[RFC] Ok to push this MS-PAC patch ?
idra at samba.org
idra at samba.org
Thu Sep 27 18:57:07 MDT 2012
FYI: Metze OKed offline.
On Thu, Sep 27, 2012 at 12:25:20PM -0600, idra at samba.org wrote:
> Implments propoer support for the UPN_DNS_INFO buffer that I plan to use very
> soon in the FreeIPa KDC when generating MS-PACs.
>
> Simo.
>
> --
> Simo Sorce idra at samba.org
> -------------------------------
> Samba Team http://www.samba.org
> >From cb1276debb122aaffe554edf74adf53b9c66bd47 Mon Sep 17 00:00:00 2001
> From: Simo Sorce <idra at samba.org>
> Date: Thu, 27 Sep 2012 14:12:06 -0400
> Subject: [PATCH] Support UPN_DNS_INFO in the PAC
>
> Previously marked as UNKNOWN_12 the UPN_DNS_INFO is defined in MS-PAC
> ---
> librpc/idl/krb5pac.idl | 16 +++++++++-------
> 1 file changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
> index 8a6540c13b1e24128ce268e54ff3f75917fb8d49..0fce16baaa38c3b7a86eae58616ba51d0d0ae542 100644
> --- a/librpc/idl/krb5pac.idl
> +++ b/librpc/idl/krb5pac.idl
> @@ -37,18 +37,20 @@ interface krb5pac
> [size_is(num_transited_services)] lsa_String *transited_services;
> } PAC_CONSTRAINED_DELEGATION;
>
> + typedef [public,bitmap32bit] bitmap {
> + UDI_ACCT_HAS_NO_UPN = 0x00000001 /* 1= User account has no UPN */
> + } upn_dns_info_flags;
> +
> typedef struct {
> [value(2*strlen_m(upn_name))] uint16 upn_size;
> uint16 upn_offset;
> [value(2*strlen_m(domain_name))] uint16 domain_size;
> uint16 domain_offset;
> - uint16 unknown3; /* 0x01 */
> - uint16 unknown4;
> - uint32 unknown5;
> + upn_dns_info_flags flags;
> + uint32 padding;
> [charset(UTF16)] uint8 upn_name[upn_size+2];
> [charset(UTF16)] uint8 domain_name[domain_size+2];
> - uint32 unknown6; /* padding */
> - } PAC_UNKNOWN_12;
> + } PAC_UPN_DNS_INFO;
>
> typedef [public] struct {
> PAC_LOGON_INFO *info;
> @@ -64,7 +66,7 @@ interface krb5pac
> PAC_TYPE_KDC_CHECKSUM = 7,
> PAC_TYPE_LOGON_NAME = 10,
> PAC_TYPE_CONSTRAINED_DELEGATION = 11,
> - PAC_TYPE_UNKNOWN_12 = 12
> + PAC_TYPE_UPN_DNS_INFO = 12
> } PAC_TYPE;
>
> typedef struct {
> @@ -78,12 +80,12 @@ interface krb5pac
> [case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
> [case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFFFFFC01)]
> PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
> + [case(PAC_TYPE_UPN_DNS_INFO)] PAC_UPN_DNS_INFO upn_dns_info;
> /* when new PAC info types are added they are supposed to be done
> in such a way that they are backwards compatible with existing
> servers. This makes it safe to just use a [default] for
> unknown types, which lets us ignore the data */
> [default] [subcontext(0)] DATA_BLOB_REM unknown;
> - /* [case(PAC_TYPE_UNKNOWN_12)] PAC_UNKNOWN_12 unknown; */
> } PAC_INFO;
>
> typedef [public,nopush,nopull,noprint] struct {
> --
> 1.7.11.4
>
--
Simo Sorce idra at samba.org
-------------------------------
Samba Team http://www.samba.org
More information about the samba-technical
mailing list