The Samba-Bugzilla – Attachment 11337 Details for
Bug 11441
Smart Card Logins break client-side DPAPI (among others)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Implement PAC_CREDENTIAL_* structures.
0001-Implement-PAC-structures-in-IDL.patch (text/plain), 3.42 KB, created by
Heiko Wundram
on 2015-08-16 19:51:39 UTC
(
hide
)
Description:
Implement PAC_CREDENTIAL_* structures.
Filename:
MIME Type:
Creator:
Heiko Wundram
Created:
2015-08-16 19:51:39 UTC
Size:
3.42 KB
patch
obsolete
>From 2fffc8ac28634b531980759fabb68a0298e81676 Mon Sep 17 00:00:00 2001 >From: root <root@vpn.gehrkens.it> >Date: Sun, 16 Aug 2015 21:11:57 +0200 >Subject: [PATCH 1/4] Implement PAC structures in IDL. > >Implement the required PAC structures for PAC_CREDENTIAL_INFO in the >Kerberos 5 PAC helper implementation file. >--- > librpc/idl/krb5pac.idl | 45 ++++++++++++++++++++++++++++++++++++++++++--- > 1 file changed, 42 insertions(+), 3 deletions(-) > >diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl >index 8a6540c..bfd62c5 100644 >--- a/librpc/idl/krb5pac.idl >+++ b/librpc/idl/krb5pac.idl >@@ -14,13 +14,36 @@ import "security.idl", "lsa.idl", "netlogon.idl", "samr.idl"; > ] > interface krb5pac > { >+ typedef [public, bitmap32bit] bitmap { >+ PAC_CREDENTIAL_NTLM_HAS_LMPWD = 0x00000001, >+ PAC_CREDENTIAL_NTLM_HAS_NTPWD = 0x00000002 >+ } PAC_CREDENTIAL_NTLM_FLAGS; >+ >+ typedef [public] struct { >+ [value(0)] uint32 version; >+ PAC_CREDENTIAL_NTLM_FLAGS flags; >+ [noprint] samr_Password lmpwd; >+ [noprint] samr_Password ntpwd; >+ } PAC_CREDENTIAL_NTLM_SECPKG; >+ >+ typedef [public] struct { >+ lsa_String pkgname; >+ uint32 size; >+ [size_is(size), noprint] uint8 *data; >+ } PAC_CREDENTIAL_SECPKG; >+ >+ typedef [public] struct { >+ uint32 count; >+ [size_is(count)] PAC_CREDENTIAL_SECPKG credentials[*]; >+ } PAC_CREDENTIAL_DATA; >+ > typedef struct { > NTTIME logon_time; > [value(2*strlen_m(account_name))] uint16 size; > [charset(UTF16)] uint8 account_name[size]; > } PAC_LOGON_NAME; > >- typedef [public,flag(NDR_PAHEX)] struct { >+ typedef [public, flag(NDR_PAHEX)] struct { > uint32 type; > [flag(NDR_REMAINING)] DATA_BLOB signature; > } PAC_SIGNATURE_DATA; >@@ -31,6 +54,20 @@ interface krb5pac > samr_RidWithAttributeArray res_groups; > } PAC_LOGON_INFO; > >+ typedef [public, v1_enum] enum { >+ PAC_CREDENTIAL_ENC_DES_CBC_CRC = 1, >+ PAC_CREDENTIAL_ENC_DES_CBC_MD5 = 3, >+ PAC_CREDENTIAL_ENC_AES128_CTS_HMAC_SHA1_96 = 17, >+ PAC_CREDENTIAL_ENC_AES256_CTS_HMAC_SHA1_96 = 18, >+ PAC_CREDENTIAL_ENC_RC4_HMAC = 23 >+ } PAC_CREDENTIAL_ENCTYPE; >+ >+ typedef [public] struct { >+ [value(0)] uint32 version; >+ PAC_CREDENTIAL_ENCTYPE enctype; >+ [flag(NDR_REMAINING)] DATA_BLOB data; >+ } PAC_CREDENTIAL_INFO; >+ > typedef struct { > lsa_String proxy_target; > uint32 num_transited_services; >@@ -60,6 +97,7 @@ interface krb5pac > > typedef [public,v1_enum] enum { > PAC_TYPE_LOGON_INFO = 1, >+ PAC_TYPE_CREDENTIAL_INFO = 2, > PAC_TYPE_SRV_CHECKSUM = 6, > PAC_TYPE_KDC_CHECKSUM = 7, > PAC_TYPE_LOGON_NAME = 10, >@@ -71,8 +109,9 @@ interface krb5pac > [flag(NDR_REMAINING)] DATA_BLOB remaining; > } DATA_BLOB_REM; > >- typedef [public,nodiscriminant,gensize] union { >+ typedef [public, nodiscriminant, gensize] union { > [case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info; >+ [case(PAC_TYPE_CREDENTIAL_INFO)] PAC_CREDENTIAL_INFO credential_info; > [case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum; > [case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum; > [case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name; >@@ -86,7 +125,7 @@ interface krb5pac > /* [case(PAC_TYPE_UNKNOWN_12)] PAC_UNKNOWN_12 unknown; */ > } PAC_INFO; > >- typedef [public,nopush,nopull,noprint] struct { >+ typedef [public, nopush, nopull, noprint] struct { > PAC_TYPE type; > [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size; > [relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr->flags)),flag(NDR_ALIGN8)] PAC_INFO *info; >-- >2.1.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 11441
: 11337 |
11338
|
11339
|
11340