KerbValidationInfo using ndr decoder

pac/kerb_validation_info.go

@@ -2,11 +2,11 @@
 package pac
 
 import (
-	"errors"
+	"bytes"
 	"fmt"
 
-	"gopkg.in/jcmturner/gokrb5.v5/mstypes"
-	"gopkg.in/jcmturner/rpc.v0/ndr"
+	"gopkg.in/jcmturner/rpc.v1/mstypes"
+	"gopkg.in/jcmturner/rpc.v1/ndr"
 )
 
 // KERB_VALIDATION_INFO flags.
@@ -32,256 +32,75 @@ const (
 // It is a subset due to historical reasons and to the use of the common Active Directory to generate this information.
 // The KERB_VALIDATION_INFO structure is marshaled by RPC [MS-RPCE].
 type KerbValidationInfo struct {
-	LogOnTime               mstypes.FileTime
-	LogOffTime              mstypes.FileTime
-	KickOffTime             mstypes.FileTime
-	PasswordLastSet         mstypes.FileTime
-	PasswordCanChange       mstypes.FileTime
-	PasswordMustChange      mstypes.FileTime
-	EffectiveName           mstypes.RPCUnicodeString
-	FullName                mstypes.RPCUnicodeString
-	LogonScript             mstypes.RPCUnicodeString
-	ProfilePath             mstypes.RPCUnicodeString
-	HomeDirectory           mstypes.RPCUnicodeString
-	HomeDirectoryDrive      mstypes.RPCUnicodeString
-	LogonCount              uint16
-	BadPasswordCount        uint16
-	UserID                  uint32
-	PrimaryGroupID          uint32
-	GroupCount              uint32
-	pGroupIDs               uint32
-	GroupIDs                []mstypes.GroupMembership
-	UserFlags               uint32
-	UserSessionKey          mstypes.UserSessionKey
-	LogonServer             mstypes.RPCUnicodeString
-	LogonDomainName         mstypes.RPCUnicodeString
-	pLogonDomainID          uint32
-	LogonDomainID           mstypes.RPCSID
-	Reserved1               []uint32 // Has 2 elements
-	UserAccountControl      uint32
-	SubAuthStatus           uint32
-	LastSuccessfulILogon    mstypes.FileTime
-	LastFailedILogon        mstypes.FileTime
-	FailedILogonCount       uint32
-	Reserved3               uint32
-	SIDCount                uint32
-	pExtraSIDs              uint32
-	ExtraSIDs               []mstypes.KerbSidAndAttributes
-	pResourceGroupDomainSID uint32
-	ResourceGroupDomainSID  mstypes.RPCSID
-	ResourceGroupCount      uint32
-	pResourceGroupIDs       uint32
-	ResourceGroupIDs        []mstypes.GroupMembership
+	LogOnTime              mstypes.FileTime
+	LogOffTime             mstypes.FileTime
+	KickOffTime            mstypes.FileTime
+	PasswordLastSet        mstypes.FileTime
+	PasswordCanChange      mstypes.FileTime
+	PasswordMustChange     mstypes.FileTime
+	EffectiveName          mstypes.RPCUnicodeString
+	FullName               mstypes.RPCUnicodeString
+	LogonScript            mstypes.RPCUnicodeString
+	ProfilePath            mstypes.RPCUnicodeString
+	HomeDirectory          mstypes.RPCUnicodeString
+	HomeDirectoryDrive     mstypes.RPCUnicodeString
+	LogonCount             uint16
+	BadPasswordCount       uint16
+	UserID                 uint32
+	PrimaryGroupID         uint32
+	GroupCount             uint32
+	GroupIDs               []mstypes.GroupMembership `ndr:"pointer,conformant"`
+	UserFlags              uint32
+	UserSessionKey         mstypes.UserSessionKey
+	LogonServer            mstypes.RPCUnicodeString
+	LogonDomainName        mstypes.RPCUnicodeString
+	LogonDomainID          mstypes.RPCSID `ndr:"pointer"`
+	Reserved1              [2]uint32      // Has 2 elements
+	UserAccountControl     uint32
+	SubAuthStatus          uint32
+	LastSuccessfulILogon   mstypes.FileTime
+	LastFailedILogon       mstypes.FileTime
+	FailedILogonCount      uint32
+	Reserved3              uint32
+	SIDCount               uint32
+	ExtraSIDs              []mstypes.KerbSidAndAttributes `ndr:"pointer,conformant"`
+	ResourceGroupDomainSID mstypes.RPCSID                 `ndr:"pointer"`
+	ResourceGroupCount     uint32
+	ResourceGroupIDs       []mstypes.GroupMembership `ndr:"pointer,conformant"`
 }
 
