diff options
| author | Jeremy Allison <jra@samba.org> | 2014-06-16 23:27:35 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2014-06-18 03:30:35 +0200 |
| commit | e907f8415639d2a7cbc1cc2e40e2e35bfa0024de (patch) | |
| tree | f08ca6c7f2d35747c6778a6def734eda9866eca1 /source3 | |
| parent | 0e5a9f44e4b08b93bc4b501d1e14b59ed7b3647c (diff) | |
| download | samba-e907f8415639d2a7cbc1cc2e40e2e35bfa0024de.tar.gz samba-e907f8415639d2a7cbc1cc2e40e2e35bfa0024de.tar.xz samba-e907f8415639d2a7cbc1cc2e40e2e35bfa0024de.zip | |
s3: auth: Fix winbindd_pam_auth_pac_send() to create a new info3 and merge in resource groups from a trusted PAC.
Based on a patch from Richard Sharpe <realrichardsharpe@gmail.com>.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 18 03:30:36 CEST 2014 on sn-devel-104
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/winbindd/winbindd_pam.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 1fb4360e35..1112b21cba 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -2450,6 +2450,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state, struct winbindd_request *req = state->request; DATA_BLOB pac_blob; struct PAC_LOGON_INFO *logon_info = NULL; + struct netr_SamInfo3 *info3_copy = NULL; NTSTATUS result; pac_blob = data_blob_const(req->extra_data.data, req->extra_len); @@ -2463,7 +2464,13 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state, if (logon_info) { /* Signature verification succeeded, trust the PAC */ - netsamlogon_cache_store(NULL, &logon_info->info3); + result = create_info3_from_pac_logon_info(state->mem_ctx, + logon_info, + &info3_copy); + if (!NT_STATUS_IS_OK(result)) { + return result; + } + netsamlogon_cache_store(NULL, info3_copy); } else { /* Try without signature verification */ @@ -2475,9 +2482,22 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state, nt_errstr(result))); return result; } + if (logon_info) { + /* + * Don't strictly need to copy here, + * but it makes it explicit we're + * returning a copy talloc'ed off + * the state->mem_ctx. + */ + info3_copy = copy_netr_SamInfo3(state->mem_ctx, + &logon_info->info3); + if (info3_copy == NULL) { + return NT_STATUS_NO_MEMORY; + } + } } - *info3 = &logon_info->info3; + *info3 = info3_copy; return NT_STATUS_OK; } |