The branch, master has been updated
via 8b51eab Revert "Support UPN_DNS_INFO in the PAC"
from 8f201fe Remove dead code. Now we have no SWAT we don't use the
invalid_services array or associated counter.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8b51eabf319689d45ce1f8492c4372b49eecb794
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Oct 3 15:14:58 2013 +0200
Revert "Support UPN_DNS_INFO in the PAC"
This reverts commit a6be8a97f705247c1b1cbb0595887d8924740a71.
We fail (often) to parse a krb5pac type 12 buffer due to the incomplete
change
which came in via a6be8a97f705247c1b1cbb0595887d8924740a71. This change came
into master and has only been released in RCs so no regression to published
4.0.x releases. We should revert this for 4.1 for now until we can make it
work
in all cases (see work on this in
https://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac_type12).
Without this revert the entire PAC parsing may fail which can effect serious
implications (krb5 smb session setup not working).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10178
Signed-off-by: Günther Deschner <g...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Thu Oct 3 17:08:46 CEST 2013 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/krb5pac.idl | 16 +++++++---------
1 files changed, 7 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
index 0fce16b..8a6540c 100644
--- a/librpc/idl/krb5pac.idl
+++ b/librpc/idl/krb5pac.idl
@@ -37,20 +37,18 @@ interface krb5pac
[size_is(num_transited_services)] lsa_String
*transited_services;
} PAC_CONSTRAINED_DELEGATION;
- typedef [public,bitmap32bit] bitmap {
- UDI_ACCT_HAS_NO_UPN = 0x00000001 /* 1= User account has no
UPN */
- } upn_dns_info_flags;
-
typedef struct {
[value(2*strlen_m(upn_name))] uint16 upn_size;
uint16 upn_offset;
[value(2*strlen_m(domain_name))] uint16 domain_size;
uint16 domain_offset;
- upn_dns_info_flags flags;
- uint32 padding;
+ uint16 unknown3; /* 0x01 */
+ uint16 unknown4;
+ uint32 unknown5;
[charset(UTF16)] uint8 upn_name[upn_size+2];
[charset(UTF16)] uint8 domain_name[domain_size+2];
- } PAC_UPN_DNS_INFO;
+ uint32 unknown6; /* padding */
+ } PAC_UNKNOWN_12;
typedef [public] struct {
PAC_LOGON_INFO *info;
@@ -66,7 +64,7 @@ interface krb5pac
PAC_TYPE_KDC_CHECKSUM = 7,
PAC_TYPE_LOGON_NAME = 10,
PAC_TYPE_CONSTRAINED_DELEGATION = 11,
- PAC_TYPE_UPN_DNS_INFO = 12
+ PAC_TYPE_UNKNOWN_12 = 12
} PAC_TYPE;
typedef struct {
@@ -80,12 +78,12 @@ interface krb5pac
[case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
[case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFFFFFC01)]
PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
- [case(PAC_TYPE_UPN_DNS_INFO)] PAC_UPN_DNS_INFO upn_dns_info;
/* when new PAC info types are added they are supposed to be
done
in such a way that they are backwards compatible with
existing
servers. This makes it safe to just use a [default] for
unknown types, which lets us ignore the data */
[default] [subcontext(0)] DATA_BLOB_REM unknown;
+ /* [case(PAC_TYPE_UNKNOWN_12)] PAC_UNKNOWN_12 unknown; */
} PAC_INFO;
typedef [public,nopush,nopull,noprint] struct {
--
Samba Shared Repository
