1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

s3:winbindd: pass a NULL ccache to kerberos_return_pac() for a MEMORY ccache

It means kerberos_return_pac() will use smb_krb5_cc_new_unique_memory().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Stefan Metzmacher 2024-02-28 17:28:43 +01:00
parent 147565232d
commit e6c693b705

View File

@ -623,10 +623,10 @@ static NTSTATUS get_pwd_properties(struct winbindd_domain *domain,
#ifdef HAVE_KRB5 #ifdef HAVE_KRB5
static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx, static bool generate_krb5_ccache(TALLOC_CTX *mem_ctx,
const char *type, const char *type,
uid_t uid, uid_t uid,
const char **user_ccache_file) const char **user_ccache_file)
{ {
/* accept FILE and WRFILE as krb5_cc_type from the client and then /* accept FILE and WRFILE as krb5_cc_type from the client and then
* build the full ccname string based on the user's uid here - * build the full ccname string based on the user's uid here -
@ -638,19 +638,31 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
if (strequal(type, "FILE")) { if (strequal(type, "FILE")) {
gen_cc = talloc_asprintf( gen_cc = talloc_asprintf(
mem_ctx, "FILE:/tmp/krb5cc_%d", uid); mem_ctx, "FILE:/tmp/krb5cc_%d", uid);
if (gen_cc == NULL) {
return false;
}
} }
if (strequal(type, "WRFILE")) { if (strequal(type, "WRFILE")) {
gen_cc = talloc_asprintf( gen_cc = talloc_asprintf(
mem_ctx, "WRFILE:/tmp/krb5cc_%d", uid); mem_ctx, "WRFILE:/tmp/krb5cc_%d", uid);
if (gen_cc == NULL) {
return false;
}
} }
if (strequal(type, "KEYRING")) { if (strequal(type, "KEYRING")) {
gen_cc = talloc_asprintf( gen_cc = talloc_asprintf(
mem_ctx, "KEYRING:persistent:%d", uid); mem_ctx, "KEYRING:persistent:%d", uid);
if (gen_cc == NULL) {
return false;
}
} }
if (strequal(type, "KCM")) { if (strequal(type, "KCM")) {
gen_cc = talloc_asprintf(mem_ctx, gen_cc = talloc_asprintf(mem_ctx,
"KCM:%d", "KCM:%d",
uid); uid);
if (gen_cc == NULL) {
return false;
}
} }
if (strnequal(type, "FILE:/", 6) || if (strnequal(type, "FILE:/", 6) ||
@ -681,6 +693,9 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
true, true,
/* allow_trailing_dollar */ /* allow_trailing_dollar */
false); false);
if (gen_cc == NULL) {
return false;
}
} }
} }
} }
@ -688,18 +703,9 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
*user_ccache_file = gen_cc; *user_ccache_file = gen_cc;
if (gen_cc == NULL) { DBG_DEBUG("using ccache: %s\n", gen_cc != NULL ? gen_cc : "(internal)");
gen_cc = talloc_strdup(mem_ctx, "MEMORY:winbindd_pam_ccache");
}
if (gen_cc == NULL) {
DEBUG(0,("out of memory\n"));
return NULL;
}
DEBUG(10, ("using ccache: %s%s\n", gen_cc, return true;
(*user_ccache_file == NULL) ? " (internal)":""));
return gen_cc;
} }
#endif #endif
@ -772,14 +778,14 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
DEBUG(0,("no valid uid\n")); DEBUG(0,("no valid uid\n"));
} }
cc = generate_krb5_ccache(mem_ctx, ok = generate_krb5_ccache(mem_ctx,
krb5_cc_type, krb5_cc_type,
uid, uid,
&user_ccache_file); &user_ccache_file);
if (cc == NULL) { if (!ok) {
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
} }
cc = user_ccache_file;
/* 2nd step: /* 2nd step:
* get kerberos properties */ * get kerberos properties */
@ -1309,14 +1315,15 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
goto out; goto out;
} }
cc = generate_krb5_ccache(tmp_ctx, ok = generate_krb5_ccache(tmp_ctx,
krb5_cc_type, krb5_cc_type,
uid, uid,
&user_ccache_file); &user_ccache_file);
if (cc == NULL) { if (!ok) {
result = NT_STATUS_NO_MEMORY; result = NT_STATUS_NO_MEMORY;
goto out; goto out;
} }
cc = user_ccache_file;
realm = talloc_strdup(tmp_ctx, domain->alt_name); realm = talloc_strdup(tmp_ctx, domain->alt_name);
if (realm == NULL) { if (realm == NULL) {