From 2fffc8ac28634b531980759fabb68a0298e81676 Mon Sep 17 00:00:00 2001
From: root <root@vpn.gehrkens.it>
Date: Sun, 16 Aug 2015 21:11:57 +0200
Subject: [PATCH 1/4] Implement PAC structures in IDL.

Implement the required PAC structures for PAC_CREDENTIAL_INFO in the
Kerberos 5 PAC helper implementation file.
---
 librpc/idl/krb5pac.idl | 45 ++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 42 insertions(+), 3 deletions(-)

diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
index 8a6540c..bfd62c5 100644
--- a/librpc/idl/krb5pac.idl
+++ b/librpc/idl/krb5pac.idl
@@ -14,13 +14,36 @@ import "security.idl", "lsa.idl", "netlogon.idl", "samr.idl";
 ]
 interface krb5pac
 {
+	typedef [public, bitmap32bit] bitmap {
+		PAC_CREDENTIAL_NTLM_HAS_LMPWD = 0x00000001,
+		PAC_CREDENTIAL_NTLM_HAS_NTPWD = 0x00000002
+	} PAC_CREDENTIAL_NTLM_FLAGS;
+
+	typedef [public] struct {
+		[value(0)] uint32 version;
+		PAC_CREDENTIAL_NTLM_FLAGS flags;
+		[noprint] samr_Password lmpwd;
+		[noprint] samr_Password ntpwd;
+	} PAC_CREDENTIAL_NTLM_SECPKG;
+
+	typedef [public] struct {
+		lsa_String pkgname;
+		uint32 size;
+		[size_is(size), noprint] uint8 *data;
+	} PAC_CREDENTIAL_SECPKG;
+
+	typedef [public] struct {
+		uint32 count;
+		[size_is(count)] PAC_CREDENTIAL_SECPKG credentials[*];
+	} PAC_CREDENTIAL_DATA;
+
 	typedef struct {
 		NTTIME logon_time;
 		[value(2*strlen_m(account_name))] uint16 size;
 		[charset(UTF16)] uint8 account_name[size];
 	} PAC_LOGON_NAME;
 
-	typedef [public,flag(NDR_PAHEX)] struct {
+	typedef [public, flag(NDR_PAHEX)] struct {
 		uint32 type;
 		[flag(NDR_REMAINING)] DATA_BLOB signature;
 	} PAC_SIGNATURE_DATA;
@@ -31,6 +54,20 @@ interface krb5pac
 		samr_RidWithAttributeArray res_groups;
 	} PAC_LOGON_INFO;
 
+	typedef [public, v1_enum] enum {
+		PAC_CREDENTIAL_ENC_DES_CBC_CRC = 1,
+		PAC_CREDENTIAL_ENC_DES_CBC_MD5 = 3,
+		PAC_CREDENTIAL_ENC_AES128_CTS_HMAC_SHA1_96 = 17,
+		PAC_CREDENTIAL_ENC_AES256_CTS_HMAC_SHA1_96 = 18,
+		PAC_CREDENTIAL_ENC_RC4_HMAC = 23
+	} PAC_CREDENTIAL_ENCTYPE;
+
+	typedef [public] struct {
+		[value(0)] uint32 version;
+		PAC_CREDENTIAL_ENCTYPE enctype;
+		[flag(NDR_REMAINING)] DATA_BLOB data;
+	} PAC_CREDENTIAL_INFO;
+
 	typedef struct {
 		lsa_String proxy_target;
 		uint32 num_transited_services;
@@ -60,6 +97,7 @@ interface krb5pac
 
 	typedef [public,v1_enum] enum {
 		PAC_TYPE_LOGON_INFO = 1,
+		PAC_TYPE_CREDENTIAL_INFO = 2,
 		PAC_TYPE_SRV_CHECKSUM = 6,
 		PAC_TYPE_KDC_CHECKSUM = 7,
 		PAC_TYPE_LOGON_NAME = 10,
@@ -71,8 +109,9 @@ interface krb5pac
 		[flag(NDR_REMAINING)] DATA_BLOB remaining;
 	} DATA_BLOB_REM;
 
-	typedef [public,nodiscriminant,gensize] union {
+	typedef [public, nodiscriminant, gensize] union {
 		[case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
+		[case(PAC_TYPE_CREDENTIAL_INFO)]	PAC_CREDENTIAL_INFO credential_info;
 		[case(PAC_TYPE_SRV_CHECKSUM)]	PAC_SIGNATURE_DATA srv_cksum;
 		[case(PAC_TYPE_KDC_CHECKSUM)]	PAC_SIGNATURE_DATA kdc_cksum;
 		[case(PAC_TYPE_LOGON_NAME)]	PAC_LOGON_NAME logon_name;
@@ -86,7 +125,7 @@ interface krb5pac
 		/* [case(PAC_TYPE_UNKNOWN_12)]	PAC_UNKNOWN_12 unknown; */
 	} PAC_INFO;
 
-	typedef [public,nopush,nopull,noprint] struct {
+	typedef [public, nopush, nopull, noprint] struct {
 		PAC_TYPE type;
 		[value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
 		[relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr->flags)),flag(NDR_ALIGN8)] PAC_INFO *info;
-- 
2.1.4