From 97f9ef7ea639f6e81bf5bc04e1fe379245d2a28d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 13 Feb 2010 11:22:57 -0500 Subject: [PATCH] mit_samba: fix pac updates The update interface is actually asymetric. We send a whole pac and receive back only a logon info buffer. Make it clear by decoupling the input buffer from the output buffer. Also fix segfault if client is missing. This may happen for cross-realm trusts where the client comes from a trusted realm. --- src/plugins/kdb/samba/kdb_samba.h | 10 ++++++---- src/plugins/kdb/samba/kdb_samba_policies.c | 20 +++++++++++--------- src/plugins/kdb/samba/mit_samba_interface.h | 3 ++- 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/src/plugins/kdb/samba/kdb_samba.h b/src/plugins/kdb/samba/kdb_samba.h index aebfb35c5..533158a9f 100644 --- a/src/plugins/kdb/samba/kdb_samba.h +++ b/src/plugins/kdb/samba/kdb_samba.h @@ -55,6 +55,8 @@ #define HDB_ERR_NO_MKEY 36150284 #define HDB_ERR_MANDATORY_OPTION 36150285 +#define PAC_LOGON_INFO 1 + typedef struct hdb_entry_ex { void *ctx; hdb_entry entry; @@ -89,10 +91,10 @@ struct ks_context { #define KS_GET_NEXTKEY(ks, pptr) \ (ks)->fns->get_nextkey((ks)->ctx, pptr) -#define KS_GET_PAC(ks, ptr1, ptr2) \ - (ks)->fns->get_pac((ks)->ctx, ptr1, ptr2) -#define KS_UPDATE_PAC(ks, ptr1, ptr2) \ - (ks)->fns->get_pac((ks)->ctx, ptr1, ptr2) +#define KS_GET_PAC(ks, cli, ptr) \ + (ks)->fns->get_pac((ks)->ctx, cli, ptr) +#define KS_UPDATE_PAC(ks, cli, ptr1, ptr2) \ + (ks)->fns->update_pac((ks)->ctx, cli, ptr1, ptr2) #define KS_CLIENT_ACCESS(ks, cli, clin, srv, srvn, nbn, pwc, ptr) \ (ks)->fns->client_access((ks)->ctx, cli, clin, srv, srvn, nbn, pwc, ptr) diff --git a/src/plugins/kdb/samba/kdb_samba_policies.c b/src/plugins/kdb/samba/kdb_samba_policies.c index ee9891e04..be0a2f56f 100644 --- a/src/plugins/kdb/samba/kdb_samba_policies.c +++ b/src/plugins/kdb/samba/kdb_samba_policies.c @@ -217,8 +217,6 @@ ks_get_pac(krb5_context context, data = make_data(pac_data.data, pac_data.length); - /* FIXME: PAC buffer types are not in a header */ - #define PAC_LOGON_INFO 1 code = krb5_pac_add_buffer(context, *pac, PAC_LOGON_INFO, &data); if (code != 0) { goto done; @@ -236,10 +234,11 @@ ks_verify_pac(krb5_context context, krb5_pac *pac) { struct ks_context *ks = GET_KS_CONTEXT(context); - hdb_entry_ex *hentry = (hdb_entry_ex *)req->client->e_data; + hdb_entry_ex *hentry = NULL; krb5_authdata **authdata = NULL; krb5_pac ipac = NULL; - DATA_BLOB pac_data; + DATA_BLOB pac_data = { NULL, 0 }; + DATA_BLOB logon_data = { NULL, 0 }; krb5_data data; krb5_error_code code; int error; @@ -292,10 +291,15 @@ ks_verify_pac(krb5_context context, goto done; } + /* check and update PAC */ + if (req->client) { + hentry = (hdb_entry_ex *)req->client->e_data; + } + pac_data.data = authdata[0]->contents; pac_data.length = authdata[0]->length; - error = KS_UPDATE_PAC(ks, hentry, &pac_data); + error = KS_UPDATE_PAC(ks, hentry, &pac_data, &logon_data); code = ks_map_error(error); if (code != 0) { goto done; @@ -306,10 +310,8 @@ ks_verify_pac(krb5_context context, goto done; } - data = make_data(pac_data.data, pac_data.length); + data = make_data(logon_data.data, logon_data.length); - /* FIXME: PAC buffer types are not in a header */ - #define PAC_LOGON_INFO 1 code = krb5_pac_add_buffer(context, *pac, PAC_LOGON_INFO, &data); if (code != 0) { goto done; @@ -318,7 +320,7 @@ ks_verify_pac(krb5_context context, done: krb5_free_authdata(context, authdata); krb5_pac_free(context, ipac); - free(pac_data.data); + free(logon_data.data); return code; } diff --git a/src/plugins/kdb/samba/mit_samba_interface.h b/src/plugins/kdb/samba/mit_samba_interface.h index 9b0da99e2..b92f7bf0c 100644 --- a/src/plugins/kdb/samba/mit_samba_interface.h +++ b/src/plugins/kdb/samba/mit_samba_interface.h @@ -49,7 +49,8 @@ struct mit_samba_function_table { /* windc */ int (*get_pac)(struct mit_samba_context *, hdb_entry_ex *, DATA_BLOB *); - int (*update_pac)(struct mit_samba_context *, hdb_entry_ex *, DATA_BLOB *); + int (*update_pac)(struct mit_samba_context *, hdb_entry_ex *, + DATA_BLOB *, DATA_BLOB *); int (*client_access)(struct mit_samba_context *, hdb_entry_ex *, const char *, hdb_entry_ex *, const char *, -- 2.34.1