[cifs-protocol] [REG:110110481276509] Please include bitfield names in MS-NRPC LogonParameters

Andrew Bartlett abartlet at samba.org
Fri Nov 5 14:56:53 MDT 2010 

On Fri, 2010-11-05 at 17:53 +0000, Bryan Burgin wrote:
> Hi Andrew.
> 
> I can help you with this.
> 
> My understanding that this is a continuation of the issue you
> discussed in the past where we would add the hex value of each bit
> field to improve readability and make searching easier.  Is that
> correct?  For example, the table entry for 2.2.1.4.15's
> ParameterContol "Value A", "Clear text passwords can be transmitted
> for this logon identity" would also list that its hex value as
> 0x00000002.
> 
> If my understanding is correct, I'll proceed with making the documentation request.  If you are requesting a different outcome, please let me know.  The recommendation would add a new column as follows:

Almost, I also need name names from the referenced URL included. 

> A: 0x00000002: Clear text passwords can be transmitted for this logon identity.
> B: 0x00000004: Update the logon statistics for this account upon successful logon.
> C: 0x00000008: Return the user parameter list for this account upon successful logon.
> D: 0x00000010: Do not attempt to log this account on as a guest upon logon failure.
> E: 0x00000020: Allow this account to log on with the domain controller account.
> F: 0x00000040: Return the password expiration date and time upon successful logon.
> G: 0x00000080: Send a client challenge upon logon request.
> H: 0x00000100: Attempt logon as a guest for this account only.
> I: 0x00000200: Return the profile path upon successful logon.
> J: 0x00000400: Attempt logon to the specified domain only.
> K: 0x00000800: Allow this account to log on with the computer account.
> L: 0x00001000: Disable allowing fallback to guest account for this account.
> M: 0x00002000: Force the logon of this account as a guest if the password is incorrect.
> N: 0x00004000: This account has supplied a clear text password.
> O: 0x00010000: Allow NTLMv1 authentication ([MS-NLMP]) when only NTLMv2 ([NTLM]) is allowed.
> P: 0x00100000: Use sub-authentication ([MS-APDS] section 3.1.5.2.1). 
> Q-X: 0xFF000000: Encode the sub-authentication package identifier. Bits Q–X are used to encode the integer value of the sub-authentication package identifier (this is in little-endian order).

eg:

A: 0x00000002: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED: Clear text passwords
can be transmitted for this logon identity.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20101106/be52cd01/attachment.pgp>

More information about the cifs-protocol mailing list