RFC also store resource group ids available from pac logon from successful pam authentication

Andrew Bartlett abartlet at samba.org
Wed Jun 10 20:59:24 MDT 2015

On Wed, 2015-06-10 at 16:33 -0700, Jeremy Allison wrote:
> On Wed, Jun 10, 2015 at 02:11:36PM +0100, Noel Power wrote:
> > Hi
> > 
> > came across a bug where sometimes groups returned (e.g. from id command)
> > were missing some group sids, turns out these group ids are resource
> > groups. If we successfully authenticate via pam then  the netsamlogon
> > cache is updated but is missing any of those resource group ids, this
> > patch attempts to address that.
> Looks good to me - Reviewed-by: Jeremy Allison.
> So it's at least as good as what we already have.
> Having said that, I noticed in the:
>         for (i=0; i < pac_data->num_buffers; i++) {
> code just before it, it's theoretically possible
> to exit that look with logon_info == NULL (if
> there was no pac_data->buffers[i].type == PAC_TYPE_LOGON_INFO
> sent in the PAC).
> So I think the there should be an additional fix on top
> of your patch to tidy that possibility up.
> Can I get a second Team reviewer for the 2 patches please ?

Done.  They are now in autobuild.


Andrew Bartlett
Authentication Developer, Samba Team         http://samba.org
Samba Development and Support, Catalyst IT   http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list