 // Unmarshal bytes into the DeviceInfo struct
 func (k *KerbValidationInfo) Unmarshal(b []byte) (err error) {
-	ch, _, p, err := ndr.ReadHeaders(&b)
+	dec := ndr.NewDecoder(bytes.NewReader(b))
+	err = dec.Decode(k)
 	if err != nil {
-		return fmt.Errorf("error parsing byte stream headers: %v", err)
+		err = fmt.Errorf("error unmarshaling KerbValidationInfo: %v", err)
 	}
-	e := &ch.Endianness
-
-	//The next 4 bytes are an RPC unique pointer referent. We just skip these
-	p += 4
-
-	k.LogOnTime = mstypes.ReadFileTime(&b, &p, e)
-	k.LogOffTime = mstypes.ReadFileTime(&b, &p, e)
-	k.KickOffTime = mstypes.ReadFileTime(&b, &p, e)
-	k.PasswordLastSet = mstypes.ReadFileTime(&b, &p, e)
-	k.PasswordCanChange = mstypes.ReadFileTime(&b, &p, e)
-	k.PasswordMustChange = mstypes.ReadFileTime(&b, &p, e)
-
-	if k.EffectiveName, err = mstypes.ReadRPCUnicodeString(&b, &p, e); err != nil {
-		return
-	}
-	if k.FullName, err = mstypes.ReadRPCUnicodeString(&b, &p, e); err != nil {
-		return
-	}
-	if k.LogonScript, err = mstypes.ReadRPCUnicodeString(&b, &p, e); err != nil {
-		return
-	}
-	if k.ProfilePath, err = mstypes.ReadRPCUnicodeString(&b, &p, e); err != nil {
-		return
-	}
-	if k.HomeDirectory, err = mstypes.ReadRPCUnicodeString(&b, &p, e); err != nil {
-		return
-	}
-	if k.HomeDirectoryDrive, err = mstypes.ReadRPCUnicodeString(&b, &p, e); err != nil {
-		return
-	}
-
-	k.LogonCount = ndr.ReadUint16(&b, &p, e)
-	k.BadPasswordCount = ndr.ReadUint16(&b, &p, e)
-	k.UserID = ndr.ReadUint32(&b, &p, e)
-	k.PrimaryGroupID = ndr.ReadUint32(&b, &p, e)
-	k.GroupCount = ndr.ReadUint32(&b, &p, e)
-	k.pGroupIDs = ndr.ReadUint32(&b, &p, e)
-
-	k.UserFlags = ndr.ReadUint32(&b, &p, e)
-	k.UserSessionKey = mstypes.ReadUserSessionKey(&b, &p, e)
-
-	if k.LogonServer, err = mstypes.ReadRPCUnicodeString(&b, &p, e); err != nil {
-		return
-	}
-	if k.LogonDomainName, err = mstypes.ReadRPCUnicodeString(&b, &p, e); err != nil {
-		return
-	}
-
-	k.pLogonDomainID = ndr.ReadUint32(&b, &p, e)
-
-	k.Reserved1 = []uint32{
-		ndr.ReadUint32(&b, &p, e),
-		ndr.ReadUint32(&b, &p, e),
-	}
-
-	k.UserAccountControl = ndr.ReadUint32(&b, &p, e)
-	k.SubAuthStatus = ndr.ReadUint32(&b, &p, e)
-	k.LastSuccessfulILogon = mstypes.ReadFileTime(&b, &p, e)
-	k.LastFailedILogon = mstypes.ReadFileTime(&b, &p, e)
-	k.FailedILogonCount = ndr.ReadUint32(&b, &p, e)
-	k.Reserved3 = ndr.ReadUint32(&b, &p, e)
-
-	k.SIDCount = ndr.ReadUint32(&b, &p, e)
-	k.pExtraSIDs = ndr.ReadUint32(&b, &p, e)
-
-	k.pResourceGroupDomainSID = ndr.ReadUint32(&b, &p, e)
-	k.ResourceGroupCount = ndr.ReadUint32(&b, &p, e)
-	k.pResourceGroupIDs = ndr.ReadUint32(&b, &p, e)
-
-	// Populate pointers
-	if err = k.EffectiveName.UnmarshalString(&b, &p, e); err != nil {
-		return
-	}
-	if err = k.FullName.UnmarshalString(&b, &p, e); err != nil {
-		return
-	}
