diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-07-09 04:58:15 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:19:25 -0500 |
| commit | e75c7ff39fadb115de7bb5a26e2bb621dca22768 (patch) | |
| tree | 3c74af8ab627bf8109264a3786bf88c3d05c74a4 | |
| parent | 38ec84a75c71b35ea88ba0efe5b935f7a0cdbe22 (diff) | |
| download | samba-e75c7ff39fadb115de7bb5a26e2bb621dca22768.tar.gz samba-e75c7ff39fadb115de7bb5a26e2bb621dca22768.tar.bz2 samba-e75c7ff39fadb115de7bb5a26e2bb621dca22768.zip | |
r8252: Steal metze's thunder, and prove that with a few small tweaks, we can
now push/pull a sample PAC, and still have the same byte buffer.
(Metze set up the string code, and probably already has a similar
patch).
Unfortunetly win2k3 still doesn't like what we provide, but every step helps.
Also use data_blob_const() when we are just wrapping data for API
reasons.
Andrew Bartlett
(This used to be commit e7c8076fc1459ff2ccefdaf0b091d04ee6137957)
| -rw-r--r-- | source4/auth/kerberos/kerberos_pac.c | 4 | ||||
| -rw-r--r-- | source4/librpc/idl/netlogon.idl | 10 | ||||
| -rw-r--r-- | source4/torture/auth/pac.c | 9 |
3 files changed, 18 insertions, 5 deletions
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c index 858f91045c..f561bdfe76 100644 --- a/source4/auth/kerberos/kerberos_pac.c +++ b/source4/auth/kerberos/kerberos_pac.c @@ -170,7 +170,7 @@ static NTSTATUS check_pac_checksum(TALLOC_CTX *mem_ctx, if (krbtgt_keyblock) { DATA_BLOB service_checksum_blob - = data_blob(srv_sig_ptr->signature, sizeof(srv_sig_ptr->signature)); + = data_blob_const(srv_sig_ptr->signature, sizeof(srv_sig_ptr->signature)); status = check_pac_checksum(mem_ctx, service_checksum_blob, &kdc_sig, @@ -377,7 +377,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, context, service_keyblock); service_checksum_blob - = data_blob(SRV_CHECKSUM->signature, sizeof(SRV_CHECKSUM->signature)); + = data_blob_const(SRV_CHECKSUM->signature, sizeof(SRV_CHECKSUM->signature)); /* Then sign Server checksum */ ret = make_pac_checksum(mem_ctx, service_checksum_blob, KDC_CHECKSUM, context, krbtgt_keyblock); diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index bd06912b29..1089784ce1 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -19,6 +19,12 @@ interface netlogon { declare bitmap samr_AcctFlags; + typedef struct { + [value(2*strlen_m(string))] uint16 length; + [value(2*(strlen_m(string)+1))] uint16 size; + [flag(STR_NOTERM|STR_SIZE4|STR_LEN4|STR_LARGE_SIZE)] string *string; + } netr_StringLarge; + /*****************/ /* Function 0x00 */ @@ -158,8 +164,8 @@ interface netlogon samr_RidWithAttributeArray groups; uint32 user_flags; netr_UserSessionKey key; - lsa_String logon_server; - lsa_String domain; + netr_StringLarge logon_server; + netr_StringLarge domain; dom_sid2 *domain_sid; netr_LMSessionKey LMSessKey; samr_AcctFlags acct_flags; diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c index ade68fcd77..f03b20b286 100644 --- a/source4/torture/auth/pac.c +++ b/source4/torture/auth/pac.c @@ -302,12 +302,19 @@ static BOOL torture_pac_saved_check(void) * to create the pointer values */ if (tmp_blob.length != validate_blob.length) { - DEBUG(0, ("PAC push failed orignial buffer length[%u] != created buffer length[%u]\n", + DEBUG(0, ("PAC push failed: orignial buffer length[%u] != created buffer length[%u]\n", tmp_blob.length, validate_blob.length)); talloc_free(mem_ctx); return False; } + if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) { + DEBUG(0, ("PAC push failed: length[%u] matches, but data does not\n", + tmp_blob.length)); + talloc_free(mem_ctx); + return False; + } + talloc_free(mem_ctx); return True; } |