r8252: Steal metze's thunder, and prove that with a few small tweaks, we can

now push/pull a sample PAC, and still have the same byte buffer.
(Metze set up the string code, and probably already has a similar
patch).

Unfortunetly win2k3 still doesn't like what we provide, but every step helps.

Also use data_blob_const() when we are just wrapping data for API
reasons.

Andrew Bartlett
(This used to be commit e7c8076fc1459ff2ccefdaf0b091d04ee6137957)

1 files changed, 2 insertions, 2 deletions

diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 858f91045c..f561bdfe76 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -170,7 +170,7 @@ static NTSTATUS check_pac_checksum(TALLOC_CTX *mem_ctx,
 
 	if (krbtgt_keyblock) {
 		DATA_BLOB service_checksum_blob
-			= data_blob(srv_sig_ptr->signature, sizeof(srv_sig_ptr->signature));
+			= data_blob_const(srv_sig_ptr->signature, sizeof(srv_sig_ptr->signature));
 
 		status = check_pac_checksum(mem_ctx, 
 					    service_checksum_blob, &kdc_sig, 
@@ -377,7 +377,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
 				context, service_keyblock);
 
 	service_checksum_blob
-		= data_blob(SRV_CHECKSUM->signature, sizeof(SRV_CHECKSUM->signature));
+		= data_blob_const(SRV_CHECKSUM->signature, sizeof(SRV_CHECKSUM->signature));
 
 	/* Then sign Server checksum */
 	ret = make_pac_checksum(mem_ctx, service_checksum_blob, KDC_CHECKSUM, context, krbtgt_keyblock);