From f5ae39548b9f9b5f87a79530e5c2ee4c682a12fe Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 19 Dec 2023 09:53:50 +1300
Subject: [PATCH] =?utf8?q?gkdi.idl:=20Add=20=E2=80=98additional=5Finfo?=
 =?utf8?q?=E2=80=99=20field=20to=20KeyEnvelope=20structure?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 librpc/idl/gkdi.idl            | 8 +++++++-
 python/samba/tests/ndr/gkdi.py | 6 ++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/librpc/idl/gkdi.idl b/librpc/idl/gkdi.idl
index db45df2613b..29769919d46 100644
--- a/librpc/idl/gkdi.idl
+++ b/librpc/idl/gkdi.idl
@@ -42,9 +42,15 @@ interface gkdi
 		[range(0, 31)] uint32 l1_index;
 		[range(0, 31)] uint32 l2_index;
 		GUID root_key_id;
-		uint32 unknown; /* This might be the length of a key that is rarely or never present. */
+		uint32 additional_info_len;
 		[value(2 * ndr_charset_length(domain_name, CH_UTF16))] uint32 domain_name_len;
 		[value(2 * ndr_charset_length(forest_name, CH_UTF16))] uint32 forest_name_len;
+		/*
+		 * https://lists.samba.org/archive/cifs-protocol/2023-December/004170.html
+		 * This is the public key blob of an ephemeral public key used in secret
+		 * agreement, or a random number used in deriving a symmetric key.
+		 */
+		[flag(NDR_SECRET)] uint8 additional_info[additional_info_len];
 		nstring domain_name; /* DNS name of the domain which generated the key. */
 		nstring forest_name; /* DNS name of the forest which generated the key. */
 	} KeyEnvelope;
diff --git a/python/samba/tests/ndr/gkdi.py b/python/samba/tests/ndr/gkdi.py
index 58e3ce8c376..a02a99fb492 100755
--- a/python/samba/tests/ndr/gkdi.py
+++ b/python/samba/tests/ndr/gkdi.py
@@ -62,7 +62,8 @@ class KeyEnvelopeTests(samba.tests.TestCase):
 
         self.assertEqual(self.root_key_id, envelope.root_key_id)
 
-        self.assertEqual(0, envelope.unknown)
+        self.assertEqual(0, envelope.additional_info_len)
+        self.assertFalse(envelope.additional_info)
 
         self.assertEqual(self.domain_name, envelope.domain_name)
         self.assertEqual(utf16_encoded_len(self.domain_name), envelope.domain_name_len)
@@ -84,7 +85,8 @@ class KeyEnvelopeTests(samba.tests.TestCase):
 
         envelope.root_key_id = self.root_key_id
 
-        envelope.unknown = 0
+        envelope.additional_info = []
+        envelope.additional_info_len = 0
 
         envelope.domain_name = self.domain_name
         envelope.forest_name = self.forest_name
-- 
2.11.4.GIT