[cifs-protocol] RE: Secret 'last set times' doc incorrect in 2008 - 600578

Andrew Bartlett abartlet at samba.org
Wed Sep 3 22:30:57 GMT 2008

On Wed, 2008-09-03 at 12:38 -0700, Richard Guthrie wrote:
> Andrew,
> I have completed my research on LsarSetSecret.  The documentation
> provides information when you have an exception case such as when one
> updates EncryptedCurrentValue.  I have included a scenario that might
> help clarify the behavior:
> Scenario:
> I have a secret object with old and new secret values set and both
> have timestamps indicating when the values were last updated/set.  I
> then make a call to LsarSetSecret passing in null for new secret value
> and a value I choose for old secret value.
> This will null out the new secret value and update the old secret
> value.  I should also observe that the timestamps for both old/new
> secret values would be set to current server time.  The table you
> reference shows this to be the behavior.

Indeed it does.  Did this table change from it's original description?
As it stands, the format is confusing because of the way the operations
are linked but also independent. 

A table with headings 
New value | Old Value | Effect on old time | effect on new time
would be more clear, or as they are (almost) independent operations,
describe them as such. 

> However, tests against Window 2008 show that setting the old value
> (but not the new) removes the new value, and sets the time to 'current
> server time'

Perhaps however you should note the change in behaviour since windows
2003?  Perhaps run RPC-LSA from our GIT tree to see the changes.

(It seems the NULL behaviour changed from 'don't change' to 'remove' in
some cases).


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080904/1b008ca5/attachment.bin

More information about the cifs-protocol mailing list