8149 – PAC unverified over DCE/RPC

Bug 8149 - PAC unverified over DCE/RPC

Summary: PAC unverified over DCE/RPC

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.6
Classification:	Unclassified
Component:	DCE-RPCs and pipes (show other bugs)
Version:	3.6.0rc1
Hardware:	All All

Importance:	P5 regression
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-05-19 00:03 UTC by Andrew Bartlett
Modified:	2011-05-19 19:25 UTC (History)
CC List:	0 users

See Also:

Attachments
Proposed patch (8.19 KB, patch) 2011-05-19 00:03 UTC, Andrew Bartlett	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Bartlett 2011-05-19 00:03:15 UTC

Created attachment 6453 [details]
Proposed patch

The PAC needs to be extracted using different functions, which will verify the signature to prevent spoofing attacks.

Simo and I still need to confirm this port of the patch from master to 3.6 works, but this is the blocking bug to ensure it's not lost.

Comment 1 Simo Sorce 2011-05-19 11:46:29 UTC

I already pushed this one by mistake while I was meaning to push only another patch.

So fixed in: ad8415cb8a7bbd1f653eecce1aa2b88242bcc9e5

Comment 2 Andrew Bartlett 2011-05-19 19:25:50 UTC

To be totally clear (to avoid a mistake in 3.6.0): I've not tested this yet.  Did you test it?