diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/libads/authdata.c | 6 | ||||
| -rw-r--r-- | source3/libads/kerberos_proto.h | 1 | ||||
| -rw-r--r-- | source3/utils/net_ads.c | 8 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_pam.c | 9 |
4 files changed, 19 insertions, 5 deletions
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 801e551edb..dd80dc24e4 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -101,13 +101,13 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, bool add_netbios_addr, time_t renewable_time, const char *impersonate_princ_s, + const char *local_service, struct PAC_LOGON_INFO **_logon_info) { krb5_error_code ret; NTSTATUS status = NT_STATUS_INVALID_PARAMETER; DATA_BLOB tkt, tkt_wrapped, ap_rep, sesskey1; const char *auth_princ = NULL; - const char *local_service = NULL; const char *cc = "MEMORY:kerberos_return_pac"; struct auth_session_info *session_info; struct gensec_security *gensec_server_context; @@ -141,10 +141,6 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, } NT_STATUS_HAVE_NO_MEMORY(auth_princ); - local_service = talloc_asprintf(mem_ctx, "%s$@%s", - lp_netbios_name(), lp_realm()); - NT_STATUS_HAVE_NO_MEMORY(local_service); - ret = kerberos_kinit_password_ext(auth_princ, pass, time_offset, diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h index 255963405c..1151d66cd1 100644 --- a/source3/libads/kerberos_proto.h +++ b/source3/libads/kerberos_proto.h @@ -77,6 +77,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, bool add_netbios_addr, time_t renewable_time, const char *impersonate_princ_s, + const char *local_service, struct PAC_LOGON_INFO **logon_info); /* The following definitions come from libads/krb5_setpw.c */ diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 89eebf3388..5a073b1cc7 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -2604,6 +2604,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar NTSTATUS status; int ret = -1; const char *impersonate_princ_s = NULL; + const char *local_service = NULL; if (c->display_usage) { d_printf( "%s\n" @@ -2623,6 +2624,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar impersonate_princ_s = argv[0]; } + local_service = talloc_asprintf(mem_ctx, "%s$@%s", + lp_netbios_name(), lp_realm()); + if (local_service == NULL) { + goto out; + } + c->opt_password = net_prompt_pass(c, c->opt_user_name); status = kerberos_return_pac(mem_ctx, @@ -2636,6 +2643,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar true, 2592000, /* one month */ impersonate_princ_s, + local_service, &info); if (!NT_STATUS_IS_OK(status)) { d_printf(_("failed to query kerberos PAC: %s\n"), diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 3f3ec7090f..61e2cefd52 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -576,6 +576,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, time_t time_offset = 0; const char *user_ccache_file; struct PAC_LOGON_INFO *logon_info = NULL; + const char *local_service; *info3 = NULL; @@ -632,6 +633,13 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } + local_service = talloc_asprintf(mem_ctx, "%s$@%s", + lp_netbios_name(), lp_realm()); + if (local_service == NULL) { + return NT_STATUS_NO_MEMORY; + } + + /* if this is a user ccache, we need to act as the user to let the krb5 * library handle the chown, etc. */ @@ -653,6 +661,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, true, WINBINDD_PAM_AUTH_KRB5_RENEW_TIME, NULL, + local_service, &logon_info); if (user_ccache_file != NULL) { gain_root_privilege(); |