[PATCH] Adds support for Resource SID Compression a new Windows Server 2012 KDC feature - 3rd Version
Andrew Bartlett
abartlet at samba.org
Tue Apr 2 14:28:29 MDT 2013
On Tue, 2013-04-02 at 13:58 +0200, Markus Baier wrote:
> Hello,
>
> this is a new patch for adding support for the resource sid
> compression feature of Microsoft Server 2012 KDC
>
> This patch version manipulates the PAC_LOGON_INFO structure
> within the decode_pac_data function in /source3/libads/authdata.c
> Now this one works for modules which receive the PAC Data from a
> deeper point in the program structure, like CIFS logins, too.
>
> Maybe somebody can review the patch.
I'm sorry I didn't get back to you yesterday, but I still don't think
that's the right place. I'm entirely uncomfortable with the idea of
having a filter which 'fixes' this structure. Instead, we need to be
patching the code where we extract SIDs from the structure.
For example, in master that code would be:
auth/auth_sam_reply.c:make_user_info_dc_netlogon_validation()
source3/auth/token_util.c:create_local_nt_token_from_info3()
source3/lib/util_sid.c:sid_array_from_info3()
What I'm saying is that we need to consolidate the duplicate code in
these routines, and then to fix this exactly once.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list