s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows

author Joseph Sutton <josephsutton@catalyst.net.nz>

Wed, 11 Aug 2021 01:27:11 +0000 (13:27 +1200)

committer Stefan Metzmacher <metze@samba.org>

Wed, 27 Oct 2021 22:37:10 +0000 (22:37 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Wed, 11 Aug 2021 01:27:11 +0000 (13:27 +1200)
committer Stefan Metzmacher <metze@samba.org>
Wed, 27 Oct 2021 22:37:10 +0000 (22:37 +0000)
diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc

index 4ec682c01d020352ec70ca5fe5474207c286c167..20eea7f2d7e01e7aa8705aa59cded077d824bae5 100644 (file)
--- a/selftest/knownfail_heimdal_kdc
+++ b/selftest/knownfail_heimdal_kdc
@@ -124,6 +124,7 @@
  #
  # S4U tests
  #
+^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_bronze_bit_constrained_delegation_old_checksum
  ^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_bronze_bit_rbcd_old_checksum
  ^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_service_pac
  ^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_unkeyed_client_checksum
diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c

index 3e45125d35ed62dcc31dffd6d0853f2334f0878f..6535a9bdcc4c08dcd1970476ce7e7720a16d304d 100644 (file)
--- a/source4/heimdal/lib/krb5/pac.c
+++ b/source4/heimdal/lib/krb5/pac.c
@@ -62,10 +62,12 @@ struct krb5_pac_data {
  #define PACTYPE_SIZE                   8
  #define PAC_INFO_BUFFER_SIZE           16
  
+#define PAC_LOGON_INFO                 1
  #define PAC_SERVER_CHECKSUM            6
  #define PAC_PRIVSVR_CHECKSUM           7
  #define PAC_LOGON_NAME                 10
  #define PAC_CONSTRAINED_DELEGATION     11
+#define PAC_UPN_DNS_INFO               12
  #define PAC_TICKET_CHECKSUM            16
  
  #define CHECK(r,f,l)                                           \
@@ -1184,7 +1186,17 @@ _krb5_pac_sign(krb5_context context,
                 ret = krb5_enomem(context);
                 goto out;
             }
-           /* XXX if not aligned, fill_zeros */
+
+           if (p->pac->buffers[i].type == PAC_LOGON_INFO
+               || p->pac->buffers[i].type == PAC_UPN_DNS_INFO)
+           {
+               uint32_t rounded = (len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT
+                   * PAC_ALIGNMENT;
+               uint32_t remaining = rounded - len;
+               CHECK(ret, fill_zeros(context, spdata, remaining), out);
+
+               len = rounded;
+           }
         }
  
         /* write header */
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Wed, 11 Aug 2021 01:27:11 +0000 (13:27 +1200)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 27 Oct 2021 22:37:10 +0000 (22:37 +0000)
selftest/knownfail_heimdal_kdc		patch \| blob \| blame \| history
source4/heimdal/lib/krb5/pac.c		patch \| blob \| blame \| history