diff options
author | Günther Deschner <gd@samba.org> | 2014-01-17 14:29:03 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2014-03-12 10:13:19 +0100 |
commit | 932490ae08578c37523e00e537017603ee00ce7c (patch) | |
tree | 0089a80fd0649196cc54aa425fa8987c248d54cd | |
parent | 41d8d99d8ac9e53405868bf5e34f48a01550c1f4 (diff) | |
download | samba-932490ae08578c37523e00e537017603ee00ce7c.tar.gz |
s3-libads: pass down local_service to kerberos_return_pac().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
-rw-r--r-- | source3/libads/authdata.c | 6 | ||||
-rw-r--r-- | source3/libads/kerberos_proto.h | 1 | ||||
-rw-r--r-- | source3/utils/net_ads.c | 8 | ||||
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 9 |
4 files changed, 19 insertions, 5 deletions
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 801e551edbd..dd80dc24e44 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -101,13 +101,13 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, bool add_netbios_addr, time_t renewable_time, const char *impersonate_princ_s, + const char *local_service, struct PAC_LOGON_INFO **_logon_info) { krb5_error_code ret; NTSTATUS status = NT_STATUS_INVALID_PARAMETER; DATA_BLOB tkt, tkt_wrapped, ap_rep, sesskey1; const char *auth_princ = NULL; - const char *local_service = NULL; const char *cc = "MEMORY:kerberos_return_pac"; struct auth_session_info *session_info; struct gensec_security *gensec_server_context; @@ -141,10 +141,6 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, } NT_STATUS_HAVE_NO_MEMORY(auth_princ); - local_service = talloc_asprintf(mem_ctx, "%s$@%s", - lp_netbios_name(), lp_realm()); - NT_STATUS_HAVE_NO_MEMORY(local_service); - ret = kerberos_kinit_password_ext(auth_princ, pass, time_offset, diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h index 255963405c7..1151d66cd15 100644 --- a/source3/libads/kerberos_proto.h +++ b/source3/libads/kerberos_proto.h @@ -77,6 +77,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, bool add_netbios_addr, time_t renewable_time, const char *impersonate_princ_s, + const char *local_service, struct PAC_LOGON_INFO **logon_info); /* The following definitions come from libads/krb5_setpw.c */ diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 89eebf3388d..5a073b1cc71 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -2604,6 +2604,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar NTSTATUS status; int ret = -1; const char *impersonate_princ_s = NULL; + const char *local_service = NULL; if (c->display_usage) { d_printf( "%s\n" @@ -2623,6 +2624,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar impersonate_princ_s = argv[0]; } + local_service = talloc_asprintf(mem_ctx, "%s$@%s", + lp_netbios_name(), lp_realm()); + if (local_service == NULL) { + goto out; + } + c->opt_password = net_prompt_pass(c, c->opt_user_name); status = kerberos_return_pac(mem_ctx, @@ -2636,6 +2643,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar true, 2592000, /* one month */ impersonate_princ_s, + local_service, &info); if (!NT_STATUS_IS_OK(status)) { d_printf(_("failed to query kerberos PAC: %s\n"), diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 3f3ec7090f2..61e2cefd522 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -576,6 +576,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, time_t time_offset = 0; const char *user_ccache_file; struct PAC_LOGON_INFO *logon_info = NULL; + const char *local_service; *info3 = NULL; @@ -632,6 +633,13 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } + local_service = talloc_asprintf(mem_ctx, "%s$@%s", + lp_netbios_name(), lp_realm()); + if (local_service == NULL) { + return NT_STATUS_NO_MEMORY; + } + + /* if this is a user ccache, we need to act as the user to let the krb5 * library handle the chown, etc. */ @@ -653,6 +661,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, true, WINBINDD_PAM_AUTH_KRB5_RENEW_TIME, NULL, + local_service, &logon_info); if (user_ccache_file != NULL) { gain_root_privilege(); |