summaryrefslogtreecommitdiffstats
path: root/source4/auth/gensec/gensec_gssapi.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-20 10:15:31 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:45:04 -0500
commit532b16f3d5b55c91f10ef747b13861be1a969dce (patch)
tree3c86ba7517896584f821a623f6ad478570d554f7 /source4/auth/gensec/gensec_gssapi.c
parent10989431e533bd60de242dbd78c4b62c4ace7812 (diff)
downloadsamba-532b16f3d5b55c91f10ef747b13861be1a969dce.tar.gz
samba-532b16f3d5b55c91f10ef747b13861be1a969dce.tar.xz
samba-532b16f3d5b55c91f10ef747b13861be1a969dce.zip
r11216: Upgrade to gd's PAC extraction code from Samba3. While I still want
to make some this the kerberos library's problem, we may as well use the best code that is around. Andrew Bartlett (This used to be commit a7fe3078a65f958499779f381731b408f3e6fb1f)
Diffstat (limited to 'source4/auth/gensec/gensec_gssapi.c')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 97543de445..42141e4df2 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -822,6 +822,8 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
time_t authtime;
krb5_principal principal;
char *principal_string;
+ DATA_BLOB pac_blob;
+ DATA_BLOB unwrapped_pac;
if ((gensec_gssapi_state->gss_oid->length != gss_mech_krb5->length)
|| (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements,
@@ -866,12 +868,19 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
KRB5_AUTHDATA_IF_RELEVANT,
&pac);
}
+
+ if (maj_stat == 0) {
+ pac_blob = data_blob_talloc(mem_ctx, pac.value, pac.length);
+ gss_release_buffer(&min_stat, &pac);
+
+ if (!unwrap_pac(mem_ctx, &pac_blob, &unwrapped_pac)) {
+ /* No pac actually present */
+ maj_stat = 1;
+ }
+ }
if (maj_stat == 0) {
krb5_error_code ret;
- DATA_BLOB pac_blob = data_blob_talloc(mem_ctx, pac.value, pac.length);
- pac_blob = unwrap_pac(mem_ctx, &pac_blob);
- gss_release_buffer(&min_stat, &pac);
ret = krb5_parse_name(gensec_gssapi_state->smb_krb5_context->krb5_context,
principal_string, &principal);
@@ -881,7 +890,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
}
/* decode and verify the pac */
- nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, pac_blob,
+ nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, unwrapped_pac,
gensec_gssapi_state->smb_krb5_context->krb5_context,
NULL, keyblock, principal, authtime);
krb5_free_principal(gensec_gssapi_state->smb_krb5_context->krb5_context, principal);