sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-12 20:58:37 +03:00
Code

CVE-2020-25719 krb5pac.idl: Add PAC_REQUESTER_SID PAC buffer type

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2021-10-26 20:33:49 +13:00
parent f905fd741e
commit 8d6c969f56
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
librpc/idl/krb5pac.idl
View File

@ -121,6 +121,10 @@ interface krb5pac
PAC_ATTRIBUTE_INFO_FLAGS flags;
} PAC_ATTRIBUTES_INFO;
typedef struct {
dom_sid sid;
} PAC_REQUESTER_SID;
typedef [public] struct {
PAC_LOGON_INFO *info;
} PAC_LOGON_INFO_CTR;
@ -141,7 +145,8 @@ interface krb5pac
PAC_TYPE_DEVICE_INFO = 14,
PAC_TYPE_DEVICE_CLAIMS_INFO = 15,
PAC_TYPE_TICKET_CHECKSUM = 16,
PAC_TYPE_ATTRIBUTES_INFO = 17
PAC_TYPE_ATTRIBUTES_INFO = 17,
PAC_TYPE_REQUESTER_SID = 18
} PAC_TYPE;
typedef struct {
@ -159,6 +164,7 @@ interface krb5pac
[case(PAC_TYPE_UPN_DNS_INFO)] PAC_UPN_DNS_INFO upn_dns_info;
[case(PAC_TYPE_TICKET_CHECKSUM)] PAC_SIGNATURE_DATA ticket_checksum;
[case(PAC_TYPE_ATTRIBUTES_INFO)] PAC_ATTRIBUTES_INFO attributes_info;
[case(PAC_TYPE_REQUESTER_SID)] PAC_REQUESTER_SID requester_sid;
/* when new PAC info types are added they are supposed to be done
in such a way that they are backwards compatible with existing
servers. This makes it safe to just use a [default] for