Attachment 16826 Details for Bug 14835 – patch to add IDL and fill in HAS_SAM_NAME_AND_SID

[patch] patch to add IDL and fill in HAS_SAM_NAME_AND_SID

SECURITY-new-pac.patch (text/plain), 3.16 KB, created by Andrew Bartlett on 2021-09-27 10:26:53 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andrew Bartlett

Created: 2021-09-27 10:26:53 UTC

Size: 3.16 KB

patch

obsolete

>From 71a00154c429caf17c9998cb9ba58326145daf5b Mon Sep 17 00:00:00 2001
>From: Andrew Bartlett <abartlet@samba.org>
>Date: Mon, 27 Sep 2021 11:20:19 +1300
>Subject: [PATCH 1/2] krb5pac: Add new buffers for samAccountName and objectSID
>
>These appear when PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID is set.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835
>
>Signed-off-by: Andrew Bartlett <abartlet@samba.org>
>---
> librpc/idl/krb5pac.idl | 16 +++++++++++++++-
> 1 file changed, 15 insertions(+), 1 deletion(-)
>
>diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
>index 3239d7656b6..807397d853e 100644
>--- a/librpc/idl/krb5pac.idl
>+++ b/librpc/idl/krb5pac.idl
>@@ -86,15 +86,29 @@ interface krb5pac
> 	} PAC_CONSTRAINED_DELEGATION;
> 
> 	typedef [bitmap32bit] bitmap {
>-		PAC_UPN_DNS_FLAG_CONSTRUCTED = 0x00000001
>+		PAC_UPN_DNS_FLAG_CONSTRUCTED = 0x00000001,
>+		PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID = 0x00000002
> 	} PAC_UPN_DNS_FLAGS;
> 
>+	typedef struct {
>+		[value(2*strlen_m(samaccountname))] uint16 samaccountname_size;
>+		[relative_short,subcontext(0),subcontext_size(samaccountname_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *samaccountname;
>+		[value(ndr_size_dom_sid(objectsid, ndr->flags))] uint16 objectsid_size;
>+		[relative_short,subcontext(0),subcontext_size(objectsid_size)] dom_sid *objectsid;
>+	} PAC_UPN_DNS_INFO_SAM_NAME_AND_SID;
>+
>+	typedef [nodiscriminant] union {
>+		[case(PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID)] PAC_UPN_DNS_INFO_SAM_NAME_AND_SID sam_name_and_sid;
>+		[default];
>+	} PAC_UPN_DNS_INFO_EX;
>+
> 	typedef struct {
> 		[value(2*strlen_m(upn_name))] uint16 upn_name_size;
> 		[relative_short,subcontext(0),subcontext_size(upn_name_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *upn_name;
> 		[value(2*strlen_m(dns_domain_name))] uint16 dns_domain_name_size;
> 		[relative_short,subcontext(0),subcontext_size(dns_domain_name_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *dns_domain_name;
> 		PAC_UPN_DNS_FLAGS flags;
>+		[switch_is(flags & PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID)] PAC_UPN_DNS_INFO_EX ex;
> 	} PAC_UPN_DNS_INFO;
> 
> 	typedef [public] struct {
>-- 
>2.25.1
>
>
>From d00c7784bc05fb0c3bb97ae877761f28c8e1fbac Mon Sep 17 00:00:00 2001
>From: Andrew Bartlett <abartlet@samba.org>
>Date: Mon, 27 Sep 2021 12:10:02 +1300
>Subject: [PATCH 2/2] auth: Fill in the new HAS_SAM_NAME_AND_SID values
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835
>Signed-off-by: Andrew Bartlett <abartlet@samba.org>
>---
> source4/kdc/pac-glue.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
>diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
>index 04fbc5cf487..05af54c2a85 100644
>--- a/source4/kdc/pac-glue.c
>+++ b/source4/kdc/pac-glue.c
>@@ -100,6 +100,14 @@ NTSTATUS samba_get_upn_info_pac_blob(TALLOC_CTX *mem_ctx,
> 		pac_upn.upn_dns_info.flags |= PAC_UPN_DNS_FLAG_CONSTRUCTED;
> 	}
> 
>+	pac_upn.upn_dns_info.flags |= PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID;
>+
>+	pac_upn.upn_dns_info.ex.sam_name_and_sid.samaccountname
>+		= info->info->account_name;
>+
>+	pac_upn.upn_dns_info.ex.sam_name_and_sid.objectsid
>+		= &info->sids[0];
>+
> 	ndr_err = ndr_push_union_blob(upn_data, mem_ctx, &pac_upn,
> 				      PAC_TYPE_UPN_DNS_INFO,
> 				      (ndr_push_flags_fn_t)ndr_push_PAC_INFO);
>-- 
>2.25.1
>

Actions: View

Attachments on bug 14835: 16807 | 16819 | 16826 | 17062