diff options
author | Jeremy Allison <jra@samba.org> | 2014-06-16 23:27:35 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2015-07-11 21:59:25 +0200 |
commit | 8ddab98ae07a69920dccb387ba1554e4ff364c33 (patch) | |
tree | 9a5ce26fc0455fc4129a84b23bc7186fe74d2cc0 | |
parent | 4bdfb15ecd6c3fe154130d252fb7d392dd46323c (diff) | |
download | samba-8ddab98ae07a69920dccb387ba1554e4ff364c33.tar.gz |
s3: auth: Fix winbindd_pam_auth_pac_send() to create a new info3 and merge in resource groups from a trusted PAC.
Based on a patch from Richard Sharpe <realrichardsharpe@gmail.com>.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 18 03:30:36 CEST 2014 on sn-devel-104
(cherry picked from commit e907f8415639d2a7cbc1cc2e40e2e35bfa0024de)
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 10d30d26831..88fa14debb6 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -2418,6 +2418,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state, struct winbindd_request *req = state->request; DATA_BLOB pac_blob; struct PAC_LOGON_INFO *logon_info = NULL; + struct netr_SamInfo3 *info3_copy = NULL; NTSTATUS result; pac_blob = data_blob_const(req->extra_data.data, req->extra_len); @@ -2431,7 +2432,13 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state, if (logon_info) { /* Signature verification succeeded, trust the PAC */ - netsamlogon_cache_store(NULL, &logon_info->info3); + result = create_info3_from_pac_logon_info(state->mem_ctx, + logon_info, + &info3_copy); + if (!NT_STATUS_IS_OK(result)) { + return result; + } + netsamlogon_cache_store(NULL, info3_copy); } else { /* Try without signature verification */ @@ -2443,9 +2450,22 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state, nt_errstr(result))); return result; } + if (logon_info) { + /* + * Don't strictly need to copy here, + * but it makes it explicit we're + * returning a copy talloc'ed off + * the state->mem_ctx. + */ + info3_copy = copy_netr_SamInfo3(state->mem_ctx, + &logon_info->info3); + if (info3_copy == NULL) { + return NT_STATUS_NO_MEMORY; + } + } } - *info3 = &logon_info->info3; + *info3 = info3_copy; return NT_STATUS_OK; } |