diff options
author | Jeremy Allison <jra@samba.org> | 2014-06-16 23:15:21 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2014-06-18 01:03:13 +0200 |
commit | 0e5a9f44e4b08b93bc4b501d1e14b59ed7b3647c (patch) | |
tree | fdec45f5957dce3be965ce1e7d04ce09bcc4c107 | |
parent | db775c68ccbed0252abf092b5cb811e8f5fa9bb6 (diff) | |
download | samba-0e5a9f44e4b08b93bc4b501d1e14b59ed7b3647c.tar.gz |
s3: auth: Change auth3_generate_session_info_pac() to use a copy of the info3 struct from the struct PAC_LOGON_INFO.
Call create_info3_from_pac_logon_info() to add in any resource SIDs
from the struct PAC_LOGON_INFO to the info3.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
-rw-r--r-- | source3/auth/auth_generic.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c index 6b146a084bc..1da496167a8 100644 --- a/source3/auth/auth_generic.c +++ b/source3/auth/auth_generic.c @@ -45,6 +45,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, { TALLOC_CTX *tmp_ctx; struct PAC_LOGON_INFO *logon_info = NULL; + struct netr_SamInfo3 *info3_copy = NULL; bool is_mapped; bool is_guest; char *ntuser; @@ -102,7 +103,13 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, /* save the PAC data if we have it */ if (logon_info) { - netsamlogon_cache_store(ntuser, &logon_info->info3); + status = create_info3_from_pac_logon_info(tmp_ctx, + logon_info, + &info3_copy); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + netsamlogon_cache_store(ntuser, info3_copy); } /* setup the string used by %U */ @@ -113,7 +120,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, status = make_session_info_krb5(mem_ctx, ntuser, ntdomain, username, pw, - &logon_info->info3, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */, + info3_copy, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */, session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n", |