From 069fb908b0cd1c0aca8760c96d1f5f3ae6e95074 Mon Sep 17 00:00:00 2001
From: Alexander Neff <alex99.neff@gmx.de>
Date: Sat, 3 Aug 2024 08:44:36 -0400
Subject: [PATCH] Fix issues where we need kerberos authentication logic, but
 implicitely use kerberos (e.g. --use-kcache)

---
 nxc/connection.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/nxc/connection.py b/nxc/connection.py
index 2cf587de9..b405b9988 100755
--- a/nxc/connection.py
+++ b/nxc/connection.py
@@ -134,7 +134,7 @@ def __init__(self, args, db, target):
         # Authentication info
         self.password = ""
         self.username = ""
-        self.kerberos = bool(self.args.kerberos or self.args.use_kcache or self.args.aesKey)
+        self.kerberos = bool(self.args.kerberos or self.args.use_kcache or self.args.aesKey or (hasattr(self.args, "delegate") and self.args.delegate))
         self.aesKey = None if not self.args.aesKey else self.args.aesKey[0]
         self.use_kcache = None if not self.args.use_kcache else self.args.use_kcache
         self.admin_privs = False
@@ -157,7 +157,7 @@ def __init__(self, args, db, target):
         else:
             return
 
-        if self.args.kerberos:
+        if self.kerberos:
             self.host = self.hostname
 
         self.logger.info(f"Socket info: host={self.host}, hostname={self.hostname}, kerberos={self.kerberos}, ipv6={self.is_ipv6}, link-local ipv6={self.is_link_local_ipv6}")
@@ -469,8 +469,6 @@ def try_credentials(self, domain, username, owned, secret, cred_type, data=None)
             return False
         if self.args.continue_on_success and owned:
             return False
-        if hasattr(self.args, "delegate") and self.args.delegate:
-            self.args.kerberos = True
 
         if self.args.jitter:
             jitter = self.args.jitter
@@ -485,7 +483,7 @@ def try_credentials(self, domain, username, owned, secret, cred_type, data=None)
 
         with sem:
             if cred_type == "plaintext":
-                if self.args.kerberos:
+                if self.kerberos:
                     self.logger.debug("Trying to authenticate using Kerberos")
                     return self.kerberos_login(domain, username, secret, "", "", self.kdcHost, False)
                 elif hasattr(self.args, "domain"):  # Some protocols don't use domain for login
@@ -498,7 +496,7 @@ def try_credentials(self, domain, username, owned, secret, cred_type, data=None)
                     self.logger.debug("Trying to authenticate using plaintext")
                     return self.plaintext_login(username, secret)
             elif cred_type == "hash":
-                if self.args.kerberos:
+                if self.kerberos:
                     return self.kerberos_login(domain, username, "", secret, "", self.kdcHost, False)
                 return self.hash_login(domain, username, secret)
             elif cred_type == "aesKey":