ok...

author Stefan Metzmacher <metze@samba.org>

Fri, 19 Feb 2016 23:01:08 +0000 (00:01 +0100)

committer Stefan Metzmacher <metze@samba.org>

Fri, 19 Feb 2016 23:01:08 +0000 (00:01 +0100)
author Stefan Metzmacher <metze@samba.org>
Fri, 19 Feb 2016 23:01:08 +0000 (00:01 +0100)
committer Stefan Metzmacher <metze@samba.org>
Fri, 19 Feb 2016 23:01:08 +0000 (00:01 +0100)
diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl

index 8662fc2a2364546d0954a4a72bd343e98b70b2ff..d1e23db77454676c918e9238e89aafc0507af586 100644 (file)
--- a/librpc/idl/krb5pac.idl
+++ b/librpc/idl/krb5pac.idl
@@ -37,6 +37,14 @@ interface krb5pac
                 [size_is(count)] PAC_CREDENTIAL_SECPKG credentials[*];
         } PAC_CREDENTIAL_DATA;
  
+       typedef [public] struct {
+               PAC_CREDENTIAL_DATA *data;
+       } PAC_CREDENTIAL_DATA_CTR;
+
+       typedef [public] struct {
+               [subcontext(0xFFFFFC01)] PAC_CREDENTIAL_DATA_CTR ctr;
+       } PAC_CREDENTIAL_DATA_NDR;
+
         typedef struct {
                 NTTIME logon_time;
                 [value(2*strlen_m(account_name))] uint16 size;
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c

index dfe57233bdbb161c9b1de98818216368ba4c097f..c23f25b4a8904c898845d1c6b535ea3f92784bd7 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -115,7 +115,9 @@ NTSTATUS samba_get_logon_info_pac_cred_blob(TALLOC_CTX *mem_ctx,
          * can create the appropriate passwords for NTLM authentication without
          * knowing them. */
         if (cred_data && info->passwords->flags) {
-               //NDR_PRINT_DEBUG(PAC_CREDENTIAL_NTLM_SECPKG, info->passwords);
+               struct PAC_CREDENTIAL_DATA_NDR data_ndr;
+
+               NDR_PRINT_DEBUG(PAC_CREDENTIAL_NTLM_SECPKG, info->passwords);
  
                 ndr_err = ndr_push_struct_blob(&ntlm_secpkg, mem_ctx, info->passwords,
                                 (ndr_push_flags_fn_t)ndr_push_PAC_CREDENTIAL_NTLM_SECPKG);
@@ -126,6 +128,10 @@ NTSTATUS samba_get_logon_info_pac_cred_blob(TALLOC_CTX *mem_ctx,
                         return nt_status;
                 }
  
+               DEBUG(2, ("NTLM credential BLOB (len %zu) for user\n",
+                               ntlm_secpkg.length));
+               dump_data(0, ntlm_secpkg.data, ntlm_secpkg.length);
+
                 ZERO_STRUCT(pac_cred_data);
  
                 pac_cred_data.count = 1;
@@ -138,17 +144,20 @@ NTSTATUS samba_get_logon_info_pac_cred_blob(TALLOC_CTX *mem_ctx,
                 pac_cred_data.credentials->size = ntlm_secpkg.length;
                 pac_cred_data.credentials->data = ntlm_secpkg.data;
  
-               //NDR_PRINT_DEBUG(PAC_CREDENTIAL_DATA, &pac_cred_data);
+               NDR_PRINT_DEBUG(PAC_CREDENTIAL_DATA, &pac_cred_data);
+
+               data_ndr.ctr.data = &pac_cred_data;
  
-               ndr_err = ndr_push_struct_blob(cred_data, mem_ctx, &pac_cred_data,
-                               (ndr_push_flags_fn_t)ndr_push_PAC_CREDENTIAL_DATA);
+               NDR_PRINT_DEBUG(PAC_CREDENTIAL_DATA_NDR, &data_ndr);
+
+               ndr_err = ndr_push_struct_blob(cred_data, mem_ctx, &data_ndr,
+                               (ndr_push_flags_fn_t)ndr_push_PAC_CREDENTIAL_DATA_NDR);
                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                         nt_status = ndr_map_error2ntstatus(ndr_err);
                         DEBUG(1, ("PAC (presig cred pkg) push failed: %s\n",
                                         nt_errstr(nt_status)));
                         return nt_status;
                 }
-
                 DEBUG(2, ("Created credential BLOB (len %zu) for user\n",
                                 cred_data->length));
         } else if (cred_data) {
@@ -242,6 +251,9 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
                         return ret;
                 }
  
+               DEBUG(2, ("Plain cred_blob (len %zu)\n",
+                               cred_blob->length));
+               dump_data(0, cred_blob->data, cred_blob->length);
                 ret = krb5_encrypt(context, cred_crypto, KRB5_KU_OTHER_ENCRYPTED,
                                 cred_blob->data, cred_blob->length, &cred_crypt_data);
                 krb5_crypto_destroy(context, cred_crypto);
@@ -260,7 +272,7 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
                 pac_cred_info.data.length = cred_crypt_data.length;
                 pac_cred_info.data.data = (uint8_t *)cred_crypt_data.data;
  
-               //NDR_PRINT_DEBUG(PAC_CREDENTIAL_INFO, &pac_cred_info);
+               NDR_PRINT_DEBUG(PAC_CREDENTIAL_INFO, &pac_cred_info);
  
                 ndr_err = ndr_push_struct_blob(&cred_info_blob, mem_ctx, &pac_cred_info,
                                 (ndr_push_flags_fn_t)ndr_push_PAC_CREDENTIAL_INFO);
@@ -276,7 +288,7 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
  
                 DEBUG(2, ("Encrypted credential BLOB (len %zu) with alg %d\n",
                                 cred_info_blob.length, (int)pac_cred_info.enctype));
-
+               dump_data(0, cred_info_blob.data, cred_info_blob.length);
                 ret = krb5_copy_data_contents(&cred_data,
                                               cred_info_blob.data,
                                               cred_info_blob.length);
author	Stefan Metzmacher <metze@samba.org>
	Fri, 19 Feb 2016 23:01:08 +0000 (00:01 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Fri, 19 Feb 2016 23:01:08 +0000 (00:01 +0100)
librpc/idl/krb5pac.idl		patch \| blob \| history
source4/kdc/pac-glue.c		patch \| blob \| history