-	if err = k.LogonScript.UnmarshalString(&b, &p, e); err != nil {
-		return
-	}
-	if err = k.ProfilePath.UnmarshalString(&b, &p, e); err != nil {
-		return
-	}
-	if err = k.HomeDirectory.UnmarshalString(&b, &p, e); err != nil {
-		return
-	}
-	if err = k.HomeDirectoryDrive.UnmarshalString(&b, &p, e); err != nil {
-		return
-	}
-	var ah ndr.ConformantArrayHeader
-	if k.GroupCount > 0 {
-		ah, err = ndr.ReadUniDimensionalConformantArrayHeader(&b, &p, e)
-		if err != nil {
-			return
-		}
-		if ah.MaxCount != int(k.GroupCount) {
-			err = errors.New("error with size of group list")
-			return
-		}
-		g := make([]mstypes.GroupMembership, k.GroupCount, k.GroupCount)
-		for i := range g {
-			g[i] = mstypes.ReadGroupMembership(&b, &p, e)
-		}
-		k.GroupIDs = g
-	}
-
-	if err = k.LogonServer.UnmarshalString(&b, &p, e); err != nil {
-		return
-	}
-	if err = k.LogonDomainName.UnmarshalString(&b, &p, e); err != nil {
-		return
-	}
-
-	if k.pLogonDomainID != 0 {
-		k.LogonDomainID, err = mstypes.ReadRPCSID(&b, &p, e)
-		if err != nil {
-			return fmt.Errorf("error reading LogonDomainID: %v", err)
-		}
-	}
-
-	if k.SIDCount > 0 {
-		ah, err = ndr.ReadUniDimensionalConformantArrayHeader(&b, &p, e)
-		if err != nil {
-			return
-		}
-		if ah.MaxCount != int(k.SIDCount) {
-			return fmt.Errorf("error with size of ExtraSIDs list. Expected: %d, Actual: %d", k.SIDCount, ah.MaxCount)
-		}
-		es := make([]mstypes.KerbSidAndAttributes, k.SIDCount, k.SIDCount)
-		attr := make([]uint32, k.SIDCount, k.SIDCount)
-		ptr := make([]uint32, k.SIDCount, k.SIDCount)
-		for i := range attr {
-			ptr[i] = ndr.ReadUint32(&b, &p, e)
-			attr[i] = ndr.ReadUint32(&b, &p, e)
-		}
-		for i := range es {
-			if ptr[i] != 0 {
-				s, err := mstypes.ReadRPCSID(&b, &p, e)
-				es[i] = mstypes.KerbSidAndAttributes{SID: s, Attributes: attr[i]}
-				if err != nil {
-					return ndr.Malformed{EText: fmt.Sprintf("could not read ExtraSIDs: %v", err)}
-				}
-			}
-		}
-		k.ExtraSIDs = es
-	}
-
-	if k.pResourceGroupDomainSID != 0 {
-		k.ResourceGroupDomainSID, err = mstypes.ReadRPCSID(&b, &p, e)
-		if err != nil {
-			return err
-		}
-	}
-
-	if k.ResourceGroupCount > 0 {
-		ah, err = ndr.ReadUniDimensionalConformantArrayHeader(&b, &p, e)
-		if err != nil {
-			return
-		}
-		if ah.MaxCount != int(k.ResourceGroupCount) {
-			return fmt.Errorf("error with size of ResourceGroup list. Expected: %d, Actual: %d", k.ResourceGroupCount, ah.MaxCount)
-		}
-		g := make([]mstypes.GroupMembership, k.ResourceGroupCount, k.ResourceGroupCount)
-		for i := range g {
-			g[i] = mstypes.ReadGroupMembership(&b, &p, e)
-		}
-		k.ResourceGroupIDs = g
-	}
-
-	//Check that there is only zero padding left
-	if len(b) >= p {
-		for _, v := range b[p:] {
-			if v != 0 {
-				return ndr.Malformed{EText: "non-zero padding left over at end of data stream"}
-			}
-		}
-	}
-
-	return nil
+	return
 }
 
