From dbd2688c9042faaa44f4d89068a8351523233875 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 4 Jul 2005 02:36:16 +0000 Subject: r8110: More PAC work. I still can't get WinXP to accept the PAC, but we are much closer. This changes PIDL to allow a subcontext to have a pad8 flag, saying to pad behind to an 8 byte boundary. This is the only way I can explain the 4 trainling zeros in the signature struct. Far more importantly, the PAC code is now under self-test, both in creating/parsing our own PAC, but also a PAC from my win2k3 server. This required changing auth_anonymous, because I wanted to reuse the anonymous 'server_info' generation code. I'm still having trouble with PIDL, particulary as surrounds value(), but I'll follow up on the list. Andrew Bartlett (This used to be commit 50a54bf4e9bf04d2a8e0aebb3482a2ff655c8bbb) --- source4/kdc/pac-glue.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'source4/kdc') diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 52685083bdc..c986d60fdf3 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -37,6 +37,7 @@ struct auth_serversupplied_info *server_info; char *username, *p; const char *realm; + DATA_BLOB tmp_blob; TALLOC_CTX *mem_ctx = talloc_named(config, 0, "samba_get_pac context"); if (!mem_ctx) { return ENOMEM; @@ -73,9 +74,16 @@ context, krbtgt_keyblock, server_keyblock, - pac); + &tmp_blob); + if (ret) { + DEBUG(1, ("PAC encoding failed: %s\n", + smb_get_krb5_error_message(context, ret, mem_ctx))); + talloc_free(mem_ctx); + return ret; + } + + ret = krb5_data_copy(pac, tmp_blob.data, tmp_blob.length); talloc_free(mem_ctx); - return ret; } -- cgit