1 files changed, 21 insertions, 8 deletions

diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 53e40ef71b..276408d880 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -53,6 +53,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
 {
 	TALLOC_CTX *tmp_ctx;
 	struct PAC_DATA *pac_data = NULL;
+	struct PAC_DATA_CTR *pac_data_ctr = NULL;
 	NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
 
 	tmp_ctx = talloc_new(mem_ctx);
@@ -74,9 +75,21 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
 		}
 	}
 
-	talloc_set_name_const(pac_data, "struct PAC_DATA");
+	pac_data_ctr = talloc(mem_ctx, struct PAC_DATA_CTR);
+	if (pac_data_ctr == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	talloc_set_name_const(pac_data_ctr, "struct PAC_DATA_CTR");
+
+	pac_data_ctr->pac_data = talloc_steal(pac_data_ctr, pac_data);
+	pac_data_ctr->pac_blob = data_blob_talloc(pac_data_ctr,
+						  pac_blob->data,
+						  pac_blob->length);
+
+	auth_ctx->private_data = talloc_steal(auth_ctx, pac_data_ctr);
 
-	auth_ctx->private_data = talloc_steal(auth_ctx, pac_data);
 	*session_info = talloc_zero(mem_ctx, struct auth_session_info);
 	if (!*session_info) {
 		status = NT_STATUS_NO_MEMORY;
@@ -108,7 +121,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
 			     time_t renewable_time,
 			     const char *impersonate_princ_s,
 			     const char *local_service,
-			     struct PAC_DATA **_pac_data)
+			     struct PAC_DATA_CTR **_pac_data_ctr)
 {
 	krb5_error_code ret;
 	NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
@@ -122,7 +135,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
 	size_t idx = 0;
 	struct auth4_context *auth_context;
 	struct loadparm_context *lp_ctx;
-	struct PAC_DATA *pac_data = NULL;
+	struct PAC_DATA_CTR *pac_data_ctr = NULL;
 
 	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
 	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
@@ -278,15 +291,15 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
 		goto out;
 	}
 
-	pac_data = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
-					 struct PAC_DATA);
-	if (pac_data == NULL) {
+	pac_data_ctr = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
+					     struct PAC_DATA_CTR);
+	if (pac_data_ctr == NULL) {
 		DEBUG(1,("no PAC\n"));
 		status = NT_STATUS_INVALID_PARAMETER;
 		goto out;
 	}
 
-	*_pac_data = talloc_move(mem_ctx, &pac_data);
+	*_pac_data_ctr = talloc_move(mem_ctx, &pac_data_ctr);
 
 out:
 	talloc_free(tmp_ctx);