From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 18 Nov 2024 18:50:22 +0000 (+0100)
Subject: libcli/auth: let netlogon_creds_crypt_samlogon_validation handle generic info
X-Git-Tag: tdb-1.4.13~384
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a4105f94f930bd46f80ffec218bb2a57548b2b11;p=thirdparty%2Fsamba.git

libcli/auth: let netlogon_creds_crypt_samlogon_validation handle generic info

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index cdf591ec28c..a6770d87cf8 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -875,6 +875,33 @@ static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_C
 			base = &validation->sam3->base;
 		}
 		break;
+	case 5:
+		/* NetlogonValidationGenericInfo2 */
+		if (validation->generic != NULL &&
+		    validation->generic->length == 0)
+		{
+			/*
+			 * For "Kerberos"
+			 * KERB_VERIFY_PAC_REQUEST there's
+			 * not response, so there's nothing
+			 * to encrypt.
+			 */
+			return NT_STATUS_OK;
+		}
+
+		/*
+		 * We don't know if encryption is
+		 * required or not yet.
+		 *
+		 * We would have to do tests
+		 * with DIGEST_VALIDATION_RESP
+		 *
+		 * But as we don't support that
+		 * yet, we just return an error
+		 * for now.
+		 */
+		log_stack_trace();
+		return NT_STATUS_INTERNAL_ERROR;
 	case 6:
 		if (validation->sam6) {
 			base = &validation->sam6->base;