CVE-2020-25719 krb5pac.idl: Add PAC_ATTRIBUTES_INFO PAC buffer type

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 13 insertions, 1 deletions

diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
index ed488dee425..11e227026f6 100644
--- a/librpc/idl/krb5pac.idl
+++ b/librpc/idl/krb5pac.idl
@@ -111,6 +111,16 @@ interface krb5pac
 		[switch_is(flags & PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID)] PAC_UPN_DNS_INFO_EX ex;
 	} PAC_UPN_DNS_INFO;
 
+	typedef [bitmap32bit] bitmap {
+		PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED = 0x00000001,
+		PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY = 0x00000002
+	} PAC_ATTRIBUTE_INFO_FLAGS;
+
+	typedef struct {
+		uint32 flags_length; /* length in bits */
+		PAC_ATTRIBUTE_INFO_FLAGS flags;
+	} PAC_ATTRIBUTES_INFO;
+
 	typedef [public] struct {
 		PAC_LOGON_INFO *info;
 	} PAC_LOGON_INFO_CTR;
@@ -130,7 +140,8 @@ interface krb5pac
 		PAC_TYPE_CLIENT_CLAIMS_INFO = 13,
 		PAC_TYPE_DEVICE_INFO = 14,
 		PAC_TYPE_DEVICE_CLAIMS_INFO = 15,
-		PAC_TYPE_TICKET_CHECKSUM = 16
+		PAC_TYPE_TICKET_CHECKSUM = 16,
+		PAC_TYPE_ATTRIBUTES_INFO = 17
 	} PAC_TYPE;
 
 	typedef struct {
@@ -147,6 +158,7 @@ interface krb5pac
 			PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
 		[case(PAC_TYPE_UPN_DNS_INFO)]	PAC_UPN_DNS_INFO upn_dns_info;
 		[case(PAC_TYPE_TICKET_CHECKSUM)]	PAC_SIGNATURE_DATA ticket_checksum;
+		[case(PAC_TYPE_ATTRIBUTES_INFO)]	PAC_ATTRIBUTES_INFO attributes_info;
 		/* when new PAC info types are added they are supposed to be done
 		   in such a way that they are backwards compatible with existing
 		   servers. This makes it safe to just use a [default] for