PAC parsing in Samba 4.1

simo idra at samba.org
Tue Jul 30 06:12:50 MDT 2013 

On Tue, 2013-07-30 at 15:13 +1200, Andrew Bartlett wrote:
> On Thu, 2013-07-25 at 20:08 +0100, Tris Mabbs wrote:
> > Good day, one and all ...
> > 
> > I just had to rebuild our main Samba server ("OpenSlowlaris" ->
> > "Slowlaris 11.11"), during which I put the latest (at the time;
> > currently 4.2.0pre1-GIT-b505111) Samba4 on there.  I thought that by
> > now that Gunther's speculative changes to improve the PAC decode might
> > have made their way into the trunk revision - obviously I was wrong,
> > as I'm once again getting a load of "Can't parse the PAC:
> > NT_STATUS_BUFFER_TOO_SMALL" messages and a user who can't access any
> > Samba shares.
> > 
> > Whoops ...
> > 
> > So as we previously discussed looking into things in more detail
> > (specifically finding out why there is no "client_principal" being
> > passed into "kerberos_decode_pac()"), but nothing else ever happened,
> > is there anything I can do to assist in getting the improved PAC
> > decoding included into the trunk revision?  Whilst I can't guarantee
> > immediate responses to any request, I'm quite happy to stick any code
> > in anywhere you might want if you don't mind potentially waiting a day
> > or so for the results :-)
> 
> GD:
> 
> What happened about your code here?  Can I merge your patch?
> 
> I see two branches in your git repo:
> http://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac_type12
> http://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac
> 
> Are either of these ready for merging?
> 
> Simo:
> 
> If these are not ready, can we revert your change, as this is a
> regression in 4.1 vs 4.0?

What is the regression exactly ?
We use this code in FreeIPA w/o issues, and removing it would break
FreeIPA.

Simo.

> commit a6be8a97f705247c1b1cbb0595887d8924740a71
> Author: Simo Sorce <idra at samba.org>
> Date:   Thu Sep 27 14:12:06 2012 -0400
> 
>     Support UPN_DNS_INFO in the PAC
>     
>     Previously marked as UNKNOWN_12 the UPN_DNS_INFO is defined in
> MS-PAC
>     
>     Autobuild-User(master): Simo Sorce <idra at samba.org>
>     Autobuild-Date(master): Fri Sep 28 01:13:44 CEST 2012 on
> sn-devel-104
> 
> Thanks,
> 
> Andrew Bartlett
>

More information about the samba-technical mailing list