PAC Progress

Andrew Bartlett abartlet at samba.org
Mon Jul 4 02:52:45 GMT 2005 

(Clearly I should take up blogging, given these missives...)

I've been making very intersting progress on the PAC, and I wanted to
update the list on where things are at, and the current challenges.

So far, the IDL was have for the PAC appears to be 'mostly correct', but
there are some interesting points that come up when implementing the
push, rather than the pull side of the problem.

The problem is one of padding - but not in the usual way we find in NDR,
because the PAC isn't NDR.  It seems that the PAC is constructed at two
layers - one up to the PAC_BUFFER level, and a second layer for the
different types of buffers.

To ensure that the buffers start on 8 byte boundaries (a requirement set
out in the spec), they are all padded out from behind.  This is visible
in particular on the PAC_SIGNATURE struct:

Looking at a sample I have:

0001100 76 ff ff ff 37 d5 b0 f7 24 f0 d6 d4 ec 09 86 5a
0001120 a0 e8 c3 a9 00 00 00 00 76 ff ff ff b4 d8 b8 fe
0001140 83 b3 13 3f fc 5c 41 ad e2 64 83 e0 00 00 00 00

If this was normal NDR alignment, there is no place for those last 4
bytes.  Instead, think that the buffers into which the signatures are
placed are rounded out to 8 bytes multiples, and the '64 bit
pointer' (where a 16 bit one would have done) is the same, actually just
forced padding:

	typedef struct {
		uint32 type;
		uint32 size;
		[relative,switch_is(type),subcontext(0),subcontext_size(size),pad8]
PAC_INFO *info;
		uint32 _pad; /* Top half of a 64 bit pointer? */
	} PAC_BUFFER;

(I added a pidl extension to create the padding)

In other matters, I am having trouble getting pidl to handle value() in
this structure.   The subcontext_size() does not evaluate the value() on
the size element for the push, and [value(0)] on _pad doesn't zero the
_pad bytes.

I have added a LOCAL-PAC test to try and avoid regressions, particularly
with parsing a valid Win2k3 PAC while we play with this.

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050704/a196ab2e/attachment.bin

More information about the samba-technical mailing list