Support 0x0000000D ulType in PAC_INFO_BUFFER

[krasnovu]

Greetings, @oiweiwei !
I found that the 0x0000000D (13) Client claims information PAC_CLIENT_CLAIMS_INFO type is not supported.
Could you please add support for this in PAC?

[oiweiwei]

Hello, @krasnovu. May I ask you to attach some test vector of PAC with claims if you have one?

[krasnovu]

Yes, of course!
PAC from ASRep:
CAAAAAAAAAABAAAAAAIAAIgAAAAAAAAADQAAAAAAAACIAgAAAAAAAAoAAAAYAAAAiAIAAAAAAAAMAAAAiAAAAKACAAAAAAAAEQAAAAgAAAAoAwAAAAAAABIAAAAcAAAAMAMAAAAAAAAGAAAAEAAAAFADAAAAAAAABwAAABAAAABgAwAAAAAAAAEQCADMzMzM8AEAAAAAAAAAAAIAMCyC/M4U2wH/////////f/////////9/AuG3hP4T2wECoSGvxxTbAf////////9/DgAOAAQAAgAOAA4ACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAwAAAFAEAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIADgAQACQAAgAoAAIAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAAcwBhAG0AdQBzAGUAcgAAAAcAAAAAAAAABwAAAHMAYQBtAHUAcwBlAHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQAIAAAAAAAAAAcAAABDAE8ATgBUAE8AUwBPAAAABAAAAAEEAAAAAAAFFQAAAH2C3UO+5nhHg2hh3AIAAAAwAAIABwAAADQAAgAHAAAAAQAAAAEBAAAAAAASAQAAAAUAAAABBQAAAAAABRUAAAAAAAAAAAAAAAAAAADxAQAAgLCF/M4U2wEOAHMAYQBtAHUAcwBlAHIAJgAYABYAQAACAAAADgBYABwAZgAAAAAAcwBhAG0AdQBzAGUAcgBAAGMAbwBuAHQAbwBzAG8ALgBjAG8AbQAAAEMATwBOAFQATwBTAE8ALgBDAE8ATQAAAHMAYQBtAHUAcwBlAHIAAQUAAAAAAAUVAAAAfYLdQ77meEeDaGHcUAQAAAAAAAAAAAIAAAABAAAAAQUAAAAAAAUVAAAAfYLdQ77meEeDaGHcUAQAAAAAAAAQAAAA8Ft8XUds/VVOACNyEAAAAOVZ4hj3fLcPYCG08w==
And from TGSRep:
CAAAAAAAAAABAAAAAAIAAIgAAAAAAAAADQAAAAAAAACIAgAAAAAAAAoAAAAYAAAAiAIAAAAAAAAMAAAAiAAAAKACAAAAAAAABgAAABAAAAAoAwAAAAAAAAcAAAAQAAAAOAMAAAAAAAAQAAAAEAAAAEgDAAAAAAAAEwAAABAAAABYAwAAAAAAAAEQCADMzMzM8AEAAAAAAAAAAAIAMCyC/M4U2wH/////////f/////////9/AuG3hP4T2wECoSGvxxTbAf////////9/DgAOAAQAAgAOAA4ACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAwAAAFAEAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIADgAQACQAAgAoAAIAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAAcwBhAG0AdQBzAGUAcgAAAAcAAAAAAAAABwAAAHMAYQBtAHUAcwBlAHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQAIAAAAAAAAAAcAAABDAE8ATgBUAE8AUwBPAAAABAAAAAEEAAAAAAAFFQAAAH2C3UO+5nhHg2hh3AIAAAAwAAIABwAAADQAAgAHAAAAAQAAAAEBAAAAAAASAQAAAAUAAAABBQAAAAAABRUAAAAAAAAAAAAAAAAAAADxAQAAgLCF/M4U2wEOAHMAYQBtAHUAcwBlAHIAJgAYABYAQAACAAAADgBYABwAZgAAAAAAcwBhAG0AdQBzAGUAcgBAAGMAbwBuAHQAbwBzAG8ALgBjAG8AbQAAAEMATwBOAFQATwBTAE8ALgBDAE8ATQAAAHMAYQBtAHUAcwBlAHIAAQUAAAAAAAUVAAAAfYLdQ77meEeDaGHcUAQAAAAAAAAAABAAAACdvDTDCN5Tv4pdEfgQAAAAX5f52DIs+g6fpOt4EAAAAB1Roz1vchNlfkgfnxAAAAAgJjMR8y4/LpqddGY=

[krasnovu]

Oops, sorry, it looks like there is a buffer, but its length is 0. My mistake, it turns out to be a false issue, because I don't have another PAC yet. :-(

[oiweiwei]

@krasnovu anyway i've added support for remaining claims (some work is pending on decoding credentials, but other things should work)

[oiweiwei]

@krasnovu credentials decoding is also done.

