1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

13 Commits

Author SHA1 Message Date
Stefan Metzmacher
0e201ecdc5 krb5pac/netlogon: add a comment regarding PAC_LOGON_INFO unique pointers on push
This difference is the reason why we can't fully (ndr)validate some
PAC blobs.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-07-20 21:27:19 +02:00
Stefan Metzmacher
38527702fd krb5pac.idl: implement PAC_UPN_DNS_INFO correct
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-07-20 21:27:18 +02:00
Stefan Metzmacher
8e458360b4 krb5pac: fix push/pull of subcontexts in PAC_BUFFER
We need to have two subcontexts to get the padding right,
the outer subcontext uses NDR_ROUND(_ndr_size, 8), while
the inner subcontext only uses _ndr_size.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-07-20 21:27:18 +02:00
Günther Deschner
4f5dde6730 krb5pac: no need for a noprint PAC_BUFFER.
Guenther

@@ -1,6 +1,7 @@
 _PUBLIC_ void ndr_print_PAC_BUFFER(struct ndr_print *ndr, const char *name, const struct PAC_BUFFER *r)
 {
        ndr_print_struct(ndr, name, "PAC_BUFFER");
+       if (r == NULL) { ndr_print_null(ndr); return; }
        ndr->depth++;
        ndr_print_PAC_TYPE(ndr, "type", r->type);
        ndr_print_uint32(ndr, "_ndr_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?_ndr_size_PAC_INFO(r->info,r->type,0):r->_ndr_size);
@@ -11,7 +12,7 @@
                ndr_print_PAC_INFO(ndr, "info", r->info);
        }
        ndr->depth--;
-       ndr_print_uint32(ndr, "_pad", r->_pad);
+       ndr_print_uint32(ndr, "_pad", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?0:r->_pad);
        ndr->depth--;
 }

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-07-20 21:27:18 +02:00
Stefan Metzmacher
4406cf792a krb5pac.idl: introduce PAC_DOMAIN_GROUP_MEMBERSHIP to handle the resource groups
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 30 07:16:45 CEST 2016 on sn-devel-144
2016-06-30 07:16:45 +02:00
Stefan Metzmacher
fdcdf34947 krb5pac.idl: add PAC_CREDENTIAL related structures
See [MS-PAC] 2.6 PAC Credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-30 03:30:23 +02:00
Stefan Metzmacher
8b51eabf31 Revert "Support UPN_DNS_INFO in the PAC"
This reverts commit a6be8a97f7.

We fail (often) to parse a krb5pac type 12 buffer due to the incomplete change
which came in via a6be8a97f7. This change came
into master and has only been released in RCs so no regression to published
4.0.x releases. We should revert this for 4.1 for now until we can make it work
in all cases (see work on this in
https://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac_type12).
Without this revert the entire PAC parsing may fail which can effect serious
implications (krb5 smb session setup not working).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10178

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct  3 17:08:46 CEST 2013 on sn-devel-104
2013-10-03 17:08:45 +02:00
Simo Sorce
a6be8a97f7 Support UPN_DNS_INFO in the PAC
Previously marked as UNKNOWN_12 the UPN_DNS_INFO is defined in MS-PAC

Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri Sep 28 01:13:44 CEST 2012 on sn-devel-104
2012-09-28 01:13:44 +02:00
Stefan Metzmacher
1909060798 krb5pac.idl: add PAC_CONSTRAINED_DELEGATION (S4U_DELEGATION_INFO)
metze
2011-06-28 19:03:10 +02:00
Andrew Bartlett
917b0a23a6 librpc/idl Add [nopython] to krb5pac ndrdump functions
These functions are not real RPC functions, but are used to help
ndrdump operate.  They don't need python bindings.

Andrew Bartlett
2011-04-05 23:46:04 +02:00
Andrew Tridgell
f1c2702b26 idl-pac: add a decoder for the pac info ctr
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-26 06:29:06 +00:00
Tim Prouty
1b42152454 Fix "ndr_size_PAC_LOGON_INFO defined but not used" build warning
This patch removes the gensize option from krb5pac.idl because it
generates an unused function that has been causing warnings during the
s3 build.  I re-ran 'make samba3-idl' to update the generated files
for s3.  For s4 I ran a full build with no problems.
2008-10-23 15:13:54 -07:00
Günther Deschner
fc8fadf1e9 idl: finally share krb5_pac.idl.
Guenther
2008-10-20 11:11:22 +02:00