2, int status,
#endif
}

if (smb2->sec == SMB2_SEC_NTLMSSP) {
c_data->auth_data = ntlmssp_init_context(smb2->user,
smb2->password,
smb2->domain,
smb2->workstation,
smb2->client_challenge);
}
#ifdef HAVE_LIBKRB5
else {
if (smb2->sec == SMB2_SEC_KRB5 || smb2->sec == SMB2_SEC_UNDEFINED) {
c_data->auth_data = krb5_negotiate_reply(smb2,
c_data->server,
smb2->domain,
c_data->user,
smb2->password);
/* No kerberos credentials found. Try falling back to NTLMSSP */
if (c_data->auth_data == NULL) {
smb2->sec = SMB2_SEC_NTLMSSP;
}
}
#endif
if (smb2->sec == SMB2_SEC_NTLMSSP) {
c_data->auth_data = ntlmssp_init_context(smb2->user,
smb2->password,
smb2->domain,
smb2->workstation,
smb2->client_challenge);
}
#endif
if (c_data->auth_data == NULL) {
smb2_close_context(smb2);
c_data->cb(smb2, -ENOMEM, NULL, c_data->cb_data);
Expand Down

0 comments on commit c9c398b

Please sign in to comment.