s3: auth: Change auth3_generate_session_info_pac() to use a copy of the info3 struct...

Call create_info3_from_pac_logon_info() to add in any resource SIDs
from the struct PAC_LOGON_INFO to the info3.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
(cherry picked from commit 0e5a9f44e4b08b93bc4b501d1e14b59ed7b3647c)

diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 2880bc9e019060f74bad7e7b4bfa62f28998fc91..f841f0cdc24984ade0297bd17a4cbde0cdf2df7c 100644 (file)
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -44,6 +44,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
 {
        TALLOC_CTX *tmp_ctx;
        struct PAC_LOGON_INFO *logon_info = NULL;
+       struct netr_SamInfo3 *info3_copy = NULL;
        bool is_mapped;
        bool is_guest;
        char *ntuser;
@@ -101,7 +102,13 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
 
        /* save the PAC data if we have it */
        if (logon_info) {
-               netsamlogon_cache_store(ntuser, &logon_info->info3);
+               status = create_info3_from_pac_logon_info(tmp_ctx,
+                                       logon_info,
+                                       &info3_copy);
+               if (!NT_STATUS_IS_OK(status)) {
+                       goto done;
+               }
+               netsamlogon_cache_store(ntuser, info3_copy);
        }
 
        /* setup the string used by %U */
@@ -112,7 +119,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
 
        status = make_session_info_krb5(mem_ctx,
                                        ntuser, ntdomain, username, pw,
-                                       &logon_info->info3, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
+                                       info3_copy, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
                                        session_info);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",