diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-10-20 10:15:31 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:04 -0500 |
| commit | 532b16f3d5b55c91f10ef747b13861be1a969dce (patch) | |
| tree | 3c86ba7517896584f821a623f6ad478570d554f7 /source4/auth/gensec/gensec_gssapi.c | |
| parent | 10989431e533bd60de242dbd78c4b62c4ace7812 (diff) | |
| download | samba-532b16f3d5b55c91f10ef747b13861be1a969dce.tar.gz samba-532b16f3d5b55c91f10ef747b13861be1a969dce.tar.bz2 samba-532b16f3d5b55c91f10ef747b13861be1a969dce.zip | |
r11216: Upgrade to gd's PAC extraction code from Samba3. While I still want
to make some this the kerberos library's problem, we may as well use
the best code that is around.
Andrew Bartlett
(This used to be commit a7fe3078a65f958499779f381731b408f3e6fb1f)
Diffstat (limited to 'source4/auth/gensec/gensec_gssapi.c')
| -rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 97543de445..42141e4df2 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -822,6 +822,8 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi time_t authtime; krb5_principal principal; char *principal_string; + DATA_BLOB pac_blob; + DATA_BLOB unwrapped_pac; if ((gensec_gssapi_state->gss_oid->length != gss_mech_krb5->length) || (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements, @@ -866,12 +868,19 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi KRB5_AUTHDATA_IF_RELEVANT, &pac); } + + if (maj_stat == 0) { + pac_blob = data_blob_talloc(mem_ctx, pac.value, pac.length); + gss_release_buffer(&min_stat, &pac); + + if (!unwrap_pac(mem_ctx, &pac_blob, &unwrapped_pac)) { + /* No pac actually present */ + maj_stat = 1; + } + } if (maj_stat == 0) { krb5_error_code ret; - DATA_BLOB pac_blob = data_blob_talloc(mem_ctx, pac.value, pac.length); - pac_blob = unwrap_pac(mem_ctx, &pac_blob); - gss_release_buffer(&min_stat, &pac); ret = krb5_parse_name(gensec_gssapi_state->smb_krb5_context->krb5_context, principal_string, &principal); @@ -881,7 +890,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } /* decode and verify the pac */ - nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, pac_blob, + nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, unwrapped_pac, gensec_gssapi_state->smb_krb5_context->krb5_context, NULL, keyblock, principal, authtime); krb5_free_principal(gensec_gssapi_state->smb_krb5_context->krb5_context, principal); |