s3: auth: Change auth3_generate_session_info_pac() to use a copy of the info3 struct from the struct PAC_LOGON_INFO.

Call create_info3_from_pac_logon_info() to add in any resource SIDs
from the struct PAC_LOGON_INFO to the info3.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>

1 files changed, 9 insertions, 2 deletions

diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 6b146a084bc..1da496167a8 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -45,6 +45,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
 {
 	TALLOC_CTX *tmp_ctx;
 	struct PAC_LOGON_INFO *logon_info = NULL;
+	struct netr_SamInfo3 *info3_copy = NULL;
 	bool is_mapped;
 	bool is_guest;
 	char *ntuser;
@@ -102,7 +103,13 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
 
 	/* save the PAC data if we have it */
 	if (logon_info) {
-		netsamlogon_cache_store(ntuser, &logon_info->info3);
+		status = create_info3_from_pac_logon_info(tmp_ctx,
+					logon_info,
+					&info3_copy);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+		netsamlogon_cache_store(ntuser, info3_copy);
 	}
 
 	/* setup the string used by %U */
@@ -113,7 +120,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
 
 	status = make_session_info_krb5(mem_ctx,
 					ntuser, ntdomain, username, pw,
-					&logon_info->info3, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
+					info3_copy, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
 					session_info);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",