diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-05-06 12:45:14 +1000 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-05-11 22:52:37 +0200 |
commit | 454b0b3f20ee8bdf56a12930261391e06567169c (patch) | |
tree | 164d017f86a2d8d4150a7bc69c6ece0ba7d3c145 /source3/winbindd | |
parent | d0a87f0098073b2b7c8b637eccbb9bd91aaa8a80 (diff) | |
download | samba-454b0b3f20ee8bdf56a12930261391e06567169c.tar.gz samba-454b0b3f20ee8bdf56a12930261391e06567169c.tar.bz2 samba-454b0b3f20ee8bdf56a12930261391e06567169c.zip |
s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.
This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/winbindd')
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index a025433121..9554339769 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -564,8 +564,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, ADS_STRUCT *ads; time_t time_offset = 0; bool internal_ccache = true; - - ZERO_STRUCTP(info3); + struct PAC_LOGON_INFO *logon_info = NULL; *info3 = NULL; @@ -623,18 +622,18 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid)); } - result = kerberos_return_info3_from_pac(state->mem_ctx, - principal_s, - state->request->data.auth.pass, - time_offset, - &ticket_lifetime, - &renewal_until, - cc, - true, - true, - WINBINDD_PAM_AUTH_KRB5_RENEW_TIME, - NULL, - info3); + result = kerberos_return_pac(state->mem_ctx, + principal_s, + state->request->data.auth.pass, + time_offset, + &ticket_lifetime, + &renewal_until, + cc, + true, + true, + WINBINDD_PAM_AUTH_KRB5_RENEW_TIME, + NULL, + &logon_info); if (!internal_ccache) { gain_root_privilege(); } @@ -645,6 +644,8 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, goto failed; } + *info3 = &logon_info->info3; + DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n", principal_s)); |