r11661: Store the INFO3 in the PAC data into the netsamlogon_cache.

Also remove the mem_ctx from the netsamlogon_cache_store() API.

Guenther, what should we be doing with the other fields in
the PAC_LOGON_INFO?

diff --git a/source/auth/auth_domain.c b/source/auth/auth_domain.c
index 242105a664b17935989771e5e5dd410de95c86ee..266851b22923a235a0a66fbd7612383ceafce798 100644 (file)
--- a/source/auth/auth_domain.c
+++ b/source/auth/auth_domain.c
@@ -253,7 +253,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
                                                server_info,
                                                &info3);
 
-               netsamlogon_cache_store( mem_ctx, user_info->smb_name.str, &info3 );
+               netsamlogon_cache_store( user_info->smb_name.str, &info3 );
        }
 
        /* Note - once the cli stream is shutdown the mem_ctx used

diff --git a/source/libsmb/samlogon_cache.c b/source/libsmb/samlogon_cache.c
index ceb7b7c35a44ef2eae5d7a303ace4dde60bdfff0..d0469a1a4819e70d3c8d3f393730fe038f68b655 100644 (file)
--- a/source/libsmb/samlogon_cache.c
+++ b/source/libsmb/samlogon_cache.c
@@ -109,7 +109,7 @@ void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, NET_USER_INFO_3 *user)
  username should be in UTF-8 format
 ***********************************************************************/
 
-BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USER_INFO_3 *user)
+BOOL netsamlogon_cache_store( const char *username, NET_USER_INFO_3 *user )
 {
        TDB_DATA        data;
         fstring        keystr;
@@ -117,6 +117,7 @@ BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USE
        BOOL            result = False;
        DOM_SID         user_sid;
        time_t          t = time(NULL);
+       TALLOC_CTX      *mem_ctx;
        
 
        if (!netsamlogon_cache_init()) {
@@ -142,6 +143,11 @@ BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USE
                
        /* Prepare data */
        
+       if ( !(mem_ctx = TALLOC_P( NULL, int )) ) {
+               DEBUG(0,("netsamlogon_cache_store: talloc() failed!\n"));
+               return False;
+       }
+
        prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
        
        if ( !prs_uint32( "timestamp", &ps, 0, (uint32*)&t ) )
@@ -157,6 +163,8 @@ BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USE
                
                prs_mem_free( &ps );
        }
+
+       TALLOC_FREE( mem_ctx );
                
        return result;
 }
@@ -175,7 +183,7 @@ NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, const DOM_SID *user
        uint32          t;
        
        if (!netsamlogon_cache_init()) {
-               DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n", NETSAMLOGON_TDB));
+               DEBUG(0,("netsamlogon_cache_get: cannot open %s for write!\n", NETSAMLOGON_TDB));
                return False;
        }
 

diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c
index d398e41468c55aed3c24637eaf5450b656557b2e..6b65d7bfe4e1849cf9c20d54ecb67e8247550d5d 100644 (file)
--- a/source/nsswitch/winbindd_pam.c
+++ b/source/nsswitch/winbindd_pam.c
@@ -382,7 +382,7 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
        } while ( (attempts < 2) && retry );
 
        if (NT_STATUS_IS_OK(result)) {
-               netsamlogon_cache_store(state->mem_ctx, name_user, &info3);
+               netsamlogon_cache_store(name_user, &info3);
                wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
 
                /* Check if the user is in the right group */
@@ -667,7 +667,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
        } while ( (attempts < 2) && retry );
 
        if (NT_STATUS_IS_OK(result)) {
-               netsamlogon_cache_store(state->mem_ctx, name_user, &info3);
+               netsamlogon_cache_store(name_user, &info3);
                wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
 
                /* Check if the user is in the right group */

diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index 9ac258cb5e9dd68e309aa30cbc66903c21817f89..2c9676016783c611a43082bbca6fe516217df129 100644 (file)
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -180,10 +180,6 @@ static int reply_spnego_kerberos(connection_struct *conn,
                return ERROR_NT(NT_STATUS_LOGON_FAILURE);
        }
 
-       if (pac_data) {
-               logon_info = get_logon_info_from_pac(pac_data);
-       }
-
        DEBUG(3,("Ticket name is [%s]\n", client));
 
        p = strchr_m(client, '@');
@@ -196,6 +192,14 @@ static int reply_spnego_kerberos(connection_struct *conn,
        }
 
        *p = 0;
+
+       /* save the PAC data if we have it */
+
+       if (pac_data) {
+               logon_info = get_logon_info_from_pac(pac_data);
+               netsamlogon_cache_store( client, &logon_info->info3 );
+       }
+
        if (!strequal(p+1, lp_realm())) {
                DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
                if (!lp_allow_trusted_domains()) {