Windows omits the uint16 num_packages field when the packages array is empty.
This happens if the UF_SMARTCARD_REQUIRED flag is set for an account.
A user was created with a password and then userAccountControl was changed to
UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED. In that case I'm getting
(as the whole supplementalCredentialsBlob):
[0000] 00 00 00 00 62 00 00 00 00 00 00 00 20 00 20 00 ....b... .... . .
[0010] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . .
[0020] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . .
[0030] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . .
[0040] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . .
[0050] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . .
[0060] 20 00 20 00 20 00 20 00 20 00 20 00 50 00 30 . . . . . .P.0
I've also got cases (where I created an account with
UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE|UF_SMARTCARD_REQUIRED
in the LDAP add) with the following strange blobs:
One time:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00
and once:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 53
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
uint32_t cntr_packages_0;
NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
uint32_t cntr_packages_0;
NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ if ((r->signature != SUPPLEMENTAL_CREDENTIALS_SIGNATURE)
+ && (r->num_packages == 0)) {
+ return NDR_ERR_SUCCESS;
+ }
NDR_CHECK(ndr_push_align(ndr, 3));
NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, SUPPLEMENTAL_CREDENTIALS_PREFIX, 0x30, sizeof(uint16_t), CH_UTF16));
NDR_CHECK(ndr_push_supplementalCredentialsSignature(ndr, NDR_SCALARS, SUPPLEMENTAL_CREDENTIALS_SIGNATURE));
NDR_CHECK(ndr_push_align(ndr, 3));
NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, SUPPLEMENTAL_CREDENTIALS_PREFIX, 0x30, sizeof(uint16_t), CH_UTF16));
NDR_CHECK(ndr_push_supplementalCredentialsSignature(ndr, NDR_SCALARS, SUPPLEMENTAL_CREDENTIALS_SIGNATURE));
- NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->num_packages));
+ if (r->num_packages > 0) {
+ NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->num_packages));
+ }
for (cntr_packages_0 = 0; cntr_packages_0 < (r->num_packages); cntr_packages_0++) {
NDR_CHECK(ndr_push_supplementalCredentialsPackage(ndr, NDR_SCALARS, &r->packages[cntr_packages_0]));
}
for (cntr_packages_0 = 0; cntr_packages_0 < (r->num_packages); cntr_packages_0++) {
NDR_CHECK(ndr_push_supplementalCredentialsPackage(ndr, NDR_SCALARS, &r->packages[cntr_packages_0]));
}
TALLOC_CTX *_mem_save_packages_0 = NULL;
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
TALLOC_CTX *_mem_save_packages_0 = NULL;
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ uint32_t remaining = 0;
NDR_CHECK(ndr_pull_align(ndr, 3));
size_prefix_0 = 0x30;
NDR_CHECK(ndr_pull_align(ndr, 3));
size_prefix_0 = 0x30;
- NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->prefix, size_prefix_0, sizeof(uint16_t), CH_UTF16));
- NDR_CHECK(ndr_pull_supplementalCredentialsSignature(ndr, NDR_SCALARS, &r->signature));
- NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_packages));
+ remaining = ndr->data_size - ndr->offset;
+ if (remaining >= size_prefix_0) {
+ NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->prefix, size_prefix_0, sizeof(uint16_t), CH_UTF16));
+ } else {
+ r->prefix = NULL;
+ }
+ remaining = ndr->data_size - ndr->offset;
+ if (remaining >= 2) {
+ NDR_CHECK(ndr_pull_supplementalCredentialsSignature(ndr, NDR_SCALARS, &r->signature));
+ } else {
+ r->signature = 0;
+ }
+ remaining = ndr->data_size - ndr->offset;
+ if (remaining > 0) {
+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_packages));
+ } else {
+ r->num_packages = 0;
+ }
size_packages_0 = r->num_packages;
NDR_PULL_ALLOC_N(ndr, r->packages, size_packages_0);
_mem_save_packages_0 = NDR_PULL_GET_MEM_CTX(ndr);
size_packages_0 = r->num_packages;
NDR_PULL_ALLOC_N(ndr, r->packages, size_packages_0);
_mem_save_packages_0 = NDR_PULL_GET_MEM_CTX(ndr);