[cifs-protocol] RE: CreateTrustedDomainEX blob incorrect

Richard Guthrie rguthrie at microsoft.com
Tue Nov 25 14:33:07 GMT 2008


As we discussed on our call earlier this week, attached is updates we have made to the documentation for LSAPR_TRUSTED_DOMAIN_AUTH_BLOB to clarify the structure and information to help the implementer interoperate with this structure.  In addition we are looking into the possibility of an example on this structure as discussed, which I will update you on in the near future once we have made a determination.

Please let us know if you have any further questions.

Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, November 04, 2008 5:44 PM
To: Richard Guthrie
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [cifs-protocol] RE: CreateTrustedDomainEX blob incorrect

On Tue, 2008-11-04 at 11:33 -0800, Richard Guthrie wrote:
> Andrew,
> The section of the documentation that I sent you included the
> following updated text.  It was decided to put this information in
> section 2.2.58 because this structure is used by multiple interfaces.
>         The incoming and outgoing authentication information buffer
> size included at the end of the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB can be
> used to extract       the incoming and outgoing authentication
> information buffers from the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB. Each of
> these buffers contains the byte   offset to both the current and the
> previous authentication information. This information can be used to
> extract current and (if any) previous   authentication information.
> It would appear that the trustAuthInOutBlob in the IDL you provided
> does not correctly represent LSAPR_TRUSTED_DOMAIN_AUTH_BLOB

I think I need to do some renaming in our IDL.  Not that I like the Microsoft names, but the current situation is confusing.  We use this to decode the LSA form of the blob:

        typedef [public,gensize] struct {
                uint32 count;
                [relative] AuthenticationInformation *current[count];
        } trustCurrentPasswords;

        typedef [public,nopull] struct {
                uint8 confounder[512];
                [subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing;
                [subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords incoming;
                [value(ndr_size_trustCurrentPasswords(&outgoing, ndr->flags))] uint32 outgoing_size;
                [value(ndr_size_trustCurrentPasswords(&incoming, ndr->flags))] uint32 incoming_size;
        } trustDomainPasswords;

>  as it is missing a count of incoming auth infos.  I have included some additional information in Layout of buffers in LSAPR_TRUSTED_DOMAIN_AUTH_BLOB pdf/docx documents that are attached.

I can't read the docx files.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Type: application/x-zip-compressed
Size: 114664 bytes
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20081125/3fa6e6ff/MS-LSAD2.2.7.16-0001.bin

More information about the cifs-protocol mailing list