summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2014-01-17 14:29:03 +0100
committerGünther Deschner <gd@samba.org>2014-03-12 10:13:19 +0100
commit932490ae08578c37523e00e537017603ee00ce7c (patch)
tree0089a80fd0649196cc54aa425fa8987c248d54cd
parent41d8d99d8ac9e53405868bf5e34f48a01550c1f4 (diff)
downloadsamba-932490ae08578c37523e00e537017603ee00ce7c.tar.gz
samba-932490ae08578c37523e00e537017603ee00ce7c.tar.xz
samba-932490ae08578c37523e00e537017603ee00ce7c.zip
s3-libads: pass down local_service to kerberos_return_pac().
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
-rw-r--r--source3/libads/authdata.c6
-rw-r--r--source3/libads/kerberos_proto.h1
-rw-r--r--source3/utils/net_ads.c8
-rw-r--r--source3/winbindd/winbindd_pam.c9
4 files changed, 19 insertions, 5 deletions
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 801e551edbd..dd80dc24e44 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -101,13 +101,13 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
bool add_netbios_addr,
time_t renewable_time,
const char *impersonate_princ_s,
+ const char *local_service,
struct PAC_LOGON_INFO **_logon_info)
{
krb5_error_code ret;
NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
DATA_BLOB tkt, tkt_wrapped, ap_rep, sesskey1;
const char *auth_princ = NULL;
- const char *local_service = NULL;
const char *cc = "MEMORY:kerberos_return_pac";
struct auth_session_info *session_info;
struct gensec_security *gensec_server_context;
@@ -141,10 +141,6 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
}
NT_STATUS_HAVE_NO_MEMORY(auth_princ);
- local_service = talloc_asprintf(mem_ctx, "%s$@%s",
- lp_netbios_name(), lp_realm());
- NT_STATUS_HAVE_NO_MEMORY(local_service);
-
ret = kerberos_kinit_password_ext(auth_princ,
pass,
time_offset,
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
index 255963405c7..1151d66cd15 100644
--- a/source3/libads/kerberos_proto.h
+++ b/source3/libads/kerberos_proto.h
@@ -77,6 +77,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
bool add_netbios_addr,
time_t renewable_time,
const char *impersonate_princ_s,
+ const char *local_service,
struct PAC_LOGON_INFO **logon_info);
/* The following definitions come from libads/krb5_setpw.c */
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 89eebf3388d..5a073b1cc71 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -2604,6 +2604,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
NTSTATUS status;
int ret = -1;
const char *impersonate_princ_s = NULL;
+ const char *local_service = NULL;
if (c->display_usage) {
d_printf( "%s\n"
@@ -2623,6 +2624,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
impersonate_princ_s = argv[0];
}
+ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
+ lp_netbios_name(), lp_realm());
+ if (local_service == NULL) {
+ goto out;
+ }
+
c->opt_password = net_prompt_pass(c, c->opt_user_name);
status = kerberos_return_pac(mem_ctx,
@@ -2636,6 +2643,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
true,
2592000, /* one month */
impersonate_princ_s,
+ local_service,
&info);
if (!NT_STATUS_IS_OK(status)) {
d_printf(_("failed to query kerberos PAC: %s\n"),
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 3f3ec7090f2..61e2cefd522 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -576,6 +576,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
time_t time_offset = 0;
const char *user_ccache_file;
struct PAC_LOGON_INFO *logon_info = NULL;
+ const char *local_service;
*info3 = NULL;
@@ -632,6 +633,13 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
+ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
+ lp_netbios_name(), lp_realm());
+ if (local_service == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+
/* if this is a user ccache, we need to act as the user to let the krb5
* library handle the chown, etc. */
@@ -653,6 +661,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
true,
WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
NULL,
+ local_service,
&logon_info);
if (user_ccache_file != NULL) {
gain_root_privilege();