 // GetGroupMembershipSIDs returns a slice of strings containing the group membership SIDs found in the PAC.
 func (k *KerbValidationInfo) GetGroupMembershipSIDs() []string {
 	var g []string
-	lSID := k.LogonDomainID.ToString()
+	lSID := k.LogonDomainID.String()
 	for i := range k.GroupIDs {
 		g = append(g, fmt.Sprintf("%s-%d", lSID, k.GroupIDs[i].RelativeID))
 	}
 	for _, s := range k.ExtraSIDs {
 		var exists = false
 		for _, es := range g {
-			if es == s.SID.ToString() {
+			if es == s.SID.String() {
 				exists = true
 				break
 			}
 		}
 		if !exists {
-			g = append(g, s.SID.ToString())
+			g = append(g, s.SID.String())
 		}
 	}
 	for _, r := range k.ResourceGroupIDs {
 		var exists = false
-		s := fmt.Sprintf("%s-%d", k.ResourceGroupDomainSID.ToString(), r.RelativeID)
+		s := fmt.Sprintf("%s-%d", k.ResourceGroupDomainSID.String(), r.RelativeID)
 		for _, es := range g {
 			if es == s {
 				exists = true

pac/kerb_validation_info_test.go

@@ -6,8 +6,8 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	"gopkg.in/jcmturner/gokrb5.v5/mstypes"
 	"gopkg.in/jcmturner/gokrb5.v5/testdata"
+	"gopkg.in/jcmturner/rpc.v1/mstypes"
 )
 
 func TestKerbValidationInfo_Unmarshal(t *testing.T) {
@@ -28,21 +28,17 @@ func TestKerbValidationInfo_Unmarshal(t *testing.T) {
 	assert.Equal(t, time.Date(2006, 3, 19, 10, 44, 54, 837147900, time.UTC), k.PasswordCanChange.Time(), "PasswordCanChange not as expected")
 
 	assert.Equal(t, "lzhu", k.EffectiveName.Value, "EffectiveName not as expected")
-	assert.Equal(t, "Liqiang(Larry) Zhu", k.FullName.Value, "EffectiveName not as expected")
-	assert.Equal(t, "ntds2.bat", k.LogonScript.Value, "EffectiveName not as expected")
-	assert.Equal(t, "", k.ProfilePath.Value, "EffectiveName not as expected")
-	assert.Equal(t, "", k.HomeDirectory.Value, "EffectiveName not as expected")
-	assert.Equal(t, "", k.HomeDirectoryDrive.Value, "EffectiveName not as expected")
-	assert.Equal(t, uint32(131088), k.ProfilePath.BufferPrt, "EffectiveName not as expected")
-	assert.Equal(t, uint32(131092), k.HomeDirectory.BufferPrt, "EffectiveName not as expected")
-	assert.Equal(t, uint32(131096), k.HomeDirectoryDrive.BufferPrt, "EffectiveName not as expected")
+	assert.Equal(t, "Liqiang(Larry) Zhu", k.FullName.String(), "EffectiveName not as expected")
+	assert.Equal(t, "ntds2.bat", k.LogonScript.String(), "EffectiveName not as expected")
+	assert.Equal(t, "", k.ProfilePath.String(), "EffectiveName not as expected")
+	assert.Equal(t, "", k.HomeDirectory.String(), "EffectiveName not as expected")
+	assert.Equal(t, "", k.HomeDirectoryDrive.String(), "EffectiveName not as expected")
 
 	assert.Equal(t, uint16(4180), k.LogonCount, "LogonCount not as expected")
 	assert.Equal(t, uint16(0), k.BadPasswordCount, "BadPasswordCount not as expected")
 	assert.Equal(t, uint32(2914711), k.UserID, "UserID not as expected")
 	assert.Equal(t, uint32(513), k.PrimaryGroupID, "PrimaryGroupID not as expected")
 	assert.Equal(t, uint32(26), k.GroupCount, "GroupCount not as expected")
-	assert.Equal(t, uint32(131100), k.pGroupIDs, "pGroupIDs not as expected")
 
 	gids := []mstypes.GroupMembership{
 		{RelativeID: 3392609, Attributes: 7},
@@ -76,14 +72,12 @@ func TestKerbValidationInfo_Unmarshal(t *testing.T) {
 
 	assert.Equal(t, uint32(32), k.UserFlags, "UserFlags not as expected")
 
