PAC parsing in Samba 4.1

Guenther Deschner gd at samba.org
Tue Aug 13 07:45:35 MDT 2013 

Hi Andrew and others,

On 30/07/13 05:13, Andrew Bartlett wrote:
> On Thu, 2013-07-25 at 20:08 +0100, Tris Mabbs wrote:
>> Good day, one and all ...
>>
>> I just had to rebuild our main Samba server ("OpenSlowlaris" ->
>> "Slowlaris 11.11"), during which I put the latest (at the time;
>> currently 4.2.0pre1-GIT-b505111) Samba4 on there.  I thought that by
>> now that Gunther's speculative changes to improve the PAC decode might
>> have made their way into the trunk revision - obviously I was wrong,
>> as I'm once again getting a load of "Can't parse the PAC:
>> NT_STATUS_BUFFER_TOO_SMALL" messages and a user who can't access any
>> Samba shares.
>>
>> Whoops ...
>>
>> So as we previously discussed looking into things in more detail
>> (specifically finding out why there is no "client_principal" being
>> passed into "kerberos_decode_pac()"), but nothing else ever happened,
>> is there anything I can do to assist in getting the improved PAC
>> decoding included into the trunk revision?  Whilst I can't guarantee
>> immediate responses to any request, I'm quite happy to stick any code
>> in anywhere you might want if you don't mind potentially waiting a day
>> or so for the results :-)
> 
> GD:
> 
> What happened about your code here?  Can I merge your patch?
> 
> I see two branches in your git repo:
> http://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac_type12
> http://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac
> 
> Are either of these ready for merging?

Sorry for dropping the ball on these. I was trying to push the patchset
after review of metze but we fail in an offset calculation for the
read/write/read pattern at the ndr layer. I will make sure to get the
patches ready for 4.1 now. Note that the patchsets include various new
tests in order to verify some PAC buffers we cannot process at the
moment (which is very critical).

Thanks,
Guenther


-- 
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at redhat.com
Samba Team                              gd at samba.org

More information about the samba-technical mailing list