diff options
| -rw-r--r-- | source4/libcli/auth/gensec_krb5.c | 40 | ||||
| -rw-r--r-- | source4/librpc/idl/krb5pac.idl | 8 |
2 files changed, 34 insertions, 14 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c index 18053b5ded..0effed2198 100644 --- a/source4/libcli/auth/gensec_krb5.c +++ b/source4/libcli/auth/gensec_krb5.c @@ -50,7 +50,7 @@ struct gensec_krb5_state { static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data, struct PAC_SIGNATURE_DATA *sig, struct gensec_krb5_state *gensec_krb5_state, - uint32 cksum_type) + uint32 keyusage) { krb5_error_code ret; krb5_crypto crypto; @@ -63,20 +63,27 @@ static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data, ret = krb5_crypto_init(gensec_krb5_state->krb5_context, &gensec_krb5_state->krb5_keyblock, - cksum_type, + 0, &crypto); if (ret) { DEBUG(0,("krb5_crypto_init() failed\n")); return NT_STATUS_FOOBAR; } - +{ +int i; +for (i=0; i < 40; i++) { + keyusage = i; ret = krb5_verify_checksum(gensec_krb5_state->krb5_context, crypto, - cksum_type, + keyusage, pac_data.data, pac_data.length, &cksum); - + if (!ret) { + DEBUG(0,("PAC Verified: keyusage: %d\n", keyusage)); + break; + } +}} krb5_crypto_destroy(gensec_krb5_state->krb5_context, crypto); if (ret) { @@ -89,7 +96,7 @@ static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data, return NT_STATUS_OK; } -NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx, +static NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx, struct PAC_LOGON_INFO *logon_info_out, DATA_BLOB blob, struct gensec_krb5_state *gensec_krb5_state) @@ -101,7 +108,7 @@ NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx, struct PAC_SIGNATURE_DATA *kdc_sig_ptr; struct PAC_LOGON_INFO *logon_info = NULL; struct PAC_DATA pac_data; - DATA_BLOB tmp_blob; + DATA_BLOB tmp_blob = data_blob(NULL, 0); int i; status = ndr_pull_struct_blob(&blob, mem_ctx, &pac_data, @@ -110,7 +117,6 @@ NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx, DEBUG(0,("can't parse the PAC\n")); return status; } - NDR_PRINT_DEBUG(PAC_DATA, &pac_data); if (pac_data.num_buffers < 3) { @@ -164,13 +170,20 @@ NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx, } /* clear the kdc_key */ - memset((void *)kdc_sig_ptr , '\0', sizeof(*kdc_sig_ptr)); +/* memset((void *)kdc_sig_ptr , '\0', sizeof(*kdc_sig_ptr));*/ status = ndr_push_struct_blob(&tmp_blob, mem_ctx, &pac_data, (ndr_push_flags_fn_t)ndr_push_PAC_DATA); if (!NT_STATUS_IS_OK(status)) { return status; } + status = ndr_pull_struct_blob(&tmp_blob, mem_ctx, &pac_data, + (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("can't parse the PAC\n")); + return status; + } + /*NDR_PRINT_DEBUG(PAC_DATA, &pac_data);*/ /* verify by kdc_key */ status = gensec_krb5_pac_checksum(tmp_blob, &kdc_sig, gensec_krb5_state, 0); @@ -180,13 +193,20 @@ NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx, } /* clear the service_key */ - memset((void *)srv_sig_ptr , '\0', sizeof(*srv_sig_ptr)); +/* memset((void *)srv_sig_ptr , '\0', sizeof(*srv_sig_ptr));*/ status = ndr_push_struct_blob(&tmp_blob, mem_ctx, &pac_data, (ndr_push_flags_fn_t)ndr_push_PAC_DATA); if (!NT_STATUS_IS_OK(status)) { return status; } + status = ndr_pull_struct_blob(&tmp_blob, mem_ctx, &pac_data, + (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("can't parse the PAC\n")); + return status; + } + NDR_PRINT_DEBUG(PAC_DATA, &pac_data); /* verify by servie_key */ status = gensec_krb5_pac_checksum(tmp_blob, &srv_sig, gensec_krb5_state, 0); diff --git a/source4/librpc/idl/krb5pac.idl b/source4/librpc/idl/krb5pac.idl index 6c2bad4590..3ebac2b1f2 100644 --- a/source4/librpc/idl/krb5pac.idl +++ b/source4/librpc/idl/krb5pac.idl @@ -19,7 +19,7 @@ interface krb5pac typedef [flag(NDR_PAHEX)] struct { uint32 type; - uint8 signature[16]; + uint8 signature[20]; } PAC_SIGNATURE_DATA; typedef struct { @@ -33,9 +33,9 @@ interface krb5pac } EXTRA_SIDS; typedef struct { - uint16 size; - uint16 length; - unistr_noterm *string; + [value(strlen_m(r->string)*2)] uint16 size; + [value(r->size)] uint16 length; + unistr_noterm *string; } pac_String; /* This is awfully similar to a samr_user_info_23, but not identical. |