The Samba-Bugzilla – Attachment 12513 Details for
Bug 11259
smbd contacts a domain controller for each session
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am test patch for master
0001-s3-auth-Use-wbcAuthenticateUserEx-to-prime-the-netsa.patch (text/plain), 2.77 KB, created by
Jeremy Allison
on 2016-09-27 00:13:15 UTC
(
hide
)
Description:
git-am test patch for master
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2016-09-27 00:13:15 UTC
Size:
2.77 KB
patch
obsolete
>From 9f24ac137eec3856d0fda09e0ae094d4d6ac0ebc Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 26 Sep 2016 17:07:44 -0700 >Subject: [PATCH] s3: auth: Use wbcAuthenticateUserEx to prime the netsamlogon > cache. > >Idea by Volker - use WBC_AUTH_USER_LEVEL_PAC to pass >the PAC to winbind from smbd on auth, this allows >winbind to prime the user info via netsamlogon_cache_store() >*before* smbd looks up the user. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/auth/auth_generic.c | 40 ++++++++++++++++++++++++++++++++++++++-- > 1 file changed, 38 insertions(+), 2 deletions(-) > >diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c >index 74eb2fa..8cda9a3 100644 >--- a/source3/auth/auth_generic.c >+++ b/source3/auth/auth_generic.c >@@ -28,6 +28,7 @@ > #include "lib/param/param.h" > #ifdef HAVE_KRB5 > #include "auth/kerberos/pac_utils.h" >+#include "nsswitch/libwbclient/wbclient.h" > #endif > #include "librpc/crypto/gse.h" > #include "auth/credentials/credentials.h" >@@ -63,6 +64,42 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, > > if (pac_blob) { > #ifdef HAVE_KRB5 >+ struct wbcAuthUserParams params = {}; >+ struct wbcAuthUserInfo *info = NULL; >+ struct wbcAuthErrorInfo *err = NULL; >+ wbcErr wbc_err; >+ >+ /* >+ * Let winbind decode the PAC. >+ * This will also store the user >+ * data in the netsamlogon cache. >+ * >+ * We need to do this *before* we >+ * call get_user_from_kerberos_info() >+ * as that does a user lookup that >+ * expects info in the netsamlogon cache. >+ * >+ * See BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259 >+ */ >+ params.level = WBC_AUTH_USER_LEVEL_PAC; >+ params.password.pac.data = pac_blob->data; >+ params.password.pac.length = pac_blob->length; >+ >+ become_root(); >+ wbc_err = wbcAuthenticateUserEx(¶ms, &info, &err); >+ unbecome_root(); >+ >+ if (wbc_err == WBC_ERR_AUTH_ERROR) { >+ status = NT_STATUS(err->nt_status); >+ wbcFreeMemory(err); >+ goto done; >+ } >+ >+ if (!WBC_ERROR_IS_OK(wbc_err)) { >+ status = NT_STATUS_LOGON_FAILURE; >+ goto done; >+ } >+ > status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL, > NULL, NULL, 0, &logon_info); > #else >@@ -101,7 +138,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, > goto done; > } > >- /* save the PAC data if we have it */ >+ /* Get the info3 from the PAC data if we have it */ > if (logon_info) { > status = create_info3_from_pac_logon_info(tmp_ctx, > logon_info, >@@ -109,7 +146,6 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, > if (!NT_STATUS_IS_OK(status)) { > goto done; > } >- netsamlogon_cache_store(ntuser, info3_copy); > } > > /* setup the string used by %U */ >-- >2.7.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 11259
:
11025
|
11026
|
11027
|
11028
|
11043
|
11044
|
11045
|
11047
|
11049
|
11050
|
11053
|
11059
|
11060
|
11061
|
11062
|
12513
|
12514
|
12515
|
12516
|
12553
|
12586