s3: auth: Fix winbindd_pam_auth_pac_send() to create a new info3 and merge in resourc...

Based on a patch from Richard Sharpe <realrichardsharpe@gmail.com>.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 18 03:30:36 CEST 2014 on sn-devel-104

(cherry picked from commit e907f8415639d2a7cbc1cc2e40e2e35bfa0024de)

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 10d30d26831d431a8eac5ac929f8b26e882db7fc..88fa14debb67bcc62fce165dedc68e7cc7046a30 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2418,6 +2418,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
        struct winbindd_request *req = state->request;
        DATA_BLOB pac_blob;
        struct PAC_LOGON_INFO *logon_info = NULL;
+       struct netr_SamInfo3 *info3_copy = NULL;
        NTSTATUS result;
 
        pac_blob = data_blob_const(req->extra_data.data, req->extra_len);
@@ -2431,7 +2432,13 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
 
        if (logon_info) {
                /* Signature verification succeeded, trust the PAC */
-               netsamlogon_cache_store(NULL, &logon_info->info3);
+               result = create_info3_from_pac_logon_info(state->mem_ctx,
+                                                       logon_info,
+                                                       &info3_copy);
+               if (!NT_STATUS_IS_OK(result)) {
+                       return result;
+               }
+               netsamlogon_cache_store(NULL, info3_copy);
 
        } else {
                /* Try without signature verification */
@@ -2443,9 +2450,22 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
                                   nt_errstr(result)));
                        return result;
                }
+               if (logon_info) {
+                       /*
+                        * Don't strictly need to copy here,
+                        * but it makes it explicit we're
+                        * returning a copy talloc'ed off
+                        * the state->mem_ctx.
+                        */
+                       info3_copy = copy_netr_SamInfo3(state->mem_ctx,
+                                       &logon_info->info3);
+                       if (info3_copy == NULL) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
+               }
        }
 
-       *info3 = &logon_info->info3;
+       *info3 = info3_copy;
 
        return NT_STATUS_OK;
 }