diff options
author | Stefan Metzmacher <metze@samba.org> | 2005-07-05 06:13:12 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:19:13 -0500 |
commit | a33178fc72cce0ec439ada961829100a07e33e10 (patch) | |
tree | ea47cc3cf94d13f5b5c389b01e5933ad16214619 /source4 | |
parent | 1451c67ff37f321bf380b02f532dcf45f2dbc4d6 (diff) | |
download | samba-a33178fc72cce0ec439ada961829100a07e33e10.tar.gz samba-a33178fc72cce0ec439ada961829100a07e33e10.tar.bz2 samba-a33178fc72cce0ec439ada961829100a07e33e10.zip |
r8156: I found out that the unknown[2] field of the unknown[4] array is a length too,
it's always 16 bytes smaller than the size in the PAC_BUFFER
we now dump the blob's on LOCAL-PAC with -d 10
metze
(This used to be commit 4ef721ce53539ac56ca8ac4d601f512149ca7283)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/kerberos/kerberos_pac.c | 10 | ||||
-rw-r--r-- | source4/librpc/idl/krb5pac.idl | 9 | ||||
-rw-r--r-- | source4/torture/auth/pac.c | 6 |
3 files changed, 13 insertions, 12 deletions
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c index 760de8c6c6..c659db064b 100644 --- a/source4/auth/kerberos/kerberos_pac.c +++ b/source4/auth/kerberos/kerberos_pac.c @@ -92,6 +92,8 @@ static NTSTATUS check_pac_checksum(TALLOC_CTX *mem_ctx, DATA_BLOB modified_pac_blob = data_blob_talloc(mem_ctx, blob.data, blob.length); int i; + /* file_save("tmp_pac_data.dat",blob.data,blob.length); */ + status = ndr_pull_struct_blob(&blob, mem_ctx, &pac_data, (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA); if (!NT_STATUS_IS_OK(status)) { @@ -111,7 +113,7 @@ static NTSTATUS check_pac_checksum(TALLOC_CTX *mem_ctx, if (!pac_data.buffers[i].info) { break; } - logon_info = pac_data.buffers[i].info->logon_info.i; + logon_info = pac_data.buffers[i].info->logon_info.info; break; case PAC_TYPE_SRV_CHECKSUM: if (!pac_data.buffers[i].info) { @@ -315,11 +317,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, return EINVAL; } - u_LOGON_INFO->logon_info.unknown[0] = 0x00081001; - u_LOGON_INFO->logon_info.unknown[1] = 0xCCCCCCCC; - u_LOGON_INFO->logon_info.unknown[2] = 0x000001C8; - u_LOGON_INFO->logon_info.unknown[3] = 0x00000000; - u_LOGON_INFO->logon_info.i = LOGON_INFO; + u_LOGON_INFO->logon_info.info = LOGON_INFO; LOGON_INFO->info3.base = *sam; LOGON_NAME->account_name = server_info->account_name; diff --git a/source4/librpc/idl/krb5pac.idl b/source4/librpc/idl/krb5pac.idl index a0df6f3822..13a562a8f8 100644 --- a/source4/librpc/idl/krb5pac.idl +++ b/source4/librpc/idl/krb5pac.idl @@ -23,15 +23,18 @@ interface krb5pac uint8 signature[16]; } PAC_SIGNATURE_DATA; - typedef struct { + typedef [gensize] struct { netr_SamInfo3 info3; dom_sid2 *res_group_dom_sid; samr_RidWithAttributeArray res_groups; } PAC_LOGON_INFO; typedef struct { - uint32 unknown[4]; - PAC_LOGON_INFO *i; + [value(0x00081001)] uint32 unknown1; + [value(0xCCCCCCCC)] uint32 unknown2; + [value(NDR_ROUND(ndr_size_PAC_LOGON_INFO(info, ndr->flags)+4,8))] uint32 _ndr_size; + [value(0x00000000)] uint32 unknown3; + PAC_LOGON_INFO *info; } PAC_LOGON_INFO_CTR; typedef [public,v1_enum] enum { diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c index ebf876c651..ecf67a9014 100644 --- a/source4/torture/auth/pac.c +++ b/source4/torture/auth/pac.c @@ -119,7 +119,7 @@ static BOOL torture_pac_self_check(void) return False; } - /* dump_data(0,tmp_blob.data,tmp_blob.length); */ + dump_data(10,tmp_blob.data,tmp_blob.length); /* Now check that we can read it back */ nt_status = kerberos_decode_pac(mem_ctx, &pac_info, @@ -230,7 +230,7 @@ static BOOL torture_pac_saved_check(void) /*tmp_blob.data = file_load(lp_parm_string(-1,"torture","pac_file"), &tmp_blob.length);*/ - /*dump_data(0,tmp_blob.data,tmp_blob.length);*/ + dump_data(10,tmp_blob.data,tmp_blob.length); /* Decode and verify the signaure on the PAC */ nt_status = kerberos_decode_pac(mem_ctx, &pac_info, @@ -263,7 +263,7 @@ static BOOL torture_pac_saved_check(void) return False; } - /* dump_data(0,validate_blob.data,validate_blob.length); */ + dump_data(10,validate_blob.data,validate_blob.length); /* all we can check is the length of the buffers, * to check that the alignment and padding is ok, |