Fix CID 476. Ensure a valid pac_data pointer is always passed to

ads_verify_ticket as it's always derefed.
Jeremy.

diff --git a/source/libads/kerberos_verify.c b/source/libads/kerberos_verify.c
index 7040093e901ab22ac6eae6d7ac04b353086d5ff8..5ce7aa6b4577ac336665012515c479e8d03642f7 100644 (file)
--- a/source/libads/kerberos_verify.c
+++ b/source/libads/kerberos_verify.c
@@ -501,8 +501,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
                DEBUG(3,("ads_verify_ticket: did not retrieve auth data. continuing without PAC\n"));
        }
 
-       if (got_auth_data && pac_data != NULL) {
-
+       if (got_auth_data) {
                pac_ret = decode_pac_data(mem_ctx, &auth_data, context, keyblock, client_principal, authtime, pac_data);
                if (!NT_STATUS_IS_OK(pac_ret)) {
                        DEBUG(3,("ads_verify_ticket: failed to decode PAC_DATA: %s\n", nt_errstr(pac_ret)));

diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index bc1d26faca268339b2e3bbdb546abf374f033e88..aee8e498e9d258d906aae384a36d8e49bc41be84 100644 (file)
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -259,7 +259,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
        fstring user;
        int sess_vuid = req->vuid;
        NTSTATUS ret = NT_STATUS_OK;
-       PAC_DATA *pac_data;
+       PAC_DATA *pac_data = NULL;
        DATA_BLOB ap_rep, ap_rep_wrapped, response;
        auth_serversupplied_info *server_info = NULL;
        DATA_BLOB session_key = data_blob_null;
@@ -271,7 +271,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
        PAC_LOGON_INFO *logon_info = NULL;
 
        ZERO_STRUCT(ticket);
-       ZERO_STRUCT(pac_data);
        ZERO_STRUCT(ap_rep);
        ZERO_STRUCT(ap_rep_wrapped);
        ZERO_STRUCT(response);

diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c
index 7e2771c9003e61baecdc4927668904dd1fa5b3fb..6a702fc0cfad85eea9fe566b3b6c21984da75118 100644 (file)
--- a/source/utils/ntlm_auth.c
+++ b/source/utils/ntlm_auth.c
@@ -1163,6 +1163,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
                        char *principal;
                        DATA_BLOB ap_rep;
                        DATA_BLOB session_key;
+                       PAC_DATA *pac_data = NULL;
 
                        if ( request.negTokenInit.mechToken.data == NULL ) {
                                DEBUG(1, ("Client did not provide Kerberos data\n"));
@@ -1177,7 +1178,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
 
                        status = ads_verify_ticket(mem_ctx, lp_realm(), 0,
                                                   &request.negTokenInit.mechToken,
-                                                  &principal, NULL, &ap_rep,
+                                                  &principal, &pac_data, &ap_rep,
                                                   &session_key, True);
 
                        talloc_destroy(mem_ctx);