diff options
Diffstat (limited to 'source4/libcli/auth/gensec_krb5.c')
-rw-r--r-- | source4/libcli/auth/gensec_krb5.c | 80 |
1 files changed, 55 insertions, 25 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c index 14e2f586c3..1ce05b519e 100644 --- a/source4/libcli/auth/gensec_krb5.c +++ b/source4/libcli/auth/gensec_krb5.c @@ -611,39 +611,48 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security struct dom_sid *sid; char *p; char *principal; + const char *username; + const char *realm; *session_info_out = NULL; - nt_status = make_server_info(gensec_security, &server_info, gensec_krb5_state->peer_principal); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - server_info->guest = False; + /* IF we have the PAC - otherwise (TODO) we need to get this + * data from elsewere - local ldb, or lookup of some + * kind... */ - principal = talloc_strdup(server_info, gensec_krb5_state->peer_principal); + principal = talloc_strdup(gensec_krb5_state, gensec_krb5_state->peer_principal); p = strchr(principal, '@'); if (p) { *p = '\0'; } - server_info->account_name = principal; - server_info->domain = talloc_strdup(server_info, p++); - if (!server_info->domain) { - free_server_info(&server_info); - return NT_STATUS_NO_MEMORY; - } - - nt_status = make_session_info(server_info, &session_info); - if (!NT_STATUS_IS_OK(nt_status)) { - free_server_info(&server_info); - return nt_status; - } + p++; + username = principal; + realm = p; + + if (logon_info) { + nt_status = make_server_info(gensec_krb5_state, &server_info, gensec_krb5_state->peer_principal); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + server_info->guest = False; + + server_info->account_name = talloc_strdup(server_info, principal); + server_info->domain = talloc_strdup(server_info, realm); + if (!server_info->domain) { + free_server_info(&server_info); + return NT_STATUS_NO_MEMORY; + } + + /* references the server_info into the session_info */ + nt_status = make_session_info(gensec_krb5_state, server_info, &session_info); + if (!NT_STATUS_IS_OK(nt_status)) { + free_server_info(&server_info); + return nt_status; + } - /* IF we have the PAC - otherwise (TODO) we need to get this - * data from elsewere - local ldb, or lookup of some - * kind... */ + talloc_free(server_info); - if (logon_info) { ptoken = talloc_p(session_info, struct nt_user_token); if (!ptoken) { return NT_STATUS_NO_MEMORY; @@ -666,16 +675,37 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security for (;ptoken->num_sids < logon_info->groups_count; ptoken->num_sids++) { sid = dom_sid_dup(session_info, logon_info->dom_sid); - ptoken->user_sids[ptoken->num_sids] = dom_sid_add_rid(session_info, sid, logon_info->groups[ptoken->num_sids - 2].rid); + ptoken->user_sids[ptoken->num_sids] + = dom_sid_add_rid(session_info, sid, + logon_info->groups[ptoken->num_sids - 2].rid); } debug_nt_user_token(DBGC_AUTH, 0, ptoken); session_info->nt_user_token = ptoken; } else { - session_info->nt_user_token = NULL; + TALLOC_CTX *mem_ctx = talloc_named(gensec_krb5_state, 0, "PAC-less session info discovery for %s@%s", username, realm); + if (!mem_ctx) { + return NT_STATUS_NO_MEMORY; + } + nt_status = sam_get_server_info(username, realm, gensec_krb5_state, &server_info); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(mem_ctx); + return nt_status; + } + + /* references the server_info into the session_info */ + nt_status = make_session_info(gensec_krb5_state, server_info, &session_info); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(mem_ctx); + return nt_status; + } + + talloc_free(mem_ctx); } + talloc_free(principal); + nt_status = gensec_krb5_session_key(gensec_security, &session_info->session_key); session_info->workstation = NULL; |