PAC parsing in Samba 4.1

Andrew Bartlett abartlet at samba.org
Mon Jul 29 21:13:20 MDT 2013 

On Thu, 2013-07-25 at 20:08 +0100, Tris Mabbs wrote:
> Good day, one and all ...
> 
> I just had to rebuild our main Samba server ("OpenSlowlaris" ->
> "Slowlaris 11.11"), during which I put the latest (at the time;
> currently 4.2.0pre1-GIT-b505111) Samba4 on there.  I thought that by
> now that Gunther's speculative changes to improve the PAC decode might
> have made their way into the trunk revision - obviously I was wrong,
> as I'm once again getting a load of "Can't parse the PAC:
> NT_STATUS_BUFFER_TOO_SMALL" messages and a user who can't access any
> Samba shares.
> 
> Whoops ...
> 
> So as we previously discussed looking into things in more detail
> (specifically finding out why there is no "client_principal" being
> passed into "kerberos_decode_pac()"), but nothing else ever happened,
> is there anything I can do to assist in getting the improved PAC
> decoding included into the trunk revision?  Whilst I can't guarantee
> immediate responses to any request, I'm quite happy to stick any code
> in anywhere you might want if you don't mind potentially waiting a day
> or so for the results :-)

GD:

What happened about your code here?  Can I merge your patch?

I see two branches in your git repo:
http://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac_type12
http://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac

Are either of these ready for merging?

Simo:

If these are not ready, can we revert your change, as this is a
regression in 4.1 vs 4.0?

commit a6be8a97f705247c1b1cbb0595887d8924740a71
Author: Simo Sorce <idra at samba.org>
Date:   Thu Sep 27 14:12:06 2012 -0400

    Support UPN_DNS_INFO in the PAC
    
    Previously marked as UNKNOWN_12 the UPN_DNS_INFO is defined in
MS-PAC
    
    Autobuild-User(master): Simo Sorce <idra at samba.org>
    Autobuild-Date(master): Fri Sep 28 01:13:44 CEST 2012 on
sn-devel-104

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Catalyst IT                   http://catalyst.net.nz

More information about the samba-technical mailing list