Bug 8149 - PAC unverified over DCE/RPC
Summary: PAC unverified over DCE/RPC
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 3.6.0rc1
Hardware: All All
: P5 regression
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-05-19 00:03 UTC by Andrew Bartlett
Modified: 2011-05-19 19:25 UTC (History)
0 users

See Also:


Attachments
Proposed patch (8.19 KB, patch)
2011-05-19 00:03 UTC, Andrew Bartlett
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2011-05-19 00:03:15 UTC
Created attachment 6453 [details]
Proposed patch

The PAC needs to be extracted using different functions, which will verify the signature to prevent spoofing attacks.

Simo and I still need to confirm this port of the patch from master to 3.6 works, but this is the blocking bug to ensure it's not lost.
Comment 1 Simo Sorce 2011-05-19 11:46:29 UTC
I already pushed this one by mistake while I was meaning to push only another patch.

So fixed in: ad8415cb8a7bbd1f653eecce1aa2b88242bcc9e5
Comment 2 Andrew Bartlett 2011-05-19 19:25:50 UTC
To be totally clear (to avoid a mistake in 3.6.0): I've not tested this yet.  Did you test it?