From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 28 Feb 2024 16:27:39 +0000 (+0100)
Subject: s3:libads: use smb_krb5_cc_new_unique_memory() in kerberos_return_pac()
X-Git-Tag: tdb-1.4.11~838
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=147565232dc7cc3127e09268000723c5a3eea62b;p=thirdparty%2Fsamba.git

s3:libads: use smb_krb5_cc_new_unique_memory() in kerberos_return_pac()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index f9ddd630c33..6673b2ff752 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -110,7 +110,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
 	DATA_BLOB ap_rep = data_blob_null;
 	DATA_BLOB sesskey1 = data_blob_null;
 	const char *auth_princ = NULL;
-	const char *cc = "MEMORY:kerberos_return_pac";
+	const char *cc = NULL;
 	struct auth_session_info *session_info;
 	struct gensec_security *gensec_server_context;
 	const struct gensec_security_ops **backends;
@@ -121,6 +121,8 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
 	struct PAC_DATA_CTR *pac_data_ctr = NULL;
 	char *canon_principal = NULL;
 	char *canon_realm = NULL;
+	krb5_context ctx = NULL;
+	krb5_ccache ccid = NULL;
 
 	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
 	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
@@ -144,6 +146,24 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
 
 	if (cache_name) {
 		cc = cache_name;
+	} else {
+		char *ccname = NULL;
+
+		ret = smb_krb5_init_context_common(&ctx);
+		if (ret != 0) {
+			status = krb5_to_nt_status(ret);
+			goto out;
+		}
+
+		ret = smb_krb5_cc_new_unique_memory(ctx,
+						    tmp_ctx,
+						    &ccname,
+						    &ccid);
+		if (ret != 0) {
+			status = krb5_to_nt_status(ret);
+			goto out;
+		}
+		cc = ccname;
 	}
 
 	if (!strchr_m(name, '@')) {
@@ -307,10 +327,15 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
 	}
 
 out:
-	talloc_free(tmp_ctx);
-	if (cc != cache_name) {
-		ads_kdestroy(cc);
+	if (ccid != NULL) {
+		krb5_cc_destroy(ctx, ccid);
+		ccid = NULL;
 	}
+	if (ctx != NULL) {
+		krb5_free_context(ctx);
+		ctx = NULL;
+	}
+	talloc_free(tmp_ctx);
 
 	data_blob_free(&tkt);
 	data_blob_free(&ap_rep);