[cifs-protocol] Kerberos e-data NTSTATUS encoding
Andrew Bartlett
abartlet at samba.org
Wed May 24 21:57:32 UTC 2023
Per my call with Jeff and Obiad today:
My one question comes from Joseph who is working on Kerberos for us:
The NTSTATUS structure in the Kerberos e-data field. Where is this
packing defined, and what the second two fields are used for?
The first one that’s always zero, and the second one that appears to be
flags.
KERB_ERR_TYPE_EXTENDED
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/25fabd02-560d-4c1f-8f42-b32e9d97996a
only says the data-value field contains extended,
implementation-specific error information.
https://gitlab.com/samba-team/samba/-/blob/master/source4/kdc/hdb-samba4.c#L573
Even if Microsoft clients do not use this, we have found in the real
world that third party clients rely on this behaviour, so we need to
know what else might be encoded here.
Thanks,
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230525/56db2d9b/attachment.htm>
More information about the cifs-protocol
mailing list