2 files changed, 61 insertions, 16 deletions

diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl
index f8cbdac8c5..adfc010237 100644
--- a/source4/librpc/idl/drsblobs.idl
+++ b/source4/librpc/idl/drsblobs.idl
@@ -205,7 +205,7 @@ interface drsblobs {
 	typedef struct {
 		[value(2*strlen_m(name))] uint16 name_len;
 		[value(strlen(data))] uint16 data_len;
-		uint16 unknown1; /* 2 for name = 'Packages', 1 for name = 'Primary:*' */
+		uint16 reserved; /* 2 for 'Packages', 1 for 'Primary:*', but should be ignored */
 		[charset(UTF16)] uint8 name[name_len];
 		/* 
 		 * the data field contains data as HEX strings
@@ -215,6 +215,9 @@ interface drsblobs {
 		 *   as non termiated UTF16 strings with
 		 *   a UTF16 NULL byte as separator
 		 *
+		 * 'Primary:Kerberos-Newer-Keys':
+		 *    ...
+		 *
 		 * 'Primary:Kerberos':
 		 *    ...
 		 *
@@ -228,11 +231,16 @@ interface drsblobs {
 		[charset(DOS)] uint8 data[data_len];
 	} supplementalCredentialsPackage;
 
-	/* this are 0x30 (48) whitespaces (0x20) followed by 'P' (0x50) */
-	const string SUPPLEMENTAL_CREDENTIALS_PREFIX = "                                                P";
+	/* this are 0x30 (48) whitespaces (0x20) */
+	const string SUPPLEMENTAL_CREDENTIALS_PREFIX = "                                                ";
+
+	typedef [flag(NDR_PAHEX)] enum {
+		SUPPLEMENTAL_CREDENTIALS_SIGNATURE = 0x0050
+	} supplementalCredentialsSignature;
 
 	typedef [gensize] struct {
-		[value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x31];
+		[value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x30];
+		[value(SUPPLEMENTAL_CREDENTIALS_SIGNATURE)] supplementalCredentialsSignature signature;
 		uint16 num_packages;
 		supplementalCredentialsPackage packages[num_packages];
 	} supplementalCredentialsSubBlob;
@@ -264,31 +272,58 @@ interface drsblobs {
 	} package_PrimaryKerberosString;
 
 	typedef struct {
+		[value(0)] uint16 reserved1;
+		[value(0)] uint16 reserved2;
+		[value(0)] uint32 reserved3;
 		uint32 keytype;
 		[value((value?value->length:0))] uint32 value_len;
 		[relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
-		[value(0)] uint32 unknown1;
-		[value(0)] uint32 unknown2;
-	} package_PrimaryKerberosKey;
+	} package_PrimaryKerberosKey3;
 
 	typedef struct {
 		uint16 num_keys;
 		uint16 num_old_keys;
 		package_PrimaryKerberosString salt;
-		[value(0)] uint32 unknown1;
-		[value(0)] uint32 unknown2;
-		package_PrimaryKerberosKey keys[num_keys];
-		package_PrimaryKerberosKey old_keys[num_old_keys];
-		udlong unknown3[num_keys];
-		udlong unknown3_old[num_old_keys];
+		package_PrimaryKerberosKey3 keys[num_keys];
+		package_PrimaryKerberosKey3 old_keys[num_old_keys];
+		[value(0)] uint32 padding1;
+		[value(0)] uint32 padding2;
+		[value(0)] uint32 padding3;
+		[value(0)] uint32 padding4;
+		[value(0)] uint32 padding5;
 	} package_PrimaryKerberosCtr3;
 
+	typedef struct {
+		[value(0)] uint16 reserved1;
+		[value(0)] uint16 reserved2;
+		[value(0)] uint32 reserved3;
+		uint32 iteration_count;
+		uint32 keytype;
+		[value((value?value->length:0))] uint32 value_len;
+		[relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
+	} package_PrimaryKerberosKey4;
+
+	typedef struct {
+		uint16 num_keys;
+		[value(0)] uint16 num_service_keys;
+		uint16 num_old_keys;
+		uint16 num_older_keys;
+		package_PrimaryKerberosString salt;
+		uint32 default_iteration_count;
+		package_PrimaryKerberosKey4 keys[num_keys];
+		package_PrimaryKerberosKey4 service_keys[num_service_keys];
+		package_PrimaryKerberosKey4 old_keys[num_old_keys];
+		package_PrimaryKerberosKey4 older_keys[num_older_keys];
+	} package_PrimaryKerberosCtr4;
+
 	typedef [nodiscriminant] union {
 		[case(3)] package_PrimaryKerberosCtr3 ctr3;
+		[case(4)] package_PrimaryKerberosCtr4 ctr4;
 	} package_PrimaryKerberosCtr;
 
 	typedef [public] struct {
-		[value(3)] uint32 version;
+		uint16 version;
+		[value(0)] uint16 flags;
 		[switch_is(version)] package_PrimaryKerberosCtr ctr;
 	} package_PrimaryKerberosBlob;
 
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 71c6d5f2cc..32646e85b0 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -647,11 +647,21 @@ NTSTATUS dcerpc_generic_session_key(struct dcerpc_connection *c,
 
 /*
   fetch the user session key - may be default (above) or the SMB session key
+
+  The key is always truncated to 16 bytes 
 */
 _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
-				  DATA_BLOB *session_key)
+					   DATA_BLOB *session_key)
 {
-	return p->conn->security_state.session_key(p->conn, session_key);
+	NTSTATUS status;
+	status = p->conn->security_state.session_key(p->conn, session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	session_key->length = MIN(session_key->length, 16);
+
+	return NT_STATUS_OK;
 }