diff options
| author | Jeremy Allison <jra@samba.org> | 2008-01-11 23:53:27 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2008-01-11 23:53:27 -0800 |
| commit | 43717a16e2fca8b196d4a89e33b05fefc0cb02d2 (patch) | |
| tree | df7a9e41c0f4e6b91e78a45d5e77ac4796fef54a | |
| parent | 866af9a800cbfc022ce6144ee706c0826eb6c39b (diff) | |
| download | samba-43717a16e2fca8b196d4a89e33b05fefc0cb02d2.tar.gz samba-43717a16e2fca8b196d4a89e33b05fefc0cb02d2.tar.bz2 samba-43717a16e2fca8b196d4a89e33b05fefc0cb02d2.zip | |
Fix CID 476. Ensure a valid pac_data pointer is always passed to
ads_verify_ticket as it's always derefed.
Jeremy.
(This used to be commit 0599d57efff0f417f75510e8b08c3cb7b4bcfcd8)
| -rw-r--r-- | source3/libads/kerberos_verify.c | 3 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 3 | ||||
| -rw-r--r-- | source3/utils/ntlm_auth.c | 3 |
3 files changed, 4 insertions, 5 deletions
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index 7040093e90..5ce7aa6b45 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -501,8 +501,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, DEBUG(3,("ads_verify_ticket: did not retrieve auth data. continuing without PAC\n")); } - if (got_auth_data && pac_data != NULL) { - + if (got_auth_data) { pac_ret = decode_pac_data(mem_ctx, &auth_data, context, keyblock, client_principal, authtime, pac_data); if (!NT_STATUS_IS_OK(pac_ret)) { DEBUG(3,("ads_verify_ticket: failed to decode PAC_DATA: %s\n", nt_errstr(pac_ret))); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index bc1d26faca..aee8e498e9 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -259,7 +259,7 @@ static void reply_spnego_kerberos(struct smb_request *req, fstring user; int sess_vuid = req->vuid; NTSTATUS ret = NT_STATUS_OK; - PAC_DATA *pac_data; + PAC_DATA *pac_data = NULL; DATA_BLOB ap_rep, ap_rep_wrapped, response; auth_serversupplied_info *server_info = NULL; DATA_BLOB session_key = data_blob_null; @@ -271,7 +271,6 @@ static void reply_spnego_kerberos(struct smb_request *req, PAC_LOGON_INFO *logon_info = NULL; ZERO_STRUCT(ticket); - ZERO_STRUCT(pac_data); ZERO_STRUCT(ap_rep); ZERO_STRUCT(ap_rep_wrapped); ZERO_STRUCT(response); diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 7e2771c900..6a702fc0cf 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1163,6 +1163,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode, char *principal; DATA_BLOB ap_rep; DATA_BLOB session_key; + PAC_DATA *pac_data = NULL; if ( request.negTokenInit.mechToken.data == NULL ) { DEBUG(1, ("Client did not provide Kerberos data\n")); @@ -1177,7 +1178,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode, status = ads_verify_ticket(mem_ctx, lp_realm(), 0, &request.negTokenInit.mechToken, - &principal, NULL, &ap_rep, + &principal, &pac_data, &ap_rep, &session_key, True); talloc_destroy(mem_ctx); |