[PATCH] Adds support for Resource SID Compression a new Windows Server 2012 KDC feature - 3rd Version

Andrew Bartlett abartlet at samba.org
Tue Apr 2 14:28:29 MDT 2013

On Tue, 2013-04-02 at 13:58 +0200, Markus Baier wrote:
> Hello,
> this is a new patch for adding support for the resource sid
> compression feature of Microsoft Server 2012 KDC
> This patch version manipulates the PAC_LOGON_INFO structure
> within the decode_pac_data function in /source3/libads/authdata.c
> Now this one works for modules which receive the PAC Data from a
> deeper point in the program structure, like CIFS logins, too.
> Maybe somebody can review the patch.

I'm sorry I didn't get back to you yesterday, but I still don't think
that's the right place.  I'm entirely uncomfortable with the idea of
having a filter which 'fixes' this structure.  Instead, we need to be
patching the code where we extract SIDs from the structure. 

For example, in master that code would be:


What I'm saying is that we need to consolidate the duplicate code in
these routines, and then to fix this exactly once. 


Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list