[krasnovu]

Thank you, @oiweiwei ! Once I get a chance to check it out, I'll be sure to leave a feedback .

[krasnovu]

Greetings, @oiweiwei! I've got a PAC that can't unmarshal. I don't know if I should create a new ishyu or here? I'll put it here.
I'm getting this error:
2024/10/16 15:59:42 Err: unmarshal pac err: unmarshal_pac: headers: buffer overflow for size 3543453139 of array o.Buffers
Can you please see what could be the cause?
AS PAC:
CAAAAAAAAAABAAAA8AEAAIgAAAAAAAAADQAAAAAAAAB4AgAAAAAAAAoAAAAQAAAAeAIAAAAAAAAMAAAAiAAAAIgCAAAAAAAAEQAAAAgAAAAQAwAAAAAAABIAAAAcAAAAGAMAAAAAAAAGAAAAEAAAADgDAAAAAAAABwAAABAAAABIAwAAAAAAAAEQCADMzMzM4AEAAAAAAAAAAAIAIALBdQof2wH/////////f/////////9/hGgrEwEf2wGEKJU9yh/bAYTohAgCQNsBBgAGAAQAAgAAAAAACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAQAAAE8EAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIAFAAWACQAAgAoAAIAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAcwBhAHMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQALAAAAAAAAAAoAAABDAE8ATgBUAE8AUwBPAFMATQBCAAQAAAABBAAAAAAABRUAAAA0lam+sTDpGyNFuzECAAAAMAACAAcAAAA0AAIABwAAAAEAAAABAQAAAAAAEgEAAAAFAAAAAQUAAAAAAAUVAAAAAAAAAAAAAAAAAAAA8QEAAAAAAAAAUTWMCh/bAQYAcwBhAHMAJAAYABwAQAACAAAABgBgABwAZgAAAAAAcwBhAHMAQABjAG8AbgB0AG8AcwBvAHMAbQBiAC4AYwBvAG0AAAAAAEMATwBOAFQATwBTAE8AUwBNAEIALgBDAE8ATQAAAAAAcwBhAHMAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAAAAIAAAABAAAAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAQAAAA+NWW1+noW7+55u6hEAAAANE/l7AEzP8GugkCEg==
TGS PAC:
CAAAAAAAAAABAAAA8AEAAIgAAAAAAAAADQAAAAAAAAB4AgAAAAAAAAoAAAAQAAAAeAIAAAAAAAAMAAAAiAAAAIgCAAAAAAAAEQAAAAgAAAAQAwAAAAAAABIAAAAcAAAAGAMAAAAAAAAGAAAAEAAAADgDAAAAAAAABwAAABAAAABIAwAAAAAAAAEQCADMzMzM4AEAAAAAAAAAAAIAIALBdQof2wH/////////f/////////9/hGgrEwEf2wGEKJU9yh/bAYTohAgCQNsBBgAGAAQAAgAAAAAACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAQAAAE8EAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIAFAAWACQAAgAoAAIAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAcwBhAHMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQALAAAAAAAAAAoAAABDAE8ATgBUAE8AUwBPAFMATQBCAAQAAAABBAAAAAAABRUAAAA0lam+sTDpGyNFuzECAAAAMAACAAcAAAA0AAIABwAAAAEAAAABAQAAAAAAEgEAAAAFAAAAAQUAAAAAAAUVAAAAAAAAAAAAAAAAAAAA8QEAAAAAAAAAUTWMCh/bAQYAcwBhAHMAJAAYABwAQAACAAAABgBgABwAZgAAAAAAcwBhAHMAQABjAG8AbgB0AG8AcwBvAHMAbQBiAC4AYwBvAG0AAAAAAEMATwBOAFQATwBTAE8AUwBNAEIALgBDAE8ATQAAAAAAcwBhAHMAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAAAAIAAAABAAAAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAQAAAAJ+RTg6B6X3YE3mO6EAAAAE4OoOMxSWM9fU6bqg==

