r8110: More PAC work. I still can't get WinXP to accept the PAC, but we are

much closer.

This changes PIDL to allow a subcontext to have a pad8 flag, saying to
pad behind to an 8 byte boundary.  This is the only way I can explain
the 4 trainling zeros in the signature struct.

Far more importantly, the PAC code is now under self-test, both in
creating/parsing our own PAC, but also a PAC from my win2k3 server.
This required changing auth_anonymous, because I wanted to reuse the
anonymous 'server_info' generation code.

I'm still having trouble with PIDL, particulary as surrounds value(),
but I'll follow up on the list.

Andrew Bartlett
(This used to be commit 50a54bf4e9bf04d2a8e0aebb3482a2ff655c8bbb)

1 files changed, 10 insertions, 2 deletions

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 52685083bd..c986d60fdf 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -37,6 +37,7 @@
 	struct auth_serversupplied_info *server_info;
 	char *username, *p;
 	const char *realm;
+	DATA_BLOB tmp_blob;
 	TALLOC_CTX *mem_ctx = talloc_named(config, 0, "samba_get_pac context");
 	if (!mem_ctx) {
 		return ENOMEM;
@@ -73,9 +74,16 @@
 				  context, 
 				  krbtgt_keyblock,
 				  server_keyblock,
-				  pac);
+				  &tmp_blob);
 
+	if (ret) {
+		DEBUG(1, ("PAC encoding failed: %s\n", 
+			  smb_get_krb5_error_message(context, ret, mem_ctx)));
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	ret = krb5_data_copy(pac, tmp_blob.data, tmp_blob.length);
 	talloc_free(mem_ctx);
-	
 	return ret;
 }