[PATCH] Adds support for Resource SID Compression a new Windows Server 2012 KDC feature - 3rd Version

Andrew Bartlett abartlet at samba.org
Tue Apr 2 14:28:29 MDT 2013


On Tue, 2013-04-02 at 13:58 +0200, Markus Baier wrote:
> Hello,
> 
> this is a new patch for adding support for the resource sid
> compression feature of Microsoft Server 2012 KDC
> 
> This patch version manipulates the PAC_LOGON_INFO structure
> within the decode_pac_data function in /source3/libads/authdata.c
> Now this one works for modules which receive the PAC Data from a
> deeper point in the program structure, like CIFS logins, too.
> 
> Maybe somebody can review the patch.

I'm sorry I didn't get back to you yesterday, but I still don't think
that's the right place.  I'm entirely uncomfortable with the idea of
having a filter which 'fixes' this structure.  Instead, we need to be
patching the code where we extract SIDs from the structure. 

For example, in master that code would be:

auth/auth_sam_reply.c:make_user_info_dc_netlogon_validation()
source3/auth/token_util.c:create_local_nt_token_from_info3()
source3/lib/util_sid.c:sid_array_from_info3()

What I'm saying is that we need to consolidate the duplicate code in
these routines, and then to fix this exactly once. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org




More information about the samba-technical mailing list