[oiweiwei]

i've added pac-decoder tool in helpers dir:

$ go run examples/helpers/pac.go --format base64 --input CAAAAAAAAAABAAAA8AEAAIgAAAAAAAAADQAAAAAAAAB4AgAAAAAAAAoAAAAQAAAAeAIAAAAAAAAMAAAAiAAAAIgCAAAAAAAAEQAAAAgAAAAQAwAAAAAAABIAAAAcAAAAGAMAAAAAAAAGAAAAEAAAADgDAAAAAAAABwAAABAAAABIAwAAAAAAAAEQCADMzMzM4AEAAAAAAAAAAAIAIALBdQof2wH/////////f/////////9/hGgrEwEf2wGEKJU9yh/bAYTohAgCQNsBBgAGAAQAAgAAAAAACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAQAAAE8EAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIAFAAWACQAAgAoAAIAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAcwBhAHMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQALAAAAAAAAAAoAAABDAE8ATgBUAE8AUwBPAFMATQBCAAQAAAABBAAAAAAABRUAAAA0lam+sTDpGyNFuzECAAAAMAACAAcAAAA0AAIABwAAAAEAAAABAQAAAAAAEgEAAAAFAAAAAQUAAAAAAAUVAAAAAAAAAAAAAAAAAAAA8QEAAAAAAAAAUTWMCh/bAQYAcwBhAHMAJAAYABwAQAACAAAABgBgABwAZgAAAAAAcwBhAHMAQABjAG8AbgB0AG8AcwBvAHMAbQBiAC4AYwBvAG0AAAAAAEMATwBOAFQATwBTAE8AUwBNAEIALgBDAE8ATQAAAAAAcwBhAHMAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAAAAIAAAABAAAAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAQAAAAJ+RTg6B6X3YE3mO6EAAAAE4OoOMxSWM9fU6bqg==
{
  "version": 0,
  "pac_info_buffer": [
    {
      "type": 1,
      "buffer_length": 496,
      "offset": 136
    },
    {
      "type": 13,
      "buffer_length": 0,
      "offset": 632
    },
    {
      "type": 10,
      "buffer_length": 16,
      "offset": 632
    },
    {
      "type": 12,
      "buffer_length": 136,
      "offset": 648
    },
    {
      "type": 17,
      "buffer_length": 8,
      "offset": 784
    },
    {
      "type": 18,
      "buffer_length": 28,
      "offset": 792
    },
    {
      "type": 6,
      "buffer_length": 16,
      "offset": 824
    },
    {
      "type": 7,
      "buffer_length": 16,
      "offset": 840
    }
  ],
  "logon_information": {
    "logon_time": "2024-10-15T13:59:32.00327888Z",
    "logoff_time": "never",
    "kick_off_time": "never",
    "password_last_set": "2024-10-15T12:52:21.00460186Z",
    "password_can_change": "2024-10-16T12:52:21.00460186Z",
    "password_must_change": "2024-11-26T12:52:21.00460186Z",
    "effective_name": {
      "length": 6,
      "maximum_length": 6,
      "buffer": "sas"
    },
    "full_name": {
      "length": 0,
      "maximum_length": 0,
      "buffer": ""
    },
    "logon_script": {
      "length": 0,
      "maximum_length": 0,
      "buffer": ""
    },
    "profile_path": {
      "length": 0,
      "maximum_length": 0,
      "buffer": ""
    },
    "home_directory": {
      "length": 0,
      "maximum_length": 0,
      "buffer": ""
    },
    "home_directory_drive": {
      "length": 0,
      "maximum_length": 0,
      "buffer": ""
    },
    "logon_count": 1,
    "bad_password_count": 0,
    "user_id": 1103,
    "primary_group_id": 513,
    "group_count": 1,
    "group_ids": [
      {
        "relative_id": 513,
        "attributes": 7
      }
    ],
    "user_flags": 32,
    "user_session_key": {
      "data": [
        {
          "data": "AAAAAAAAAAA="
        },
        {
          "data": "AAAAAAAAAAA="
        }
      ]
    },
    "logon_server": {
      "length": 24,
      "maximum_length": 26,
      "buffer": "D-DS-SMBDC01"
    },
    "logon_domain_name": {
      "length": 20,
      "maximum_length": 22,
      "buffer": "CONTOSOSMB"
    },
    "logon_domain_id": "S-1-5-21-3198784820-468267185-834356515",
    "user_account_control": 16,
    "sid_count": 2,
    "extra_sids": [
      {
        "sid": "S-1-18-1",
        "attributes": 7
      },
      {
        "sid": "S-1-5-21-0-0-0-497",
        "attributes": 7
      }
    ],
    "resource_group_domain_sid": null,
    "resource_group_count": 0,
    "resource_group_ids": null
  },
  "server_checksum": {
    "signature_type": 16,
    "signature": "J+RTg6B6X3YE3mO6"
  },
  "kdc_checksum": {
    "signature_type": 16,
    "signature": "Tg6g4zFJYz19Tpuq"
  },
  "client_name_and_ticket_information": {
    "client_id": "2024-10-15T14:00:10Z",
    "name_length": 6,
    "name": "sas"
  },
  "upn_and_dns_information": {
    "upn_length": 36,
    "upn_offset": 24,
    "dns_domain_name_length": 28,
    "dns_domain_name_offset": 64,
    "flags": 2,
    "raw": "AAAAAHMAYQBzAEAAYwBvAG4AdABvAHMAbwBzAG0AYgAuAGMAbwBtAAAAAABDAE8ATgBUAE8AUwBPAFMATQBCAC4AQwBPAE0AAAAAAHMAYQBzAAEFAAAAAAAFFQAAADSVqb6xMOkbI0W7MU8EAAAAAAAAAAA=",
    "sam_name_length": 6,
    "sam_name_offset": 96,
    "sid_length": 28,
    "sid_offset": 102,
    "upn": "[email protected]",
    "dns_domain_name": "CONTOSOSMB.COM",
    "sam_name": "sas",
    "sid": "S-1-5-21-3198784820-468267185-834356515-1103"
  },
  "attributes": {
    "flags_length": 2,
    "flags": 1
  },
  "requestor_sid": "S-1-5-21-3198784820-468267185-834356515-1103"
}

