summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2008-01-11 23:53:27 -0800
committerJeremy Allison <jra@samba.org>2008-01-11 23:53:27 -0800
commit43717a16e2fca8b196d4a89e33b05fefc0cb02d2 (patch)
treedf7a9e41c0f4e6b91e78a45d5e77ac4796fef54a
parent866af9a800cbfc022ce6144ee706c0826eb6c39b (diff)
downloadsamba-43717a16e2fca8b196d4a89e33b05fefc0cb02d2.tar.gz
samba-43717a16e2fca8b196d4a89e33b05fefc0cb02d2.tar.bz2
samba-43717a16e2fca8b196d4a89e33b05fefc0cb02d2.zip
Fix CID 476. Ensure a valid pac_data pointer is always passed to
ads_verify_ticket as it's always derefed. Jeremy. (This used to be commit 0599d57efff0f417f75510e8b08c3cb7b4bcfcd8)
-rw-r--r--source3/libads/kerberos_verify.c3
-rw-r--r--source3/smbd/sesssetup.c3
-rw-r--r--source3/utils/ntlm_auth.c3
3 files changed, 4 insertions, 5 deletions
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 7040093e90..5ce7aa6b45 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -501,8 +501,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
DEBUG(3,("ads_verify_ticket: did not retrieve auth data. continuing without PAC\n"));
}
- if (got_auth_data && pac_data != NULL) {
-
+ if (got_auth_data) {
pac_ret = decode_pac_data(mem_ctx, &auth_data, context, keyblock, client_principal, authtime, pac_data);
if (!NT_STATUS_IS_OK(pac_ret)) {
DEBUG(3,("ads_verify_ticket: failed to decode PAC_DATA: %s\n", nt_errstr(pac_ret)));
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index bc1d26faca..aee8e498e9 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -259,7 +259,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
fstring user;
int sess_vuid = req->vuid;
NTSTATUS ret = NT_STATUS_OK;
- PAC_DATA *pac_data;
+ PAC_DATA *pac_data = NULL;
DATA_BLOB ap_rep, ap_rep_wrapped, response;
auth_serversupplied_info *server_info = NULL;
DATA_BLOB session_key = data_blob_null;
@@ -271,7 +271,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
PAC_LOGON_INFO *logon_info = NULL;
ZERO_STRUCT(ticket);
- ZERO_STRUCT(pac_data);
ZERO_STRUCT(ap_rep);
ZERO_STRUCT(ap_rep_wrapped);
ZERO_STRUCT(response);
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 7e2771c900..6a702fc0cf 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1163,6 +1163,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
char *principal;
DATA_BLOB ap_rep;
DATA_BLOB session_key;
+ PAC_DATA *pac_data = NULL;
if ( request.negTokenInit.mechToken.data == NULL ) {
DEBUG(1, ("Client did not provide Kerberos data\n"));
@@ -1177,7 +1178,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
status = ads_verify_ticket(mem_ctx, lp_realm(), 0,
&request.negTokenInit.mechToken,
- &principal, NULL, &ap_rep,
+ &principal, &pac_data, &ap_rep,
&session_key, True);
talloc_destroy(mem_ctx);