r8252: Steal metze's thunder, and prove that with a few small tweaks, we can

now push/pull a sample PAC, and still have the same byte buffer.
(Metze set up the string code, and probably already has a similar
patch).

Unfortunetly win2k3 still doesn't like what we provide, but every step helps.

Also use data_blob_const() when we are just wrapping data for API
reasons.

Andrew Bartlett
(This used to be commit e7c8076fc1459ff2ccefdaf0b091d04ee6137957)

diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 858f91045cb5a5e730ee1b2e0d2f195c64e07f2a..f561bdfe76bb3b72c39ffea50eda1fc3b35e4752 100644 (file)
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -170,7 +170,7 @@ static NTSTATUS check_pac_checksum(TALLOC_CTX *mem_ctx,
 
        if (krbtgt_keyblock) {
                DATA_BLOB service_checksum_blob
-                       = data_blob(srv_sig_ptr->signature, sizeof(srv_sig_ptr->signature));
+                       = data_blob_const(srv_sig_ptr->signature, sizeof(srv_sig_ptr->signature));
 
                status = check_pac_checksum(mem_ctx, 
                                            service_checksum_blob, &kdc_sig, 
@@ -377,7 +377,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
                                context, service_keyblock);
 
        service_checksum_blob
-               = data_blob(SRV_CHECKSUM->signature, sizeof(SRV_CHECKSUM->signature));
+               = data_blob_const(SRV_CHECKSUM->signature, sizeof(SRV_CHECKSUM->signature));
 
        /* Then sign Server checksum */
        ret = make_pac_checksum(mem_ctx, service_checksum_blob, KDC_CHECKSUM, context, krbtgt_keyblock);

diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index bd06912b2981df83a4556921fd79ade20d904e65..1089784ce1669ab9be2dcf7ae376029dccbd15ab 100644 (file)
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -19,6 +19,12 @@ interface netlogon
 {
        declare bitmap samr_AcctFlags;
 
+       typedef struct {
+               [value(2*strlen_m(string))] uint16 length;
+               [value(2*(strlen_m(string)+1))] uint16 size;
+               [flag(STR_NOTERM|STR_SIZE4|STR_LEN4|STR_LARGE_SIZE)] string *string;
+       } netr_StringLarge;
+
        /*****************/
        /* Function 0x00 */
 
@@ -158,8 +164,8 @@ interface netlogon
                samr_RidWithAttributeArray groups;
                uint32 user_flags;
                netr_UserSessionKey key;
-               lsa_String logon_server;
-               lsa_String domain;
+               netr_StringLarge logon_server;
+               netr_StringLarge domain;
                dom_sid2 *domain_sid;
                netr_LMSessionKey LMSessKey;
                samr_AcctFlags acct_flags;

diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c
index ade68fcd77ff8c639f04f702bf453588b2e7ad58..f03b20b286b0b340f24bd0e601c8cde9cb9113bb 100644 (file)
--- a/source4/torture/auth/pac.c
+++ b/source4/torture/auth/pac.c
@@ -302,12 +302,19 @@ static BOOL torture_pac_saved_check(void)
         * to create the pointer values
         */
        if (tmp_blob.length != validate_blob.length) {
-               DEBUG(0, ("PAC push failed orignial buffer length[%u] != created buffer length[%u]\n",
+               DEBUG(0, ("PAC push failed: orignial buffer length[%u] != created buffer length[%u]\n",
                                tmp_blob.length, validate_blob.length));
                talloc_free(mem_ctx);
                return False;
        }
 
+       if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) {
+               DEBUG(0, ("PAC push failed: length[%u] matches, but data does not\n",
+                         tmp_blob.length));
+               talloc_free(mem_ctx);
+               return False;
+       }
+
        talloc_free(mem_ctx);
        return True;
 }