$ go run examples/helpers/pac.go --input CAAAAAAAAAABAAAA8AEAAIgAAAAAAAAADQAAAAAAAAB4AgAAAAAAAAoAAAAQAAAAeAIAAAAAAAAMAAAAiAAAAIgCAAAAAAAAEQAAAAgAAAAQAwAAAAAAABIAAAAcAAAAGAMAAAAAAAAGAAAAEAAAADgDAAAAAAAABwAAABAAAABIAwAAAAAAAAEQCADMzMzM4AEAAAAAAAAAAAIAIALBdQof2wH/////////f/////////9/hGgrEwEf2wGEKJU9yh/bAYTohAgCQNsBBgAGAAQAAgAAAAAACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAAQAAAE8EAAABAgAAAQAAABwAAgAgAAAAAAAAAAAAAAAAAAAAAAAAABgAGgAgAAIAFAAWACQAAgAoAAIAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAsAAIAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAcwBhAHMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQIAAAcAAAANAAAAAAAAAAwAAABEAC0ARABTAC0AUwBNAEIARABDADAAMQALAAAAAAAAAAoAAABDAE8ATgBUAE8AUwBPAFMATQBCAAQAAAABBAAAAAAABRUAAAA0lam+sTDpGyNFuzECAAAAMAACAAcAAAA0AAIABwAAAAEAAAABAQAAAAAAEgEAAAAFAAAAAQUAAAAAAAUVAAAAAAAAAAAAAAAAAAAA8QEAAAAAAAAAUTWMCh/bAQYAcwBhAHMAJAAYABwAQAACAAAABgBgABwAZgAAAAAAcwBhAHMAQABjAG8AbgB0AG8AcwBvAHMAbQBiAC4AYwBvAG0AAAAAAEMATwBOAFQATwBTAE8AUwBNAEIALgBDAE8ATQAAAAAAcwBhAHMAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAAAAIAAAABAAAAAQUAAAAAAAUVAAAANJWpvrEw6RsjRbsxTwQAAAAAAAAQAAAA+NWW1+noW7+55u6hEAAAANE/l7AEzP8GugkCEg==
{
  "version": 0,
  "pac_info_buffer": [
    {
      "type": 1,
      "buffer_length": 496,
      "offset": 136
    },
    {
      "type": 13,
      "buffer_length": 0,
      "offset": 632
    },
    {
      "type": 10,
      "buffer_length": 16,
      "offset": 632
    },
    {
      "type": 12,
      "buffer_length": 136,
      "offset": 648
    },
    {
      "type": 17,
      "buffer_length": 8,
      "offset": 784
    },
    {
      "type": 18,
      "buffer_length": 28,
      "offset": 792
    },
    {
      "type": 6,
      "buffer_length": 16,
      "offset": 824
    },
    {
      "type": 7,
      "buffer_length": 16,
      "offset": 840
    }
  ],
  "logon_information": {
    "logon_time": "2024-10-15T13:59:32.00327888Z",
    "logoff_time": "never",
    "kick_off_time": "never",
    "password_last_set": "2024-10-15T12:52:21.00460186Z",
    "password_can_change": "2024-10-16T12:52:21.00460186Z",
    "password_must_change": "2024-11-26T12:52:21.00460186Z",
    "effective_name": {
      "length": 6,
      "maximum_length": 6,
      "buffer": "sas"
    },
    "full_name": {
      "length": 0,
      "maximum_length": 0,
      "buffer": ""
    },
    "logon_script": {
      "length": 0,
      "maximum_length": 0,
      "buffer": ""
    },
    "profile_path": {
      "length": 0,
      "maximum_length": 0,
      "buffer": ""
