The Samba-Bugzilla – Attachment 16826 Details for
Bug 14835
[SECURITY] Samba and Kerberos libs should support new UPN DNS info w/ samAccountName
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to add IDL and fill in HAS_SAM_NAME_AND_SID
SECURITY-new-pac.patch (text/plain), 3.16 KB, created by
Andrew Bartlett
on 2021-09-27 10:26:53 UTC
(
hide
)
Description:
patch to add IDL and fill in HAS_SAM_NAME_AND_SID
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2021-09-27 10:26:53 UTC
Size:
3.16 KB
patch
obsolete
>From 71a00154c429caf17c9998cb9ba58326145daf5b Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 27 Sep 2021 11:20:19 +1300 >Subject: [PATCH 1/2] krb5pac: Add new buffers for samAccountName and objectSID > >These appear when PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID is set. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > librpc/idl/krb5pac.idl | 16 +++++++++++++++- > 1 file changed, 15 insertions(+), 1 deletion(-) > >diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl >index 3239d7656b6..807397d853e 100644 >--- a/librpc/idl/krb5pac.idl >+++ b/librpc/idl/krb5pac.idl >@@ -86,15 +86,29 @@ interface krb5pac > } PAC_CONSTRAINED_DELEGATION; > > typedef [bitmap32bit] bitmap { >- PAC_UPN_DNS_FLAG_CONSTRUCTED = 0x00000001 >+ PAC_UPN_DNS_FLAG_CONSTRUCTED = 0x00000001, >+ PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID = 0x00000002 > } PAC_UPN_DNS_FLAGS; > >+ typedef struct { >+ [value(2*strlen_m(samaccountname))] uint16 samaccountname_size; >+ [relative_short,subcontext(0),subcontext_size(samaccountname_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *samaccountname; >+ [value(ndr_size_dom_sid(objectsid, ndr->flags))] uint16 objectsid_size; >+ [relative_short,subcontext(0),subcontext_size(objectsid_size)] dom_sid *objectsid; >+ } PAC_UPN_DNS_INFO_SAM_NAME_AND_SID; >+ >+ typedef [nodiscriminant] union { >+ [case(PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID)] PAC_UPN_DNS_INFO_SAM_NAME_AND_SID sam_name_and_sid; >+ [default]; >+ } PAC_UPN_DNS_INFO_EX; >+ > typedef struct { > [value(2*strlen_m(upn_name))] uint16 upn_name_size; > [relative_short,subcontext(0),subcontext_size(upn_name_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *upn_name; > [value(2*strlen_m(dns_domain_name))] uint16 dns_domain_name_size; > [relative_short,subcontext(0),subcontext_size(dns_domain_name_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *dns_domain_name; > PAC_UPN_DNS_FLAGS flags; >+ [switch_is(flags & PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID)] PAC_UPN_DNS_INFO_EX ex; > } PAC_UPN_DNS_INFO; > > typedef [public] struct { >-- >2.25.1 > > >From d00c7784bc05fb0c3bb97ae877761f28c8e1fbac Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 27 Sep 2021 12:10:02 +1300 >Subject: [PATCH 2/2] auth: Fill in the new HAS_SAM_NAME_AND_SID values > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835 >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > source4/kdc/pac-glue.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > >diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c >index 04fbc5cf487..05af54c2a85 100644 >--- a/source4/kdc/pac-glue.c >+++ b/source4/kdc/pac-glue.c >@@ -100,6 +100,14 @@ NTSTATUS samba_get_upn_info_pac_blob(TALLOC_CTX *mem_ctx, > pac_upn.upn_dns_info.flags |= PAC_UPN_DNS_FLAG_CONSTRUCTED; > } > >+ pac_upn.upn_dns_info.flags |= PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID; >+ >+ pac_upn.upn_dns_info.ex.sam_name_and_sid.samaccountname >+ = info->info->account_name; >+ >+ pac_upn.upn_dns_info.ex.sam_name_and_sid.objectsid >+ = &info->sids[0]; >+ > ndr_err = ndr_push_union_blob(upn_data, mem_ctx, &pac_upn, > PAC_TYPE_UPN_DNS_INFO, > (ndr_push_flags_fn_t)ndr_push_PAC_INFO); >-- >2.25.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14835
:
16807
|
16819
| 16826 |
17062