[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Jun 10 23:31:04 MDT 2015
The branch, master has been updated
via 4c5fefe winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC.
via efadcb3 kerberos auth info3 should contain resource group ids available from pac_logon
from b51ad15 smbd: Use new debug macros in kill-client-ip
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4c5fefe0723ae4cd3cacaabc5ae4c500d2306968
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jun 10 16:31:21 2015 -0700
winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Jun 11 07:30:38 CEST 2015 on sn-devel-104
commit efadcb31215f9ccaf7942341c698a8eb2ac166ce
Author: Noel Power <noel.power at suse.com>
Date: Wed Jun 10 13:13:25 2015 +0100
kerberos auth info3 should contain resource group ids available from pac_logon
successful pam auth (e.g. from ssh) will cache group sids (but not any
resource group sids)) The subsequent cached entry used for groups lookups
can be missing those resource groups
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_pam.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 864382e..a274d4f 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -594,6 +594,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
struct PAC_DATA_CTR *pac_data_ctr = NULL;
const char *local_service;
int i;
+ struct netr_SamInfo3 *info3_copy = NULL;
*info3 = NULL;
@@ -713,11 +714,20 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
break;
}
- *info3 = &logon_info->info3;
+ if (logon_info == NULL) {
+ DEBUG(10,("Missing logon_info in ticket of %s\n",
+ principal_s));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n",
principal_s));
+ result = create_info3_from_pac_logon_info(mem_ctx, logon_info, &info3_copy);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto failed;
+ }
+
/* if we had a user's ccache then return that string for the pam
* environment */
@@ -753,7 +763,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
}
}
-
+ *info3 = info3_copy;
return NT_STATUS_OK;
failed:
--
Samba Shared Repository
More information about the samba-cvs
mailing list