-	assert.Equal(t, mstypes.UserSessionKey{Data: []mstypes.CypherBlock{{Data: make([]byte, 8, 8)}, {Data: make([]byte, 8, 8)}}}, k.UserSessionKey, "UserSessionKey not as expected")
+	assert.Equal(t, mstypes.UserSessionKey{CypherBlock: [2]mstypes.CypherBlock{{Data: [8]byte{}}, {Data: [8]byte{}}}}, k.UserSessionKey, "UserSessionKey not as expected")
 
 	assert.Equal(t, "NTDEV-DC-05", k.LogonServer.Value, "LogonServer not as expected")
 	assert.Equal(t, "NTDEV", k.LogonDomainName.Value, "LogonDomainName not as expected")
 
-	assert.Equal(t, uint32(131112), k.pLogonDomainID, "pLogonDomainID not as expected")
-
-	assert.Equal(t, "S-1-5-21-397955417-626881126-188441444", k.LogonDomainID.ToString(), "LogonDomainID not as expected")
+	assert.Equal(t, "S-1-5-21-397955417-626881126-188441444", k.LogonDomainID.String(), "LogonDomainID not as expected")
 
 	assert.Equal(t, uint32(16), k.UserAccountControl, "UserAccountControl not as expected")
 	assert.Equal(t, uint32(0), k.SubAuthStatus, "SubAuthStatus not as expected")
@@ -92,7 +86,6 @@ func TestKerbValidationInfo_Unmarshal(t *testing.T) {
 	assert.Equal(t, uint32(0), k.FailedILogonCount, "FailedILogonCount not as expected")
 
 	assert.Equal(t, uint32(13), k.SIDCount, "SIDCount not as expected")
-	assert.Equal(t, uint32(131116), k.pExtraSIDs, "SIDCount not as expected")
 	assert.Equal(t, int(k.SIDCount), len(k.ExtraSIDs), "SIDCount and size of ExtraSIDs list are not the same")
 
 	var es = []struct {
@@ -113,13 +106,11 @@ func TestKerbValidationInfo_Unmarshal(t *testing.T) {
 		{"S-1-5-21-397955417-626881126-188441444-3248111", uint32(536870919)},
 	}
 	for i, s := range es {
-		assert.Equal(t, s.sid, k.ExtraSIDs[i].SID.ToString(), "ExtraSID SID value not as epxected")
+		assert.Equal(t, s.sid, k.ExtraSIDs[i].SID.String(), "ExtraSID SID value not as epxected")
 		assert.Equal(t, s.attr, k.ExtraSIDs[i].Attributes, "ExtraSID Attributes value not as epxected")
 	}
 
-	assert.Equal(t, uint32(0), k.pResourceGroupDomainSID, "pResourceGroupDomainSID not as expected")
 	assert.Equal(t, uint8(0), k.ResourceGroupDomainSID.SubAuthorityCount, "ResourceGroupDomainSID not as expected")
-	assert.Equal(t, uint32(0), k.pResourceGroupIDs, "pResourceGroupIDs not as expected")
 	assert.Equal(t, 0, len(k.ResourceGroupIDs), "ResourceGroupIDs not as expected")
 
 	b, err = hex.DecodeString(testdata.TestVectors["PAC_Kerb_Validation_Info"])
@@ -138,22 +129,18 @@ func TestKerbValidationInfo_Unmarshal(t *testing.T) {
 	assert.Equal(t, time.Date(2017, 5, 6, 7, 23, 8, 968750000, time.UTC), k2.PasswordLastSet.Time(), "PasswordLastSet not as expected")
 	assert.Equal(t, time.Date(2017, 5, 7, 7, 23, 8, 968750000, time.UTC), k2.PasswordCanChange.Time(), "PasswordCanChange not as expected")
 
