From 43717a16e2fca8b196d4a89e33b05fefc0cb02d2 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 11 Jan 2008 23:53:27 -0800
Subject: Fix CID 476. Ensure a valid pac_data pointer is always passed to
 ads_verify_ticket as it's always derefed. Jeremy. (This used to be commit
 0599d57efff0f417f75510e8b08c3cb7b4bcfcd8)

---
 source3/libads/kerberos_verify.c | 3 +--
 source3/smbd/sesssetup.c         | 3 +--
 source3/utils/ntlm_auth.c        | 3 ++-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 7040093e90..5ce7aa6b45 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -501,8 +501,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
 		DEBUG(3,("ads_verify_ticket: did not retrieve auth data. continuing without PAC\n"));
 	}
 
-	if (got_auth_data && pac_data != NULL) {
-
+	if (got_auth_data) {
 		pac_ret = decode_pac_data(mem_ctx, &auth_data, context, keyblock, client_principal, authtime, pac_data);
 		if (!NT_STATUS_IS_OK(pac_ret)) {
 			DEBUG(3,("ads_verify_ticket: failed to decode PAC_DATA: %s\n", nt_errstr(pac_ret)));
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index bc1d26faca..aee8e498e9 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -259,7 +259,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
 	fstring user;
 	int sess_vuid = req->vuid;
 	NTSTATUS ret = NT_STATUS_OK;
-	PAC_DATA *pac_data;
+	PAC_DATA *pac_data = NULL;
 	DATA_BLOB ap_rep, ap_rep_wrapped, response;
 	auth_serversupplied_info *server_info = NULL;
 	DATA_BLOB session_key = data_blob_null;
@@ -271,7 +271,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
 	PAC_LOGON_INFO *logon_info = NULL;
 
 	ZERO_STRUCT(ticket);
-	ZERO_STRUCT(pac_data);
 	ZERO_STRUCT(ap_rep);
 	ZERO_STRUCT(ap_rep_wrapped);
 	ZERO_STRUCT(response);
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 7e2771c900..6a702fc0cf 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1163,6 +1163,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
 			char *principal;
 			DATA_BLOB ap_rep;
 			DATA_BLOB session_key;
+			PAC_DATA *pac_data = NULL;
 
 			if ( request.negTokenInit.mechToken.data == NULL ) {
 				DEBUG(1, ("Client did not provide Kerberos data\n"));
@@ -1177,7 +1178,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
 
 			status = ads_verify_ticket(mem_ctx, lp_realm(), 0,
 						   &request.negTokenInit.mechToken,
-						   &principal, NULL, &ap_rep,
+						   &principal, &pac_data, &ap_rep,
 						   &session_key, True);
 
 			talloc_destroy(mem_ctx);
-- 
cgit