[cifs-protocol] [REG:118021617661049] samr_ChangePasswordUser3 / SamrUnicodeChangePasswordUser3 not documented
Edgar Olougouna
edgaro at microsoft.com
Tue Feb 27 22:45:38 UTC 2018
After source code research, our client does not send Opnum 63, so the definition as Opnum63NotUsedOnWire is correct. It’s fine if someone discovers SamrUnicodeChangePasswordUser3 () through some RPC interface tools. It still does not make it an undocumented opnum. Similarly, you will notice our AD protocols test suite client does not send Opnum 63.
I am sorry it would be irrelevant for me to comment, confirm or deny what SamrUnicodeChangePasswordUser3() does since our client does not emit that opnum.
Regarding any “overview of all crypto use in AD”, I must say I am not aware of such a document, to the best of my knowledge.
However, the AD overview document could be starting resource. Although it does not provide a consolidated list of crypto, it does list the primary protocol groups and related protocols. By reviewing each concerned protocol document, one can determine what form of cryptographic operations it performs, such as encryption or signatures.
It appears to me this is more like a product level of discussion. The challenge is that features have been introduced incrementally over time.
[MS-ADOD]: Active Directory Protocols Overview
https://msdn.microsoft.com/en-us/library/hh871909.aspx
The Active Directory protocols are specified in [LDAP], [MS-ADTS], [MS-SRPL], [MS-DRSR], [MS-SNTP], [MS-LSAD], [MS-LSAT], [MS-DSSP], [MS-SAMR], [MS-SAMS], [MS-WSDS], [WFXR], [WSENUM], [MS-WSTIM], [MS-ADDM], [MS-WSPELD], and [MS-ADCAP].
2.3 Protocol Relationships
https://msdn.microsoft.com/en-us/library/hh871862.aspx
Figure 3: Active Directory protocol grouping
Figure 4: Protocol relationships
[MS-SAMR]
3.1.5 Message Processing Events and Sequencing Rules
Opnum63NotUsedOnWire Reserved for local use.
Opnum: 63
Thanks,
Edgar
-----Original Message-----
From: Edgar Olougouna
Sent: Friday, February 16, 2018 1:27 PM
To: Andrew Bartlett <abartlet at samba.org>; cifs-protocol at lists.samba.org
Cc: MSSolve Case Email <casemail at microsoft.com>
Subject: [REG:118021617661049] samr_ChangePasswordUser3 / SamrUnicodeChangePasswordUser3 not documented
[case number in subject, cc casemail, bcc dochelp] Hello Andrew, We created the case number 118021617661049 for this inquiry. I will review this and follow-up soon.
Thanks,
Edgar
-----Original Message-----
From: Andrew Bartlett <abartlet at samba.org>
Sent: Friday, February 16, 2018 12:39 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org
Subject: samr_ChangePasswordUser3 / SamrUnicodeChangePasswordUser3 not documented
SamrUnicodeChangePasswordUser3 (presumably) is the extension of
SamrUnicodeChangePasswordUser2 documented here:
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fcc245708.aspx&data=04%7C01%7Cdochelp%40windows.microsoft.com%7Cf433a31982824dd70c1908d5756c878a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636544031360108172%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=DXaDQm7oZFLHO2Ur%2FQudr4OXH4hEteNVoRjoo4jHmWg%3D&reserved=0
Is operates the same but returns a password change failure reason.
However in MS-SAMR it is listed as:
Opnum63NotUsedOnWire Reserved for local use. Opnum: 63
I noticed this because I'm writing a document covering Samba's design and use of crypto and will mark MS-SAMR a reference.
For the curious the work in progress for this page is here:
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Fcatalyst-samba%2Fsamba-docs%2Fwikis%2Fcryptography%2Fbespoke&data=04%7C01%7Cdochelp%40windows.microsoft.com%7Cf433a31982824dd70c1908d5756c878a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636544031360108172%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=4mINVlZlbhjj8zoTGulQHIElfEzH9i%2Ft%2FbMspRnEMW8%3D&reserved=0
-cryptosystems/SAMR
the main document is here:
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Fcatalyst-samba%2Fsamba-docs%2Fwikis%2Fhome&data=04%7C01%7Cdochelp%40windows.microsoft.com%7Cf433a31982824dd70c1908d5756c878a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636544031360108172%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=Acp9huYPzaqRXp%2BcbQg0zeiRuobBMQMn4VWBlMl5wD0%3D&reserved=0
Finally, is there any 'overview of all crypto use in AD' document I'm unaware of?
Thanks,
Andrew Bartlett
--
Andrew Bartlett https://na01.safelinks.protection.outlook.com/?url=http:%2F%2Fsamba.org%2F~abartlet%2F&data=04%7C01%7Cdochelp%40windows.microsoft.com%7Cf433a31982824dd70c1908d5756c878a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636544031360108172%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=BuYi3XfFRfnwn%2BsnxGSKyqcvE%2B09bjCxLlA1ALDR2%2FM%3D&reserved=0
Authentication Developer, Samba Team https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsamba.org&data=04%7C01%7Cdochelp%40windows.microsoft.com%7Cf433a31982824dd70c1908d5756c878a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636544031360108172%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=cbpR7gNtTrHqRoZNromj9%2B%2FeVF5TRHcN2bQtkxAzlgY%3D&reserved=0
Samba Developer, Catalyst IT https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=04%7C01%7Cdochelp%40windows.microsoft.com%7Cf433a31982824dd70c1908d5756c878a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636544031360108172%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=8t86DlHpsoZDOKSxiPsz3OniHhwMKa8P4J1fsMPUdIc%3D&reserved=0
More information about the cifs-protocol
mailing list