auth: Common function for retrieving PAC_LOGIN_INFO from PAC

Several functions use the same logic as kerberos_pac_logon_info. Move
kerberos_pac_logon_info to common code and reuse it to remove the code
duplication.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c
index eacf39d321ea04c59d25655bfc3fa4f339747a6b..80f31d869f1231377d3f7d9b651104073e6b4158 100644 (file)
--- a/auth/kerberos/kerberos_pac.c
+++ b/auth/kerberos/kerberos_pac.c
@@ -402,4 +402,41 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
        return NT_STATUS_OK;
 }
 
+NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
+                                DATA_BLOB blob,
+                                krb5_context context,
+                                const krb5_keyblock *krbtgt_keyblock,
+                                const krb5_keyblock *service_keyblock,
+                                krb5_const_principal client_principal,
+                                time_t tgs_authtime,
+                                struct PAC_LOGON_INFO **logon_info)
+{
+       NTSTATUS nt_status;
+       struct PAC_DATA *pac_data;
+       int i;
+       nt_status = kerberos_decode_pac(mem_ctx,
+                                       blob,
+                                       context,
+                                       krbtgt_keyblock,
+                                       service_keyblock,
+                                       client_principal,
+                                       tgs_authtime,
+                                       &pac_data);
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               return nt_status;
+       }
+
+       *logon_info = NULL;
+       for (i=0; i < pac_data->num_buffers; i++) {
+               if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
+                       continue;
+               }
+               *logon_info = pac_data->buffers[i].info->logon_info.info;
+       }
+       if (!*logon_info) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+       return NT_STATUS_OK;
+}
+
 #endif

diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h
index d654bec208b87ffd6237b390419af5bf4ac7b741..b9b66649eef5f51f9c508e70ceafe3c3136980c7 100644 (file)
--- a/auth/kerberos/pac_utils.h
+++ b/auth/kerberos/pac_utils.h
@@ -26,6 +26,7 @@
 
 struct PAC_SIGNATURE_DATA;
 struct PAC_DATA;
+struct PAC_LOGON_INFO;
 
 krb5_error_code check_pac_checksum(DATA_BLOB pac_data,
                                   struct PAC_SIGNATURE_DATA *sig,
@@ -41,6 +42,15 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
                             time_t tgs_authtime,
                             struct PAC_DATA **pac_data_out);
 
+NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
+                                DATA_BLOB blob,
+                                krb5_context context,
+                                const krb5_keyblock *krbtgt_keyblock,
+                                const krb5_keyblock *service_keyblock,
+                                krb5_const_principal client_principal,
+                                time_t tgs_authtime,
+                                struct PAC_LOGON_INFO **logon_info);
+
 NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
                                gss_ctx_id_t gssapi_context,
                                gss_name_t gss_client_name,

diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 82b376feb647ec26e2de3818c519736ebb1f7fa8..80f5fa7d3e3611769f58f52646a6cf6815c56255 100644 (file)
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -42,9 +42,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
                                                struct auth_session_info **session_info)
 {
        TALLOC_CTX *tmp_ctx;
-       struct PAC_DATA *pac_data = NULL;
        struct PAC_LOGON_INFO *logon_info = NULL;
-       unsigned int i;
        bool is_mapped;
        bool is_guest;
        char *ntuser;
@@ -62,36 +60,14 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
 
        if (pac_blob) {
 #ifdef HAVE_KRB5
-               status = kerberos_decode_pac(tmp_ctx,
-                                    *pac_blob,
-                                    NULL, NULL, NULL, NULL, 0, &pac_data);
+               status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
+                                                NULL, NULL, 0, &logon_info);
 #else
                status = NT_STATUS_ACCESS_DENIED;
 #endif
                if (!NT_STATUS_IS_OK(status)) {
                        goto done;
                }
-
-               /* get logon name and logon info */
-               for (i = 0; i < pac_data->num_buffers; i++) {
-                       struct PAC_BUFFER *data_buf = &pac_data->buffers[i];
-
-                       switch (data_buf->type) {
-                       case PAC_TYPE_LOGON_INFO:
-                               if (!data_buf->info) {
-                                       break;
-                               }
-                               logon_info = data_buf->info->logon_info.info;
-                               break;
-                       default:
-                               break;
-                       }
-               }
-               if (!logon_info) {
-                       DEBUG(1, ("Invalid PAC data, missing logon info!\n"));
-                       status = NT_STATUS_NOT_FOUND;
-                       goto done;
-               }
        }
 
        rc = get_remote_hostname(remote_address,

diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 60897bf5fb5de072885e466990f15fa0a6aace36..2c667a66bcd3dcea68c0dda7991ddb4cdf768313 100644 (file)
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -51,9 +51,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
                                   struct auth_session_info **session_info)
 {
        TALLOC_CTX *tmp_ctx;
-       struct PAC_DATA *pac_data = NULL;
        struct PAC_LOGON_INFO *logon_info = NULL;
-       unsigned int i;
        NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
 
        tmp_ctx = talloc_new(mem_ctx);
@@ -62,34 +60,13 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
        }
 
