summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorChristof Schmitt <christof.schmitt@us.ibm.com>2012-07-05 13:17:00 -0700
committerAndrew Bartlett <abartlet@samba.org>2012-07-06 20:45:51 +1000
commit7285ed586f129d45843f98c359003d9ac88cf5cb (patch)
tree4ca176f1284f9f43930be940b0173bae209fc0ab /source3
parenta49eb60e041a55122ce04ed6f576c2ba09c11fe3 (diff)
downloadsamba-7285ed586f129d45843f98c359003d9ac88cf5cb.tar.gz
samba-7285ed586f129d45843f98c359003d9ac88cf5cb.tar.bz2
samba-7285ed586f129d45843f98c359003d9ac88cf5cb.zip
auth: Common function for retrieving PAC_LOGIN_INFO from PAC
Several functions use the same logic as kerberos_pac_logon_info. Move kerberos_pac_logon_info to common code and reuse it to remove the code duplication. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_generic.c28
-rw-r--r--source3/libads/authdata.c29
-rw-r--r--source3/utils/ntlm_auth.c28
3 files changed, 7 insertions, 78 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 82b376feb6..80f5fa7d3e 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -42,9 +42,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
struct auth_session_info **session_info)
{
TALLOC_CTX *tmp_ctx;
- struct PAC_DATA *pac_data = NULL;
struct PAC_LOGON_INFO *logon_info = NULL;
- unsigned int i;
bool is_mapped;
bool is_guest;
char *ntuser;
@@ -62,36 +60,14 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
if (pac_blob) {
#ifdef HAVE_KRB5
- status = kerberos_decode_pac(tmp_ctx,
- *pac_blob,
- NULL, NULL, NULL, NULL, 0, &pac_data);
+ status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
+ NULL, NULL, 0, &logon_info);
#else
status = NT_STATUS_ACCESS_DENIED;
#endif
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
-
- /* get logon name and logon info */
- for (i = 0; i < pac_data->num_buffers; i++) {
- struct PAC_BUFFER *data_buf = &pac_data->buffers[i];
-
- switch (data_buf->type) {
- case PAC_TYPE_LOGON_INFO:
- if (!data_buf->info) {
- break;
- }
- logon_info = data_buf->info->logon_info.info;
- break;
- default:
- break;
- }
- }
- if (!logon_info) {
- DEBUG(1, ("Invalid PAC data, missing logon info!\n"));
- status = NT_STATUS_NOT_FOUND;
- goto done;
- }
}
rc = get_remote_hostname(remote_address,
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 60897bf5fb..2c667a66bc 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -51,9 +51,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
struct auth_session_info **session_info)
{
TALLOC_CTX *tmp_ctx;
- struct PAC_DATA *pac_data = NULL;
struct PAC_LOGON_INFO *logon_info = NULL;
- unsigned int i;
NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
tmp_ctx = talloc_new(mem_ctx);
@@ -62,34 +60,13 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
}
if (pac_blob) {
- status = kerberos_decode_pac(tmp_ctx,
- *pac_blob,
- NULL, NULL, NULL, NULL, 0, &pac_data);
+ status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
+ NULL, NULL, 0, &logon_info);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
-
- /* get logon name and logon info */
- for (i = 0; i < pac_data->num_buffers; i++) {
- struct PAC_BUFFER *data_buf = &pac_data->buffers[i];
-
- switch (data_buf->type) {
- case PAC_TYPE_LOGON_INFO:
- if (!data_buf->info) {
- break;
- }
- logon_info = data_buf->info->logon_info.info;
- break;
- default:
- break;
- }
- }
- if (!logon_info) {
- DEBUG(1, ("Invalid PAC data, missing logon info!\n"));
- status = NT_STATUS_NOT_FOUND;
- goto done;
- }
}
+
talloc_set_name_const(logon_info, "struct PAC_LOGON_INFO");
auth_ctx->private_data = talloc_steal(auth_ctx, logon_info);
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index a832b5bc60..afb51e9356 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -716,9 +716,7 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c
struct auth_session_info **session_info)
{
TALLOC_CTX *tmp_ctx;
- struct PAC_DATA *pac_data = NULL;
struct PAC_LOGON_INFO *logon_info = NULL;
- unsigned int i;
char *unixuser;
NTSTATUS status;
char *domain = NULL;
@@ -733,36 +731,14 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c
if (pac_blob) {
#ifdef HAVE_KRB5
- status = kerberos_decode_pac(tmp_ctx,
- *pac_blob,
- NULL, NULL, NULL, NULL, 0, &pac_data);
+ status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
+ NULL, NULL, 0, &logon_info);
#else
status = NT_STATUS_ACCESS_DENIED;
#endif
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
-
- /* get logon name and logon info */
- for (i = 0; i < pac_data->num_buffers; i++) {
- struct PAC_BUFFER *data_buf = &pac_data->buffers[i];
-
- switch (data_buf->type) {
- case PAC_TYPE_LOGON_INFO:
- if (!data_buf->info) {
- break;
- }
- logon_info = data_buf->info->logon_info.info;
- break;
- default:
- break;
- }
- }
- if (!logon_info) {
- DEBUG(1, ("Invalid PAC data, missing logon info!\n"));
- status = NT_STATUS_NOT_FOUND;
- goto done;
- }
}
DEBUG(3, ("Kerberos ticket principal name is [%s]\n", princ_name));