From e7c8076fc1459ff2ccefdaf0b091d04ee6137957 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 9 Jul 2005 04:58:15 +0000
Subject: [PATCH] r8252: Steal metze's thunder, and prove that with a few small
 tweaks, we can now push/pull a sample PAC, and still have the same byte
 buffer. (Metze set up the string code, and probably already has a similar
 patch).

Unfortunetly win2k3 still doesn't like what we provide, but every step helps.

Also use data_blob_const() when we are just wrapping data for API
reasons.

Andrew Bartlett
---
 source/auth/kerberos/kerberos_pac.c |  4 ++--
 source/librpc/idl/netlogon.idl      | 10 ++++++++--
 source/torture/auth/pac.c           |  9 ++++++++-
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/source/auth/kerberos/kerberos_pac.c b/source/auth/kerberos/kerberos_pac.c
index 858f91045cb..f561bdfe76b 100644
--- a/source/auth/kerberos/kerberos_pac.c
+++ b/source/auth/kerberos/kerberos_pac.c
@@ -170,7 +170,7 @@ static NTSTATUS check_pac_checksum(TALLOC_CTX *mem_ctx,
 
 	if (krbtgt_keyblock) {
 		DATA_BLOB service_checksum_blob
-			= data_blob(srv_sig_ptr->signature, sizeof(srv_sig_ptr->signature));
+			= data_blob_const(srv_sig_ptr->signature, sizeof(srv_sig_ptr->signature));
 
 		status = check_pac_checksum(mem_ctx, 
 					    service_checksum_blob, &kdc_sig, 
@@ -377,7 +377,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
 				context, service_keyblock);
 
 	service_checksum_blob
-		= data_blob(SRV_CHECKSUM->signature, sizeof(SRV_CHECKSUM->signature));
+		= data_blob_const(SRV_CHECKSUM->signature, sizeof(SRV_CHECKSUM->signature));
 
 	/* Then sign Server checksum */
 	ret = make_pac_checksum(mem_ctx, service_checksum_blob, KDC_CHECKSUM, context, krbtgt_keyblock);
diff --git a/source/librpc/idl/netlogon.idl b/source/librpc/idl/netlogon.idl
index bd06912b298..1089784ce16 100644
--- a/source/librpc/idl/netlogon.idl
+++ b/source/librpc/idl/netlogon.idl
@@ -19,6 +19,12 @@ interface netlogon
 {
 	declare bitmap samr_AcctFlags;
 
+	typedef struct {
+		[value(2*strlen_m(string))] uint16 length;
+		[value(2*(strlen_m(string)+1))] uint16 size;
+		[flag(STR_NOTERM|STR_SIZE4|STR_LEN4|STR_LARGE_SIZE)] string *string;
+	} netr_StringLarge;
+
 	/*****************/
 	/* Function 0x00 */
 
@@ -158,8 +164,8 @@ interface netlogon
 		samr_RidWithAttributeArray groups;
 		uint32 user_flags;
 		netr_UserSessionKey key;
-		lsa_String logon_server;
-		lsa_String domain;
+		netr_StringLarge logon_server;
+		netr_StringLarge domain;
 		dom_sid2 *domain_sid;
 		netr_LMSessionKey LMSessKey;
 		samr_AcctFlags acct_flags;
diff --git a/source/torture/auth/pac.c b/source/torture/auth/pac.c
index ade68fcd77f..f03b20b286b 100644
--- a/source/torture/auth/pac.c
+++ b/source/torture/auth/pac.c
@@ -302,12 +302,19 @@ static BOOL torture_pac_saved_check(void)
 	 * to create the pointer values
 	 */
 	if (tmp_blob.length != validate_blob.length) {
-		DEBUG(0, ("PAC push failed orignial buffer length[%u] != created buffer length[%u]\n",
+		DEBUG(0, ("PAC push failed: orignial buffer length[%u] != created buffer length[%u]\n",
 				tmp_blob.length, validate_blob.length));
 		talloc_free(mem_ctx);
 		return False;
 	}
 
+	if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) {
+		DEBUG(0, ("PAC push failed: length[%u] matches, but data does not\n",
+			  tmp_blob.length));
+		talloc_free(mem_ctx);
+		return False;
+	}
+
 	talloc_free(mem_ctx);
 	return True;
 }
-- 
2.11.4.GIT