-	assert.Equal(t, "testuser1", k2.EffectiveName.Value, "EffectiveName not as expected")
-	assert.Equal(t, "Test1 User1", k2.FullName.Value, "EffectiveName not as expected")
-	assert.Equal(t, "", k2.LogonScript.Value, "EffectiveName not as expected")
-	assert.Equal(t, "", k2.ProfilePath.Value, "EffectiveName not as expected")
-	assert.Equal(t, "", k2.HomeDirectory.Value, "EffectiveName not as expected")
-	assert.Equal(t, "", k2.HomeDirectoryDrive.Value, "EffectiveName not as expected")
-	assert.Equal(t, uint32(131088), k2.ProfilePath.BufferPrt, "EffectiveName not as expected")
-	assert.Equal(t, uint32(131092), k2.HomeDirectory.BufferPrt, "EffectiveName not as expected")
-	assert.Equal(t, uint32(131096), k2.HomeDirectoryDrive.BufferPrt, "EffectiveName not as expected")
+	assert.Equal(t, "testuser1", k2.EffectiveName.String(), "EffectiveName not as expected")
+	assert.Equal(t, "Test1 User1", k2.FullName.String(), "EffectiveName not as expected")
+	assert.Equal(t, "", k2.LogonScript.String(), "EffectiveName not as expected")
+	assert.Equal(t, "", k2.ProfilePath.String(), "EffectiveName not as expected")
+	assert.Equal(t, "", k2.HomeDirectory.String(), "EffectiveName not as expected")
+	assert.Equal(t, "", k2.HomeDirectoryDrive.String(), "EffectiveName not as expected")
 
 	assert.Equal(t, uint16(216), k2.LogonCount, "LogonCount not as expected")
 	assert.Equal(t, uint16(0), k2.BadPasswordCount, "BadPasswordCount not as expected")
 	assert.Equal(t, uint32(1105), k2.UserID, "UserID not as expected")
 	assert.Equal(t, uint32(513), k2.PrimaryGroupID, "PrimaryGroupID not as expected")
 	assert.Equal(t, uint32(5), k2.GroupCount, "GroupCount not as expected")
-	assert.Equal(t, uint32(131100), k2.pGroupIDs, "pGroupIDs not as expected")
 
 	gids = []mstypes.GroupMembership{
 		{RelativeID: 513, Attributes: 7},
@@ -166,14 +153,12 @@ func TestKerbValidationInfo_Unmarshal(t *testing.T) {
 
 	assert.Equal(t, uint32(32), k2.UserFlags, "UserFlags not as expected")
 
-	assert.Equal(t, mstypes.UserSessionKey{Data: []mstypes.CypherBlock{{Data: make([]byte, 8, 8)}, {Data: make([]byte, 8, 8)}}}, k2.UserSessionKey, "UserSessionKey not as expected")
+	assert.Equal(t, mstypes.UserSessionKey{CypherBlock: [2]mstypes.CypherBlock{{Data: [8]byte{}}, {Data: [8]byte{}}}}, k2.UserSessionKey, "UserSessionKey not as expected")
 
 	assert.Equal(t, "ADDC", k2.LogonServer.Value, "LogonServer not as expected")
 	assert.Equal(t, "TEST", k2.LogonDomainName.Value, "LogonDomainName not as expected")
 
-	assert.Equal(t, uint32(131112), k2.pLogonDomainID, "pLogonDomainID not as expected")
-
-	assert.Equal(t, "S-1-5-21-3167651404-3865080224-2280184895", k2.LogonDomainID.ToString(), "LogonDomainID not as expected")
+	assert.Equal(t, "S-1-5-21-3167651404-3865080224-2280184895", k2.LogonDomainID.String(), "LogonDomainID not as expected")
 
 	assert.Equal(t, uint32(528), k2.UserAccountControl, "UserAccountControl not as expected")
 	assert.Equal(t, uint32(0), k2.SubAuthStatus, "SubAuthStatus not as expected")
@@ -182,7 +167,6 @@ func TestKerbValidationInfo_Unmarshal(t *testing.T) {
 	assert.Equal(t, uint32(0), k2.FailedILogonCount, "FailedILogonCount not as expected")
 
 	assert.Equal(t, uint32(2), k2.SIDCount, "SIDCount not as expected")
-	assert.Equal(t, uint32(131116), k2.pExtraSIDs, "SIDCount not as expected")
 	assert.Equal(t, int(k2.SIDCount), len(k2.ExtraSIDs), "SIDCount and size of ExtraSIDs list are not the same")
 
 	var es2 = []struct {
@@ -193,13 +177,11 @@ func TestKerbValidationInfo_Unmarshal(t *testing.T) {
 		{"S-1-5-21-3167651404-3865080224-2280184895-1111", uint32(536870919)},
 	}
 	for i, s := range es2 {
-		assert.Equal(t, s.sid, k2.ExtraSIDs[i].SID.ToString(), "ExtraSID SID value not as epxected")
+		assert.Equal(t, s.sid, k2.ExtraSIDs[i].SID.String(), "ExtraSID SID value not as epxected")
 		assert.Equal(t, s.attr, k2.ExtraSIDs[i].Attributes, "ExtraSID Attributes value not as epxected")
 	}
 
