struct auth_serversupplied_info *server_info,
krb5_pac *pac)
{
- struct PAC_LOGON_INFO_CTR logon_info;
+ union PAC_INFO info;
struct netr_SamInfo3 *info3;
krb5_data pac_data;
NTSTATUS nt_status;
DATA_BLOB pac_out;
krb5_error_code ret;
- ZERO_STRUCT(logon_info);
+ ZERO_STRUCT(info);
nt_status = auth_convert_server_info_saminfo3(mem_ctx, server_info, &info3);
if (!NT_STATUS_IS_OK(nt_status)) {
return EINVAL;
}
- logon_info.info = talloc_zero(mem_ctx, struct PAC_LOGON_INFO);
+ info.logon_info.info = talloc_zero(mem_ctx, struct PAC_LOGON_INFO);
if (!mem_ctx) {
return ENOMEM;
}
- logon_info.info->info3 = *info3;
+ info.logon_info.info->info3 = *info3;
- ndr_err = ndr_push_struct_blob(&pac_out, mem_ctx, iconv_convenience, &logon_info,
- (ndr_push_flags_fn_t)ndr_push_PAC_LOGON_INFO_CTR);
+ ndr_err = ndr_push_union_blob(&pac_out, mem_ctx, iconv_convenience, &info,
+ PAC_TYPE_LOGON_INFO,
+ (ndr_push_flags_fn_t)ndr_push_PAC_INFO);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
nt_status = ndr_map_error2ntstatus(ndr_err);
DEBUG(1, ("PAC (presig) push failed: %s\n", nt_errstr(nt_status)));
struct hdb_entry_ex *client,
struct hdb_entry_ex *server, krb5_pac *pac)
{
- NTSTATUS nt_status;
- enum ndr_err_code ndr_err;
krb5_error_code ret;
unsigned int userAccountControl;
struct hdb_ldb_private *private = talloc_get_type(server->ctx, struct hdb_ldb_private);
- krb5_data k5pac_in;
- DATA_BLOB pac_in;
- struct PAC_LOGON_INFO_CTR logon_info;
- union netr_Validation validation;
struct auth_serversupplied_info *server_info_out;
TALLOC_CTX *mem_ctx = talloc_named(private, 0, "samba_get_pac context");
/* The service account may be set not to want the PAC */
userAccountControl = ldb_msg_find_attr_as_uint(private->msg, "userAccountControl", 0);
if (userAccountControl & UF_NO_AUTH_DATA_REQUIRED) {
+ talloc_free(mem_ctx);
*pac = NULL;
return 0;
}
- ret = krb5_pac_get_buffer(context, *pac, PAC_TYPE_LOGON_INFO, &k5pac_in);
- if (ret != 0) {
- return ret;
- }
+ ret = kerberos_pac_to_server_info(mem_ctx, private->iconv_convenience,
+ *pac, context, &server_info_out);
- pac_in = data_blob_talloc(mem_ctx, k5pac_in.data, k5pac_in.length);
- krb5_data_free(&k5pac_in);
- if (!pac_in.data) {
- talloc_free(mem_ctx);
- return ENOMEM;
- }
-
- ndr_err = ndr_pull_struct_blob(&pac_in, mem_ctx, private->iconv_convenience, &logon_info,
- (ndr_pull_flags_fn_t)ndr_pull_PAC_LOGON_INFO_CTR);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err) || !logon_info.info) {
- nt_status = ndr_map_error2ntstatus(ndr_err);
- DEBUG(0,("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status)));
- talloc_free(mem_ctx);
- return EINVAL;
- }
+ /* We will compleatly regenerate this pac */
+ krb5_pac_free(context, *pac);
- /* Pull this right into the normal auth sysstem structures */
- validation.sam3 = &logon_info.info->info3;
- nt_status = make_server_info_netlogon_validation(mem_ctx,
- "",
- 3, &validation,
- &server_info_out);
- if (!NT_STATUS_IS_OK(nt_status)) {
+ if (ret) {
talloc_free(mem_ctx);
- return ENOMEM;
+ return ret;
}
- /* We will compleatly regenerate this pac */
- krb5_pac_free(context, *pac);
-
ret = make_pac(context, mem_ctx, private->iconv_convenience, server_info_out, pac);
talloc_free(mem_ctx);
git.samba.org / kai / samba-autobuild / .git / blobdiff