From a4105f94f930bd46f80ffec218bb2a57548b2b11 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 18 Nov 2024 19:50:22 +0100
Subject: [PATCH] libcli/auth: let netlogon_creds_crypt_samlogon_validation
 handle generic info

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 libcli/auth/credentials.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index cdf591ec28c..a6770d87cf8 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -875,6 +875,33 @@ static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_C
 			base = &validation->sam3->base;
 		}
 		break;
+	case 5:
+		/* NetlogonValidationGenericInfo2 */
+		if (validation->generic != NULL &&
+		    validation->generic->length == 0)
+		{
+			/*
+			 * For "Kerberos"
+			 * KERB_VERIFY_PAC_REQUEST there's
+			 * not response, so there's nothing
+			 * to encrypt.
+			 */
+			return NT_STATUS_OK;
+		}
+
+		/*
+		 * We don't know if encryption is
+		 * required or not yet.
+		 *
+		 * We would have to do tests
+		 * with DIGEST_VALIDATION_RESP
+		 *
+		 * But as we don't support that
+		 * yet, we just return an error
+		 * for now.
+		 */
+		log_stack_trace();
+		return NT_STATUS_INTERNAL_ERROR;
 	case 6:
 		if (validation->sam6) {
 			base = &validation->sam6->base;
-- 
2.47.3