RFC also store resource group ids available from pac logon from successful pam authentication
Andrew Bartlett
abartlet at samba.org
Wed Jun 10 20:59:24 MDT 2015
On Wed, 2015-06-10 at 16:33 -0700, Jeremy Allison wrote:
> On Wed, Jun 10, 2015 at 02:11:36PM +0100, Noel Power wrote:
> > Hi
> >
> > came across a bug where sometimes groups returned (e.g. from id command)
> > were missing some group sids, turns out these group ids are resource
> > groups. If we successfully authenticate via pam then the netsamlogon
> > cache is updated but is missing any of those resource group ids, this
> > patch attempts to address that.
>
> Looks good to me - Reviewed-by: Jeremy Allison.
>
> So it's at least as good as what we already have.
> Having said that, I noticed in the:
>
> for (i=0; i < pac_data->num_buffers; i++) {
>
> code just before it, it's theoretically possible
> to exit that look with logon_info == NULL (if
> there was no pac_data->buffers[i].type == PAC_TYPE_LOGON_INFO
> sent in the PAC).
>
> So I think the there should be an additional fix on top
> of your patch to tidy that possibility up.
>
> Can I get a second Team reviewer for the 2 patches please ?
Done. They are now in autobuild.
Thanks!
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Development and Support, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list