    },
    "home_directory": {
      "length": 0,
      "maximum_length": 0,
      "buffer": ""
    },
    "home_directory_drive": {
      "length": 0,
      "maximum_length": 0,
      "buffer": ""
    },
    "logon_count": 1,
    "bad_password_count": 0,
    "user_id": 1103,
    "primary_group_id": 513,
    "group_count": 1,
    "group_ids": [
      {
        "relative_id": 513,
        "attributes": 7
      }
    ],
    "user_flags": 32,
    "user_session_key": {
      "data": [
        {
          "data": "AAAAAAAAAAA="
        },
        {
          "data": "AAAAAAAAAAA="
        }
      ]
    },
    "logon_server": {
      "length": 24,
      "maximum_length": 26,
      "buffer": "D-DS-SMBDC01"
    },
    "logon_domain_name": {
      "length": 20,
      "maximum_length": 22,
      "buffer": "CONTOSOSMB"
    },
    "logon_domain_id": "S-1-5-21-3198784820-468267185-834356515",
    "user_account_control": 16,
    "sid_count": 2,
    "extra_sids": [
      {
        "sid": "S-1-18-1",
        "attributes": 7
      },
      {
        "sid": "S-1-5-21-0-0-0-497",
        "attributes": 7
      }
    ],
    "resource_group_domain_sid": null,
    "resource_group_count": 0,
    "resource_group_ids": null
  },
  "server_checksum": {
    "signature_type": 16,
    "signature": "+NWW1+noW7+55u6h"
  },
  "kdc_checksum": {
    "signature_type": 16,
    "signature": "0T+XsATM/wa6CQIS"
  },
  "client_name_and_ticket_information": {
    "client_id": "2024-10-15T14:00:10Z",
    "name_length": 6,
    "name": "sas"
  },
  "upn_and_dns_information": {
    "upn_length": 36,
    "upn_offset": 24,
    "dns_domain_name_length": 28,
    "dns_domain_name_offset": 64,
    "flags": 2,
    "raw": "AAAAAHMAYQBzAEAAYwBvAG4AdABvAHMAbwBzAG0AYgAuAGMAbwBtAAAAAABDAE8ATgBUAE8AUwBPAFMATQBCAC4AQwBPAE0AAAAAAHMAYQBzAAEFAAAAAAAFFQAAADSVqb6xMOkbI0W7MU8EAAAAAAAAAAA=",
    "sam_name_length": 6,
    "sam_name_offset": 96,
    "sid_length": 28,
    "sid_offset": 102,
    "upn": "[email protected]",
    "dns_domain_name": "CONTOSOSMB.COM",
    "sam_name": "sas",
    "sid": "S-1-5-21-3198784820-468267185-834356515-1103"
  },
  "attributes": {
    "flags_length": 2,
    "flags": 1
  },
  "requestor_sid": "S-1-5-21-3198784820-468267185-834356515-1103"
}

both samples work for me.

[oiweiwei]

@krasnovu perhaps you are trying to use some string encoding (or encrypted bytes) as an input the pac.Unmarshal in your code instead of raw data you've provided here.

[oiweiwei]

Closing the issue as requested support has been added.