[cifs-protocol] RE: CreateTrustedDomainEX blob incorrect
Richard Guthrie
rguthrie at microsoft.com
Mon Jan 19 16:39:50 GMT 2009
Andrew,
I have completed my investigation into the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB structure and would like to provide you with the updated section of the documentation. I wanted to also make you aware of an addition to the documentation text regarding byte alignment for the current/previous auth info structures. Please let us know if you have further questions or comments.
Richard Guthrie
Support Escalation Engineer
Open Protocols Support Team
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, November 04, 2008 5:44 PM
To: Richard Guthrie
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [cifs-protocol] RE: CreateTrustedDomainEX blob incorrect
On Tue, 2008-11-04 at 11:33 -0800, Richard Guthrie wrote:
> Andrew,
>
> The section of the documentation that I sent you included the
> following updated text. It was decided to put this information in
> section 2.2.58 because this structure is used by multiple interfaces.
>
> The incoming and outgoing authentication information buffer
> size included at the end of the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB can be
> used to extract the incoming and outgoing authentication
> information buffers from the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB. Each of
> these buffers contains the byte offset to both the current and the
> previous authentication information. This information can be used to
> extract current and (if any) previous authentication information.
>
> It would appear that the trustAuthInOutBlob in the IDL you provided
> does not correctly represent LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
I think I need to do some renaming in our IDL. Not that I like the Microsoft names, but the current situation is confusing. We use this to decode the LSA form of the blob:
typedef [public,gensize] struct {
uint32 count;
[relative] AuthenticationInformation *current[count];
} trustCurrentPasswords;
typedef [public,nopull] struct {
uint8 confounder[512];
[subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing;
[subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords incoming;
[value(ndr_size_trustCurrentPasswords(&outgoing, ndr->flags))] uint32 outgoing_size;
[value(ndr_size_trustCurrentPasswords(&incoming, ndr->flags))] uint32 incoming_size;
} trustDomainPasswords;
> as it is missing a count of incoming auth infos. I have included some additional information in Layout of buffers in LSAPR_TRUSTED_DOMAIN_AUTH_BLOB pdf/docx documents that are attached.
I can't read the docx files.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SRX081119601362.zip
Type: application/x-zip-compressed
Size: 111972 bytes
Desc: SRX081119601362.zip
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20090119/ecdf3022/SRX081119601362-0001.bin
More information about the cifs-protocol
mailing list