summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_domain.c2
-rw-r--r--source3/libsmb/samlogon_cache.c12
-rw-r--r--source3/nsswitch/winbindd_pam.c4
-rw-r--r--source3/smbd/sesssetup.c12
4 files changed, 21 insertions, 9 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 242105a664..266851b229 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -253,7 +253,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
server_info,
&info3);
- netsamlogon_cache_store( mem_ctx, user_info->smb_name.str, &info3 );
+ netsamlogon_cache_store( user_info->smb_name.str, &info3 );
}
/* Note - once the cli stream is shutdown the mem_ctx used
diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
index ceb7b7c35a..d0469a1a48 100644
--- a/source3/libsmb/samlogon_cache.c
+++ b/source3/libsmb/samlogon_cache.c
@@ -109,7 +109,7 @@ void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, NET_USER_INFO_3 *user)
username should be in UTF-8 format
***********************************************************************/
-BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USER_INFO_3 *user)
+BOOL netsamlogon_cache_store( const char *username, NET_USER_INFO_3 *user )
{
TDB_DATA data;
fstring keystr;
@@ -117,6 +117,7 @@ BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USE
BOOL result = False;
DOM_SID user_sid;
time_t t = time(NULL);
+ TALLOC_CTX *mem_ctx;
if (!netsamlogon_cache_init()) {
@@ -142,6 +143,11 @@ BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USE
/* Prepare data */
+ if ( !(mem_ctx = TALLOC_P( NULL, int )) ) {
+ DEBUG(0,("netsamlogon_cache_store: talloc() failed!\n"));
+ return False;
+ }
+
prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
if ( !prs_uint32( "timestamp", &ps, 0, (uint32*)&t ) )
@@ -157,6 +163,8 @@ BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USE
prs_mem_free( &ps );
}
+
+ TALLOC_FREE( mem_ctx );
return result;
}
@@ -175,7 +183,7 @@ NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, const DOM_SID *user
uint32 t;
if (!netsamlogon_cache_init()) {
- DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n", NETSAMLOGON_TDB));
+ DEBUG(0,("netsamlogon_cache_get: cannot open %s for write!\n", NETSAMLOGON_TDB));
return False;
}
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index d398e41468..6b65d7bfe4 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -382,7 +382,7 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
} while ( (attempts < 2) && retry );
if (NT_STATUS_IS_OK(result)) {
- netsamlogon_cache_store(state->mem_ctx, name_user, &info3);
+ netsamlogon_cache_store(name_user, &info3);
wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
/* Check if the user is in the right group */
@@ -667,7 +667,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
} while ( (attempts < 2) && retry );
if (NT_STATUS_IS_OK(result)) {
- netsamlogon_cache_store(state->mem_ctx, name_user, &info3);
+ netsamlogon_cache_store(name_user, &info3);
wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
/* Check if the user is in the right group */
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 9ac258cb5e..2c96760167 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -180,10 +180,6 @@ static int reply_spnego_kerberos(connection_struct *conn,
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- if (pac_data) {
- logon_info = get_logon_info_from_pac(pac_data);
- }
-
DEBUG(3,("Ticket name is [%s]\n", client));
p = strchr_m(client, '@');
@@ -196,6 +192,14 @@ static int reply_spnego_kerberos(connection_struct *conn,
}
*p = 0;
+
+ /* save the PAC data if we have it */
+
+ if (pac_data) {
+ logon_info = get_logon_info_from_pac(pac_data);
+ netsamlogon_cache_store( client, &logon_info->info3 );
+ }
+
if (!strequal(p+1, lp_realm())) {
DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
if (!lp_allow_trusted_domains()) {