-	assert.Equal(t, uint32(0), k2.pResourceGroupDomainSID, "pResourceGroupDomainSID not as expected")
 	assert.Equal(t, uint8(0), k2.ResourceGroupDomainSID.SubAuthorityCount, "ResourceGroupDomainSID not as expected")
-	assert.Equal(t, uint32(0), k2.pResourceGroupIDs, "pResourceGroupIDs not as expected")
 	assert.Equal(t, 0, len(k2.ResourceGroupIDs), "ResourceGroupIDs not as expected")
 }
 
@@ -219,22 +201,18 @@ func TestKerbValidationInfo_Unmarshal_DomainTrust(t *testing.T) {
 	assert.Equal(t, time.Date(2017, 10, 10, 20, 42, 56, 220282300, time.UTC), k.PasswordLastSet.Time(), "PasswordLastSet not as expected")
 	assert.Equal(t, time.Date(2017, 10, 11, 20, 42, 56, 220282300, time.UTC), k.PasswordCanChange.Time(), "PasswordCanChange not as expected")
 
-	assert.Equal(t, "testuser1", k.EffectiveName.Value, "EffectiveName not as expected")
-	assert.Equal(t, "Test1 User1", k.FullName.Value, "EffectiveName not as expected")
-	assert.Equal(t, "", k.LogonScript.Value, "EffectiveName not as expected")
-	assert.Equal(t, "", k.ProfilePath.Value, "EffectiveName not as expected")
-	assert.Equal(t, "", k.HomeDirectory.Value, "EffectiveName not as expected")
-	assert.Equal(t, "", k.HomeDirectoryDrive.Value, "EffectiveName not as expected")
-	assert.Equal(t, uint32(131088), k.ProfilePath.BufferPrt, "EffectiveName not as expected")
-	assert.Equal(t, uint32(131092), k.HomeDirectory.BufferPrt, "EffectiveName not as expected")
-	assert.Equal(t, uint32(131096), k.HomeDirectoryDrive.BufferPrt, "EffectiveName not as expected")
+	assert.Equal(t, "testuser1", k.EffectiveName.String(), "EffectiveName not as expected")
+	assert.Equal(t, "Test1 User1", k.FullName.String(), "EffectiveName not as expected")
+	assert.Equal(t, "", k.LogonScript.String(), "EffectiveName not as expected")
+	assert.Equal(t, "", k.ProfilePath.String(), "EffectiveName not as expected")
+	assert.Equal(t, "", k.HomeDirectory.String(), "EffectiveName not as expected")
+	assert.Equal(t, "", k.HomeDirectoryDrive.String(), "EffectiveName not as expected")
 
 	assert.Equal(t, uint16(46), k.LogonCount, "LogonCount not as expected")
 	assert.Equal(t, uint16(0), k.BadPasswordCount, "BadPasswordCount not as expected")
 	assert.Equal(t, uint32(1106), k.UserID, "UserID not as expected")
 	assert.Equal(t, uint32(513), k.PrimaryGroupID, "PrimaryGroupID not as expected")
 	assert.Equal(t, uint32(3), k.GroupCount, "GroupCount not as expected")
-	assert.Equal(t, uint32(131100), k.pGroupIDs, "pGroupIDs not as expected")
 
 	gids := []mstypes.GroupMembership{
 		{RelativeID: 1110, Attributes: 7},
@@ -245,14 +223,12 @@ func TestKerbValidationInfo_Unmarshal_DomainTrust(t *testing.T) {
 
 	assert.Equal(t, uint32(544), k.UserFlags, "UserFlags not as expected")
 
-	assert.Equal(t, mstypes.UserSessionKey{Data: []mstypes.CypherBlock{{Data: make([]byte, 8, 8)}, {Data: make([]byte, 8, 8)}}}, k.UserSessionKey, "UserSessionKey not as expected")
+	assert.Equal(t, mstypes.UserSessionKey{CypherBlock: [2]mstypes.CypherBlock{{Data: [8]byte{}}, {Data: [8]byte{}}}}, k.UserSessionKey, "UserSessionKey not as expected")
 
 	assert.Equal(t, "UDC", k.LogonServer.Value, "LogonServer not as expected")
 	assert.Equal(t, "USER", k.LogonDomainName.Value, "LogonDomainName not as expected")
 
