diff options
| author | Stefan Metzmacher <metze@samba.org> | 2016-01-07 14:55:07 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2016-07-22 23:34:22 +0200 |
| commit | 8b1f5cad958a4022edc947b6abdb198ffad1a525 (patch) | |
| tree | 76b5cd0fc76419c8810dd5c87715d217247a0517 /source4/auth/kerberos | |
| parent | 1854252816bf19b9afd104098e750d8495ad85b6 (diff) | |
| download | samba-8b1f5cad958a4022edc947b6abdb198ffad1a525.tar.gz | |
auth/auth_sam_reply: fill user_principal_* and dns_domain_name in make_user_info_dc_pac()
This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO
correctly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/auth/kerberos')
| -rw-r--r-- | source4/auth/kerberos/kerberos_pac.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c index 27fb19b6e2f..f511aae7a88 100644 --- a/source4/auth/kerberos/kerberos_pac.c +++ b/source4/auth/kerberos/kerberos_pac.c @@ -288,8 +288,12 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx, DATA_BLOB pac_logon_info_in, pac_srv_checksum_in, pac_kdc_checksum_in; krb5_data k5pac_logon_info_in, k5pac_srv_checksum_in, k5pac_kdc_checksum_in; + DATA_BLOB pac_upn_dns_info_in; + krb5_data k5pac_upn_dns_info_in; union PAC_INFO info; + union PAC_INFO _upn_dns_info; + const struct PAC_UPN_DNS_INFO *upn_dns_info = NULL; struct auth_user_info_dc *user_info_dc_out; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); @@ -322,9 +326,40 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx, return EINVAL; } + ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_UPN_DNS_INFO, + &k5pac_upn_dns_info_in); + if (ret == ENOENT) { + ZERO_STRUCT(k5pac_upn_dns_info_in); + ret = 0; + } + if (ret != 0) { + talloc_free(tmp_ctx); + return EINVAL; + } + + pac_upn_dns_info_in = data_blob_const(k5pac_upn_dns_info_in.data, + k5pac_upn_dns_info_in.length); + + if (pac_upn_dns_info_in.length != 0) { + ndr_err = ndr_pull_union_blob(&pac_upn_dns_info_in, tmp_ctx, + &_upn_dns_info, + PAC_TYPE_UPN_DNS_INFO, + (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO); + kerberos_free_data_contents(context, &k5pac_upn_dns_info_in); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + nt_status = ndr_map_error2ntstatus(ndr_err); + DEBUG(0,("can't parse the PAC UPN_DNS_INFO: %s\n", + nt_errstr(nt_status))); + talloc_free(tmp_ctx); + return EINVAL; + } + upn_dns_info = &_upn_dns_info.upn_dns_info; + } + /* Pull this right into the normal auth sysstem structures */ nt_status = make_user_info_dc_pac(mem_ctx, info.logon_info.info, + upn_dns_info, &user_info_dc_out); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); |