The Samba-Bugzilla – Attachment 9249 Details for
Bug 10178
PAC parsing failure
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for v4-1-test
tmp41.diff (text/plain), 3.21 KB, created by
Stefan Metzmacher
on 2013-10-03 15:44:54 UTC
(
hide
)
Description:
Patch for v4-1-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2013-10-03 15:44:54 UTC
Size:
3.21 KB
patch
obsolete
>From d6b5e093ec867f703a6b1bdfcc943d4fc774f3f4 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 3 Oct 2013 15:14:58 +0200 >Subject: [PATCH] Revert "Support UPN_DNS_INFO in the PAC" >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >This reverts commit a6be8a97f705247c1b1cbb0595887d8924740a71. > >We fail (often) to parse a krb5pac type 12 buffer due to the incomplete change >which came in via a6be8a97f705247c1b1cbb0595887d8924740a71. This change came >into master and has only been released in RCs so no regression to published >4.0.x releases. We should revert this for 4.1 for now until we can make it work >in all cases (see work on this in >https://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac_type12). >Without this revert the entire PAC parsing may fail which can effect serious >implications (krb5 smb session setup not working). > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=10178 > >Signed-off-by: Günther Deschner <gd@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> > >Autobuild-User(master): Stefan Metzmacher <metze@samba.org> >Autobuild-Date(master): Thu Oct 3 17:08:46 CEST 2013 on sn-devel-104 >(cherry picked from commit 8b51eabf319689d45ce1f8492c4372b49eecb794) >--- > librpc/idl/krb5pac.idl | 16 +++++++--------- > 1 file changed, 7 insertions(+), 9 deletions(-) > >diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl >index 0fce16b..8a6540c 100644 >--- a/librpc/idl/krb5pac.idl >+++ b/librpc/idl/krb5pac.idl >@@ -37,20 +37,18 @@ interface krb5pac > [size_is(num_transited_services)] lsa_String *transited_services; > } PAC_CONSTRAINED_DELEGATION; > >- typedef [public,bitmap32bit] bitmap { >- UDI_ACCT_HAS_NO_UPN = 0x00000001 /* 1= User account has no UPN */ >- } upn_dns_info_flags; >- > typedef struct { > [value(2*strlen_m(upn_name))] uint16 upn_size; > uint16 upn_offset; > [value(2*strlen_m(domain_name))] uint16 domain_size; > uint16 domain_offset; >- upn_dns_info_flags flags; >- uint32 padding; >+ uint16 unknown3; /* 0x01 */ >+ uint16 unknown4; >+ uint32 unknown5; > [charset(UTF16)] uint8 upn_name[upn_size+2]; > [charset(UTF16)] uint8 domain_name[domain_size+2]; >- } PAC_UPN_DNS_INFO; >+ uint32 unknown6; /* padding */ >+ } PAC_UNKNOWN_12; > > typedef [public] struct { > PAC_LOGON_INFO *info; >@@ -66,7 +64,7 @@ interface krb5pac > PAC_TYPE_KDC_CHECKSUM = 7, > PAC_TYPE_LOGON_NAME = 10, > PAC_TYPE_CONSTRAINED_DELEGATION = 11, >- PAC_TYPE_UPN_DNS_INFO = 12 >+ PAC_TYPE_UNKNOWN_12 = 12 > } PAC_TYPE; > > typedef struct { >@@ -80,12 +78,12 @@ interface krb5pac > [case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name; > [case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFFFFFC01)] > PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation; >- [case(PAC_TYPE_UPN_DNS_INFO)] PAC_UPN_DNS_INFO upn_dns_info; > /* when new PAC info types are added they are supposed to be done > in such a way that they are backwards compatible with existing > servers. This makes it safe to just use a [default] for > unknown types, which lets us ignore the data */ > [default] [subcontext(0)] DATA_BLOB_REM unknown; >+ /* [case(PAC_TYPE_UNKNOWN_12)] PAC_UNKNOWN_12 unknown; */ > } PAC_INFO; > > typedef [public,nopush,nopull,noprint] struct { >-- >1.7.9.5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9249">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
gd
:
review+
Actions:
View
Attachments on
bug 10178
: 9249