From a04ac059ae692aadc28ba77e61c97a23d0ed2069 Mon Sep 17 00:00:00 2001 From: Mark Benvenuto Date: Thu, 12 Dec 2019 18:05:45 +0000 Subject: SERVER-45050 Change Windows Kerberos client to use default credentials when no password is specified --- src/mongo/client/sasl_sspi.cpp | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/mongo/client/sasl_sspi.cpp b/src/mongo/client/sasl_sspi.cpp index 28c5be43926..578e51ce616 100644 --- a/src/mongo/client/sasl_sspi.cpp +++ b/src/mongo/client/sasl_sspi.cpp @@ -171,15 +171,16 @@ int sspiClientMechNew(void* glob_context, std::unique_ptr pcctx(new SspiConnContext()); pcctx->userPlusRealm = userPlusRealm; TimeStamp ignored; - SECURITY_STATUS status = AcquireCredentialsHandleW(NULL, // principal - const_cast(L"kerberos"), - SECPKG_CRED_OUTBOUND, - NULL, // LOGON id - &authIdentity, // auth data - NULL, // get key fn - NULL, // get key arg - &pcctx->cred, - &ignored); + SECURITY_STATUS status = + AcquireCredentialsHandleW(NULL, // principal + const_cast(L"kerberos"), + SECPKG_CRED_OUTBOUND, + NULL, // LOGON id + authIdentity.Password ? &authIdentity : NULL, // auth data + NULL, // get key fn + NULL, // get key arg + &pcctx->cred, + &ignored); if (status != SEC_E_OK) { HandleLastError(cparams->utils, status, "AcquireCredentialsHandle"); return SASL_FAIL; -- cgit v1.2.1