[cifs-protocol] Clarify reserved bytes that are in fact used in LogonSamLogonEx response
Andrew Bartlett
abartlet at samba.org
Mon Jul 20 06:00:19 MDT 2009
G'day,
My friend in Samba development Matthieu has been chasing down small but
possibly significant differences between Samba4 and Windows. He is
puzzled by the following, and we wondered if you might be able to shed
some light on the matter.
Thanks,
Andrew Bartlett
-------- Original Message --------
Subject: clarify reserved bytes that are in fact used in LogonSamLogonEx
response
Date: Mon, 20 Jul 2009 00:45:28 +0400
From: Matthieu Patou <mat+Informatique.Samba at matws.net>
Hello,
Data returned by the LogonSamLogonEx RPC there is a NETLOGON_VALIDATION
pointer called ValidationInformation (in MS-NRPC.pdf).
The following data is obtained with a Windows 2003R2 server
0000 06 00 00 00 00 00 02 00 10 95 6f 37 a6 05 ca 01
0010 ff ff ff ff ff ff ff 7f ff ff ff ff ff ff ff 7f
0020 04 53 0a 67 38 61 c9 01 04 13 74 91 01 62 c9 01
0030 ff ff ff ff ff ff ff 7f 1a 00 1c 00 04 00 02 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0060 00 00 00 00 00 00 00 00 3b 00 00 00 f4 01 00 00
0070 01 02 00 00 05 00 00 00 08 00 02 00 20 05 00 00
0080 fa 40 c6 06 2c 65 f8 cc 0e 8e 5c 8a 9e 9a 57 b7
0090 14 00 16 00 0c 00 02 00 0c 00 0e 00 10 00 02 00
00a0 14 00 02 00 c7 b2 00 73 b4 fb 7d b2 10 02 00 00
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00d0 00 00 00 00 14 00 16 00 18 00 02 00 30 00 30 00
00e0 1c 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00
00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0130 00 00 00 00 0e 00 00 00 00 00 00 00 0d 00 00 00
0140 41 00 64 00 6d 00 69 00 6e 00 69 00 73 00 74 00
0150 72 00 61 00 74 00 6f 00 72 00 00 00 05 00 00 00
0160 07 02 00 00 07 00 00 00 08 02 00 00 07 00 00 00
0170 00 02 00 00 07 00 00 00 06 02 00 00 07 00 00 00
0180 01 02 00 00 07 00 00 00 0b 00 00 00 00 00 00 00
0190 0a 00 00 00 57 00 32 00 4b 00 33 00 41 00 44 00
01a0 56 00 5a 00 30 00 31 00 07 00 00 00 00 00 00 00
01b0 06 00 00 00 4d 00 53 00 57 00 32 00 4b 00 33 00
01c0 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00
01d0 86 ec 41 48 9a 49 bf 58 d1 8f f7 2b 0b 00 00 00
01e0 00 00 00 00 0a 00 00 00 6d 00 73 00 77 00 32 00
01f0 6b 00 33 00 2e 00 74 00 73 00 74 00 18 00 00 00
0200 00 00 00 00 18 00 00 00 41 00 64 00 6d 00 69 00
0210 6e 00 69 00 73 00 74 00 72 00 61 00 74 00 6f 00
0220 72 00 40 00 6d 00 73 00 77 00 32 00 6b 00 33 00
0230 2e 00 74 00 73 00 74 00 01 00 00 00 00 00 00 00
0240 00 00 00 00
As the level for this netlogon_validation is 6, the returned data is in
fact a pointer to a NETLOGON_VALIDATION_SAM_INFO4 structure called
ValidationSam4.
It is stated: "All fields of this structure, except the following
fields, have the same meaning as the identically
named fields in the KERB_VALIDATION_INFO structure, as specified in
[MS-PAC] section 2.5. The
following is the list of fields that are not found in [MS-PAC]"
Reading this document inform us that after LogonDomainId there is
reserved1 (at offset 0xa5)
"Reserved1: A two-element array of unsigned 32-bit integers. This member
is reserved, and
each element of the array MUST be equal to 0x00000000 and MUST be
ignored on receipt."
Clearly it's not the case here because the value is not null: c7 b2 00
73 b4 fb 7d b2. Can you explain the contents of this two longs ?
Best regards.
Matthieu Patou.
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090720/986ce34b/attachment.pgp>
More information about the cifs-protocol
mailing list