-	assert.Equal(t, uint32(131112), k.pLogonDomainID, "pLogonDomainID not as expected")
-
-	assert.Equal(t, "S-1-5-21-2284869408-3503417140-1141177250", k.LogonDomainID.ToString(), "LogonDomainID not as expected")
+	assert.Equal(t, "S-1-5-21-2284869408-3503417140-1141177250", k.LogonDomainID.String(), "LogonDomainID not as expected")
 
 	assert.Equal(t, uint32(528), k.UserAccountControl, "UserAccountControl not as expected")
 	assert.Equal(t, uint32(0), k.SubAuthStatus, "SubAuthStatus not as expected")
@@ -261,7 +237,6 @@ func TestKerbValidationInfo_Unmarshal_DomainTrust(t *testing.T) {
 	assert.Equal(t, uint32(0), k.FailedILogonCount, "FailedILogonCount not as expected")
 
 	assert.Equal(t, uint32(1), k.SIDCount, "SIDCount not as expected")
-	assert.Equal(t, uint32(131116), k.pExtraSIDs, "SIDCount not as expected")
 	assert.Equal(t, int(k.SIDCount), len(k.ExtraSIDs), "SIDCount and size of ExtraSIDs list are not the same")
 
 	var es = []struct {
@@ -271,14 +246,12 @@ func TestKerbValidationInfo_Unmarshal_DomainTrust(t *testing.T) {
 		{"S-1-18-1", uint32(7)},
 	}
 	for i, s := range es {
-		assert.Equal(t, s.sid, k.ExtraSIDs[i].SID.ToString(), "ExtraSID SID value not as epxected")
+		assert.Equal(t, s.sid, k.ExtraSIDs[i].SID.String(), "ExtraSID SID value not as epxected")
 		assert.Equal(t, s.attr, k.ExtraSIDs[i].Attributes, "ExtraSID Attributes value not as epxected")
 	}
 
-	assert.Equal(t, uint32(131124), k.pResourceGroupDomainSID, "pResourceGroupDomainSID not as expected")
 	assert.Equal(t, uint8(4), k.ResourceGroupDomainSID.SubAuthorityCount, "ResourceGroupDomainSID not as expected")
-	assert.Equal(t, "S-1-5-21-3062750306-1230139592-1973306805", k.ResourceGroupDomainSID.ToString(), "ResourceGroupDomainSID value not as expected")
-	assert.Equal(t, uint32(131128), k.pResourceGroupIDs, "pResourceGroupIDs not as expected")
+	assert.Equal(t, "S-1-5-21-3062750306-1230139592-1973306805", k.ResourceGroupDomainSID.String(), "ResourceGroupDomainSID value not as expected")
 	assert.Equal(t, 2, len(k.ResourceGroupIDs), "ResourceGroupIDs not as expected")
 	rgids := []mstypes.GroupMembership{
 		{RelativeID: 1107, Attributes: 536870919},

service/APExchange.go

@@ -98,7 +98,7 @@ func ValidateAPREQ(APReq messages.APReq, kt keytab.Keytab, sa string, cAddr stri
 			PrimaryGroupID:      int(pac.KerbValidationInfo.PrimaryGroupID),
 			LogonServer:         pac.KerbValidationInfo.LogonServer.Value,
 			LogonDomainName:     pac.KerbValidationInfo.LogonDomainName.Value,
-			LogonDomainID:       pac.KerbValidationInfo.LogonDomainID.ToString(),
+			LogonDomainID:       pac.KerbValidationInfo.LogonDomainID.String(),
 		})
 	}
 	return true, creds, nil

service/authenticator.go

@@ -124,7 +124,7 @@ func (a KRB5BasicAuthenticator) Authenticate() (i goidentity.Identity, ok bool,
 			PrimaryGroupID:      int(pac.KerbValidationInfo.PrimaryGroupID),
 			LogonServer:         pac.KerbValidationInfo.LogonServer.Value,
 			LogonDomainName:     pac.KerbValidationInfo.LogonDomainName.Value,
-			LogonDomainID:       pac.KerbValidationInfo.LogonDomainID.ToString(),
+			LogonDomainID:       pac.KerbValidationInfo.LogonDomainID.String(),
 		})
 	}
 	ok = true