        if (pac_blob) {
-               status = kerberos_decode_pac(tmp_ctx,
-                                    *pac_blob,
-                                    NULL, NULL, NULL, NULL, 0, &pac_data);
+               status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
+                                                NULL, NULL, 0, &logon_info);
                if (!NT_STATUS_IS_OK(status)) {
                        goto done;
                }
-
-               /* get logon name and logon info */
-               for (i = 0; i < pac_data->num_buffers; i++) {
-                       struct PAC_BUFFER *data_buf = &pac_data->buffers[i];
-
-                       switch (data_buf->type) {
-                       case PAC_TYPE_LOGON_INFO:
-                               if (!data_buf->info) {
-                                       break;
-                               }
-                               logon_info = data_buf->info->logon_info.info;
-                               break;
-                       default:
-                               break;
-                       }
-               }
-               if (!logon_info) {
-                       DEBUG(1, ("Invalid PAC data, missing logon info!\n"));
-                       status = NT_STATUS_NOT_FOUND;
-                       goto done;
-               }
        }
+
        talloc_set_name_const(logon_info, "struct PAC_LOGON_INFO");
 
        auth_ctx->private_data = talloc_steal(auth_ctx, logon_info);

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index a832b5bc60f97a7c3e609da4a27dd70d1b03082b..afb51e9356b1debbd2afb62c76ce53d7739945f9 100644 (file)
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -716,9 +716,7 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c
                                                    struct auth_session_info **session_info)
 {
        TALLOC_CTX *tmp_ctx;
-       struct PAC_DATA *pac_data = NULL;
        struct PAC_LOGON_INFO *logon_info = NULL;
-       unsigned int i;
        char *unixuser;
        NTSTATUS status;
        char *domain = NULL;
@@ -733,36 +731,14 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c
 
        if (pac_blob) {
 #ifdef HAVE_KRB5
-               status = kerberos_decode_pac(tmp_ctx,
-                                    *pac_blob,
-                                    NULL, NULL, NULL, NULL, 0, &pac_data);
+               status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
+                                                NULL, NULL, 0, &logon_info);
 #else
                status = NT_STATUS_ACCESS_DENIED;
 #endif
                if (!NT_STATUS_IS_OK(status)) {
                        goto done;
                }
-
-               /* get logon name and logon info */
-               for (i = 0; i < pac_data->num_buffers; i++) {
-                       struct PAC_BUFFER *data_buf = &pac_data->buffers[i];
-
-                       switch (data_buf->type) {
-                       case PAC_TYPE_LOGON_INFO:
-                               if (!data_buf->info) {
-                                       break;
-                               }
-                               logon_info = data_buf->info->logon_info.info;
-                               break;
-                       default:
-                               break;
-                       }
-               }
-               if (!logon_info) {
-                       DEBUG(1, ("Invalid PAC data, missing logon info!\n"));
-                       status = NT_STATUS_NOT_FOUND;
-                       goto done;
-               }
        }
 
        DEBUG(3, ("Kerberos ticket principal name is [%s]\n", princ_name));

diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index 707426d4962503af3bc015a32cbd3eaa7eb020f7..51b80556bf81cb131000ce6d98f9972b695e06ca 100644 (file)
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -83,14 +83,6 @@ const krb5_data *krb5_princ_component(krb5_context context, krb5_principal princ
 #endif
 
 /* Samba wrapper function for krb5 functionality. */
-NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
-                                DATA_BLOB blob,
-                                krb5_context context,
-                                const krb5_keyblock *krbtgt_keyblock,
-                                const krb5_keyblock *service_keyblock,
-                                krb5_const_principal client_principal,
-                                time_t tgs_authtime,
-                                struct PAC_LOGON_INFO **logon_info);
  krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
                                    struct PAC_DATA *pac_data,
                                    krb5_context context,

diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 85b62632bac3770a337da23c904d5bfb22604bee..76c1d99d916f6c32a33c7cff33328bfbe6a464c2 100644 (file)
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -33,43 +33,6 @@
 #include "auth/kerberos/kerberos_util.h"
 #include "auth/kerberos/pac_utils.h"
 
-_PUBLIC_  NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
-                                          DATA_BLOB blob,
-                                          krb5_context context,
-                                          const krb5_keyblock *krbtgt_keyblock,
-                                          const krb5_keyblock *service_keyblock,
-                                          krb5_const_principal client_principal,
-                                          time_t tgs_authtime,
-                                          struct PAC_LOGON_INFO **logon_info)
-{
-       NTSTATUS nt_status;
-       struct PAC_DATA *pac_data;
-       int i;
-       nt_status = kerberos_decode_pac(mem_ctx,
-                                       blob,
-                                       context,
-                                       krbtgt_keyblock,
-                                       service_keyblock,
-                                       client_principal,
-                                       tgs_authtime,
-                                       &pac_data);
-       if (!NT_STATUS_IS_OK(nt_status)) {
-               return nt_status;
-       }
-
-       *logon_info = NULL;
-       for (i=0; i < pac_data->num_buffers; i++) {
-               if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
-                       continue;
-               }
-               *logon_info = pac_data->buffers[i].info->logon_info.info;
-       }
-       if (!*logon_info) {
-               return NT_STATUS_INVALID_PARAMETER;
-       }
-       return NT_STATUS_OK;
-}
-
  krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
                                    struct PAC_DATA *pac_data,
                                    krb5_context context,