]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Wed, 11 Aug 2021 01:27:11 +0000 (13:27 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 14 Oct 2021 18:59:31 +0000 (18:59 +0000)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
selftest/knownfail_heimdal_kdc
source4/heimdal/lib/krb5/pac.c

index f09dbcd6bd773c592129b2c3b18972981c2c463e..95db6f7d4e8a883c41065fa737a3a8f48e6a37be 100644 (file)
@@ -70,6 +70,7 @@
 #
 # S4U tests
 #
+^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_bronze_bit_constrained_delegation_old_checksum
 ^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_bronze_bit_rbcd_old_checksum
 ^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_service_pac
 ^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_unkeyed_client_checksum
index 3e45125d35ed62dcc31dffd6d0853f2334f0878f..6535a9bdcc4c08dcd1970476ce7e7720a16d304d 100644 (file)
@@ -62,10 +62,12 @@ struct krb5_pac_data {
 #define PACTYPE_SIZE                   8
 #define PAC_INFO_BUFFER_SIZE           16
 
+#define PAC_LOGON_INFO                 1
 #define PAC_SERVER_CHECKSUM            6
 #define PAC_PRIVSVR_CHECKSUM           7
 #define PAC_LOGON_NAME                 10
 #define PAC_CONSTRAINED_DELEGATION     11
+#define PAC_UPN_DNS_INFO               12
 #define PAC_TICKET_CHECKSUM            16
 
 #define CHECK(r,f,l)                                           \
@@ -1184,7 +1186,17 @@ _krb5_pac_sign(krb5_context context,
                ret = krb5_enomem(context);
                goto out;
            }
-           /* XXX if not aligned, fill_zeros */
+
+           if (p->pac->buffers[i].type == PAC_LOGON_INFO
+               || p->pac->buffers[i].type == PAC_UPN_DNS_INFO)
+           {
+               uint32_t rounded = (len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT
+                   * PAC_ALIGNMENT;
+               uint32_t remaining = rounded - len;
+               CHECK(ret, fill_zeros(context, spdata, remaining), out);
+
+               len = rounded;
+           }
        }
 
        /* write header */