r1790: a few updates on krb5 PAC...

metze (This used to be commit 5a3a10c004ee2c94c42f08d52b36c75b413bdb79)
author: Stefan Metzmacher <metze@samba.org> 2004-08-12 21:15:35 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:57:56 -0500
commit: 2a574e22453161b8aa9578a6b512e05e5f7720a3 (patch)
tree: 03b009e8197f7dff2e324ac5246c6723194af865 /source4
parent: daa7c984096fb3513a458a0637fdfc0c00ee9fb9 (diff)
download: samba-2a574e22453161b8aa9578a6b512e05e5f7720a3.tar.gz
samba-2a574e22453161b8aa9578a6b512e05e5f7720a3.tar.bz2
samba-2a574e22453161b8aa9578a6b512e05e5f7720a3.zip
2 files changed, 34 insertions, 14 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c
index 18053b5ded..0effed2198 100644
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/libcli/auth/gensec_krb5.c
@@ -50,7 +50,7 @@ struct gensec_krb5_state {
 static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data,
 					    struct PAC_SIGNATURE_DATA *sig,
 					    struct gensec_krb5_state *gensec_krb5_state,
-					    uint32 cksum_type)
+					    uint32 keyusage)
 {
 	krb5_error_code ret;
 	krb5_crypto crypto;
@@ -63,20 +63,27 @@ static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data,
 
 	ret = krb5_crypto_init(gensec_krb5_state->krb5_context,
 				&gensec_krb5_state->krb5_keyblock,
-				cksum_type,
+				0,
 				&crypto);
 	if (ret) {
 		DEBUG(0,("krb5_crypto_init() failed\n"));
 		return NT_STATUS_FOOBAR;
 	}
-
+{
+int i;
+for (i=0; i < 40; i++) {
+	keyusage = i;
 	ret = krb5_verify_checksum(gensec_krb5_state->krb5_context,
 					crypto,
-					cksum_type,
+					keyusage,
 					pac_data.data,
 					pac_data.length,
 					&cksum);
-
+	if (!ret) {
+		DEBUG(0,("PAC Verified: keyusage: %d\n", keyusage));
+		break;
+	}
+}}
 	krb5_crypto_destroy(gensec_krb5_state->krb5_context, crypto);
 
 	if (ret) {
@@ -89,7 +96,7 @@ static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data,
 	return NT_STATUS_OK;
 }
 
-NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx,
+static NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx,
 				struct PAC_LOGON_INFO *logon_info_out,
 				DATA_BLOB blob,
 				struct gensec_krb5_state *gensec_krb5_state)
@@ -101,7 +108,7 @@ NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx,
 	struct PAC_SIGNATURE_DATA *kdc_sig_ptr;
 	struct PAC_LOGON_INFO *logon_info = NULL;
 	struct PAC_DATA pac_data;
-	DATA_BLOB tmp_blob;
+	DATA_BLOB tmp_blob = data_blob(NULL, 0);
 	int i;
 
 	status = ndr_pull_struct_blob(&blob, mem_ctx, &pac_data,
@@ -110,7 +117,6 @@ NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx,
 		DEBUG(0,("can't parse the PAC\n"));
 		return status;
 	}
-
 	NDR_PRINT_DEBUG(PAC_DATA, &pac_data);
 
 	if (pac_data.num_buffers < 3) {
@@ -164,13 +170,20 @@ NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx,
 	}
 
 	/* clear the kdc_key */
-	memset((void *)kdc_sig_ptr , '\0', sizeof(*kdc_sig_ptr));
+/*	memset((void *)kdc_sig_ptr , '\0', sizeof(*kdc_sig_ptr));*/
 
 	status = ndr_push_struct_blob(&tmp_blob, mem_ctx, &pac_data,
 					      (ndr_push_flags_fn_t)ndr_push_PAC_DATA);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
+	status = ndr_pull_struct_blob(&tmp_blob, mem_ctx, &pac_data,
+					(ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("can't parse the PAC\n"));
+		return status;
+	}
+	/*NDR_PRINT_DEBUG(PAC_DATA, &pac_data);*/
 
 	/* verify by kdc_key */
 	status = gensec_krb5_pac_checksum(tmp_blob, &kdc_sig, gensec_krb5_state, 0);
@@ -180,13 +193,20 @@ NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx,
 	}
 
 	/* clear the service_key */
-	memset((void *)srv_sig_ptr , '\0', sizeof(*srv_sig_ptr));
+/*	memset((void *)srv_sig_ptr , '\0', sizeof(*srv_sig_ptr));*/
 
 	status = ndr_push_struct_blob(&tmp_blob, mem_ctx, &pac_data,
 					      (ndr_push_flags_fn_t)ndr_push_PAC_DATA);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
+	status = ndr_pull_struct_blob(&tmp_blob, mem_ctx, &pac_data,
+					(ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("can't parse the PAC\n"));
+		return status;
+	}
+	NDR_PRINT_DEBUG(PAC_DATA, &pac_data);
 
 	/* verify by servie_key */
 	status = gensec_krb5_pac_checksum(tmp_blob, &srv_sig, gensec_krb5_state, 0);
diff --git a/source4/librpc/idl/krb5pac.idl b/source4/librpc/idl/krb5pac.idl
index 6c2bad4590..3ebac2b1f2 100644
--- a/source4/librpc/idl/krb5pac.idl
+++ b/source4/librpc/idl/krb5pac.idl
@@ -19,7 +19,7 @@ interface krb5pac
 
 	typedef [flag(NDR_PAHEX)] struct {
 		uint32 type;
-		uint8 signature[16];
+		uint8 signature[20];
 	} PAC_SIGNATURE_DATA;
 
 	typedef struct {
@@ -33,9 +33,9 @@ interface krb5pac
 	} EXTRA_SIDS;
 
 	typedef struct {
-		uint16 size;
-		uint16 length;
-		unistr_noterm *string;
+		[value(strlen_m(r->string)*2)]	uint16 size;
+		[value(r->size)]		uint16 length;
+		unistr_noterm			*string;
 	} pac_String;
 
 	/* This is awfully similar to a samr_user_info_23, but not identical.
author	Stefan Metzmacher <metze@samba.org>	2004-08-12 21:15:35 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:57:56 -0500
commit	2a574e22453161b8aa9578a6b512e05e5f7720a3 (patch)
tree	03b009e8197f7dff2e324ac5246c6723194af865 /source4
parent	daa7c984096fb3513a458a0637fdfc0c00ee9fb9 (diff)
download	samba-2a574e22453161b8aa9578a6b512e05e5f7720a3.tar.gz samba-2a574e22453161b8aa9578a6b512e05e5f7720a3.tar.bz2 samba-2a574e22453161b8aa9578a6b512e05e5f7720a3.zip