summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-07-09 04:58:15 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:19:25 -0500
commite75c7ff39fadb115de7bb5a26e2bb621dca22768 (patch)
tree3c74af8ab627bf8109264a3786bf88c3d05c74a4
parent38ec84a75c71b35ea88ba0efe5b935f7a0cdbe22 (diff)
downloadsamba-e75c7ff39fadb115de7bb5a26e2bb621dca22768.tar.gz
samba-e75c7ff39fadb115de7bb5a26e2bb621dca22768.tar.bz2
samba-e75c7ff39fadb115de7bb5a26e2bb621dca22768.zip
r8252: Steal metze's thunder, and prove that with a few small tweaks, we can
now push/pull a sample PAC, and still have the same byte buffer. (Metze set up the string code, and probably already has a similar patch). Unfortunetly win2k3 still doesn't like what we provide, but every step helps. Also use data_blob_const() when we are just wrapping data for API reasons. Andrew Bartlett (This used to be commit e7c8076fc1459ff2ccefdaf0b091d04ee6137957)
-rw-r--r--source4/auth/kerberos/kerberos_pac.c4
-rw-r--r--source4/librpc/idl/netlogon.idl10
-rw-r--r--source4/torture/auth/pac.c9
3 files changed, 18 insertions, 5 deletions
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 858f91045c..f561bdfe76 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -170,7 +170,7 @@ static NTSTATUS check_pac_checksum(TALLOC_CTX *mem_ctx,
if (krbtgt_keyblock) {
DATA_BLOB service_checksum_blob
- = data_blob(srv_sig_ptr->signature, sizeof(srv_sig_ptr->signature));
+ = data_blob_const(srv_sig_ptr->signature, sizeof(srv_sig_ptr->signature));
status = check_pac_checksum(mem_ctx,
service_checksum_blob, &kdc_sig,
@@ -377,7 +377,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
context, service_keyblock);
service_checksum_blob
- = data_blob(SRV_CHECKSUM->signature, sizeof(SRV_CHECKSUM->signature));
+ = data_blob_const(SRV_CHECKSUM->signature, sizeof(SRV_CHECKSUM->signature));
/* Then sign Server checksum */
ret = make_pac_checksum(mem_ctx, service_checksum_blob, KDC_CHECKSUM, context, krbtgt_keyblock);
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index bd06912b29..1089784ce1 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -19,6 +19,12 @@ interface netlogon
{
declare bitmap samr_AcctFlags;
+ typedef struct {
+ [value(2*strlen_m(string))] uint16 length;
+ [value(2*(strlen_m(string)+1))] uint16 size;
+ [flag(STR_NOTERM|STR_SIZE4|STR_LEN4|STR_LARGE_SIZE)] string *string;
+ } netr_StringLarge;
+
/*****************/
/* Function 0x00 */
@@ -158,8 +164,8 @@ interface netlogon
samr_RidWithAttributeArray groups;
uint32 user_flags;
netr_UserSessionKey key;
- lsa_String logon_server;
- lsa_String domain;
+ netr_StringLarge logon_server;
+ netr_StringLarge domain;
dom_sid2 *domain_sid;
netr_LMSessionKey LMSessKey;
samr_AcctFlags acct_flags;
diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c
index ade68fcd77..f03b20b286 100644
--- a/source4/torture/auth/pac.c
+++ b/source4/torture/auth/pac.c
@@ -302,12 +302,19 @@ static BOOL torture_pac_saved_check(void)
* to create the pointer values
*/
if (tmp_blob.length != validate_blob.length) {
- DEBUG(0, ("PAC push failed orignial buffer length[%u] != created buffer length[%u]\n",
+ DEBUG(0, ("PAC push failed: orignial buffer length[%u] != created buffer length[%u]\n",
tmp_blob.length, validate_blob.length));
talloc_free(mem_ctx);
return False;
}
+ if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) {
+ DEBUG(0, ("PAC push failed: length[%u] matches, but data does not\n",
+ tmp_blob.length));
+ talloc_free(mem_ctx);
+ return False;
+ }
+
talloc_free(mem_ctx);
return True;
}