[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Wed Jun 10 23:31:04 MDT 2015 

The branch, master has been updated
       via  4c5fefe winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC.
       via  efadcb3 kerberos auth info3 should contain resource group ids available from pac_logon
      from  b51ad15 smbd: Use new debug macros in kill-client-ip

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 4c5fefe0723ae4cd3cacaabc5ae4c500d2306968
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Jun 10 16:31:21 2015 -0700

    winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Thu Jun 11 07:30:38 CEST 2015 on sn-devel-104

commit efadcb31215f9ccaf7942341c698a8eb2ac166ce
Author: Noel Power <noel.power at suse.com>
Date:   Wed Jun 10 13:13:25 2015 +0100

    kerberos auth info3 should contain resource group ids available from pac_logon
    
    successful pam auth (e.g. from ssh) will cache group sids (but not any
    resource group sids)) The subsequent cached entry used for groups lookups
    can be missing those resource groups
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/winbindd_pam.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 864382e..a274d4f 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -594,6 +594,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
 	struct PAC_DATA_CTR *pac_data_ctr = NULL;
 	const char *local_service;
 	int i;
+	struct netr_SamInfo3 *info3_copy = NULL;
 
 	*info3 = NULL;
 
@@ -713,11 +714,20 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
 		break;
 	}
 
-	*info3 = &logon_info->info3;
+	if (logon_info == NULL) {
+		DEBUG(10,("Missing logon_info in ticket of %s\n",
+			principal_s));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
 	DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n",
 		principal_s));
 
+	result = create_info3_from_pac_logon_info(mem_ctx, logon_info, &info3_copy);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto failed;
+	}
+
 	/* if we had a user's ccache then return that string for the pam
 	 * environment */
 
@@ -753,7 +763,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
 		}
 
 	}
-
+	*info3 = info3_copy;
 	return NT_STATUS_OK;
 
 failed:


-- 
Samba Shared Repository

More information about the samba-cvs mailing list