s3: auth: Fix winbindd_pam_auth_pac_send() to create a new info3 and merge in resourc...

Based on a patch from Richard Sharpe <realrichardsharpe@gmail.com>.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 18 03:30:36 CEST 2014 on sn-devel-104

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 1fb4360e3511200f6f930b384dd3e822a8299178..1112b21cbae962c70b1b8e57f173621136104134 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2450,6 +2450,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
        struct winbindd_request *req = state->request;
        DATA_BLOB pac_blob;
        struct PAC_LOGON_INFO *logon_info = NULL;
+       struct netr_SamInfo3 *info3_copy = NULL;
        NTSTATUS result;
 
        pac_blob = data_blob_const(req->extra_data.data, req->extra_len);
@@ -2463,7 +2464,13 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
 
        if (logon_info) {
                /* Signature verification succeeded, trust the PAC */
-               netsamlogon_cache_store(NULL, &logon_info->info3);
+               result = create_info3_from_pac_logon_info(state->mem_ctx,
+                                                       logon_info,
+                                                       &info3_copy);
+               if (!NT_STATUS_IS_OK(result)) {
+                       return result;
+               }
+               netsamlogon_cache_store(NULL, info3_copy);
 
        } else {
                /* Try without signature verification */
@@ -2475,9 +2482,22 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
                                   nt_errstr(result)));
                        return result;
                }
+               if (logon_info) {
+                       /*
+                        * Don't strictly need to copy here,
+                        * but it makes it explicit we're
+                        * returning a copy talloc'ed off
+                        * the state->mem_ctx.
+                        */
+                       info3_copy = copy_netr_SamInfo3(state->mem_ctx,
+                                       &logon_info->info3);
+                       if (info3_copy == NULL) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
+               }
        }
 
-       *info3 = &logon_info->info3;
+       *info3 = info3_copy;
 
        return NT_STATUS_OK;
 }