[cifs-protocol] RE: CreateTrustedDomainEX blob incorrect

Andrew Bartlett abartlet at samba.org
Tue Nov 4 23:43:38 GMT 2008

On Tue, 2008-11-04 at 11:33 -0800, Richard Guthrie wrote:
> Andrew,
> The section of the documentation that I sent you included the
> following updated text.  It was decided to put this information in
> section 2.2.58 because this structure is used by multiple interfaces.
>         The incoming and outgoing authentication information buffer
> size included at the end of the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB can be
> used to extract       the incoming and outgoing authentication
> information buffers from the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB. Each of
> these buffers contains the byte   offset to both the current and the
> previous authentication information. This information can be used to
> extract current and (if any) previous   authentication information.
> It would appear that the trustAuthInOutBlob in the IDL you provided
> does not correctly represent LSAPR_TRUSTED_DOMAIN_AUTH_BLOB

I think I need to do some renaming in our IDL.  Not that I like the
Microsoft names, but the current situation is confusing.  We use this to
decode the LSA form of the blob:

	typedef [public,gensize] struct {
		uint32 count;
		[relative] AuthenticationInformation *current[count];
	} trustCurrentPasswords;

	typedef [public,nopull] struct {
		uint8 confounder[512];
		[subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords
		[subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords
		[value(ndr_size_trustCurrentPasswords(&outgoing, ndr->flags))] uint32
		[value(ndr_size_trustCurrentPasswords(&incoming, ndr->flags))] uint32
	} trustDomainPasswords;

>  as it is missing a count of incoming auth infos.  I have included some additional information in Layout of buffers in LSAPR_TRUSTED_DOMAIN_AUTH_BLOB pdf/docx documents that are attached.

I can't read the docx files. 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20081105/6e136211/attachment.bin

More information about the cifs-protocol mailing list