It turns out that the Netlogon PAC verification is encrypted.

This test now passes against Win2k3, and a implementation in the
Samba4 server should follow shortly.

Andrew Bartlett
(This used to be commit c6b8ba893dd3ed90bca32c0ae89fd33be729c238)

1 files changed, 6 insertions, 1 deletions

diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 006411dfbf..2298106851 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -240,6 +240,11 @@ interface netlogon
 		lsa_String unknown4;
 	} netr_PacInfo;
 
+	typedef [flag(NDR_PAHEX)] struct {
+		uint32 length;
+		[size_is(length)] uint8 *data;
+	} netr_GenericInfo2;
+
 	typedef enum {
 		NetlogonValidationUasInfo = 1,
 		NetlogonValidationSamInfo = 2,
@@ -252,7 +257,7 @@ interface netlogon
 		[case(NetlogonValidationSamInfo)] netr_SamInfo2 *sam2;
 		[case(NetlogonValidationSamInfo2)] netr_SamInfo3 *sam3;
 		[case(4)] netr_PacInfo  *pac;
-		[case(NetlogonValidationGenericInfo2)] netr_PacInfo  *pac;
+		[case(NetlogonValidationGenericInfo2)] netr_GenericInfo2  *generic;
 		[case(NetlogonValidationSamInfo4)] netr_SamInfo6 *sam6;
 	} netr_Validation;