diff options
| author | Christof Schmitt <christof.schmitt@us.ibm.com> | 2012-07-05 13:17:00 -0700 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-07-06 20:45:51 +1000 |
| commit | 7285ed586f129d45843f98c359003d9ac88cf5cb (patch) | |
| tree | 4ca176f1284f9f43930be940b0173bae209fc0ab /source3 | |
| parent | a49eb60e041a55122ce04ed6f576c2ba09c11fe3 (diff) | |
| download | samba-7285ed586f129d45843f98c359003d9ac88cf5cb.tar.gz samba-7285ed586f129d45843f98c359003d9ac88cf5cb.tar.bz2 samba-7285ed586f129d45843f98c359003d9ac88cf5cb.zip | |
auth: Common function for retrieving PAC_LOGIN_INFO from PAC
Several functions use the same logic as kerberos_pac_logon_info. Move
kerberos_pac_logon_info to common code and reuse it to remove the code
duplication.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/auth/auth_generic.c | 28 | ||||
| -rw-r--r-- | source3/libads/authdata.c | 29 | ||||
| -rw-r--r-- | source3/utils/ntlm_auth.c | 28 |
3 files changed, 7 insertions, 78 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c index 82b376feb6..80f5fa7d3e 100644 --- a/source3/auth/auth_generic.c +++ b/source3/auth/auth_generic.c @@ -42,9 +42,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, struct auth_session_info **session_info) { TALLOC_CTX *tmp_ctx; - struct PAC_DATA *pac_data = NULL; struct PAC_LOGON_INFO *logon_info = NULL; - unsigned int i; bool is_mapped; bool is_guest; char *ntuser; @@ -62,36 +60,14 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, if (pac_blob) { #ifdef HAVE_KRB5 - status = kerberos_decode_pac(tmp_ctx, - *pac_blob, - NULL, NULL, NULL, NULL, 0, &pac_data); + status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL, + NULL, NULL, 0, &logon_info); #else status = NT_STATUS_ACCESS_DENIED; #endif if (!NT_STATUS_IS_OK(status)) { goto done; } - - /* get logon name and logon info */ - for (i = 0; i < pac_data->num_buffers; i++) { - struct PAC_BUFFER *data_buf = &pac_data->buffers[i]; - - switch (data_buf->type) { - case PAC_TYPE_LOGON_INFO: - if (!data_buf->info) { - break; - } - logon_info = data_buf->info->logon_info.info; - break; - default: - break; - } - } - if (!logon_info) { - DEBUG(1, ("Invalid PAC data, missing logon info!\n")); - status = NT_STATUS_NOT_FOUND; - goto done; - } } rc = get_remote_hostname(remote_address, diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 60897bf5fb..2c667a66bc 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -51,9 +51,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx, struct auth_session_info **session_info) { TALLOC_CTX *tmp_ctx; - struct PAC_DATA *pac_data = NULL; struct PAC_LOGON_INFO *logon_info = NULL; - unsigned int i; NTSTATUS status = NT_STATUS_INTERNAL_ERROR; tmp_ctx = talloc_new(mem_ctx); @@ -62,34 +60,13 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx, } if (pac_blob) { - status = kerberos_decode_pac(tmp_ctx, - *pac_blob, - NULL, NULL, NULL, NULL, 0, &pac_data); + status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL, + NULL, NULL, 0, &logon_info); if (!NT_STATUS_IS_OK(status)) { goto done; } - - /* get logon name and logon info */ - for (i = 0; i < pac_data->num_buffers; i++) { - struct PAC_BUFFER *data_buf = &pac_data->buffers[i]; - - switch (data_buf->type) { - case PAC_TYPE_LOGON_INFO: - if (!data_buf->info) { - break; - } - logon_info = data_buf->info->logon_info.info; - break; - default: - break; - } - } - if (!logon_info) { - DEBUG(1, ("Invalid PAC data, missing logon info!\n")); - status = NT_STATUS_NOT_FOUND; - goto done; - } } + talloc_set_name_const(logon_info, "struct PAC_LOGON_INFO"); auth_ctx->private_data = talloc_steal(auth_ctx, logon_info); diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index a832b5bc60..afb51e9356 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -716,9 +716,7 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c struct auth_session_info **session_info) { TALLOC_CTX *tmp_ctx; - struct PAC_DATA *pac_data = NULL; struct PAC_LOGON_INFO *logon_info = NULL; - unsigned int i; char *unixuser; NTSTATUS status; char *domain = NULL; @@ -733,36 +731,14 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c if (pac_blob) { #ifdef HAVE_KRB5 - status = kerberos_decode_pac(tmp_ctx, - *pac_blob, - NULL, NULL, NULL, NULL, 0, &pac_data); + status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL, + NULL, NULL, 0, &logon_info); #else status = NT_STATUS_ACCESS_DENIED; #endif if (!NT_STATUS_IS_OK(status)) { goto done; } - - /* get logon name and logon info */ - for (i = 0; i < pac_data->num_buffers; i++) { - struct PAC_BUFFER *data_buf = &pac_data->buffers[i]; - - switch (data_buf->type) { - case PAC_TYPE_LOGON_INFO: - if (!data_buf->info) { - break; - } - logon_info = data_buf->info->logon_info.info; - break; - default: - break; - } - } - if (!logon_info) { - DEBUG(1, ("Invalid PAC data, missing logon info!\n")); - status = NT_STATUS_NOT_FOUND; - goto done; - } } DEBUG(3, ("Kerberos ticket principal name is [%s]\n", princ_name)); |