diff options
-rw-r--r-- | source3/auth/auth_domain.c | 2 | ||||
-rw-r--r-- | source3/libsmb/samlogon_cache.c | 12 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 4 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 12 |
4 files changed, 21 insertions, 9 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 242105a664..266851b229 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -253,7 +253,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, server_info, &info3); - netsamlogon_cache_store( mem_ctx, user_info->smb_name.str, &info3 ); + netsamlogon_cache_store( user_info->smb_name.str, &info3 ); } /* Note - once the cli stream is shutdown the mem_ctx used diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c index ceb7b7c35a..d0469a1a48 100644 --- a/source3/libsmb/samlogon_cache.c +++ b/source3/libsmb/samlogon_cache.c @@ -109,7 +109,7 @@ void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, NET_USER_INFO_3 *user) username should be in UTF-8 format ***********************************************************************/ -BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USER_INFO_3 *user) +BOOL netsamlogon_cache_store( const char *username, NET_USER_INFO_3 *user ) { TDB_DATA data; fstring keystr; @@ -117,6 +117,7 @@ BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USE BOOL result = False; DOM_SID user_sid; time_t t = time(NULL); + TALLOC_CTX *mem_ctx; if (!netsamlogon_cache_init()) { @@ -142,6 +143,11 @@ BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USE /* Prepare data */ + if ( !(mem_ctx = TALLOC_P( NULL, int )) ) { + DEBUG(0,("netsamlogon_cache_store: talloc() failed!\n")); + return False; + } + prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); if ( !prs_uint32( "timestamp", &ps, 0, (uint32*)&t ) ) @@ -157,6 +163,8 @@ BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USE prs_mem_free( &ps ); } + + TALLOC_FREE( mem_ctx ); return result; } @@ -175,7 +183,7 @@ NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, const DOM_SID *user uint32 t; if (!netsamlogon_cache_init()) { - DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n", NETSAMLOGON_TDB)); + DEBUG(0,("netsamlogon_cache_get: cannot open %s for write!\n", NETSAMLOGON_TDB)); return False; } diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index d398e41468..6b65d7bfe4 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -382,7 +382,7 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain, } while ( (attempts < 2) && retry ); if (NT_STATUS_IS_OK(result)) { - netsamlogon_cache_store(state->mem_ctx, name_user, &info3); + netsamlogon_cache_store(name_user, &info3); wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3); /* Check if the user is in the right group */ @@ -667,7 +667,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, } while ( (attempts < 2) && retry ); if (NT_STATUS_IS_OK(result)) { - netsamlogon_cache_store(state->mem_ctx, name_user, &info3); + netsamlogon_cache_store(name_user, &info3); wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3); /* Check if the user is in the right group */ diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 9ac258cb5e..2c96760167 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -180,10 +180,6 @@ static int reply_spnego_kerberos(connection_struct *conn, return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - if (pac_data) { - logon_info = get_logon_info_from_pac(pac_data); - } - DEBUG(3,("Ticket name is [%s]\n", client)); p = strchr_m(client, '@'); @@ -196,6 +192,14 @@ static int reply_spnego_kerberos(connection_struct *conn, } *p = 0; + + /* save the PAC data if we have it */ + + if (pac_data) { + logon_info = get_logon_info_from_pac(pac_data); + netsamlogon_cache_store( client, &logon_info->info3 ); + } + if (!strequal(p+1, lp_realm())) { DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1)); if (!lp_allow_trusted_domains()) { |